Mastering API Architecture: Design, Operate, and Evolve Api-Based Systems (Paperback)

James Gough , Daniel Bryant , Matthew Auburn



Most organizations with a web presence build and operate APIs; the doorway for customers to interact with the company's services. Designing, building, and managing these critical programs affect everyone in the organization, from engineers and product owners to C-suite executives. But the real challenge for developers and solution architects is creating an API platform from the ground up.

With this practical book, you'll learn strategies for building and testing REST APIs that use API gateways to combine offerings at the microservice level. Authors James Gough, Daniel Bryant, and Matthew Auburn demonstrate how simple additions to this infrastructure can help engineers and organizations migrate to the cloud; and open the opportunity to connect internal services using technologies like a service mesh.

• Learn API fundamentals and architectural patterns for building an API platform
• Use practical examples to understand how to design, build, and test API-based systems
• Deploy, operate, and configure key components of an API platform
• Use API gateways and service meshes appropriately, based on case studies
• Understand core security and common vulnerabilities in API architecture
• Secure data and APIs using threat modeling and technologies like OAuth2 and TLS
• Learn how to evolve existing systems toward API- and cloud-based architectures

Why Should You Read This Book?

This book has been designed to provide a complete picture on designing, operating, and evolving an API architecture. We have shared our experience and advice through both our writing and an accompanying case study that mimics a real-life event-management conference system that enables attendees to view and book presentation sessions. The case study runs throughout the book, with the goal of you exploring how abstract concepts sometimes translate into practical application. If you want a high-level overview of the evolution of the case study, you can find this in Chapter 10.

We also believe in allowing you to make your own decisions. To support this, we will:

• Be clear when we have a strong recommendation or guidance.
• Highlight areas of caution and problems that you may encounter.
• Supply an Architecture Decision Record (ADR) Guideline to help inform the best possible decision given the circumstances of your architecture and provide guidance on what to consider (because sometimes the answer is “it depends”).
• Highlight references and useful articles where you can find more in-depth content.

The book is not just a greenfield technology book. We felt that covering existing architectures with an evolutionary approach toward more suitable API architectures would provide the most benefit for you. We also tried to balance this with looking forward to newer technologies and developments in the API architecture domain.



在這本實用書中,作者James Gough、Daniel Bryant和Matthew Auburn將展示如何建立和測試使用API網關在微服務層級上結合服務的REST API策略。他們演示了如何通過對基礎架構的簡單添加來幫助工程師和組織遷移到雲端,並開放使用像服務網格這樣的技術來連接內部服務。

- 學習建立API平台的基礎知識和架構模式
- 使用實際示例了解如何設計、建立和測試基於API的系統
- 部署、運營和配置API平台的關鍵組件
- 根據案例研究適當地使用API網關和服務網格
- 了解API架構中的核心安全性和常見漏洞
- 使用威脅建模和OAuth2、TLS等技術保護數據和API
- 學習如何將現有系統演進為基於API和雲端的架構




- 在我們有明確建議或指導時明確表達。
- 強調可能遇到的注意事項和問題。
- 提供架構決策記錄(ADR)指南,以在考慮你的架構情況時提供最佳決策和指導(因為有時答案是“取決於情況”)。
- 強調參考資料和有用的文章,以便你可以找到更深入的內容。



James Gough is a Distinguished Engineer at Morgan Stanley, and has worked extensively with Java and financial systems. He is a Java Champion applying a pragmatic approach to building software, and co-author of Optimizing Java. He currently leads a large enterprise API program, supporting architecture and infrastructure transformation.

Daniel Bryant works as a Product Architect at Datawire. His technical expertise focuses on ‘DevOps’ tooling, cloud/container platforms, and microservice implementations. Daniel is a Java Champion, and contributes to several open source projects. He also writes for InfoQ, O’Reilly, and TheNewStack, and regularly presents at international conferences such as OSCON, QCon and JavaOne. In his copious amounts of free time he enjoys running, reading and traveling.

Matthew Auburn has worked for Morgan Stanley on a variety of financial systems. Before working at Morgan Stanley he has built a variety of mobile and web applications. Matthew’s Masters degree primarily focused on security and this has fed into working in the security space for building APIs.


James Gough是摩根士丹利的杰出工程師,並且在Java和金融系統方面有豐富的工作經驗。他是一位Java Champion,以實用的方法來建立軟體,並且是《Optimizing Java》的共同作者。他目前領導一個大型企業API計畫,支援架構和基礎設施轉型。

Daniel Bryant在Datawire擔任產品架構師。他的技術專長集中在「DevOps」工具、雲端/容器平台和微服務實施上。Daniel是一位Java Champion,並且貢獻於多個開源專案。他也為InfoQ、O'Reilly和TheNewStack撰寫文章,並經常在國際會議上演講,如OSCON、QCon和JavaOne。在他豐富的空閒時間中,他喜歡跑步、閱讀和旅行。

Matthew Auburn在摩根士丹利工作期間,參與了各種金融系統的開發。在加入摩根士丹利之前,他曾建立過多種移動應用程式和網頁應用程式。Matthew的碩士學位主要專注於安全領域,這對於他在建立API的安全空間中起到了作用。