Kin Lane, API Evangelist






API Evangelist Location API


API Lifecycle Workshop Presentation - Production

API Lifecycle - Production

  • → Definition
  • → Discovery
  • → Virtualization
  • → Authentication
  • → Management
  • → Logging
  • → Budgets
  • → Plans
  • → Portal / Landing Page
  • → Getting Started
  • → Documentation
  • → Code
  • → Licensing
  • → Support
  • → FAQs
  • → Communication
  • → Road Map
  • → Issues
  • → Change Log
  • → Legal
  • → Monitoring
  • → Testing
  • → Performance
  • → Security
  • → Analysis
  • → Stages
  • → Maintenance

Definition

All of the definitions that go into defining each service, from the original schema, the OpenAPI definitions, the Postman Collections, and the assertions that contribute to the testing of the service to ensure it is doing what is expected of it.

Definition → Organization

The over-arching source control organization for each service, providing an umbrella for different development groups and projects.


Services:

  • GitHub - GitHub Inc. is a web-based hosting service for version control using Git, used for distributed version control and source code management functionality of Git.
  • GitLab - GitLab is a web-based Git-repository manager with wiki, issue-tracking and CI/CD pipeline features.
  • Bitbucket - Bitbucket is a web-based version control repository hosting service for source code and development projects that use either Mercurial or Git revision control systems.

Links:

Definition → Repository

The source control repository for each service, providing a self-contained, shareable, forkable way to engage with a service. Allowing for EVERYTHING involved with a service to be accessed in a single location.


Services:

  • GitHub - GitHub Inc. is a web-based hosting service for version control using Git, used for distributed version control and source code management functionality of Git.
  • GitLab - GitLab is a web-based Git-repository manager with wiki, issue-tracking and CI/CD pipeline features.
  • Bitbucket - Bitbucket is a web-based version control repository hosting service for source code and development projects that use either Mercurial or Git revision control systems.

Links:

Definition → README

The README for each services repository, providing an overview of the service, complete with all the relevant links to all the moving parts. Any user should be able to land on the README, and easily get up to speed on what a service delivers.


Services:

  • GitHub - GitHub Inc. is a web-based hosting service for version control using Git, used for distributed version control and source code management functionality of Git.
  • GitLab - GitLab is a web-based Git-repository manager with wiki, issue-tracking and CI/CD pipeline features.
  • Bitbucket - Bitbucket is a web-based version control repository hosting service for source code and development projects that use either Mercurial or Git revision control systems.

Links:

Definition → OpenAPI

An OpenAPI definition for the surface area of the API, providing a machine readable contract for what each service delivers, that can be used across the API lifecycle, guiding every aspect of delivering each service.


Tools:

  • OpenAPI - The OpenAPI specification for describing the surface area of the API.

Definition → Tags

Using the common tags and taxonomy for operating infrastructure and other resources, allowing for easy discovery, measurement and reporting of what it takes to operate each service.

Definition → Team

A list of team members for the service, providing a nice list of who is responsible for making a service operate, defining who ultimately owns and sustains each service.


Discovery

Making sure that all APIs are discoverable by default, and able to be easily registered in API catalogs, and able to be included in search indexes, and API discovery services. Baking API discovery into the regular operations of each service being deployed.

Discovery → API.json

The API discovery document for each service.

Discovery → OpenAPI

The complete OpenAPI for each service.

Discovery → Postman Collection

The Postman Collection for each service.

Discovery → Catalog

Leverage the service catalog as part of operations, ensuring that the definitions for each service are used to govern operations.


Virtualization

Providing mocked, sandbox, and virtualized instances of APIs and other data for understanding what an API does.


Links:

Virtualization → Paths

Considering offering mock API paths for use by integrators, providing production-like instances of the API to use, and play with to provide feedback on API services.


