Microsoft has released version 0.22 of DevProxy, an API simulation command-line tool. The new version improves logging and detects minimal permissions without the need for Azure API centre.
DevProxy (formerly known as Microsoft 365 Developer Proxy) helps developers to add resilience to their API-related code by simulating a vast number of API and network behaviours. By default, the tool acts as a proxy that fails half the time. It can also simulate throttling, rate-limiting or slow API responses. It can be used to mock responses to specific APIs. Combined with dev tunnels CLI, a ngrok-like tool, it can also inspect cloud services communication to understand what messages are being passed in cloud calls.
The new logging improvements now show the plugin name in the log output, allowing for easier identification of the intercepted requests and responses. In addition, a new message type called skip identifies the plugins that haven’t affected the current request.
In the DevProxy version 0.19, from June this year, the developers added a plugin called ApiCenterMinimalPermissionsPlugin. This plugin checks the permissions in the token header for the API call against an API definition in Azure API centre, where API authors can specify the minimal permissions for each endpoint and method. Version 0.22 of the tool introduces a new plugin called MinimalPermissionsPlugin, which does the same permissions check but reads the minimal permissions specification from local folder file contents.
In version 0.21, the tool introduced a new command, jwt create, to quickly generate a JWT token with specific claims that should be used to test the API. The current version improves that command by allowing developers to specify a custom signing key for the JWT token. By using their own key pair, they can easily validate the token in their API code and thus better verify the security aspects of the API.
When asked about what was the biggest challenge of the project so far, Waldek Mastykarz, principal developer advocate at Microsoft, says:
One of the biggest challenges is the maturity, or should I say the lack of it, of the ecosystem. Testing API integration has been notoriously difficult and time consuming. Typically, it required building complex mocks or introducing alternative code paths. As a result, many developers focus on the happy path and only test if their app works, but don't consider scenarios beyond the happy path such as throttling, rate limiting or other service errors. DevProxy significantly simplifies testing all these cases, but it all starts with being aware of them and realising that you can get ahead of them and make your app more robust.
DevProxy is an open-source project on GitHub. The complete release notes for this version are available on the site. There are 19 contributors and 49 open issues at the moment. The project has been starred 532 times.