We introduce the OpenAPI Specification (OAS) and how Cisco Products leverage this industry standard to drive API quality and state-of-the-art developer experience. We present OpenAPI best practices, tools and processes available to the developer community, and some of the benefits for Cisco API consumers. Join this session to discover the misjudged values that come with the OpenAPI specification, and explore the many ways your software development and automation teams can benefit from OpenAPI with better quality and security.
At the end of the day, my job at Cisco is to create guidelines for our APIs,
And dashboards to track where we are currently and identify where we’ll be in the next 6 months & 18 months in terms of API quality,
That requires to define consistent methodology and have execs sponsors to drive changes & transformation as needed in engineering
I”ve been seeing great value in the OpenAPI specification,
So that OpenAPI is getting central to our internal quality processes.
In the next 40 minutes, I hope to give you the materials to ramp you up and share my learnings.Though it’s an introductory session, the presentation will be pretty dense, but should be intelligible to all, and feel free to refer back to it later, as we will go fast on the slides which I provided for backup and to help you continue your journey.And I’ll stay at the end of the session so that we can continue the conversation as needed. No other plans for the next few days.I’ll be in the DeVNet Zone Hello World area for the rest of the week.
We in DevRel see APIs as contracts
Between an organization providing APIs and developers
IMPORTANT: OAS
The best way to discover the OpenAPI specifications is certainly to edit and render documents
Very soon you’ll want to use other editors & renders, but certainly the best / quickest way to start
https://editor.swagger.io/
swagger: '2.0'info: version: 1.22.0 title: Meraki Dashboard API description: > The Cisco Meraki Dashboard API is a modern REST API based on the OpenAPI specification. Date: 01 June, 2022. [Recent Updates](https://meraki.io/whats-new/) contact: name: Meraki Developer Community url: https://meraki.io/communityhost: api.meraki.combasePath: /api/v1schemes: - httpssecurityDefinitions: meraki_api_key: type: apiKey name: X-Cisco-Meraki-API-Key in: headersecurity: - meraki_api_key: []paths: /organizations: get: description: List the organizations that the user has privileges on operationId: getOrganizations responses: '200': description: Successful operation schema: type: array items: type: object properties: id: type: string description: Organization ID name: type: string description: Organization name url: type: string description: Organization URL api: type: object properties: enabled: type: boolean description: Enable API access description: API related settings licensing: type: object properties: model: type: string enum: - co-term - per-device - subscription description: >- Organization licensing model. Can be 'co-term', 'per-device', or 'subscription'. description: Licensing related settings cloud: type: object properties: region: type: object properties: name: type: string description: Name of region description: Region info description: Data for this organization examples: application/json: - id: '2930418' name: My organization url: >- https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview api: enabled: true licensing: model: co-term cloud: region: name: North America summary: List the organizations that the user has privileges on tags: - read post: description: Create a new organization operationId: createOrganization parameters: - name: createOrganization in: body schema: type: object properties: name: type: string description: The name of the organization example: name: My organization required: - name required: true responses: '201': description: Successful operation schema: type: object examples: application/json: id: '2930418' name: My organization url: >- https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview api: enabled: true licensing: model: co-term summary: Create a new organization tags: - configure /organizations/{organizationId}: get: description: Return an organization operationId: getOrganization parameters: - name: organizationId in: path type: string required: true responses: '200': description: Successful operation schema: type: object properties: id: type: string description: Organization ID name: type: string description: Organization name url: type: string description: Organization URL api: type: object properties: enabled: type: boolean description: Enable API access description: API related settings licensing: type: object properties: model: type: string enum: - co-term - per-device - subscription description: >- Organization licensing model. Can be 'co-term', 'per-device', or 'subscription'. description: Licensing related settings cloud: type: object properties: region: type: object properties: name: type: string description: Name of region description: Region info description: Data for this organization examples: application/json: id: '2930418' name: My organization url: >- https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview api: enabled: true licensing: model: co-term cloud: region: name: North America summary: Return an organization tags: - read put: description: Update an organization operationId: updateOrganization parameters: - name: organizationId in: path type: string required: true - name: updateOrganization in: body schema: type: object properties: name: type: string description: The name of the organization api: type: object properties: enabled: type: boolean description: >- If true, enable the access to the Cisco Meraki Dashboard API description: API-specific settings example: name: My organization responses: '200': description: Successful operation schema: type: object examples: application/json: id: '2930418' name: My organization url: >- https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview api: enabled: true licensing: model: co-term summary: Update an organization tags: - configure delete: description: Delete an organization operationId: deleteOrganization parameters: - name: organizationId in: path type: string required: true responses: '204': description: Successful operation summary: Delete an organization tags: - configure tags: - name: read - name: configure
For now, let’s look at the value developers get from these OAS documents
T
Generate automatically code that consumes the API
Generate automatically code that consumes the API
Mocking example with SwaggerHub using the examples of the OAS doc
Notice the versions at the top and bottom.