Services:

  • Mockable - Mockable is a simple configurable service to mock out RESTful API or SOAP web-services. Reply with static or dynamic JSON or XML Payload.
  • MockLab - Rapidly simulate APIs for faster parallel development and more comprehensive testing

Tools:

  • Prism - Supercharge any OAS file with mocking, transformations, validations, and more.
  • API Sprout - A simple, quick, cross-platform API mock server that returns examples specified in an API description document.

Virtualization → Data

Considering offering synthetic data for use by integrators, helping ensure virtualized APIs provide as production like experience in a virtualized way.


Tools:

  • Synthea - Synthea is an open-source, synthetic patient generator that models the medical history of synthetic patients.

Authentication

Providing a standardized approach to authenticating with the service, allowing consumers to successfully, and securely access a service.


Links:

Authentication → Type

Information about the types of authentication that are available for each service, following the common authentication strategy.

Authentication → Overview

An overview for the authentication of each service, helping users understand how they will access a service.

Authentication → Sign up / Login

An overview for the authentication of each service.


Management

Having a consistent management layer for use across all APIs, applying a strategy for authentication, service composition, logging, analysis, and measuring value being generated at the gateway and management layers.


Links:

Management → Platform

Details on which API management platform is used for each service.


Services:

  • Axway - API management platform offering a suite of services.
  • AWS API Gateway - Amazon's API gateway solution for deploying and managing APIs.

Tools:

  • Kong - An open source API management solution, with enterprise options.

Management → Administration

Where you find the administrative access for API management.

Management → Sign up

Where you can sign up for access to each service.

Management → Login

Where you can login for access to each service.

Management → Account

Where you can access account information when using service.

Management → Applications

Details about the developer's applications approved to use each service.


Logging

Having a consistent strategy for logging across the entire API stack, ensuring that logging is a first class citizen, and all activity across APIs is being stored, shipped, and made accessible across analysis systems and tooling.


Links:

Logging → Database

Information about database logs.

Logging → API

Information about API logs.

Logging → DNS

Information about DNS logs.

Logging → Shipping

Information about shipping logs centrally to service's storage.


Budgets

Understanding what the costs associated with API development and operation are, tracking all the costs along the way so it can be used to help understand the value being generated, and drive the overall plan for operating a service.


Links:

Budgets → Acquisition

Understanding what it costs to acquire the resources behind each service.

Budgets → Development

Understanding what it cost to develop each service.

Budgets → Operation

Understanding what it costs to operate each service.

Budgets → Value

Articulating what value is provided by each service.


Plans

Having one or many plans for accessing each service, ensuring that all consumption occurs through the filter of a plan, and fit into a wider platform management strategy.


Links:

Plans → Tiers

The tiers of access for each service.


Portal / Landing Page

Providing one, or many public or private portals, providing a single known location for API providers and API consumers to find what they are looking for when it comes to API integration with services being made available.


Services:

  • APIMATIC - Instantly build an API Portal with SDKs, Live Code Samples, Test Cases, API.

Tools:


Links:

Portal / Landing Page → Hosting

Information about the hosting service used for this portal.


Tools:

  • Github Pages - Hosted as a static Jekyll site as part of the GitHub repository for the service.

Portal / Landing Page → Template

Information regarding the UI template used for this portal.


Tools:

  • HTML5 Up - A HTML, CSS, and JavaScript Jekyll template.

Portal / Landing Page → Analytics

Information about the analytics in use for tracking on this portal.


Tools:


Getting Started

Providing basic getting started information for developers to use when on-boarding.


Links:

Getting Started → Sign up

Where you can sign up for each service.

Getting Started → Authentication

Where you can get details about authenticating with each service.

Getting Started → Documentation

Where you can find documentation for each service.

Getting Started → SDKs

Where you can find SDKs in multiple programming languages for each service.

Getting Started → FAQ

Where you can get your common questions answered around each service.

Getting Started → Support

Where you can get support for using each service.


Documentation

Ensuring that there is always comprehensive, up to date, and if possible interactive API documentation available for all APIs, providing developers with everything they need to understand what an API does, and successfully integrate APIs into their applications.


