API Visibility Is Key
Visibility of APIs is a fundamental necessity for governance, security, and productivity. Yet most organizations are unable to answer the following critical questions:
- What APIs do I have?
- Are OpenAPI schemas for the APIs documented and maintained?
- Which APIs process sensitive data?
- Which users access which APIs, under what roles (or scopes)?
- Which APIs are external vs. internal?
Annotation Based OpenAPI Generation Is Not Scalable
Disparate Set of Open Source Tools
There are a plethora of (language/framework specific) open source tools that generate OpenAPI specifications at build time, by scanning source code.
They use code level annotations added by developers, to language/framework specific resources, methods, and controllers, to generate schema for APIs.
Examples include Swagger-Core, SpringFox, NSwag / Swashbuckle, Swagger-express / HAPI-Swagger, Django-REST-Swagger / Flask-RESTplus, etc.
These Tools Don’t Scale Well
Modern development environments are polyglot in nature, where you find several small teams, using a variety of technology stacks, and disparate programming languages.
These tools don’t scale well in these environments due to the following reasons:
- It is hard to achieve consistency (of API documentation) across so many small teams, disparate programming languages, and variety of language frameworks.
- Developers need to correctly annotate the code in appropriate places, lest the documentation will be incomplete and inaccurate.
- Developers need to maintain the annotations as they continuously refactor code, lest the documentation will be incomplete and inaccurate.
- Annotations are static in nature. When APIs return dynamic objects, the auto documented specification will be incorrect, or incomplete.
- There is no guarantee that what is auto documented, is the actual wire behavior exhibited by the API.
The Network Doesn’t Lie
APIs transact by exchanging JSON data over the network. This makes the network, the ultimate source of truth for API behavior, and schema.
Harnessing the network to auto discover & auto document APIs, in a consistent and scalable manner, has been challenging until recently.
eBPF Based Automatic OpenAPI Generation
Achieve Consistency & Scale, while Preserving Privacy
eBPF is revolutionary technology, that enables auto documentation of APIs in a consistent, scalable, and language/framework agnostic manner.
Levo provides a free service that automatically generates OpenAPI documentation for all your APIs, by passively observing your runtime API traffic via eBPF.
The installation involves a single Helm Chart for Kubernetes, or a single Docker command for other environments. The installation does not require code changes, configuration changes, or SDK additions to your applications.
Ensuring the privacy of your customer data is paramount. You can read more about privacy-preserving features here.
Auto Generate OpenAPI with Sensitive Data Annotations
All APIs active in the runtime environments are auto discovered, and OpenAPI specifications are auto generated for them.
OpenAPI specifications are annotated with sensitive data types (PII, PSI, PHI, etc).
The API documentation is always fresh, and is based on the single source of truth
, which is the actual API behavior observed on the network.
Continuously Validate Existing OpenAPI Documentation
Teams building API documentation with an API-First approach, can also benefit.
Cross validate existing OpenAPI documentation with auto generated documentation for accuracy and completeness.
Interested in trying Auto OpenAPI Generation?
Levo is a purpose-built, developer-first API security solution that fully automates API Observability, API Documentation & API Testing in CI/CD pipelines.
Signup for a forever free account, and start auto documenting all your APIs within minutes.
Have questions? Contact us at info@levo.ai
.
Top comments (0)