# Interoperable APIs

The Italian Government - like other Countries - is standardizing REST APIs to create an uniform developer experience for software provided by its 20_000 agencies and 8_000 municipalities.

At the core of this interoperability strategy we have:

- API First Approach with OpenAPI v3
- HTTPS everywhere
- Service Management with standardized throttling and circuit-breaker patterns
- Standardized approach to metrics



# This training

In this training we'll show how to:

- model interoperable API
- leverage interoperability by reuse

We'll use `connexion`, a python framework which streamlines API creation.

# REST and RPC

When writing an API, the historical approach was to view any interaction like a function call.
In a network environment this is seen as a `Remote Procedure Call`. This is the tipical SOAP approach,
where you bind a service to an URL and different functions to invocation methods, but even today
there are a lot of different APIs using an RPC approach.

The widespread of HTTP as a distributed computation protocol, and the rise of data give birth to REST.
REST, aka REpresentation State Transfer, is not a protocol, but an architectural style which mimics the distributed characteristics of the web.

In REST, everything is a `resource` whom state is transferred between an Origin Server and a User Agent. There are no "functions" but everything is modeled with a resource-like approach. The main advantage of using a REST
architectural style is that you can leverage the distributed nature of the web and the features of HTTP which
are redesigned with REST in mind (see RFC723x and the new http-core Internet-Drafts).


While REST is not a silver bullet, it fits very well government agencies goals as services for citizens
are inherently built around data. Moreover a semantic approach to URIs simplifies routing and auditing based on
method and paths.

## Contract first, Code first

When creating a web service, it's important to have an Interface Description Language. That's a machine readable
language that can be used to describe the interface. The most famous IDL is WSDL used by SOAP web services. For REST APIs the standard IDL is OpenAPI v3 aka OAS3.

For example, a web service accepting the following request `GET /echo` and returning a json object could be described in OAS3 like the following:

```
...
paths:
  /echo:
    get:
      responses:
        "200":
          application/json: {}
...
```

This allows to disambiguate the API definitions and usage.

We can usually find two approach:

- code first: where one develops a function on a specific language and then uses some tool to generate the
  IDL. An example function generating the above IDL could be
  
  ```
  def echo():
      return {"hello": "world"}, 200, {'content-type': 'application/json'}
  ```
  
- contract first: one writes down the interface in an IDL, then let the tools generate the code stubs.

While lazy developers prefers to use code-first, as they could focus on writing the actual code and leave the interface as an underproduct, this approach rarely works in a large ecosystem where different actors in a long timeframe works with different frameworks and enviroments.

A contract-first approach has many advantages:

- allows to focus on the actual design of the API, without being entangled by implementation details;
- it's independent from which framework or language people uses for its client/server implementation and from how frameworks generate the specs (which may be buggy);

Focusing on the specs, allows to create API modeling iterations that enable
the API to change fast and involve stakeholders in the modeling and in the 
API lifecycle.

NB: this doesn't mean iterations don't involve testing that the actual code works ;)
