Documenting APIs with Swagger. TC Camp. Peter Gruenbaum

Documenting APIs with Swagger TC Camp Peter Gruenbaum

Introduction } Covers } What is an API Definition? } YAML } Open API Specification } Writing Documentation } Generating Documentation } Alternatives to Swagger and the Open API Specification } Presentation and workbook at sdkbridge.com/downloads

Peter Gruenbaum } } PhD in Applied Physics from Stanford Commercial Software Developer } } } API Writer } } } } Boeing, Microsoft, start-ups C#, C++, Java, JavaScript, Objective-C Brought together writing and technology Since 2003 President of SDK Bridge Teacher: Programming at middle, high school, and college

API Definition } Swagger and the Open API Specification are ways to define an API } What is an API? } What can you do with an API definition?

What are APIs? } Application Programming Interface } It defines how two pieces of software talk to each other } For this seminar, we are talking about Web APIs

Web APIs API request Creative Commons Attribution 3.0. webdesignhot.com Not a full web page just the data! API response Creative Commons Attribution 3.0. openclipart.org The API definition describes: What requests are available What the response looks like for each request

REST } Swagger and the Open API Specification are designed for RESTful APIs } REST is a type of web API REpresentational State Transfer

REST Requests and Responses API request Please send me the state of my feed API response I am transferring to you some data that represents the state of your feed

How many public APIs are there?

API Definition File } File describes all the things you can do with an API } Lists every request you can make } Tells you how to make that request } Tells you what the response will look like

Why Create an API Definition? } Lets you design the API before implementing it } Helps with automated testing } Automatically create code in several languages } Can be used to automatically generate documentation } Documentation can be interactive

Swagger } Historically, Swagger was a specification for how to create an API definition file } After a new version (Swagger 2.0), the specification became the Open API Specification (OAS) } Swagger is now a collection of tools that use the Open API Specification } Many people still refer to OAS as Swagger

Open API Initiative } The Open API Initiative (OAI) is an organization created by a consortium of industry experts } Focused on creating, evolving, and promoting a vendor neutral description format. } It is in charge of the Open API Specification, but not in charge of any tools that use it } I will show you version 2.0, and talk about 3.0

Swagger Tools Swagger provides several tools: } Swagger Editor: Helps you write OAS files } Swagger CodeGen: Generates code in popular languages for using your API } Swagger UI: Generates documentation from OAS files } SwaggerHub: Hosted platform for designing and documenting APIs

Documentation example placeholder } http://petstore.swagger.io/

YAML Open API Specification Format Documenting APIs with Swagger

Open API Specification } You can use one of two data formats for OAS: } YAML } JSON } For this seminar, I ll use YAML

YAML } Stands foryaml Ain t Markup Language } It s not a Markup Language like HTML } Used for structured data instead of free-form content } Compared to JSON and XML, it minimizes characters } It's most often used for configuration files, rather than files passed over the web, like JSON

Key/value pairs } Key/value pairs are indicated by a colon followed by a space date: 2017-08-06 firstname: Peter

Levels } Levels are indicated by white space indenting } Cannot be a tab indent XML <name> <firstname>peter</firstname> <lastname>gruenbaum</lastname> </name> JSON name: { "firstname": "Peter" "lastname": "Gruenbaum" } YAML name: firstname: Peter lastname: Gruenbaum

Types } Types are determined from context } Example: string part_no: A4786 description: Photoresistor price: 1.47 float quantity: 4 integer

Quotes } In general, you don t need quotes around strings } Exception: something that will be interpreted as a number or boolean price: 11.47 version: "11.47" company: SDK Bridge float string } Quotes can be either single ' or double "

Lists } Use a dash to indicate a list item } You don t need to declare the list cart: - part_no: A4786 description: Photoresistor price: 1.47 quantity: 4 - part_no: B3443 description: LED color: blue price: 0.29 quantity: 12

