📘 کتاب طراحی و ساخت پلتفرم‌های API

نوشته‌ی James Gough، Daniel Bryant، و Matthew Auburn راهنمایی عملی برای توسعه‌دهندگان، معماران نرم‌افزار، و تیم‌های فناوری اطلاعات است که می‌خواهند از صفر، یک پلتفرم API قدرتمند و مقیاس‌پذیر طراحی کنند.

✳️ موضوع اصلی:

امروزه تقریباً تمام سازمان‌هایی که حضور دیجیتال دارند، از API برای ارائه خدمات خود به مشتریان استفاده می‌کنند. این کتاب بر طراحی، ساخت و مدیریت پلتفرم API تأکید دارد — نه فقط نوشتن یک API ساده، بلکه ایجاد زیرساختی کامل که از میکروسرویس‌ها پشتیبانی کند و برای محیط‌های ابری (Cloud) قابل توسعه باشد.

📦 آنچه در این کتاب می‌آموزید:

• مبانی API و الگوهای معماری برای ساخت یک پلتفرم API مدرن
• آموزش طراحی، توسعه، تست، و دیپلوی سیستم‌های مبتنی بر API
• استفاده از API Gateway برای تجمیع خدمات میکروسرویس‌ها
• نحوه‌ی استفاده از Service Mesh برای اتصال امن و انعطاف‌پذیر سرویس‌های داخلی
• نحوه‌ی مهاجرت سیستم‌ها به معماری ابری و API-based
• آشنایی با مفاهیم کلیدی امنیت API، شامل:
• ‣ تهدیدها و آسیب‌پذیری‌های رایج
• ‣ مدل‌سازی تهدید (Threat Modeling)
• ‣ استفاده از پروتکل‌های امنیتی مانند OAuth2 و TLS

🎯 مناسب برای:

• توسعه‌دهندگان بک‌اند و فول‌استک
• معماران نرم‌افزار
• مدیران DevOps و SRE
• تیم‌هایی که در حال مهاجرت به Cloud-native Architecture هستند

📌 نکته مهم:

این کتاب فقط مفاهیم نظری ارائه نمی‌دهد، بلکه با مثال‌های عملی و مطالعات موردی (Case Studies) دقیقاً نشان می‌دهد چگونه پلتفرم‌های API را در دنیای واقعی پیاده‌سازی کنید.

اگر خواستی، می‌تونم ساختار فصل‌ها رو هم به‌صورت لیست کدنویسی‌شده ارائه بدم. بگی برات آماده می‌کنم.

Most organizations with a web presence build and operate APIs; the doorway for customers to interact with the company's services. Designing, building, and managing these critical programs affect everyone in the organization, from engineers and product owners to C-suite executives. But the real challenge for developers and solution architects is creating an API platform from the ground up.

With this practical book, you'll learn strategies for building and testing REST APIs that use API gateways to combine offerings at the microservice level. Authors James Gough, Daniel Bryant, and Matthew Auburn demonstrate how simple additions to this infrastructure can help engineers and organizations migrate to the cloud; and open the opportunity to connect internal services using technologies like a service mesh.

• Learn API fundamentals and architectural patterns for building an API platform
• Use practical examples to understand how to design, build, and test API-based systems
• Deploy, operate, and configure key components of an API platform
• Use API gateways and service meshes appropriately, based on case studies
• Understand core security and common vulnerabilities in API architecture
• Secure data and APIs using threat modeling and technologies like OAuth2 and TLS
• Learn how to evolve existing systems toward API- and cloud-based architectures

Why Did We Write This Book?

In early 2020 we attended O’Reilly Software Architecture in New York, where Jim and Matt gave a workshop on APIs and a presentation on API gateways. Jim and Daniel know each other from the London Java Community, and like at many architecture events, we got together to talk about our thoughts and understanding around API architectures. As we were talking on the hallway track, several conference delegates came up to us and chatted about their experiences with APIs. People were asking for our thoughts and guidance on their API journey. It was at this point that we thought writing a book on the topic of APIs would help share our discussions from conferences with other architects.