Version at the top is the version of the specification
Version in the info section is the version of the API
Pop quiz about versions?
If you have the API service is in the cloud, then use the cloud URL. For example meraki uses https://api.meraki.com/
If the API service is on-premise, than this is where you would include the URL to a DevNet Always-on Sandbox so that developers can make requests to a server.
Operations are defined by a path + HTTP method (aka verb) + input parameters + one or more response details. Operations may also have examples that can assist developers in better understanding how to use the operation effectively
Components help to capture reusable elements that may be referenced within and across OAS files.
Source: https://swagger.io/docs/specification/components/
Schema components define reusable structures for request inputs and response outputs. They are often referenced from operations or from one schema to another. This increases reuse across an API. Likewise, HTTP request and response headers can be reused for things such as conveying rate limits to an API client, authorization token headers, and other important elements
https://github.com/OAI/OpenAPI-Style-Guide
A Short History of the OpenAPI Initiative and the OpenAPI Specification
On Nov. 5, 2015, SmartBear in conjunction with 3Scale, Apigee, Capital One, Google, IBM, Intuit, Microsoft, PayPal, and Restlet announced the formation of the OpenAPI Initiative, an open source project under the Linux Foundation. As part of the formation of the OAI, SmartBear donated the Swagger specification to the Linux Foundation, meaning that the OpenAPI Specification is semantically identical to the specification formerly known as the Swagger 2.0 specification. It is widely recognized as the most popular open source framework for defining and creating RESTful APIs, and today tens of thousands of developers are building thousands of open source repos of tools leveraging the OpenAPI Specification. In 2010, the Swagger specification was created by Wordnik, who published it under an open source license one year later. In March of 2015, SmartBear acquired Wordnik's interests in the Swagger projects from its parent company, Reverb Technologies.
https://www.apimatic.io/blog/2022/03/top-api-specification-trends-2019-2022/
As can be seen from the graph above, around the start of 2019, the OpenAPI v3.0 imports were initially less than those of v2.0 (also known as Swagger v2.0). Then, they stayed nearly equal for around four months and eventually rose well above them after August 2019. Meanwhile, the imports of v2.0 slowly declined and are expected to continue their downward trend as more and more people adapt to the newer version.
While the exact reason is not entirely clear, the apparent reason revolves around the quality of support for OpenAPI v3.0 in tools. OpenAPI v2.0 has been around for much longer than OpenAPI v3.0 so though tools claim to support OpenAPI v3.0 their support for OpenAPI v2.0 may be much more stable and dependable. It is also possible that people are using legacy tools that still only support OpenAPI v2.0.
1min B. and the lifecycle, With recommendation to adhere to semantic versions principles
1min: which means that along your API lifecycle, you are going to have versions of your OAS documents
Stève - 2min: the nice thing with a serialized contract for an API, is that you can start doing Analysis,
The spectral project from Stoplight has been leading the charge to conduct analysis of OpenAPI documentCustomizable checks can be created such as design conventions (snake vs camelCase) but also checking error cases are documented
spectral lint --ruleset ruleset.yaml compliance-1.22.0-rev1.yaml --format pretty -v
Stève: 2min
At Cisco, we’re committed to an API-first strategy across the Cisco portfolio.
As a first step toward Cisco’s API-first strategy, Cisco is committing to rolling out backward compatibility, which ensures APIs continue working with every versioned release.
Backward compatibility is central to the design, documentation, and support process of strategic Cisco APIs. This includes implementation of changelogs, appropriate notification timelines for any API changes, deprecation notices, and API versioning.
Backward compatibility is rolling out for the following Cisco solutions – Meraki Dashboard API, Cisco Identity Service Engine (ISE) API, Nexus Cloud API, SecureX Threat Response API, Cloud Security Open APIs, Cisco Partner Experience (PX) Cloud API, and Webex API.