Services:

  • Stoplight.io - StopLight, providing engineering teams with the best way to document, test, and build web APIs.

Links:

Documentation → Paths

Documenting the API paths that are available for each service.

Documentation → Schema

The descriptive header and footer paragraphs for the documentation schema.

Documentation → Examples

Examples of using the API paths for each service.

Documentation → Definitions

The machine readable API definitions for use as part of each service.

Documentation → Errors

Details about the errors encountered using each service.


Code

Providing code samples, libraries, SDKs, and other solutions in a variety of languages, and for a variety of platforms, helping do much of the heavy lifting that is required when it comes to putting an API to use in applications, and system to system integration.


Services:

  • APIMATIC - Instantly build an API Portal with SDKs, Live Code Samples, Test Cases, API.
  • REST United - Just 5 simple steps to generate SDKs (REST API libraries) in 9 programming languages

Tools:

  • Swagger Codegen - Swagger Codegen can simplify your build process by generating server stubs and client SDKs for any API.

Code → PHP

This is the PHP SDK for integrating with each service.

Code → Python

This is the Python SDK for integrating with each service.

Code → Ruby

This is the Ruby SDK for integrating with each service.

Code → Go

This is the Go SDK for integrating with each service.

Code → Java

This is the Java SDK for integrating with each service.

Code → C#

This is the C# SDK for integrating with each service.

Code → Node.js

This is the Node.js SDK for integrating with each service.

Code → JavaScript

This is the JavaScript SDK for integrating with each service.


Licensing

Ensuring that all of the licensing for the entire API stack has been considered, providing references for the licenses of each layer of API operations, and even dependencies whenever possible.


Links:

Licensing → Server

The licensing for the server code behind each service.

Licensing → Data

Licensing for the data used as part of each service.

Licensing → API

Licensing for the API interface for each service.

Licensing → SDKs

Licensing for the SDKs provided for each service.


Support

Ensuring that each individual API has the necessary support, making sure that the support channels for a service are easy to find, have a responsive and knowledgeable person available to answer questions, and is being measured and audited for quality.


Links:

Support → Email

The email account for supporting each service.

Support → GitHub Issues

Where to submit an issue to get support for each service.

Support → Twitter

Where to get support publicly using a supported Twitter account

Support → Ticket

Where to submit a ticket to get support for each service.


FAQs

Providing a self-service listing of the most common questions that get asked of a service, so that API consumers will to have to ask the question, and put support channels to work, resulting in additional resources being required to support the platform.

FAQs → Categories

The categories of FAQ questions.

FAQs → Questions

The questions asked about each service.

FAQs → Ask Question

Asking a question about each service.


Communication

Having a comprehensive communication strategy for a service, ensuring that each service is properly communicating with other teams, stakeholders, and API consumers. Providing a regular stream of information regarding what is happening with the service.


Links:

Communication → Blog

The blog for each service.

Communication → Twitter

The Twitter account for each service.

Communication → Github

The Github account for each service.

Communication → Internal

Internal communication channel for each service.

Communication → External

External communication channels for each service.

Communication → Workshops

Conducting workshops to actively develop wider production practices.


Road Map

Providing API consumers with as much information as possible about what changes are being planned for a service. Helping include consumers in the conversation about what is being planned whenever possible.


Links:

Road Map → Private

Where you can access the private road map for each service.

Road Map → Public

Where you can access the public road map for each service.

Road Map → Suggest

Consumers are welcome to suggest an addition to the road map.


Issues

Being transparent around the issues that are currently outstanding regarding a platform. Potentially saving resources having to respond to further emails, tickets, and issues being reported.


Links:

Issues → Entries

Listing of all the outstanding issues for each service.

Issues → Report

Reporting an issue for each service.


Change Log

Provide consumers with a detail history of what has changed in the past with a service. Rolling over road map items, and issues when they have been accomplished or satisfied into a detailed change log.