Why Should You Read This Book?

This book has been designed to provide a complete picture on designing, operating, and evolving an API architecture. We have shared our experience and advice through both our writing and an accompanying case study that mimics a real-life event-management conference system that enables attendees to view and book presentation sessions. The case study runs throughout the book, with the goal of you exploring how abstract concepts sometimes translate into practical application. If you want a high-level overview of the evolution of the case study, you can find this in Chapter 10.

We also believe in allowing you to make your own decisions. To support this, we will:

• Be clear when we have a strong recommendation or guidance.
• Highlight areas of caution and problems that you may encounter.
• Supply an Architecture Decision Record (ADR) Guideline to help inform the best possible decision given the circumstances of your architecture and provide guidance on what to consider (because sometimes the answer is “it depends”).
• Highlight references and useful articles where you can find more in-depth content.

The book is not just a greenfield technology book. We felt that covering existing architectures with an evolutionary approach toward more suitable API architectures would provide the most benefit for you. We also tried to balance this with looking forward to newer technologies and developments in the API architecture domain.

Who This Book Is For

Although we had an initial persona in mind when creating this book, during the writing and reviewing process three key personas emerged: the developer, an accidental architect, and the solutions or enterprise architect. We have outlined these personas in the following sections, with the aim that you not only identify with at least one of them, but also so that you can look at each chapter through the different lens these personas provide.

Developer: You have most likely been coding professionally for several years and have a good understanding of common software development challenges, patterns, and best practices. You are increasingly realizing that the software industry’s march toward building service-oriented architecture (SOA) and adopting cloud services means that building and operating APIs is fast becoming a core skill. You are keen to learn more about designing effective APIs and testing them. You want to explore the various implementation choices (e.g., synchronous versus asynchronous communication) and technologies and learn how to ask the right questions and evaluate which approach is best for a given context.

Accidental Architect: You have most likely been developing software for many years and have often operated as a team lead or resident software architect (even if you don’t have the official titles). You understand core architectural concepts, such as designing for high cohesion and loose coupling, and apply these to all aspects of software development, including design, testing, and operating systems. You realize that your role is increasingly focused on combining systems to meet customer requirements. This could include internally built applications and third-party SaaS-type offerings. APIs play a big part in successfully integrating your systems with external systems. You want to learn more about the supporting technologies (e.g., API gateway, service mesh, etc.) and also understand how to operate and secure API-based systems.

Solutions/Enterprise Architect: You have been designing and building enterprise software systems for several years and most likely have the word architect in your job title or role description. You are responsible for the big picture of software delivery and typically work within the context of a large organization or a series of large interconnected organizations. You recognize the changes that the latest iteration of service-based architectural styles are having on the design, integration, and governance of software, and you see APIs are pivotal to the success of your organization’s software strategy. You are keen to learn more about evolutionary patterns and understand how the choice of API design and implementation will impact this. You also want to focus on the cross-functional “ilities”—usability, maintainability, scalability, and availability—and understand how to build API-based systems that exhibit such properties, as well as provide security.

About the Author

James Gough is a Distinguished Engineer at Morgan Stanley, and has worked extensively with Java and financial systems. He is a Java Champion applying a pragmatic approach to building software, and co-author of Optimizing Java. He currently leads a large enterprise API program, supporting architecture and infrastructure transformation.

Daniel Bryant works as a Product Architect at Datawire. His technical expertise focuses on ‘DevOps’ tooling, cloud/container platforms, and microservice implementations. Daniel is a Java Champion, and contributes to several open source projects. He also writes for InfoQ, O’Reilly, and TheNewStack, and regularly presents at international conferences such as OSCON, QCon and JavaOne. In his copious amounts of free time he enjoys running, reading and traveling.

Matthew Auburn has worked for Morgan Stanley on a variety of financial systems. Before working at Morgan Stanley he has built a variety of mobile and web applications. Matthew’s Masters degree primarily focused on security and this has fed into working in the security space for building APIs.