Future backward compatibility of APIs is planned for a growing list of Cisco solutions and will be announced upon availability. This includes ThousandEyes API, Cisco Spaces API, AppDynamics Cloud APIs, Cisco DNA Center API, NSO Northbound API, Crosswork CNC API, and Cisco SD-WAN (vManage) API
Reference announcement: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2022/m10/cisco-advances-api-first-strategy-to-empower-developers-in-the-digital-economy.html
https://editor.swagger.io/
swagger: '2.0'info: version: 1.22.0 title: Meraki Dashboard API description: > The Cisco Meraki Dashboard API is a modern REST API based on the OpenAPI specification. Date: 01 June, 2022. [Recent Updates](https://meraki.io/whats-new/) contact: name: Meraki Developer Community url: https://meraki.io/communityhost: api.meraki.combasePath: /api/v1schemes: - httpssecurityDefinitions: meraki_api_key: type: apiKey name: X-Cisco-Meraki-API-Key in: headersecurity: - meraki_api_key: []paths: /organizations: get: description: List the organizations that the user has privileges on operationId: getOrganizations responses: '200': description: Successful operation schema: type: array items: type: object properties: id: type: string description: Organization ID name: type: string description: Organization name url: type: string description: Organization URL api: type: object properties: enabled: type: boolean description: Enable API access description: API related settings licensing: type: object properties: model: type: string enum: - co-term - per-device - subscription description: >- Organization licensing model. Can be 'co-term', 'per-device', or 'subscription'. description: Licensing related settings cloud: type: object properties: region: type: object properties: name: type: string description: Name of region description: Region info description: Data for this organization examples: application/json: - id: '2930418' name: My organization url: >- https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview api: enabled: true licensing: model: co-term cloud: region: name: North America summary: List the organizations that the user has privileges on tags: - read post: description: Create a new organization operationId: createOrganization parameters: - name: createOrganization in: body schema: type: object properties: name: type: string description: The name of the organization example: name: My organization required: - name required: true responses: '201': description: Successful operation schema: type: object examples: application/json: id: '2930418' name: My organization url: >- https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview api: enabled: true licensing: model: co-term summary: Create a new organization tags: - configure /organizations/{organizationId}: get: description: Return an organization operationId: getOrganization parameters: - name: organizationId in: path type: string required: true responses: '200': description: Successful operation schema: type: object properties: id: type: string description: Organization ID name: type: string description: Organization name url: type: string description: Organization URL api: type: object properties: enabled: type: boolean description: Enable API access description: API related settings licensing: type: object properties: model: type: string enum: - co-term - per-device - subscription description: >- Organization licensing model. Can be 'co-term', 'per-device', or 'subscription'. description: Licensing related settings cloud: type: object properties: region: type: object properties: name: type: string description: Name of region description: Region info description: Data for this organization examples: application/json: id: '2930418' name: My organization url: >- https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview api: enabled: true licensing: model: co-term cloud: region: name: North America summary: Return an organization tags: - read put: description: Update an organization operationId: updateOrganization parameters: - name: organizationId in: path type: string required: true - name: updateOrganization in: body schema: type: object properties: name: type: string description: The name of the organization api: type: object properties: enabled: type: boolean description: >- If true, enable the access to the Cisco Meraki Dashboard API description: API-specific settings example: name: My organization responses: '200': description: Successful operation schema: type: object examples: application/json: id: '2930418' name: My organization url: >- https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview api: enabled: true licensing: model: co-term summary: Update an organization tags: - configure delete: description: Delete an organization operationId: deleteOrganization parameters: - name: organizationId in: path type: string required: true responses: '204': description: Successful operation summary: Delete an organization tags: - configure tags: - name: read - name: configure
Stève: 1 min: finally, the timeline is critical to check the API Contract lifecycle quality as we need to not only score individual contracts but also track progress across releases and ultimately facilitate creation of 100% accurate changelogs and detect breaking changes.
As we move up this trust ladder, we also wind up improving the developer experience.
Going from unreliable to highly reliable takes a lot of effort and dedication on the part of the development team
Stève - 1min: There are many benefits, and they differ depending on roles
to further dig into the many benefits but also become more familiar with OpenAPI documents and the associated toolsets , join the breakout on Friday.