DZone Research: Popular API Languages
DZone Research: Popular API Languages
Join the DZone community and get the full member experience.Join For Free
How to Transform Your Business in the Digital Age: Learn how organizations are re-architecting their integration strategy with data-driven app integration for true digital transformation.
To gather insights on the current and future state of API management, we talked to 17 executives who are using APIs in their own organization, as well as helping clients use APIs to accelerate their digital transformation and the development of quality applications. We asked them "Which programming languages, tools, and frameworks do you use to manage APIs?"
Here's what they told us:
- Documentation-first approach. Use GitHub. API blueprint works well for us. Used to use Apiary but wanted more control. We use a variety of languages — NodeJS, C, based on AWS use Dynamo DB, Postgres, Aurora. We have our own Nginx proxy or gateway for authentication — we have a customer that uses the Lua app within Nginx. APIs developed by multiple teams need to ensure a consistent and look for the APIs to the customer. Basic handling through Nginx. Use different monitoring tools like New Relic and Circonus for performance and availability.
- Framework publishing using Swagger description because it’s easily consumable by developers and enables them to see what an API looks like and provides the capability of testing, best practices creating Swagger pages around the API portal. Implement using Java and for most APIs JSON is the lingua franca.
- We focus on the developer market and have 300,000 developers on Apiary. We use GitHub, we have an existing account to onboard into Apiary which opens a browser-based editor to write inline code and populate documentation. For mock testing, developers can use languages of their choice – Groovy, Swift, Java. On-board in a few seconds and start writing in seconds with editor and fire testing. It's a 100% developer driven experience.
- Everything we use is proprietary. There are a handful of things you can do block outdated browsers, check for automated scripting tools like headless browsers, get a list of data center IPs block known data centers where bots are coming from, watch for spikes in traffic. An airline client saw a spike in mobile traffic and found the hackers were attacking mobile API after we had protected the website. Any spike in traffic that isn’t easily accounted for can be suspicious. Is there a valid traceable reason for the traffic spike, if not it could be hackers. Hackers spend all day to improve bots, no way to compete with that. This is a sophisticated problem. Put time into testing third-party automation security tools.
- We use .Net core to deploy across platforms since we started building Linux solutions. Framework works on Windows and Linux.
- Our APIs are written in everything — Java, Go, Python, Ruby, wide range of backend technologies. Java tends to be the large enterprise favorite. We are agnostic on the backend because a proxy is in front of the APIs we use Nginx separate from the codebase. Depends on what the API is doing — high volume language that can scale to that. More transactional language choice should meet performance requirements.
- It starts with something simplistic where you expose all of the attributes to an API available in a graphical format so the user can see what’s on both sides of the application and have a visual workflow of where you can drag lines between data and applications. In a code environment, you need to support any modern language — Java, Ruby, and Python. Finally, we support our own scripting language Deluge. It's more simplistic but powerful for code.
- Security has to be done right in architecture. We started with Java. We maniacally focus on secure design patterns. As we talk with developers, they want to automate as much as possible and standardize where permitted. Design patterns help achieve that goal. The flip side is in the modern context, a lot of single application development with a rich UX moving to React and Angular for applications. These are more secure overall.
- OAuth AppAuth led by Google SSO on mobile apps that is the gold standard. Integrate with most API gateways — MuleSoft, Apigee, and Kong primarily for microservices.
- We provide out of the box capabilities to manage the full lifecycle of customer’s APIs and microservices. We provide a common platform that allows business users and developers to manage a polyglot landscape of APIs and microservices, so we are largely programming language/tool/framework agnostic and don’t impose a particular framework or tool that customers must use.
- We use Azure API Management, which is compatible with .net, Java, Node and any other standards-based API.
- Our solution is composed of multiple components that can provide standalone value in specific areas of the API lifecycle. These include a family of API Gateways, including a Microgateway and Mobile API Gateway for enforcing specific runtime patterns around microservices, mobile, and IoT. An API Developer Portal provides an administrative interface for managing the lifecycle of APIs around publishing and granting access to internal and external organizations as well as a developer console for discovering and consuming those APIs. Additional best-of-breed lifecycle components enable the creation, testing, and monitoring of APIs and microservices.
- One of our key promises is to offer a single platform for data integration across public and private cloud as well as on-premises environments that deliver the best data processing capabilities thanks to code generation and native performance. We follow the same approach for API, complementing solutions from our key partners, such as AWS, Azure, and Google. From an implementation perspective, we tend to use Swagger Framework and JAX-RS.
Here's who we talked to:
Opinions expressed by DZone contributors are their own.