Eric (0:11) Hey there, and welcome to the office of the IT guy, the show where we celebrate the people and talk about the technology that's changing our world. (0:17) I am your host, Eric, the IT guy, Hendrix, and my mission here is to share a love for open source and help build a stronger community. (0:24) I'm so thankful that you tuned in because the office is now open. (0:47) Hey there, and welcome to episode four of the IT guy show. (0:50) I'm your host, Eric, the IT guy Hendrix. Eric (0:52) Really excited to be joining you. (0:54) You may notice things are a little bit different today than normal, and that's because parts of this episode were prerecorded. (1:01) But fear not, most episodes are going to be live. (1:06) Just I had the pleasure of attending DevOpsDays Kansas City twenty twenty four just a few weeks ago, And I recorded a few conversations. (1:14) We we were in the we were in the green room just kinda chatting, and I recorded some of it. Eric (1:21) But so, sadly, this episode is mostly audio only. (1:26) So for my video viewers, now stick with me. (1:29) The preference will be to move into video recording on location moving forward. (1:35) But most of the time, I'll be right here in the studio, and my guests will join me virtually. (1:40) But without any further ado, I had the pleasure of meeting a gentleman by the name of Buddha, and he has a love of APIs. Eric (1:49) And so as a systems administrator, I'm familiar with APIs. (1:52) I kinda knew what they did, but I I really wanted to kinda dive in and feel like I had the foundation. (1:58) So so Bud and I talked a little bit about APIs versus REST APIs, some of the older versions of APIs. (2:05) And then if that wasn't enough, we dove in and talk about we talked about, API gateways and why you might want one. (2:13) We talked a little bit about his his company, but, don't worry. Eric (2:16) This isn't a sales pitch. (2:18) But, and I recorded the conversation, and I wanted to share it with you all. (2:22) So, without further ado, here we go. (2:29) Alright. (2:29) So I am here with with Buddha, and we're gonna be talking a little bit about APIs. Eric (2:33) So why don't why don't you introduce yourself? Buddha (2:36) Hey, Eric. (2:37) Thank you for having me. (2:38) I am Buddha, developer advocate at Tyke. (2:40) So for those who do not know, Tyke is a cloud native API management and experience platform and powered by an open source API gateway. (2:49) We can talk more about that in a little while, but, basically, what I'm trying to say is I work with APIs day in and day out. Buddha (2:55) So, you know, happy to have a chat about this. Eric (2:58) So I'm as as any of my listeners can tell you, I've been a systems administrator for most of my most of my life that just started out with Windows desktops at home and moved into eventually Linux servers. (3:09) And APIs are obviously important. Buddha (3:12) Yes. Eric (3:12) But I've never really had to manage an API gateway. (3:16) But more and more applications, even in the automation and infrastructure space, are starting to focus more on APIs. (3:24) A lot of it is driven from from automation. (3:26) A lot of it's driven from the need to be able to script certain actions using API calls. (3:33) Maybe maybe walk me through the process here. Eric (3:35) What is an API? Buddha (3:37) Well, API well, if you talk about the full form, that's application programming interface. (3:42) The idea behind APIs was to be able to interact with data and capabilities of platforms in a very nonrestrictive way as much as possible, almost having to having some sort of service to service communication, ideally, systems speaking or communicating with each other. (4:00) That was the idea behind APIs, and that's why they exist. (4:03) Today, if you're interacting with pretty much most digital platforms, they're all running on APIs at this point of time. (4:09) Your Ubers and your Slacks and Instagrams and Facebook, all of that is completely API driven. Buddha (4:16) So any interaction that you're having with the interface on your mobile application, the fulfillment of the action that you're intending to take is typically done by the APIs themselves. (4:27) Now there are different API styles that you might be interacting with or maybe you do not realize that you're interacting with, which you might have heard the term REST APIs perhaps. (4:35) Some might have heard about GraphQL APIs in some cases, the slightly more recent gRPC's or the slightly really old SOAP APIs as well. (4:43) So, you know, you've got you've got a few different varieties out there. (4:46) REST is by by far the most popular variety at this point. Buddha (4:49) But just to give you a bit of a statistic around how much of the Internet is running on APIs today, as far as a report that came out earlier this year, in 02/2023, which is last year, about 70% 71% of all web traffic was API calls. (5:07) And at enterprise levels, we are