Multi-line strings } Because there are no quotation marks on strings, you need special characters for multiline strings } means preserve lines and spaces } > means fold lines } There are variations: -, +, etc. speech: Four score and seven years ago speech: > Four score and seven years ago Four score and seven years ago Four score and seven years ago

Comments } Comments are denoted with the # } Everything after # is ignored # LED part_no: B3443 description: LED color: blue price: 0.29 # US Dollars quantity: 12

Schemas } Although not officially part of YAML, OAS uses references for schemas } Used for request and response bodies } Use $ref to indicate a reference } Typically put the schema in a definitions section

Schema example schema: $ref: '#/definitions/user'... definitions: user: required: - username - id properties: username: type: string id: type: integer format: int64

Exercise 1: YAML } Write some simple YAML } Follow along in exercise book } Electronic copy available at sdkbridge.com/downloads

API Definition What s in an API Definition file? Documenting APIs with Swagger

What s an API Definition File? } A file that describes everything you can do with an API } Note: API means a collection of related requests } Server location } How security is handled (i.e., authorization) } All the available requests in that API } All the different data you can send in a request } What data is returned } What HTTP status codes can be returned

The Anatomy of a Request Method URL Query parameters POST http://api.example.com/user?source=ios&device=ipad Accept: application/json Content-type: application/json Headers { } "name": "Peter Gruenbaum", "email": "peter@sdkbridge.com" Body

URL } Example request URL: https://api.muzicplayz.com/v3/playlist } Scheme } https } Host } api.muzicplayz.com } Base path } /v3 } Path } /playlist

Method } The HTTP method describes what kind of action to take } GET, POST, PUT, DELETE, etc.

Parameters } Example: } https://api.muzicplayz.com/v3/playlist/{playlist-id}?language=en } Path Parameters } {playlist-id} } Query Parameters } language

Request Body } For some methods (POST, PUT, etc.) you can specify a request body, often in JSON } The body is treated as a parameter } You specify a schema for the request body

Response Body } In REST, the response body can be anything, but is most often structured data, such as JSON } The response object has a schema to describe the structured data } You can have a separate response object for each HTTP status code returned

Security } Security means authentication and authorization } Can be: } None } Basic Auth } API key } OAuth

Documentation } Human-readable descriptions of elements } For generating documentation } Add a description section for: } The API } Each operation (path and method) } Each parameter } Each response element } Will go into detail in the next section

Getting the information to create an OAS file } If you are asked to create an OAS file, how do you find the information? } Developers can provide rough documentation } Developers can provide sample requests and responses } Most common } You can figure it out from the code } Requires strong coding skills

Open API Specification Basics Defining Simple Requests Documenting APIs with Swagger

Open API Specification File } Choose an example and build a file } Company: example.com } Service for uploading and sharing photos } API base URL: } https://api.example.com/photo

Example

Adding a Request Let s define requests for getting photo albums Requests will have: } URL endpoint } HTTP Method } Path parameters } Query parameters } Also (covered later): } Request body } Responses

Example with query parameters GET https://api.example.com/photo/album?start=2017-09-01&end=2017-09-31

Example with path parameter GET https://api.example.com/photo/album/123456

Data types } The data type can have several values } Includes: } Boolean } integer } number } string } array

Custom headers } Custom headers are treated as parameters } Standard headers (authorization, content format) are handled elsewhere

Documentation } Documentation is added using the description key } I will talk about this later in the workshop

Swagger Editor } Swagger provides an editor for Open API Specification files } Go to http://editor2.swagger.io

Exercise 2: OAS Basics } Create an OAS file for a music system } The API manages playlists } Describe overall API information, paths, methods, and some parameters

Schemas Defining Request and Response Bodies Learn Swagger and the Open API Specification

Request and Response Bodies } Certain kinds of requests have extra data } POST, PUT, etc. } Called the request body } Typically data is formatted in JSON (or sometimes XML) } Nearly all responses return a response body } Also typically formatted in JSON

What is a schema? } The schema indicates the structure of the data } OAS schema object is based off the JSON Schema Specification } http://json-schema.org/ } What are the keys in key/value pairs? } What type of data are the values? } Can be many levels

