Kin Lane, API Evangelist






API Evangelist Location API


API Lifecycle Workshop Presentation - Development

API Lifecycle - Development

  • → Definition
  • → Discovery
  • → Virtualization
  • → Database
  • → Storage
  • → DNS
  • → Deployment
  • → Orchestration
  • → Dependencies
  • → Testing
  • → Performance
  • → Security
  • → Communication
  • → Support

Definition

Using definitions to guide the development process, making sure the API contract is used to drive th development of code, and moving it from development to QA, and into production.

Definition → Repository

Use repository to version, build, and deploy each service.


Services:

  • GitHub - GitHub Inc. is a web-based hosting service for version control using Git, used for distributed version control and source code management functionality of Git.
  • GitLab - GitLab is a web-based Git-repository manager with wiki, issue-tracking and CI/CD pipeline features.
  • Bitbucket - Bitbucket is a web-based version control repository hosting service for source code and development projects that use either Mercurial or Git revision control systems.

Links:

Definition → README

Update the README for the repository to reflect what is happening as part of development.


Services:

  • GitHub - GitHub Inc. is a web-based hosting service for version control using Git, used for distributed version control and source code management functionality of Git.
  • GitLab - GitLab is a web-based Git-repository manager with wiki, issue-tracking and CI/CD pipeline features.
  • Bitbucket - Bitbucket is a web-based version control repository hosting service for source code and development projects that use either Mercurial or Git revision control systems.

Links:

Definition → Schema

JSON schema for the data behind service, providing a standalone JSON schema for use in other systems, applications, and services. Doing the heavy lifting of describing the objects, fields, types, and other technical details of the data behind each service.


Tools:

  • JSON Schema - JSON Schema is a vocabulary that allows you to annotate and validate JSON documents.
  • JSON Schema Tools - A tool for managing JSON schema documents, and working with them to make sure they are complete.

Definition → OpenAPI

An OpenAPI definition for the surface area of the API, providing a machine readable contract for what each service delivers, that can be used across the API lifecycle, guiding every aspect of delivering each service.


Tools:

  • OpenAPI - The OpenAPI specification for describing the surface area of the API.

Definition → Team

Extend the team list for a service to include the development, QA, and other stakeholders involved in this area of the lifecycle.


Discovery

Making sure there are machine readable definitions available at development time, providing an OpenAPI as a contract for what each service should do.

Discovery → API.json

The API discovery document for each service.

Discovery → OpenAPI

The complete OpenAPI for each service.

Discovery → Postman Collection

The Postman Collection for each service.


Virtualization

Continuing to maintain virtualized instances of APIs as part of the API development process.


Links:

Virtualization → Paths

Offering mock API paths for use by developers to understand what an API does / should do.


Services:

  • Mockable - Mockable is a simple configurable service to mock out RESTful API or SOAP web-services. Reply with static or dynamic JSON or XML Payload.
  • MockLab - Rapidly simulate APIs for faster parallel development and more comprehensive testing

Tools:

  • Prism - Supercharge any OAS file with mocking, transformations, validations, and more.
  • API Sprout - A simple, quick, cross-platform API mock server that returns examples specified in an API description document.

Virtualization → Data

Considering offering synthetic data for use by integrators, helping ensure virtualized APIs provide as production like experience in a virtualized way.


Tools:

  • Synthea - Synthea is an open-source, synthetic patient generator that models the medical history of synthetic patients.

Database

Defining the database layer behind each service, providing an isolated database for the access and storage of all data used as part of each service.

Database → Platform

The database platform used to drive each service, providing a dedicated database to just drive each service.

Database → Schema

Making sure there is a database version of the schema, providing a raw dump and backup of the database behind each service.


Links:

Database → Region

Where the database for each service is located, helping articulate if there is replication, or regional specific implementations or considerations for each service.

Database → Access

How the database is connected with by the service, defining what connectivity is required, and what dependencies are involved with access.

Database → Logs

Understanding how logging occurs for the database, what is turned on, and where logs are stored, and or shipped to as part of regular operations.

Database → Backup

Ensuring that the database has a backup strategy, and the details of what is backed up and how long it is being backed up.

Database → Encryption

Ensuring the encryption is part of the database operations, making sure data is being stored as part of the database behind each service.


Storage

Defining the storage layer that is used as part of a services operation, providing a single strategy for managing the storage of objects used by each service.

Storage → Platform

The platform that is used for storage behind each service.

Storage → Region

Where the storage is located that is used for each service.

Storage → Access

Details on how storage is accessed as part of each service.

Storage → Logs

Information about the logging for storage behind service.

Storage → Backup

Ensuring there is a backup strategy for storage behind service.

Storage → Encryption

Ensuring encryption is considered for storage.


DNS

Managing the DNS for a service, ensuring it is part of a wider DNS strategy, and allows for isolation of each service within a specific domain namespace.

DNS → Platform

Which platform is used to provide DNS for service.


Tools:

  • CloudFlare - A next generation cloud DNS service provider.
  • Amazon Route 53 - A next generation cloud DNS service provider.

DNS → Mock

The host used for the mock API.

