Emerging API Technology Trends – Tech Radar 2023
Digio prides itself on being a learning organisation, striving to promote technology vitality and prepare our clients so they can evolve and be successful. Each year we run a series of Tech Radar workshops with a range of engineers across web, mobile, API, QA and platform domains. They provide insights and perspectives from their diverse consulting experiences and research.
If you’d like to learn more about the Digio Tech Radars and how they fit into our Tech Vitality process, have a read through our Tech radar – Discover emerging tech trends blog post. You can also have a read through the 2022 API Tech Radar blog to gauge the trends in API landscape last year.
In this piece, we will review some of the key themes to come out of our most recent API Tech Radar.
Key API Themes
Security Best Practices
Recent prominent data breaches in the industry have spurred a strong focus on asset and data protection. This has led to discussions in the tech community about enhancing security practices. The team emphasises the necessity of curated resources and tooling that establishes secure patterns as well as internal training modules designed to empower engineers with grasp of fundamental security principles (Security 101). A large number of individuals expressed keen interest in enhancing their proficiency within the security domain through training.
This aligns with Mantel’s security-focused brand, Cyber@Mantel. This situation presents Digio with a chance to establish a unique framework, complementing ongoing internal initiatives, including upcoming “Security Best Practices 101” training tailored for foundational engineers.
AI Coding Assistant Tools
The surge in popularity of AI Coding Assistant Tools is noticeable among developers due to their ability to accelerate coding processes and minimise errors. Leading tools in this category include GitHub Co-pilot, Tabnine, AWS CodeWhisperer, and DeepCode.
Amidst the AI buzz of 2023, this engaging topic took the forefront in tech radar discussions. Participants displayed enthusiasm, seeking a comprehensive rundown of AI assistant tools and their potential impact on daily engineering workflows. Considerations extended to whether these tools heighten developer efficiency or introduce feedback and troubleshooting complexities with AI-generated code. The intricacies of the learning curve and the appropriateness of integration into ongoing client projects were also explored.
With the aim to keep itself updated in emerging technological trends, Digio finds itself compelled to formulate a distinctive perspective on this trend. Establishing internal competency to offer tailored recommendations becomes an imperative in this evolving landscape.
Serverless Best Practices
The team’s primary focus on Serverless revolved more around adopting it as a technique or framework rather than a specific platform. Their objective included investing additional time to establish a distinct set of practices that improves productivity and promotes consistency across projects. For instance, transitioning skilled Node.js developers to Lambda often brings along server-based practices in terms of packaging, which might not be the most efficient strategy within the Serverless paradigm.
An interesting idea was put forward that we are exploring: creating three distinct bootstraps for different cloud providers and fostering cloud agnosticism. The discussion also delved into the Function as a Service (FAAS) model, an integral part of the Serverless landscape. Leveraging the FAAS framework for swift application deployment, emerged as a strategic approach. This approach streamlines infrastructure setup for specific business cases. While established players like AWS, Azure, and GCP dominate, there’s growing interest in open-source alternatives.
Furthermore, ongoing progress was noted in AWS Learn and Serverless training initiatives within the organisation.
The notion of multi-cloud development has swept through the tech industry, resonating within Digio’s discourse as well. This trending concept emerged prominently in discussions within the platform tech radar and API tech radar forums. Discussions about the Serverless framework were closely connected to it, which presents the possibility of initiating services in any cloud environment through consistent steps and concepts, thereby fostering cloud agnosticism.
Throughout these exchanges, relevant questions were raised, probing the essence of being multi-cloud and its contextual fit. The dilemma of optimising velocity with Lambda versus accommodating potential future cloud transitions to platforms like Azure or GCP prompted a balanced consideration of merits and demerits. This thought, however, requires collective exploration within the larger organisational framework.
