Different Azure services uses difference models of consumption. This post aims to list down those differences. Below are the categories where we can see differences.
- Service naming model
- Unique name inside Azure
- Unique name inside subscription
- API URL pattern
- Instance specific URL
- Instance name as sub domain
- Service instance name in URL path
- Generic URL
- API authorization.
- Key - Azure Search
- Time limited tokens - Translator Text API
- Passing API authorization
- Inside URL as query string
- Inside http headers
Service naming model
This refers to how we create the Azure service. There are mainly 2 types unique in the entire Azure v/s unique in subscription
Unique name inside Azure
Most of the services require us to create a globally unique name. That name will often end up as sub domain or part of URL.
eg: Storage account
The problem with this mechanism is creation of new service instance from the application on the fly. For example, assume we are offering a SaaS solution and database isolation is one DB / tenant. There is a limit of 5000 databases per Azure SQL Server. When our 5001 tenant registers, we have to create next SQL Server instance from the program. Since the server name has to be unique across entire Azure, our program has to do trial and error methods to get unique name. To workaround this problem, we can take different routes such as generating GUID, create instances upfront etc... But it is something to be considered during the development process. Else it just fails.
Unique name in Subscription
Others end up in creating a name which is unique across the subscription.The AppInsight is the example for such a service.
API URL Pattern
All most all the services are designed to be consumed via http(s) web service endpoints. Mainly ReST based APIs with JSON data format. The URL pattern differs per service. Some service demand URL with its name and some can be accessed using generic URL.
Instance specific URL
Here the name of the service instance is needed in the API URL as sub domain or in the path.
Instance name as sub domain
The Azure storage account is one example for a service which demands globally unique name which ends up as sub domain.
Eg: https://<storage account>.blob.core.windows.net/
The services such as WebApps really demands the URL separation using sub domain.
Service instance name in URL path
If we look at some services we can see the service name is appearing inside the URL path after the domain.
eg: Analysis service asazure://westus.asazure.windows.net/<analysisservicename>
Generic URL
In this category, there won't be any URL which has the service name in it. Instead they use a generic URL to hit the Azure service and identify service via parameters. Parameters can be request headers containing API keys or tokens.
eg: Application Insights
API Authorization
Authentication & authorization are essential factors in web service based API world. There are 2 different methods we can see in Azure services.
Key based
Key is same as in real world. The key can be used multiple times, until the lock is replaced. Similarly in Azure world, the validity of key is till that key is replaced. If anyone obtain our key, they can keep using our service till we identify the theft and replace.
eg: Azure search. It demands us to put the key in the header.
Token based
In simple sense, token are short lived keys. Using a key or some other mechanism, we can create a token and use it for predefined time. Once it expires we have renew the token. Tokens has better security but difficult to use.
eg: Text Translator API. Details available here on how to use from Postman.
Passing API Authorization
Another area is how we can pass the authorization whether it is key or token
Inside URL as QueryString
Some services accept the authorization via the URL in the form of query string.
Eg: Azure search
Inside http headers
API Version
Some services such as Azure Search needs version in the API. The versioning is in the form of date
eg:https://<search service>.search.windows.net/indexes/<index>/docs?api-version=2016-09-01&search=<search key>&highlight=content
But the Translator Text follows v# versioning eg:https://api.microsofttranslator.com/v2/Http.svc/GetTranslations?text=jaguar&from=en&to=es&maxTranslations=5
Another way we can find for versioning is in Storage. It demands the version inside the http headers. Refer for details. Also it needs version as x-ms-version header.
Some random thoughts
Ideally as per the API guidelines (even from Microsoft) all the APIs which an application or platform provides should follow same standards. They should look like all are designed by same person. That way, consumers don't have to invest much time learning the APIs and usage.
But in case of Azure, we cannot proceed with that principle. We have to learn to use different services separately. Why Microsoft Azure service APIs has this discrepancy?
We cannot assume that the teams who designed & developed APIs don't know this basic principle of API design. They should be having their own reasons why they did so. If we look at the Translator Text API, may be team thinks that, it should be really protected using auto expiring tokens where the Azure search team thought, search results are less secure and just needs to be protected by a key. May be from consumers point we value our search result data more than a generic translation method.
Another reason might be legacy code. Means connecting legacy code and putting into production may end up in having different API models. Also if a product is bought from other company via acquisition or so, it may end up differently. At the end the time to market matters which is nothing but money. Sometimes when weighing the money we will get due to fast release v/s beautifying the API, money gets priority.
Competition matters here too. Sometimes first-mover strategy gives a big advantage and it may lock in clients.
Whatever the case, it seems there are no design notes publicly available describing the rationale behind these different decisions similar to Angular. We have to take our best guess why it is so and learn it.
2 comments:
Post a Comment