In my previous post Evolving your APIs, I mentioned the main API versioning approaches. During the talk of the same name, I sometimes get some questions on the subject. In this post, I'll detail each of them.
I assume readers know the reasons behind versioning, semantic versioning, and product lifecycle. If not, I encourage you to read a bit about these themes; in particular, chapter 24 of the excellent API Design Patterns book focuses on them.
I'll summarize the subject in a few words in any case.
Software naturally evolves, because of business needs or changing regulations. In some cases, the said software has no clients but humans, e.g., a monolith with Server-Side Rendering. In all other cases, at least another software component interacts with your software:
Some changes are backward-compatible - you don't need to update the client; others are not. Removing an endpoint is not backward compatible; it's a breaking change. Removing a parameter, adding a required parameter, or changing a parameter type are also breaking changes.
When introducing a breaking change in regular software, you must increase its major version if you adhere to semantic versioning. It's the same in the realm of APIs. You let your customers keep using the v1 version while releasing breaking changes in the v2 version.
The crux of the problem is now how to use a specific version of the endpoint. Three options are available:
Let's detail them in turn. It all boils down to routing; I'll demo the configuration with Apache APISIX to implement each versioning approach.
Path-based versioning is so ubiquitous that it's the approach most people think about when they think about API versioning. The idea is to set the version in the path:
/v1/foo
/v2/foo
Path-based versioning seems easy to implement with Apache APISIX:
upstreams:
- id: 1
nodes:
"upstream_1:8080": 1
- id: 2
nodes:
"upstream_2:8080": 1
routes:
- uri: /v1/*
upstream_id: 1
- uri: /v2/*
upstream_id: 2
The above setup doesn't work, unfortunately: as it stands, we forward /v1/*
to the upstream, whereas it probably can handle only *
- the path behind the version prefix. We need to remove the version prefix before forwarding to the upstream:
routes:
- uri: /v1/*
upstream_id: 1
plugins:
proxy-rewrite:
regex_uri: [ "/v1(.*)", "$1" ] #1
- uri: /v2/*
upstream_id: 2
plugins:
proxy-rewrite:
regex_uri: [ "/v2(.*)", "$1" ] #1
Remove the version path prefix before forwarding
Beware if you use other plugins, which may forward the request before the prefix is removed, e.g., proxy-mirror
. In this case, we must apply proxy-rewrite
before proxy-mirror
. Apache APISIX orders plugins by their default priority, so we need to increase the priority of the former:
routes:
- uri: /v1/*
upstream_id: 1
plugins:
proxy-rewrite: #1
regex_uri: [ "/v1(.*)", "$1" ]
proxy-mirror: #2
host: "http://api.v2:8080"
_meta:
priority: 1000 #3
proxy-rewrite
default priority is 1008
proxy-mirror
default priority is 1010
1000
so that it now applies after the rewrite takes place
Another way to version is to use query parameters, e.g., ?version=v1
. While I've never seen it in the wild, it deserves a mention nonetheless. We can leverage the following Apache APISIX configuration:
routes:
- uri: /* #1
upstream_id: 1
vars: [[ "arg_version", "==", "v1" ]] #2
priority: 2 #1
- uri: /* #1
upstream_id: 2
vars: [[ "arg_version", "==", "v2" ]] #2
priority: 3 #1
- uri: /* #1-3
upstream_id: 1
priority: 1
priority
: Apache APISIX evaluates the highest priority firstversion
version
is provided. Here, I route to version 1, but you can also return an HTTP status 4xx
to require a version.
The last alternative for versioning is to use HTTP headers. Here's a custom header:
GET / HTTP1.1
Version: 1
From an HTTP point of view, asking for a version via a header is the definition of content negotiation between the client and the server:
Content negotiation refers to mechanisms defined as a part of HTTP that make it possible to serve different versions of a document (or more generally, representations of a resource) at the same URI, so that user agents can specify which version fits their capabilities the best.
The agreed-upon content type format follows the pattern application/vnd.aaa.bbb.vX+format
, where:
aaa.bbb
is a reversed domain name, e.g., ch.frankel
X
is the version number, e.g., 1
format
is the accepted format, e.g., json
Hence, here's a possible request:
GET / HTTP1.1
Accept: application/vnd.ch.frankel.myservice.v1+json
Theoretically, the client can leverage the quality of Accept
headers to communicate that it can handle different versions. The following request tells that the client prefers version 2 but can handle version 1 if the need be:
GET / HTTP1.1
Accept: application/vnd.ch.frankel.myservice.v2+json;q=0.8, application/vnd.ch.frankel.myservice.v1+json;q=0.2
In practice, quality requires a high level of maturity, both on the server-side - handling qualities and on the client-side - handling two versions simultaneously.
Here's the APISIX configuration for quality-less content negotiation. It's very similar to the one above, the only difference being the Nginx variable in play, http_X
instead of arg_Y
.
routes:
- uri: /*
upstream_id: 1
vars: [[ "http_accept", "==", "vnd.ch.frankel.myservice.v1+json" ]]
priority: 2
- uri: /*
upstream_id: 2
vars: [[ "http_accept", "==", "vnd.ch.frankel.myservice.v2+json" ]]
priority: 3
- uri: /*
upstream_id: 1
priority: 1
In this short post, we detailed the three options for versioning HTTP APIs: path-based, query-based, and header-based. They don't differ much, each having its little tricky parts. Whatever path you choose, though, make sure it's consistent across all the organization.
The complete source code for this post can be found on GitHub.
To go further:
Originally published at A Java Geek on November 5th, 2023