Although a handful of clients are either experimenting with multi-cloud or exploring its feasibility, practical applications of multi-cloud remain mostly isolated instances, rather than an integrated solution. This highlights the need for extensive discovery and industry-wide acceptance before a definitive multi-cloud strategy can be established as beneficial for specific use cases.
Generative AI (OpenAI)
With the recent surge in interest surrounding Generative AI, the team’s curiosity prompted an exploration of potential involvements with OpenAI from Digio’s standpoint. Even engaging in introductory experimentation to foster fundamental understanding was considered. In particular, Mantel’s AI-focused brand Eliiza is actively engaged in projects and knowledge-sharing endeavours related to Generative AI, aiming to develop relevant tooling and understanding.
Within the tech radar discussions, the prospect of formulating a strategy or capability around OpenAI was put forward. While Microsoft’s substantial investment in the OpenAI domain is evident through Azure OpenAI services, the current absence of clients seeking OpenAI-related assistance led to the consensus that, for Digio, this might not be the opportune time for collaborative efforts.
The viewpoint gained traction that Eliiza within Mantel group could serve as the ideal point of engagement, particularly if any client prospects in the Generative AI realm surface.
Enterprise Entitlements/Authorization Solution
In the realm of security and safeguarding both systems and customer data, a centralised entitlements-based authorization system stands out as an imperative for security-conscious enterprises. While numerous solutions have been embraced across the industry, a notable contender is Google’s Zanzibar. Google utilises this tool extensively, managing authorization for numerous services like YouTube, Drive, Calendar, Cloud, and Maps. Zanzibar excels in fine-grained entitlements-based authorization. Within Digio, a thorough tech assessment of Zanzibar has been conducted, coupled with a brown bag session to share the insights.
Another discussed option involves OPA, an open-source decision engine, and Styra’s enterprise-grade DAS (Declarative Authorization Service). This tandem offers the potential to construct a robust enterprise-level authorization solution. A successful implementation of OPA and Styra for internal entitlements with one of our clients underscores its viability. However, the scalability of OPA+Styra for extensive data volumes, involving millions of customers, remains to be tested and confirmed.
Our Tech Radar
The primary output of our tech radar sessions is a prioritised list of technologies that we wish to invest in. The following technologies were rated highly during these sessions, or ones that we want to investigate further.
Golang stands as a cornerstone in our tech stack, seamlessly aligning with numerous solutions and finding favour with the majority of our clients. The language offers compelling advantages, including stellar performance, an enjoyable developer experience, user-friendly learning curve, and seamless compatibility with serverless runtimes. Golang’s ascendancy is notable as it gradually supersedes JVM-based solutions. Our organisation boasts a robust pool of proficient Golang practitioners, satisfying rapidly increasing customer demands.
Given its preeminence, Golang is this year’s highest-ranked “Adopt” choice. Our emphasis remains steadfast on nurturing the team’s expertise through internal workshops, training sessions, and interactive meetup talks. Our skill-building approach combines publicly accessible training content for foundational proficiency, while our internal training program caters to more advanced skill development relevant to our domain.
gRPC stands as an exceptional and sought-after technology due to its robust API contract management, innovative approach to versioning, and remarkable performance metrics. Although we prioritise its utilisation, pragmatic considerations sometimes reduce its adoption. Not all clients are familiar or comfortable with gRPC; for client-facing APIs, GraphQL often proves more fitting. It shines brightest in service-to-service communications, catering to scenarios demanding low latency and handling high data volumes.
This year, our objective involves embracing gRPC on a wider scale. To facilitate this, we’re committed to enhancing team proficiency through enhanced learning opportunities, effective application, and active promotion of its adoption. We remain dedicated to team development through internal training, hands-on workshops, and knowledge-sharing meetup talks.
AWS MSK Serverless (Trial)
We invested time in evaluating AWS MSK Serverless, aiming to gauge its potential in mitigating adoption barriers and subsequently serving as a widely recommended solution, possibly leading to an accelerator program. Our commitment to enhancing Kafka skills continued through internal training, especially as Kafka’s prevalence grows across our projects.
