When we launched API Insights a little over four months ago, we were confident that we were solving a real problem. We heard from many users who said that API issues from APIs they use daily, even APIs they could review, debug, and analyze within the Treblle platform, are caused by poor quality.
For example, some of those APIs are too slow.
Shopify has a great article detailing why performance is so important, particularly in the ecommerce space. But the logic applies elsewhere: good performance suggests scalability and it ultimately leads to better user experiences. Yet, Smartbear’s 2023 State of Software Quality report did not name performance testing on its list of most popular testing techniques submitted by respondents. This is despite performance ranking third in the most concerning quality risks by those same respondents (behind Security and Functionality). I suspect this was lumped in with other types of testing, but it’s interesting that it was not called out separately.
Other APIs have repetitive errors because of bad code.
We don’t talk about API code as much as API reliability or scalability. Yet, poor code can lead to unexpected problems (even if they are edge cases), less performant APIs, and ultimately they can lead to security breaches. Codescene has a great white paper analyzing the business impact of low code quality. And on the Treblle platform, our analysis of the top 100 APIs with the most requests (nearly 200 million) shows an average of over 5% server-side related problems, which typically exceeds organizational thresholds.
And others have security vulnerabilities because they aren’t configured properly or don’t enforce good policies.
In Treblle’s 2023 Anatomy of an API report, for example, we found 51% of 9,000 APIs analyzed didn’t have any form of authentication. A distressing 56% of those same APIs scored a medium or high security threat level, which means they failed multiple times across our robust security checks – data that aligns with other major reports such as the joint Akamai and SANS Institute survey.
The problem statement seemed clear: how could teams improve quality easily, without significantly disrupting workflows or causing teams to become inefficient at delivery.
This gave us our lighthouse idea: create a simple, fast tool that helps developers understand the quality of their APIs. We then went further, allowing users to share those Insights with others, utilize API Insights directly in the code editor, and compare APIs to others in their same industry.
And so, just as our VSCode extension (with nearly 700 installs in only two weeks!) was meant to bring API Insights into a tool that developers already use when building APIs, we are bringing API Insights into another tool (and process) where quality checks can be enforced and automated: the Command Line Interface or CLI.
What is the CLI?
The CLI (Command Line Interface) is a way to interact with software through a text-based interface. It offers the user a series of commands which will then provide an output. That output can then be read or piped into a workflow, which will perform its next step if the output is what was expected. One of the main advantages of this flow is that it can be automated - built to run repetitively with minimal manual intervention.
In contrast, a graphical version of an application often requires a manual user action each time an output is needed. That output then has to be converted to a different format or has to be heavily edited before it can ever be put within another tool or process (let alone automated).
In solving the automation problem, the CLI concurrently provides a governing function to ensure APIs meet specific standards. While an ideal process is to have governance or API linting at the design phase, those rules can be reviewed and enforced after the API has been developed but before the API has been shipped.
We can think about this in terms of a large-scale manufacturing facility that produces a complex product. Instead of having a quality control (QC) engineer check every product after each step of the build process, the engineers have instead configured the production machines to only work within specific parameters.
If those parameters are not met, then the manufacturing workflow stops and production comes to a halt until the problem is resolved. Additionally, the engineers can compare production reports against a spot check of the items to determine if the quality level is indeed high enough and if it is consistent.
Why is this important?
The API Insights CLI is important because it removes the need to consume a great amount of time building individual quality checks that also need to be added into your workflow. It allows the developers to move quickly, being confident that accidentally missed items will be caught and fixed before ever getting to consumers.
If you are using a CI/CD process, where you continually test to ensure any changes to your APIs meet certain standards, the CLI allows you to easily plug API Insights into that process. You can then automate testing your API against a robust number of design, performance, and security standards and best practices.
The CLI is an integral part of the developer toolkit and API lifecycle. It helps automate tasks that would otherwise take a lot of time or would require significant changes to team processes. API Insights helps solve the problem of ensuring APIs are high quality by scoring across 30+ tests under three main categories: design, performance, security.
With the API Insights CLI, we allow teams to maintain their velocity by not slowing down the quality and governance processes. Teams can integrate API Insights CLI directly into their testing automation workflows or CI/CD pipelines to meet their organization’s standards or the standard your team aspires to.
Give API Insights CLI a try! Share with us how you're applying API Insights CLI in your projects and any improvements or new features you'd like to see. Your feedback is invaluable, as we continuously strive to enhance the tool to better meet your needs. Let's collaborate to make API Insights CLI even more powerful and user-friendly. Reach out to us through our feedback form, social media channels, or email—we're all ears!