DNS → Development

The host used for the development API, providing access to the version of API currently being developed.

DNS → Production

The host used for the production API, which is the address that should actually be used in applications.

DNS → Portal

The host used for the developer portal, providing a single location that everyone can find what is happening around a service.

DNS → Encryption

Ensuring encryption is used as part of API transport, and SSL is default for all services.


Deployment

Managing the actual deployment of an API into product, providing a common way in which APIs are deployed. Defining one, or many ways in which APIs can be put into production as part of any service.


Services:

  • Axway - API management platform offering a suite of services.

Links:

Deployment → Compute

The compute that is delivering each service.


Tools:

  • Amazon EC2 - The virtual compute instance service from Amazon.

Deployment → Framework

Which programming framework is used to deploy each service.


Tools:

  • Slim - A PHP framework for delivering RESTful API frameworks.
  • express-openapi - An unopinionated OpenAPI framework for express

Deployment → Function

Which function is used to deploy each service.


Services:

  • AWS Lambda - AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running.

Tools:

  • Node.js - The server side JavaScript Framework.
  • AWS Node.js SDK - The Node.js SDK for working with all AWS services.

Deployment → Containers

Which container is used to deploy each service.


Services:

  • Docker - Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications, whether on laptops, data center VMs, or the cloud.

Deployment → Gateway

Which gateway is used to deploy each service.


Services:

  • AWS API Gateway - Amazon's API gateway solution for deploying and managing APIs.

Deployment → Pipeline

Information regarding the pipeline in use for service.


Services:

  • Jenkins - Jenkins is a self-contained Java-based program, ready to run out-of-the-box, with packages for Windows, Mac OS X and other Unix-like operating systems.

Deployment → Region

Information regarding which region each service is deployed.


Orchestration

The orchestration of the build and deliver of a service, defining how the technical building blocks are orchestrated to deliver the resulting service.

Orchestration → Build

Information regarding the build of each service and how it is deployed.

Orchestration → Hooks

Information regarding pre or post commit hooks for each service.

Orchestration → Jobs

Information regarding the jobs used as part of each service.

Orchestration → Events

Information about events used for managing jobs for each service.

Orchestration → Schedule

Information about the schedule sin use to manage each service.


Dependencies

Defining the dependencies associated with each service, helping quantifying what each service needs to do what it does successfully.


Links:

Dependencies → Service

Information about services each service depends on.

Dependencies → Software

Information about software each service depends on.

Dependencies → Data

Information about data each service depends on.

Dependencies → People

Information about people each service depends on.

Dependencies → Organization

Information about organization each service depends on.

Dependencies → Applications

Information about applications that depend on services.


Testing

Going beyond just testing, and making sure that a service is being tested at a granular level, using schema for validation, and making sure each service is doing exactly what it should, and nothing more.


Services:

  • API Fortress - A complete API testing solution for companies that care about their APIs. Test during development, deployments, and live monitoring.
  • APIMetrics - Enterprise and Banking ready, API testing, performance monitoring, SLA management, compliance monitoring and analysis.

Links:

Testing → Scenarios

The scenarios for testing each service.

Testing → Saved Requests

Save specific requests from a service to be used in testing.

Testing → Results

The results of assertions tested against each service.


Performance

Establishing what the benchmarks are for a service, and what can be expected when it comes to performance.


Services:

  • API Fortress - A complete API testing solution for companies that care about their APIs. Test during development, deployments, and live monitoring.
  • APIMetrics - Enterprise and Banking ready, API testing, performance monitoring, SLA management, compliance monitoring and analysis.

Links:

Performance → Tests

The performance tests for each service.

Performance → Results

The results of performance test for each service.


Security

Going beyond authentication, encryption and other aspects of security, and working to scan the surface area of APIs to ensure that there are no vulnerabilities, and that APIs are not doing anything they should not be doing. Keeping services secure, and operating reliably.


Services:

  • 42Crunch - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Tools:

  • OWASP Zap - OWASP ZAP is an open-source web application security scanner.

Links:

Security → Overview

The overview of security practices for each service.

Security → Policies

The policies in use for each service.

Security → Tests

The security tests in use for each service.

Security → Results

The results of security for each service.


Communication

Having a comprehensive communication strategy for a service, ensuring that each service is properly communicating with other teams, stakeholders, and API consumers. Providing a regular stream of information regarding what is happening with the service.


Links:

Communication → Blog

The blog for each service.

Communication → Twitter

The Twitter account for each service.

Communication → Github

The Github account for each service.

Communication → Internal

Internal communication channel for each service.

Communication → External

External communication channels for each service.

Communication → Workshops

Conducting workshops to actively develop wider development practices.


Support

Ensuring that each individual API has the necessary support, making sure that the support channels for a service are easy to find, have a responsive and knowledgeable person available to answer questions, and is being measured and audited for quality.


Links:

Support → Email

The email account for supporting each service.

Support → GitHub Issues

Where to submit an issue to get support for each service.

Support → Twitter

Where to get support publicly using a supported Twitter account

Support → Ticket

Where to submit a ticket to get support for each service.



The End


By Kin Lane


@kinlane





Return To Main Page