$ref } $ref is a special OAS key that indicates that the value is a reference to a structure somewhere else in the YAML file

Request Body } Under parameters: } name just for reference (not shown in docs) } in set to body } required typically set to true } schema } Add a level } Key of $ref } Value of the reference path, in quotes

Example Request Body

Schema section } Create a key called definitions at the end of the file } Add a level and give it the name from the $ref value } Add a properties key } For each top level element in the JSON, add a key of its name. } Add a type key that says what type of data it is } Add other keys for other data (more later)

Example Schema

Schema objects } You can add other objects as values } Simply use a type of object } Then add a new level with properties: } And continue just like you did before

Schema objects with $ref } As you can imagine, this can add a lot of indentation } So you can use $ref from within your definition using the additionalproperties key

Schema array } You can also add arrays } Simply use a type of array } Then add a key of items } And define the type and any other properties

Schema array with $ref } For a more complex type, use $ref for the array items

Required } In requests, you can specify that certain elements are required or optional } Use the required key for this } Contains a list of all properties that are required

Response Body } Under response:, under the response code } schema: } Add a level } Key of $ref } Value of the reference path, in quotes } If the response is an array instead of an object, then add: } type: array } Note: you can have different schemas for different response codes

Example Response Note: The album schema is identical to the newalbum schema except it has an id

allof } In the previous example, album and newalbum had a lot of duplication } Can use the allof key to combine several objects into one

Headers and Examples } Responses can also have custom headers } You can include example bodies in OAS files } Refer to the Open API Specification on how these work } (Just search on Open API Specification )

Exercise 3: Schemas } Add to your OAS file } POST, PUT, and responses } Describe overall API information, paths, methods, and some parameters

Open API Specification Continued Security, errors, content types, and operation IDs Learn Swagger and the Open API Specification

Security } Security means what kind of authentication or authorization is required } Authentication: the user has correct username and password } Authorization: the user has access to this API and data

Security types } None } Used for getting publically available information } API key } Indicates that the app has permission to use the API } Basic Authentication } Username and password is included in a header } OAuth } Complex issuance of temporary token

How security is indicated } Each operation has a security key } Contains an array of security definition objects } Often just one element in the array } Security Definitions } The file contains a securitydefinitions key } Typically at the end } Contains security objects } Security object } Contains information needed for that type of security

None } When you do not have security } you don t need to do anything!

API key } Add security key to each operation } Use dash to indicate an array } Create name for definition and use empty bracket, since no data is needed } Add security definition } Add definition for that name in securitydefinition section } type: apikey } name: name of the header or query parameter to be used } in: query or header

API key example } Put a security key in the get section and securitydefinitions at the end of the file https://?token=23a645ga2798

Basic authentication } Add security key to an operation } Use dash to indicate an array } Create name for definition and use empty bracket, since no data is needed } Add security definition } Add definition for that name in securitydefinition section } type: basic

Basic auth example } Put a security key in the get section and securitydefinitions at the end of the file

OAuth } OAuth is too complicated to explain here } Add security key to request, like before } However, now you add scopes in the array } Add security definition } Add definition for that name in securitydefinition section } type: oauth2 } authorizationurl: URL where credentials are entered } tokenurl: URL for the token } flow: OAuth 2 flow (implicit, password, application or accesscode.) } scopes: list of scopes with descriptions

OAuth example } Put a security key in the get section and securitydefinitions at the end of the file

Errors } Errors are simply different response codes } Often APIs return a special structure with errors } Example 401 (Unauthorized) code returned {"errorcode": 13, "message": "Username not found"} } Should include schema for every potential status code } Refer to this in response

Error example

Content Types } Content types indicate the format of the data in the request and response bodies } This is done through the Content-Type header } You can specify this for: } The whole API } Individual operations } Use the consumes and produces keys } consumes for requests, produces for responses } Use the Content-Type value (for example, application/json)