Links:

Change Log → Entries

Providing a list of what has changed with this platform along with each road map item being accomplished, and issue being resolved.


Legal

Covering the legal bases when it comes to operating a service, ensuring there are terms of service, privacy policies, and the other legal aspects of delivering a service online, with partners, and even internally with an organization.

Legal → Terms of Service

The terms of service (TOS) for each service.

Legal → Privacy Policy

The privacy policy for each service.


Monitoring

Making sure all aspects of a service is being monitored, understanding the overall availability of a service, and whether or not a service is being delivered as expected, and meeting the SLA as promised.


Services:

  • API Fortress - A complete API testing solution for companies that care about their APIs. Test during development, deployments, and live monitoring.
  • APIMetrics - Enterprise and Banking ready, API testing, performance monitoring, SLA management, compliance monitoring and analysis.

Links:

Monitoring → Monitors

The monitors for each service.

Monitoring → Status

The status of each service.


Testing

Going beyond just testing, and making sure that a service is being tested at a granular level, using schema for validation, and making sure each service is doing exactly what it should, and nothing more.


Services:

  • API Fortress - A complete API testing solution for companies that care about their APIs. Test during development, deployments, and live monitoring.
  • APIMetrics - Enterprise and Banking ready, API testing, performance monitoring, SLA management, compliance monitoring and analysis.

Links:

Testing → Assertions

The assertions for each service.

Testing → Results

The results of assertions tested against each service.


Performance

Testing each service for performance, benchmarking the speed in which resources are being delivered from multiple regions, working to understand and establish what the baseline speed for each API is, and understanding if the service is meeting, or falling beneath expectations.


Services:

  • API Fortress - A complete API testing solution for companies that care about their APIs. Test during development, deployments, and live monitoring.
  • APIMetrics - Enterprise and Banking ready, API testing, performance monitoring, SLA management, compliance monitoring and analysis.

Links:

Performance → Tests

The performance tests for each service.

Performance → Results

The results of performance test for each service.


Security

Going beyond authentication, encryption and other aspects of security, and working to scan the surface area of APIs to ensure that there are no vulnerabilities, and that APIs are not doing anything they should not be doing. Keeping services secure, and operating reliably.


Services:

  • 42Crunch - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Tools:

  • OWASP Zap - OWASP ZAP is an open-source web application security scanner.

Links:

Security → Overview

The overview of security practices for each service.

Security → Policies

The policies in use for each service.

Security → Tests

The security tests in use for each service.

Security → Results

The results of security for each service.


Analysis

Measuring, quantifying, and analyzing the usage of all APIs to make sure the platform is aware of how all APIs are being put to to use, and that teams are able to respond to any type of activity on the platform in near real time.


Services:

  • Axway - API management platform offering a suite of services.

Analysis → Web Traffic

The traffic information for each service.

Analysis → API Usage

The usage information for each service.

Analysis → Application Usage

The application usage across service.

Analysis → SLA

The service level agreement for each service.

Analysis → Reporting

Making sure that everything is being actively reported upon.


Stages

Understanding what the stages are for each service, defining the overall maturity of each service, and understanding the road from inception to production.

Stages → Discovery

When things are still being discovered, and figured out for design.

Stages → Design

When things are still being designed and contract hammered out.

Stages → Development

When a production instance of service is being developed.

Stages → Production

When a production instance of service is being operated.

Stages → Outreach

Managing the outreach internally, externally, and publicly for services.

Stages → Governance

Applying overall governance to each service, and contributing to bigger picture.


Maintenance

Defining what maintenance looks like for each service, defining what is needed to keep a service running, and meeting the recurring needs of each API being made available.

Maintenance → Weekly

Provide a list that should be considered weekly.

Maintenance → Monthly

Provide a list that should be considered monthly.

Maintenance → Releases

Provide a list that should be considered for each release.

Maintenance → Governance

Provide an outline of how this outline is measured, reported, and evolved.



The End


By Kin Lane


@kinlane





Return To Main Page