API Product Manager#

API as a Product#

Product Concept -> Product Development

Product release must be monitored

API’s will eventually need to be retired

API are visible actionable part of problem solving

Components of an API#

  • Usability Aides
  • Engagement
  • Interface
  • Analytics
  • Learning Aides
  • Visibility

API Management - Manipulate and engage the product control for the resource being accessed

API Manager for manager to view and monitor usage

Data and services can let external actors use the API to expand their business

API needs to be managed along the full cycle

API publishers can break consumers with slight alternations

With a significant amount of API Users, it does not matter what you promise in the contract: all observable behaviours of the system will be depended on by somebody - Hyrum Wright

proto-api’s: ETL, file transfer and application integration (batch mode)

Key capabiltiies of API Management platform:

  • Accelerate mobile and IoT development
  • Unlock the value of customer data
  • The abiity to intergrate and create API’s
  • Ability to secure the Open Enterprise

Private APIs may be distributed publicly but the interface itself is not public

API as a Product: Deployment and Publishing#

capabilities in the enterprise:

  • secure data
  • application portfolio
  • ID/authentication
  • Reporting and analytics

capibilities outside the enterprise:

  • Internet of things
  • Mobile
  • Saas/Cloud solutions
  • Partner Ecosystems
  • External Developers

Integrate and create API’s:

  • Easily integrate SOA, ESB and legacy applications
  • Aggregate data including NoSQL
  • scalable cloud solutions
  • live business logic

Accelerate IOT development:

  • Simplify and control developer access to data
  • Build a wider partner or dev ecosystem
  • Leverage tools that reduce mobile app delivery time

IT governance considerations:

  • Development: Dev Ops
  • Application architecture: Microservices
  • Deployment and Packaging: Containers
  • Applicaiton infrastructure: Cloud

API Gateway:

  • Live runtime capability
  • API traffic mangement and enforcement

Hybrid API management:

  • Seperate of design time and runtime

Benefits of Hybrid API management:

  • fast time to market
  • integrate to your IT assets
  • Optimised for performance
  • Best-in-class security
  • Microservices enabler
  • Low TCO (Total cost of Ownership)

API management as a service:

  • API registration
  • API discovery
  • API Docs
  • API Access control
  • Analytics
  • Developer Management
  • Monetisation

If an organisation is accessing internal corporate info from inside the network - it is best to stay inside the network for API management

API Documentation and Learning Aids#

Documentation makes it easier for people to use and understand

Instructions on how to use and integrate with an API

Documentation for developers, machines or API designers

For Humans#

  • Visual style
  • Include: Structure, navigation and visibility

Parts:

  • Title
  • Version
  • Host/path details
  • Resource description
  • Onboarding registration process
  • Subscription/consumption instructions
  • Security Info
  • Usage dashboard

For Machines#

Formats that have dissapeared from usage:

  • WADL
  • RAML
  • API (Blueprint)

OpenAPI has emerged as the defacto standard for API specification documents (Swagger)

OpenAPI specification

OpenAPI schema is based on the json schema standard

For API Designers#

  • Create a style guide

Contents of style guide:

  • URL naming
  • Methods supported
  • Error messages
  • Status codes
  • Respresentations - currency, time
  • Special features - pagination, filtering
  • Use of Links

Content model#

template model for uniform API documentation

  • Discovery
  • Concepts - what do novice users want - the minimum required to make a successful call. proficient users want the basic rules and recommended way to consume the API
  • Usage / tutorials - common needs and goals, steps, actual user scenarios
  • Cautionary
  • Troubleshooting
  • Reference
  • Example

advanced concepts:

  • Edge cases
  • Special controls for power users

Special rules:

  • pricing
  • terms of usage
  • data privacy
  • frequency of change

Make it difficultt for developers to make mistakes

Snippets:

  • demonstate a small part of the api
  • use familiar programming languages
  • show the request and response
  • are located in close proximity to the information being demonstrated

level 0: Implementation level 1: Reference level 2: Examples level 3: Conceptual level 4: Interactive - try it out level 5: Predictive and Adaptive

API as a product: DevOps Scalabiltiy and Evolvability#

Devops - development and operations

Single team can maintain application and operate

Enhance the speed and quality of software through continuous workflow

continuous deployment pipeline

  • Continuous development
  • Continuous integration
  • continuous testing
  • continuous monitoring

decrease development cycles and increase automation

Leverage the cloud

Scale and evolve:

  • Leverage existing assets in the API
  • Provide continuous testing, monitoring, intergation, delivery and deployment
  • Automate change management
  • Use microservices to quicken development

Focus on horizon open communication with developers working with external developers

API Monitoring finds these issue:

  • Checking unreachable and unresponsive API’s
  • Authentication and authorization errors
  • Increased Latency
  • Non-200 response codes
  • Improperly Formatted Data

API as a product: Devops Lifecycle#

Increase reliabiltiy, reduce support costs

Planning and Design - Codify why choices were made in OpenAPI Monitoring - availability, security, benchmarking and SLA Testing - better to do during planning Builings

Simple Up time check

Logs are the lifeblood of security practitioners

Sensitive transactions:

  • API Traffic
  • Server side validation
  • User dwell time on application
  • Application throttling

Sources#