talking about 1,500,000,000 API calls being made across Some might even call it the fabric of the Internet today. (5:31) So that's how important, that's how valuable, that's how powerful APIs have become today. (5:36) So it's important to not only know about it, but I think there are there are certain things that you need to be aware of as well. (5:42) So, you know, we'll probably go into that later on. Eric (5:44) For sure. (5:44) So if if if I'm new to APIs Yeah. (5:47) I'm trying to understand how they work. (5:49) Like, a lot of systems utilize REST APIs nowadays. (5:52) What's a good way to go about learning that? Eric (5:54) Is it is there documentation? (5:56) Is there maybe an application that I should use to to get more familiar with with APIs in their ecosystem? Buddha (6:02) That's a difficult question. (6:03) That's kind of like it's almost like trying to learn how to build anything or learn how to code. (6:09) I think, ideally, you can pick up a language and start building an API in that language perhaps. (6:14) But a more ideal case is to say, oh, I want to solve a problem, and APIs would be one of the ways in which you solve it. (6:21) That's a bit more project driven approach or or a specific outcome driven approach. Buddha (6:25) That that's a better guiding principle as opposed to say, okay. (6:28) I wanna learn APIs today. (6:29) How do I go about doing it? (6:30) But there are a lot of people who are curious about things, which is which is perfectly fine. (6:34) I I was curious myself. Buddha (6:35) So I think, to me, a a well structured course will be really good to take, I think, initially. (6:41) There are a few out there on on a few different platforms today. (6:44) A YouTube video to get started with at least the general nuances around APIs and what they are, what they are trying to achieve and accomplish. Eric (6:52) Bonus points if they have a light board. (6:54) Sorry? (6:55) Bonus points if they have a light board. Buddha (6:57) So there you go. (6:58) I think I think that's a that's a good starting point to understand how they work. (7:02) There is there is always gonna be sort of the design conversation and the feature functionality conversation as well to it. (7:09) So once you think about what you're trying to achieve or what that API is trying to solve as a problem, then you start going about how do you build it. (7:17) You can build APIs in any language that you want. Buddha (7:20) So if you already have a background in a specific programming language, you can you already have the tools necessary to start building an API today. (7:28) So yeah. (7:28) So I think that's that's a good starting point, I would say. (7:30) I think if you can think about what your API is trying to do, maybe it is just to list out your latest horror movies that you want to keep track Eric (7:39) of, which I I bring Buddha (7:40) it up because I'm a fan of horror movies to be fair. (7:42) So I think that would be one of the things that you might want to accomplish. (7:45) There are different sort of objectives of APIs as well, like what you can do. (7:50) Usually, we categorize them under CRUD operations, c r u d's, create, read, update, and delete. (7:56) So the idea there is what your API is trying to accomplish. Buddha (7:59) It's either to create something new when you're interacting with the data, or they're trying to either read something that already exists, update something that already exists, or delete something completely. (8:09) So that's usually the four categories that we go into when we talk about building out an API and their purpose behind it. Eric (8:16) So probably my first intentional interaction with with APIs was using DigitalOcean for cloud based virtual workloads. (8:23) So spinning up a a Linux system on on DigitalOcean and deploying a server. (8:29) You basically point you basically point a command at at their gateway. (8:34) You give it an action like like deploy and some options like vCPUs or what data center you wanna deploy in, and you can use that to trigger an action on on the hypervisor side. (8:48) So you can basically script a series of systems. Eric (8:51) Like, if I wanted to spin up a brand new Kubernetes cluster or maybe series of web servers, I can use that through their API, which makes it helpful, especially if I'm using something like Ansible playbooks on top to then configure those workloads. (9:04) So it really makes it easy. (9:06) I I actually had a batch script that I would give it a a server name as an argument, run the script, and then a server would pop up on DigitalOcean with my specified sizes and and all the configurations, and I could go from basically having nothing deployed to having a full blown workload. Buddha (9:24) Right. (9:24) Yeah. (9:25) I think I think you've you've moved ahead a couple of steps there, but that's perfectly fine. (9:28) Because the the the the reason I say that is because, obviously, building out