API Dev Ex Journey

When I had a chit chat with the business I'm working with, they told me often they see a lot of fraud transactions originating from one of the their  eCommerce B2C web sites. Most of the fraud transactions exhibit a pattern – either billing address or shipping address is invalid. The eCommerce site doesn’t implement  an address validation for billing or shipping address. If the validations do exist, without correcting the address issues a user cannot navigate to the payment page. So, I looked at some of the address validation services. As a developer what I did is relevant for any API seekers J

1.     Searchability/Discoverability of an API

As the first step, a developer MUST go to any available search engines and hunt for an API they are interested in. So, if we are doing any commercial APIS, it’s very important to make sure that the APIS are ranked properly by the search engines and it MUST bubble up when a user search for any API related key words.

2.     API documentation

After the API hunt, I found a lot of companies, UPS, USPS, Experian, Smart streets offer address validation service. Various criterions I used to weigh the API offerings from different companies are:

1.     How easy and fast I can apprehend the APIs

2.     Simplicity of API methods, request and response – From smarty street, most of the APIS, request and response object are self-explanatory. I don’t even  go through their API documentationsJ - I think the APIs directly talk with the developer.

3.     Try it yourself – After reading the APIs, the immediate step a developer took is to see the APIs in action. Some API providers provide a try it now link that  allows a user to test the APIs without logging in or without even request for an API key.
Able to try out an API without logging in or providing 100 steps of information is another key aspect of Dx.

3.     Integration

Another criteria I considered is how easily I can integrate the APIs to my application. For this, I look for any SDKs available from the API provider. Most of the companies provides SDK that supports various programming languages.  Another aspect I considered is, how often the APIs are versioned and how often the companies publish their SDKs.

Other aspects like, cost of usage (fixed vs pay per use), support …etc are considered. However, I wish to share the above three core aspects. Please share your thoughts?

Get Solarized

I was watching Scott Hanselman and Maria's MVA course and Scott's command prompt looks eye catchy and later I've read his blog on getting solarized.

https://www.hanselman.com/blog/GetSolarizedAwesomeCommandPromptColorsForVSVSCodeCmdPowerShellAndMore.aspx

If you prefer an awesome command prompt, VS code or VS,  refer his blog. In short:

For command prompt, I downloaded the package and installed the dark theme

regedit /s solarized-dark.reg

VS code was pretty easy

Short cut for Theme - Ctrl +K, Crtl +T  and select solarized theme

Visual Studio Console:

Refer - https://github.com/leddt/visualstudio-colors-solarized

Man in the Middle Attack (MitM) Troy Hunt webinar

Great talk, explained why companies need to plan to use HTTPS (TLS use interchangeably :))

• MitM attack from the router, ISP.
• Content injection on an insecure page (HTTP)
• HTTP2 works with TLS. H2 protocol loads resources very fast  (httpvshttps.com)
• All major browsers are planning to show warning, not secure on form fields, that will scare the end customer away from using the websites.
• chrome://flags/ - you can change settings to explicitly show when a connection is not secure
• Trust on First use (TOFU) problem
• Add secure header, set the max age, include sub domains, preload hsts
• hstspreload.org - registering HSTS, refer submission requirements

Dream and project

I read an interesting article about dreams. From wiki - A dream is a succession of images, ideas, emotions, and sensations that usually occur involuntarily in the mind during certain stages of sleep.

Most of the IT projects are a result of a dream, an idea. A dream occur in the REM stage of the sleep and it lasts for a few seconds or minutes. During a dream, I can watch a full length colorful movie, Avatar, in a few seconds. In reality, Avtar took 10 years to make - http://tech.firstpost.com/news-analysis/avatar-took-10-years-to-make-we-wonder-why-12779.html

As I mentioned any projects are a result of a dream. To materialize the dream, it takes considerable effort and time, else the dream turns into a failed project.

In my experiences, the team wants to execute the ideas as they see in their dreams and the best way to execute is "Agile".  I don’t complain agile is wrong, you need some discipline while doing agile projects, may be Disciplined Agile Development (big fan of it). However, the team usually forget the time and effort needed to plan the project - drafting a proper screen play, identify the right actors, actresses, technicians, the locations.......

I had worked in a project where the team wants to build a cool idea, so the business said (directed) - let’s use this vendor, let’s use this component and let’s integrate things together. End of the story, the vendor never understood what they are building, the internal team never analyzed what's the external provider offers and the one month project (integration of components) took three months and I don't know whether the project is materialized. I forgot to mention, there is another team who does UI :) and if you ask anyone what they are trying to achieve, you will get different opinions and the only person who knows the end goal is the "test lead" for that project.

So, bottom line is - dream takes a few seconds to minutes. A successful project needs right vision, right people, proper planning and a good team attitude :)

Create a meeting by using the EWS Managed API

Our team has used EWS API's Appointment service to book a meeting room. During our testing, its been  noted that  the room was not blocked on the exchange server and  over lapping meetings can be booked for that room.

