No third-party SDKs are used by IO to call networked APIs.
Informally, we’ve avoided using third-party SDKs in IO. This means that IO code directly calls all networked APIs that it uses. Here we formalize and discuss this decision.
IO’s network API dependencies include:
- The Envoy API
- The Nomad API
- The Vault API
- The Open Telemetry Protocol
- Google Service Infrastructure
- The AT Protocol
Future API dependencies might include:
- The Grafana API
- The Digital Ocean API
For many or all of these APIs, third-party SDKs are available, and at times we might use them to initially evaluate an API. But in all cases, third-party SDKs should eventually be replaced with code that calls these APIs directly.
Pros#
- This avoids integration conflicts due to diamond dependencies.
- This avoids bloat.
- This reduces vulnerabilities.
Cons#
- SDKs are thought to be easy to pick up.
- SDKs might have significant support.
- SDKs might make it possible to use an API with a more superficial understanding of how the API works.