your own API when you're getting started, that's that's great. (9:34) It gives you a better sense of, you know, how or what sort of an API looks like Eric (9:38) Mhmm. Buddha (9:39) And some of the sort of nuances around it as well as you're building it. (9:42) You'll probably understand that. (9:44) There is obviously one aspect of it is obviously building the API, but you can also like you you mentioned just now, you interact with APIs that already exist. (9:52) Mhmm. (9:52) And a lot of large organizations, companies, whether that is at the infrastructure level or an application level, they expose capabilities through APIs. Buddha (10:01) That's that's usually one of the preferred methods at this point of time to be able to interact with solutions, whether that is at, again, at an infrastructure level or at an application level. (10:11) Now there are different there are things that you need to keep in mind when you're doing that. (10:18) It's all well and good when you're just starting out with APIs. (10:20) But when we come to enterprise grade production ready APIs, again, doesn't matter what level they are at, it's important to consider the operational side of the API development life cycle. (10:34) What I mean by that is, obviously, you start off with having some kind of a purpose in mind. Buddha (10:38) That's your design side of things. (10:40) You start thinking about the the code that is gonna power your API and interact with whether that's data or capability of some sort. (10:47) You also need to start thinking about the operations, which includes things like how do you make your APIs secure. (10:53) So when you are making APIs available, you wanna make sure that you're doing so in a secure manner. (10:59) You are doing so in a manner that is observable as well. Buddha (11:03) And what I mean by that is who's using your APIs, Where could things go wrong? (11:07) And when they do, can you have an indication of what that's what that looks like? Eric (11:11) Right. Buddha (11:11) In in a more simplistic manner, that usually goes into the realm of monitoring and logging and thing and traces. (11:17) But there are aspects like these, which sometimes get overlooked. (11:20) So if you if you really look at these production grade APIs that are out there, usually, you have some layer of security. (11:27) It could be simplistic with authentication tokens, or it could be a little bit more higher end with, you know, open authorizations and OIDC and those kind of authentication and authorization mechanisms built in so that you can control who's asking as accessing your APIs. (11:43) Because sometimes APIs can be completely open where you don't want to have any restrictions. Buddha (11:46) Again, that's perfectly okay. (11:48) But in a lot of cases, you want to have some degree of control over who is interacting with your APIs. (11:54) Whether that is part of your monetization strategy, whether that is part of just your general traffic management and security strategy, you sometimes wanna have that ability. (12:03) And again, like I said, with APIs, you can do a lot. (12:05) So create, read, update, delete. Buddha (12:08) Now you may not want to give that ability to every single person out there. (12:11) Right. (12:12) You don't want people to be interacting with your database in a way that, you know, removes all your records. (12:17) You don't you only want to have that those permissions available to specific people. (12:21) That's where things like access control comes in, your governance mechanisms kick in as well, and then things go wrong. Buddha (12:28) You know, service uptimes, service downtimes. (12:31) And when things go wrong, you need to get to the heart of the problem as quickly as possible. (12:35) And that's where we go into that realm of observability that I was talking about. (12:38) So there are these these things that you need to think about when you're considering production ready APIs. (12:45) It's not just about the functional logic. Buddha (12:47) It's not just about thinking about that outcome. (12:49) To get to that outcome, these operational sites are also very, very important. (12:53) So that's kind of the probably, that's that's kind of your experience that you've had where at the infrastructure level, you're trying to spin up new instances based on an API API request, then you want specifically authorized people to be able to do that. (13:08) You don't want everyone within your organization to have the capability of, spinning up an instance typically, because that, again, could have cost implications that could have For sure. (13:19) Implications that, you know, that things are not documented potentially. Buddha (13:23) So yes. (13:23) Those are those are very important considerations when you're building and exposing APIs. (13:27) And, obviously, pairing that with documentation is also very, very important because just building APIs is fine telling people that, oh, this