Example Content-Type

Operation ID } Although it doesn t show up in the documentation, you can optionally add an operation ID to each request } Some tools will use this

Exercise 4: OAS Continued } Add to your OAS file: } Security, } Errors, } Content type } Operation IDs

Documentation Adding Descriptions Document APIs Using Swagger

Autogenerated Documentation } Tools (including Swagger) take OAS files and generate HTML documentation to put on the web } If the OAS file is kept up to date, then the documentation is likely to be more accurate than if you wrote the docs manually } Autogenerated documentation allows you to try out requests from within the documentation

The Anatomy of a Request Method URL Query parameters POST http://api.example.com/user?source=ios&device=ipad Accept: application/json Content-type: application/json Headers { } "name": "Peter Gruenbaum", "email": "peter@sdkbridge.com" Body

description key } Use the description key to add documentation } Add description key to: } API Info } Operations (get, post, etc.) } Parameters } Responses } Schema definitions

Swagger Editor Placeholder } Bring up example on editor

Markdown } In the description value, you can use Markdown } Markdown is a simple Markup language } Bold, italic, images, links, etc.

Markdown Placeholder } Bring up example on editor

Exercise 5: Documentation } Add documentation to your example } See the effects on the right side of the page

Swagger Tools Editor, CodeGen, UI, and Core Tooling Learn Swagger and the Open API Specification

Swagger Tools Placeholder } https://swagger.io/tools/

Swagger UI } Autogenerated documentation } For example, pet store documentation } There are other ways to create autogenerated documentation } https://swagger.io/swagger-ui/

SwaggerHub } Provides all of the tools on a hosted platform } As of this video: } Free for one user } $75/month for team of 5 } Advantages: } Don t have to install and host } Designed for collaboration

Exercise 6: SwaggerHub } Try out SwaggerHub for free } Import your OAS file

OAS 3.0 The Next Generation Document APIs with Swagger

Several changes from 2.0 } Improved overall structure } Support for callbacks } Links to express relationships between operations } The JSON schema includes support for: oneof, anyof and not } Improved parameter descriptions } Better support for multipart document handling } Cookie parameters } Body parameters have their own entity } Better support for content-type negotiation } The security definitions have been simplified and enhanced

JSON Alternative to YAML Learn Swagger and the Open API Specification

Why JSON? } Older format } Some people may be more familiar with it than YAML } Some tools only read JSON

YAML vs JSON } In JSON, strings have quotes around them } YAML indents are like JSON curly brackets { } } YAML lists are like JSON arrays [ ]

Comparison YAML info: version: "0.1.0" title: Meme Meister description: Meme API { } JSON "info": { "version": "0.1.0" "title": "Meme Meister" "description": "Meme API" }

Arrays YAML consumes: - image/jpeg - image/gif - image/png { } JSON "consumes": [ "image/jpeg", "image/gif", "image/png", ]

Advantages of YAML } Fewer characters } Easier to read } Swagger uses YAML as the default } However, you can use the Swagger Editor with JSON just like you use it with YAML

Alternatives to Swagger Other autogenerated doc tools Document APIs with Swagger

Alternatives to Swagger } Swagger is great, but } Some people think it could be better } In particular, the autogenerated documentation } Not responsive, not that pretty, etc. } In theory, you can take OAS files and do whatever you want with them } There are several alternatives to Swagger } Disclaimer: I am not an expert in any of these

DapperDox } http://dapperdox.io

Swagger UI Variants } https://github.com/jensoleg/swagger-ui

ReadMe.io } http://readme.io

StopLight.io } http://stoplight.io

Alternatives to OAS } OAS is just one way to define an API } There are other specifications that have been created } RAML } API Blueprint } Not as popular as OAS

Resources } I d Rather Be Writing - Tom Johnson } Sarah Maddox } SDK Bridge Online courses } Last page of workbook has links with discounts

Exercise 7: Final Project } Create an OAS file for a Meme API from scratch } Not an easy assignment } In the electronic version of the workbook only

Questions?