With event sourcing gaining prominence, even in smaller applications, the demand for serverless event streaming platforms has surged. While Apache Kafka remains a popular choice, its setup, maintenance, and upfront costs pose challenges, especially for smaller projects. AWS MSK addresses some of these concerns, though not fully serverless or cost-effective. Consequently, it may not be optimal for small, medium, and new projects, potentially restricting event sourcing’s architecture viability. Monitoring ongoing projects using this pattern will guide broader recommendations.
API First Development (Trial)
OpenAPI serves as a prominent default for us, virtually indispensable when crafting REST APIs. Contract-first API development is our norm, ensuring strict alignment with the specification across our APIs.
In the discussions within the tech radar, considerable attention centred on the OpenAPI specification and the notion of API-first development. The discussion delved into how often projects truly initiate with an OpenAPI spec, letting it seamlessly guide both code and deployment sans manual interventions. Worth noting that this approach lacked “adopt” status in the 2022 radar. While one of our clients emerged as a proponent of API-first practices, within Digio, a recommended approach to this practice stands elusive, as the team acknowledges its value while grappling with a dearth of definitive tooling and approach.
CI Suitable Code Quality Tools (Assess)
A major topic of discussion revolved around employing code quality tools for Continuous Integration (CI). These tools play a vital role in ensuring top-notch code quality and security adherence in every project. The array of available tools varies significantly across different programming languages, each serving distinct purposes. Selecting and recommending an appropriate tool for new projects can be quite challenging.
To address this, our tech assessment endeavours to define specific types of quality checks to be incorporated. These encompass diverse elements like functional tests (such as unit tests), identifying vulnerabilities in third-party libraries, assessing runtime environment dependencies (like container libraries), maintaining code style, addressing code vulnerabilities, and optimising performance.
Furthermore, we plan to outline “sensible default” tools in each category, tailored for our primary runtimes (like JVM, Golang, Node.js) and suitable for both developer environments and client projects.
AI Coding Assistant Tools (Assess)
As mentioned in the Key API Themes section, the growing popularity of AI Coding Assistant Tools within developer circles is evident, and therefore, compels us as an organisation to invest time and resources to keep abreast of this topic.
This assessment’s objective is to delve into various AI coding assistant tools, establishing recommended best practices when utilising them. It aims to outline the advantages and disadvantages of popular AI coding tools, aiding the team’s informed selection for future client or personal projects. The evaluation targets mature AI tools aiding code creation and review, while also encompassing specialised tools for automation or unit test writing. Ultimately, the assessment aims to provide clear, actionable recommendations to engineers as well as clients.
Orchestration Tooling (Assess)
Following the previous round of tech discussions, a broad assessment of orchestration tools was conducted, wherein a comparative analysis of various options took place. The natural next step is delving into the potential of self-hosting these solutions and establishing best practices.
The ongoing tech assessment centres on exploring the spectrum of available orchestration tools. The aim is to equip Digio with comprehensive insights to offer well-informed recommendations on task management to clients. Amidst the diversity online where different tools are labelled as “Orchestration tools,” we’re filtering the scope. Our focus lies on tools orchestrating workflows and tasks, including containers, lambdas, automated jobs, and more. These tools centralise control, eliminating synchronised flows and providing mid-flow interaction points for seamless task management.
These investment recommendations are a key input to our technology strategy. This strategy informs our recommendations to our clients and specifies the activities that we will perform for the next 6 months. These activities include:
- Identification, creation and delivery of training using a mix of online, study group and facilitated formats. Revise communities of practice around technology domains.
- Definition and execution of technology assessments as short focused projects which deliver findings and recommendations for adoption.
- Nurturing of solution accelerators by providing owners with time and support to develop ideas and test them with regular checkpoints to decide whether further investment is required and justified.
Over the course of the year we’ll apply the outputs to our solutions before repeating the process again.