I had gone through the code and found that the meeting room was added as part of the required attendees list
meeting.RequiredAttendees.Add("roomid@contoso.com");

In this case, the room  has to accept the request so as to get the calendar blocked. The MSDN document didn't give any clue to add a meeting room. It specifies a "Location" field, however it wont block the meeting room for the specified time range.

https://msdn.microsoft.com/en-us/library/office/dn495611(v=exchg.150).aspx

After a few trail and error, we found that, the meeting room must be added as part of the resources
 meeting.Location = "Location name";
meeting.Resources.Add("roomid@contoso.com");

Updated Code -  assuming an exchange service object has been created:

Appointment meeting = new Appointment(service);

// Set the properties on the meeting object to create the meeting.
meeting.Subject = "Team building exercise";
meeting.Body = "Let's learn to really work as a team and then have lunch!";
meeting.Start = DateTime.Now.AddDays(2);            
meeting.End = meeting.Start.AddHours(4);
meeting.Location = "Conference Room 12";

meeting.Resources.Add("ConferenceRoom12@contoso.com");

meeting.RequiredAttendees.Add("Mack@contoso.com");
meeting.RequiredAttendees.Add("Sadie@contoso.com");
meeting.OptionalAttendees.Add("Magdalena@contoso.com");
meeting.ReminderMinutesBeforeStart = 60;

// Save the meeting to the Calendar folder and send the meeting request.
meeting.Save(SendInvitationsMode.SendToAllAndSaveCopy);

Hybris confusion

As I started reading more on Hybris umbrella of products, I got so confused about the set of products branded under (y). This confusion forced me to do more reading. I found an interesting LinkedIn post worth sharing - https://www.linkedin.com/pulse/sap-hybris-confusion-sanjeev-singh

For my quick reference, I have copied a few major points and an image from the above blog

1.     Hybris Commerce: It offers comprehensive B2B and B2C commerce applications including Product Content Management (PCM), Order Management, Search and Merchandising. Hybris Commerce is a market leader in ecommerce and it offers anything and everything you need from an ecommerce application. Of course you may need to integrate your backend order management and fulfilment system to seamlessly achieve end-to-end Omni channel process.

2.     Hybris Billing: This is one of the most cutting edge and comprehensive billing solutions available in market. It helps in monetizing your products and services using subscription and usage based billing in real time. It offers Subscription Management and Pricing Agility, Billing and Revenue Management, Usage Mediation and Service Control.

3.     Hybris Cloud for Customer (C4C): This is nothing but SAP CRM Cloud solution and potential replacement for on-premise SAP CRM. It comprises of Sales and Service Solutions. SAP comes with quarterly releases to add new functionality to C4C. Consider C4C as an evolving but promising product. C4C Sales Solution offers Sales Force Automation and Sales Performance Management Solution. C4C Service Solution includes Self Service (both customers and employees), Contact Center and Field Service.  SAP has finally come up with a cloud based CRM solution to give salesforce.com run for the money.

4.     Hybris Marketing: Hybris Marketing solution addresses some of the serious gaps in on-premise SAP CRM Marketing solution. It enables real-time contextual marketing and helps you understand real-time customer intents and deliver unique customer experiences. It maintains customer profiles and dynamically enhances their profiles with additional attributes based on data gathered through various channels customer interact with. It helps you understand, define and make in point offerings to the customers. Traditional CRM Marketing campaigns are based on historical customer attributes and are not very effective in leveraging real-time marketing. SAP Hybris Marketing definitely offers the most cutting edge solution to marketers for delivering personalized experiences to their ever changing customer needs.  

Advantages of having a strong network

I've read a post on LinkedIn about the positives of having a strong professional network an want to share my experience.

I was working on a project that has a great vision and a great visionary as the product owner. The project works in a so called "agile" way without any priorities, a lot of vendors and a lot of meetings and no outcomes.

Once I discussed about this project to my friend and the tensions and stress I'm getting from the project. Surprisingly, the  next week I got a lunch invite from my friend's friend and I met with a couple of his colleagues. After a week, the HR from the company called me about an opportunity.

Since I was not actively looking outside, I told I'll consider when I look outside. World is small, polish your skills, read a lot (my favorite is InfoQ  and some blogs I personally follow)

Hybris learning

I’m planning to write a series of notes on my hybris learning efforts. Note: I’m not a (y) expert and now trying to learn the Hybris (y) suite of products. From my experience, in IT we try to find solutions for problems. End of the day what matters is the solution. Usually one solution open up another set of problems J. So seek a perfect solution! (y) experts, if you see any conflicts in my view point, please correct and it will help me to build the architecture foundation.

1. Hybris Confusion

Swashbuckle : Documenting values passed via HTTP header

Refer https://github.com/domaindrivendev/Swashbuckle

Swashbuckle adds swagger documentation to .NET Web API project.