this is available, but not actually documenting how people can interact with your API and what kind of outcomes or results that they can expect off out of those APIs, what value it's bringing for them in their line of work. (13:48) All of that becomes part of the discoverability documentation, in some cases, even the broader developer experience aspect of things. (13:56) So you need to consider a lot of these different things. Buddha (13:58) I'm not trying to scare people. (14:00) I'm just trying to I'm just trying to make sure that we keep these things in mind because they they tend to get overlooked quite quickly. (14:07) And being part of the API management world with Tyke, we see a lot of these things getting overlooked. (14:15) And that's why I think the API gateway and the API management platforms exist because they help developers with some of these workloads taken up by the gateway itself. (14:25) So things like security, things like observability, a lot of those things can be managed at the gateway level. Buddha (14:30) You you must Eric (14:31) have read ahead in my notes because I was going to ask you how a company like Tyke and application gateways kinda work. (14:36) But what I'm what I'm hearing is that Tyke and other applications like it are basically management layers on top of APIs. (14:46) You can you can call Buddha (14:47) it that. (14:47) I think management layers, operational layers, combination of both, I think you can you can you can call it that. (14:53) But, again, the principle behind the gateway is it's an entry point into your APIs in a way where it adds specific governance capabilities to your to make your APIs production ready. (15:07) Like the things that we touched upon previously, security, observability, rate limiting, versioning. (15:11) All of those different things are very, very essential. Buddha (15:14) And at the gateway level, you can manage those things. (15:17) So, typically, in in the modern tech stack, when you think about API development today, you think about the services of the microservices behind it, you can bake a lot of this logic into your microservices. (15:30) So when you're building out that logic, you can build your own security system. (15:34) You can build out your own observability system, but you don't want to because you're gonna be compromising the scalability of your overall system and architecture. (15:43) Right. Buddha (15:44) So to have a degree of scalability built into your solution, you wanna be able to abstract out some of these operational aspects into that management or gateway layer so that you can leave out your service layer or your microservice layer to take care of the the business logic of your application, which is obviously very, very important as well. (16:05) So what does your application bring to the table? (16:08) What does your API actually do? (16:09) That's the logic you want at the microservice level. (16:12) Mhmm. Buddha (16:12) And then the operational level or the management level takes care of these more governance side of things, which can be abstracted out. (16:19) And it's applicable to any new microservice or any new service that you're spinning up or any new API that you're creating. (16:25) So that's the idea behind having a gateway or a management layer on top. Eric (16:29) Yeah. (16:29) That makes a lot of sense, especially coming from an operations background. (16:32) I mean, even just back to my my DigitalOcean example Buddha (16:35) Yeah. Eric (16:36) DO had a had an API management layer built into their hypervisor where I can go in and spin up tokens, which is what they're they're using for for security for those API calls, then I can have token setup that can only read my infrastructure configuration. (16:53) So I can pull down information, but I could also set read write tokens that for for example, my my my server build scripts can actually spin up infrastructure, which, like you said, has significant cost implications there. Buddha (17:08) Correct. (17:09) And it doesn't have to stop there either. (17:11) I think the the modern text tag that you look at, when you're building out APIs, like, we mentioned discoverability. (17:17) Right. (17:17) So how do you interact and how do you expose your APIs become important. Buddha (17:20) So you might have heard about things like developer portals, and I think that's another area as well where you get to find out at least what kind of APIs are available to you Mhmm. (17:31) The documentation associated with it, and then sign up to be able to access those APIs. (17:36) If it's an open API, then you just interact directly with it. (17:39) If it is not an open API, then you request access. (17:42) And there is some kind of a mechanism that drives that access grant mechanism. Buddha (17:47) So it's sort of that combination of build out your APIs, but then think about your security, think about your observability, the the governance, the