What Do Blockchain and API Testing Have in Common? 🔗

Blockchain

By now the distinction between crypto-currencies and blockchain technology itself is fairly easy to make. Cryptos like Bitcoin and Ether are tradeable tools with an associated financial value, similar to a stock for a company. Blockchain is the technology behind crypto that allows it to offer the benefits that consumers enjoy. It allows for traceability, security, and transparency driven by a trust in the technology itself. In brief, blockchains are an append-only, immutable ledger (database) that is distributed among all the parties of a network (decentralized). They’re great for some businesses and not useful for others. Blockchains are great for processing transactions, removing intermediaries, tracing products through a lifecycle and maintaining security. It has major implications on the finance and audit sectors, and supply chain management is also seeing rapid adoption with IBM and Walmart leading the charge with their most recent announcement of the Food Tracking Blockchain.

APIs

Think back to when you were learning trigonometry in high school. Sine, cosine, and tangent were all terms new to you but your calculator could readily solve the math problems with ease. At the time you were just concerned with getting your answer and may not have cared how the calculator was able to output answers as fast as you could input them, but the same thing the calculator did for you then APIs do now for developers (kind of). APIs are commands, protocols or other forms of communication that define how other developers can interact with a company’s software. They remove the need to write code from scratch and allows problem solvers to focus on solutions and rely on their community for help in commonly used functions. The API you’ve interacted with most often is likely to sign up or sign into an app using your Facebook or Google which call the appropriate sign-in APIs for those services. In short, APIs allow for communication between two otherwise separate applications and this is what makes them a great fit for blockchain.

APIs are already used on all blockchains because they make coding of functions much easier. However, with the rise of interest in blockchains, there has also been a rise in suppliers of blockchain technology as well as massive open source platforms for APIs and blockchain like the Hyperledger projects. So it is important for businesses looking to make their own blockchains or at least use one in their business to understand some of the key technical factors (like APIs) that go about making the technology possible and why they work so well with blockchain tech.

APIs and Blockchains

Essentially, APIs are processing large volumes of transactions to respond to client requests to access the data libraries of the API. So they need a database to store the data that will be accessed, they need to validate a client to ensure they have the permissions to access the data and they need to this fast. The primary benefit APIs gain from blockchain across these three categories is increased security across the full value chain.

APIs benefit from blockchains as a database because they can store data more securely than traditional databases can and their immutable nature makes them tamper proof while processing large volumes of transactions. Blockchains gained their popularity from Bitcoin, which relies on processing large numbers of transactions and blockchains, in general, are primed to handle large datasets. When APIs are used with blockchain technology the core functionality of APIs stays the same (accessing information from a database) but a database on a blockchain addresses the key security issue of potential hacks. Often the data stored on these ledgers is subject to privacy laws and organizations must take appropriate measures to prevent their users' data from being misused. Think back to the example of the Facebook Login API that most people are familiar with. How many services use that API and how many people would be affected by a security flaw?

Blockchains use top tier encryption algorithms to encode all data to prevent any tampering. For example, to hack into a blockchain using SHA256 encryption (like Bitcoin) one would have to compute a 32 character case sensitive password in less than 10 minutes (the time it takes the system to update), a feat currently impossible. The decentralized nature of blockchains also means that no one computer on the network can force an update without reaching consensus with the entire network. So the data that gets manipulated on the blockchain by an API will be more secure and more accurate resulting in more consumer trust in the organization.

Client validation on a blockchain works very similarly to how it works now. Clients have a unique digital signature on the blockchain, similar to a username, which tracks their actions and validates their requests to ensure the right person is accessing the API. Similar to the database application, APIs benefit from greater trust when validating clients on a blockchain due to increased security and transparency. Anytime an API makes a call, a digital trail will be left on the blockchain that can be used to trace all actions of any client on the chain to enhance accountability and ensure with a greater degree of certainty that the right people are accessing the right data.

Considerations

One current drawback of blockchains is their append-only nature, meaning that once a block has been created it cannot be changed. Data can only be added to a chain, not removed or adjusted. This can make mistakes extremely costly, especially if there is a flaw in the API making an automated call over a large volume of transactions. However, a permissioned structure like the Hyperledger Fabric allows key stakeholders to overwrite transactions if needed. This can be time-consuming relative to a traditional database but is still exponentially more secure. To prevent this APIs need to be perfect before implementation.

The only way to have perfect APIs is to comprehensively test your APIs in their intended functions using an API testing tool. Using IBM API Connect Test and Monitor save developers +95% more time when testing and monitoring their APIs. It does this by building in comprehensive testing scenarios automatically with zero code. This allows them to conduct more rigorous API tests more frequently. As the second half of the name implies, API Connect Test and Monitor can also schedule tests to run automatically. Routinely automated tests are important because as the data your API has to work with changes, so can the results. Furthermore, if you are regularly building up your API and changing the code itself then that needs to be tested often to ensure proper functionality. Failed tests automatically notify the appropriate person/team and all tests are saved in a suite for analysis when needed. Once your API works like it should with no errors then it is ready for your blockchain.

API Connect Test and Monitor is free-forever — get started: http://ibm.biz/apitest

Official IBM blog: https://developer.ibm.com/blogs/blockchain-api-testing/