This article explains how to document parameters that are passed in via HTTPHeader.

for this create a custom operation filter:

 public class SwaggerHeaderparameters: IOperationFilter
    {

   
        public string Description { get; set; }      
        public string Key { get; set; }      
        public string Name { get; set; }      
        public string DefaultValue { get; set; }

        public void Apply(SwaggerDocsConfig c)
        {
            c.ApiKey(Key).Name(Name).Description(Description).In("header");
            c.OperationFilter(() => this);
        }    

        public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
        {
            operation.parameters = operation.parameters ?? new List<Parameter>();
            operation.parameters.Add(new Parameter
            {
                name = Name,
                description = Description,
                @in = "header",
                required = true,
                type = "string",
                @default = DefaultValue
            });
        }
    }

How to use?

 var brandHeader = new SwaggerHeaderparameters
            {
                Description = "brand",
                Key = "brand",
                Name = "brand"
            };
            config.EnableSwagger(c =>
            {
                c.SingleApiVersion("v1", "API Documentation");
                c.RootUrl(req => req.RequestUri.GetLeftPart(UriPartial.Authority)
                + req.GetRequestContext().VirtualPathRoot.TrimEnd('/'));          
                brandHeader.Apply(c);              
            }
           ).EnableSwaggerUi();

Autofac : resolve dependency per request based on parameter passed on HTTPHeader

Get the HTTP Context base

  builder.RegisterHttpRequestMessage(GlobalConfiguration.Configuration);

            builder.Register<HttpContextBase>(c =>
            {
                var context = (HttpContext.Current != null) ?
                new HttpContextWrapper(HttpContext.Current) :
                c.Resolve<System.Net.Http.HttpRequestMessage>().Properties["MS_HttpContext"] as HttpContextWrapper;
                return context;

            }).InstancePerRequest();

Resolve the dependency based on the request header value

  builder.Register(c =>
            {
                var route = c.Resolve<HttpContextBase>().Request.Headers.Get("provider");
                if (route == null)
                {
                    throw new ArgumentNullException($"A route must be specified");
                }
                return c.ResolveNamed<IInterfaceName>(route);
            }).InstancePerRequest();

TLS MQTT broker connection using MqttClient

Last week I was working on a C# application to publish messages using the MqttClinet - https://m2mqtt.wordpress.com/using-mqttclient/

The IBM Watson IoT C# library use the same package :) https://github.com/ibm-watson-iot/iot-csharp

The library is amazing. However a few suggestions from my side:

1. The documentation is very generic, not explaining the complex scenarios.
2. The error codes are very generic and the documentation doesn't cover what the return error code number means.

The MQTT broker which we use is configured to use TLS. So, I was looking for a proper documentation to connect to the MQTT using TLS and I couldn't find one. So, I copy pasted the code we used for the connection:

var serverCert = new X509Certificate("certificte path *.cer");

//I  exported the certificate from the server and stored in a project folder.

            _client = new MqttClient("Host name", "port", true, serverCert, null - if you use client certificate, MqttSslProtocols.TLSv1_2);
            if (_client.Connect("Client name", "user name", "password") != 0)
            {
                throw new Exception("Unable to establish connection to MQTT broker");
            }

Clean code, better code

Last week I was working with my team to create a REST API for our sensor to publish data. At the time of writing, the sensor XDK we used supports only HTTP GET and we need a way to pass the temperature and acoustic data to our MQTT broker.

The quick and dirty suggestion is to create a WebAPI GET method and pass the message to our MQTT broker using M2Mqtt client.

This post, I don’t like to explain the implementation details, however I explain how neatly you can write the code.

The developer wrote the code like this

  [Route("publish")]

 public IHttpActionResult Get(string id, string noise, string temp){

              -compare mac id with database, if not throw error

              - convert noise to integer and find the noise level (low, medium or high based on the value matrix - a set of if else)

              -convert temperature to integer. Since the sensor returns mill-degree Celsius, convert it to Celsius

               - send data to MQTT using M2Mqtt

}

The controller contains > 200 lines code and it worked!!! I talked to the developer and asked, are you satisfied with the code you had written. He said it works well.

Then I explained the ways to organize the code

• Write a class for noise. All conversion (string to double) can be handled there. So the code is completely unit testable.
•   Create a class for temperature. Create properties for Degree Celsius, Fahrenheit…..
•   Create a NoiseRange class with max, min and "text" which specifies what that range means (refer Martin Fowler’s range pattern) and implement a method Includes (Noise noise) 
•  Create a NoiseManager class that contains the list of noise ranges (I've added noise ranges in a json file and stored in App_Data folder)
•  Create a repository pattern to interface with the data base (to verify the macid).
•  Create a MqttManager class to interface with the MQTT broker
•   Inject the repository, Noise Manager and MqttManager as dependencies. I prefer Autofac

Now each and every part of the program is modular and self-containing which can be unit tested individually

It takes some time to understand what a better clean code means. When you get it right, you always follow the right ritual. Happy coding !!!