conventions that are associated with it. (17:59) But then ultimately, you're trying to publish and catalog your APIs so that either developers can interact with it or third party partners can interact with it, they build out an application on top of it. (18:10) So that's where sort of developer portals come in quite handy. (18:13) They're very useful to be able to do that paired with an API gateway. (18:16) And that's, again, that's one of those areas where we help out those who are building out APIs or API platforms in in that sense. Buddha (18:24) So that's that's kind of another area that we consider. Eric (18:27) Awesome. (18:28) Well, I definitely appreciate your time today. (18:30) And and you and I met at DevOpsDays Kansas City, and it's been kind of a crazy couple of days. (18:34) But I really appreciate you cutting out some time to to talk, and and hopefully, this is a good introduction, a good high level flyover of what APIs are, why you might want an API gateway. (18:45) Yep. Eric (18:45) But with that said, any any closing thoughts? (18:47) Anything you wanna share? Buddha (18:48) I would say if you are interested in the world of APIs, and like you mentioned, this is introduction. (18:52) It's it's a very quick introduction. (18:54) There's a fair amount of things to consider because in the world of APIs, there are architectural discussions between monoliths and microservices. (19:01) There are style discussions between, you know, REST, CraftQL, gRPC, SOAP, all of those different styles, and they have nuances around that. (19:08) They have a specific purpose around it and why they exist today. Buddha (19:12) And but they also have their own mechanisms for building them in the right or in the best possible way. (19:18) Mhmm. (19:18) So I would say get started somewhere, but, the knowledge is gonna be a continuous experience. (19:23) For sure. (19:23) So that's where gateways can help you out with sort of taking off some of those workload when you're building out an API, but equally, it goes far beyond. Buddha (19:31) You think about your API platform as a whole, think about the maturity of that platform and, you know, how you can mature as a developer of APIs, but also mature as a platform itself. (19:43) So, yeah, if there are questions that are at the end of it, I'm happy to I'm happy to answer some of those later on, but I really appreciate the time. (19:51) It's been a pleasure talking about APIs. (19:54) Definitely. (19:54) I I learned a few Eric (19:55) things as we talked, and we'll have to we'll have to see what what comes of this episode, and we'll we'll have to have you back on the show. Buddha (20:01) Would love to do that. (20:02) Thank you so much. (20:03) Really appreciate it. Eric (20:04) Appreciate it. (20:08) Welcome back. (20:09) That, of course, was my conversation with Buddha from DevOpsDays Kansas City. (20:13) He I really appreciate the chance to sit down with him and have a conversation about APIs. (20:18) I really felt like I walked away feeling like I knew more than I did when we sat down. Eric (20:23) I feel like APIs are one of those things that we've kinda just accept exist, but but don't ever really talk about. (20:30) So definitely look forward to working with Buddha in in the future, maybe on some deeper content, maybe something here in the home lab. (20:37) But that's gonna wrap for today's episode. (20:42) Join us back in two weeks. (20:43) I've got another conversation from Devos Days Kansas City. Eric (20:48) Her name was Laura, and she works as a as a developer advocate for Dell Technologies. (20:54) We had an amazing conversation about people and processes and DevOps and how tools are not the golden bullet you might expect them to be. (21:05) So we've this is our first of three of these prerecorded conversations. (21:11) I'm looking forward to getting back live. (21:13) Of course, this is summer, so when by the time you hear this, I may actually be out of the office or traveling, but I appreciate your your your joining me and being part of the community of the IT guy show. Eric (21:27) I'm really excited to see how much has grown in just such a short time, and for all you folks that have helped me build it and spread the word that that we've brought brought my podcast back under under its new branding. (21:40) So if you would, please like and subscribe, share with a friend. (21:42) Really appreciate it. (21:43) The more people that watch, the more the more reach I can get to bring in new guests and talk about new topics. (21:50) And speaking of topics, definitely check out our Discord. Eric (21:53) The link will be in the show notes if you want to to join in, be a part of the conversation. (21:58) We've got a a growing group of technologists that just kinda hang out and chat. (22:03) But with that said, on behalf of Buddha and myself, Eric, IT guy Hendrix, thank you so much for joining the IT guy show, and we'll see you again in a couple of weeks.