API Lifecycle Best Practices
This is part II of the V part series describing an agile API lifecycle - best practices from strategy to deployment. Our series is centered around enabling companies to create additional value with an agile ecosystem.
Often many business executives misconstrue API management and approach the process by organizing it like a dashboard instead of seeing it as an entire product lifecycle with many opportunities. By understanding how to manage interfaces, you can quickly pivot to new verticals and adapt to changing customer expectations.
When organizations decide to adopt an agile and robust API management system, the results can be transformative. A robust API lifecycle allows companies to remold their process into an ecosystem of partners, customers, and users that can efficiently integrate data into services and deliver applications.
Think of an API as a product. As with any product, it has a cycle and a spectrum of issues around development, management, and security that need to be monitored, addressed and re-tooled. In an effort to provide the most comprehensive solution for doing this, we put together a guide of best practices and tools that should be used when working with APIs.
API Lifecycle - From Strategy to Management
Any well structured and effective process has to start with strategy. It’s in this moment that you map out your target market, resources, time frames and the goals you are trying to attain. Successful APIs need clear objectives that relate directly to business purpose and track closely to key performance indicators (KPIs) for the business at large. When crafting your API approach it’s important to incorporate your business strategy, implementation strategy, technology strategy, operational strategy, and promotional strategy as they are all intertwined into one main purpose - your core mission.
Consider the following questions:
- What is your business objective in creating an API?
- What opportunity are you trying to take advantage of?
- What is the vision for your API?
- Is the API vision aligning with your company's mission statement?
- How can developers be motivated to use the API?
- What kind of application could be built against the interface?
- How will the consumer discover the application?
- What assets could be made available through the API?
These are all fundamental questions we recommend answering before starting to mold any API strategy. It’s also a good idea to take a step back and ask yourself “What makes sense for my business?” as sometimes those moments bring about the exact clarity you need.
Most importantly, look forward into other stages of the lifecycle when forming a strategy and commit to supporting each phase from the beginning as there can be many surprises along the way of API development. Additionally, make sure a validation process is a part of your interface strategy. We recommend that validation be set up either during or after development to ensure the API satisfies the end user’s specifications or the product and environment. This is a critical step to help you put effort where it matters the most.
What use cases should this API support? This question should be considered from the user’s perspective and answered in-depth in the design phase. It’s essential to understand your end-users and stakeholders that will be interacting with the product. Talk to your users about what they are trying to accomplish, the environment in which they will be using the product, what they like about analogous products, and features or services they would like to see improved.
Combine user feedback with any user interaction data you have on previous product iterations or research you can obtain. This will help combine what your users say with data on what users actually do when creating use cases and user journeys. The purpose of this process is to mock-up interface requests and responses to match what you heard from consumers while also knowing what to prioritize as you move on to the next step.
The next step in the design phase is to blueprint the contract of your API and share it with your future consumers. The aim of designing an interface contract is to describe the messages that can be exchanged when integrating the APIs. Always remember, you are essentially designing a code for developers and for that reason, your code should be simple and straightforward.
Here are some best principles for design:
- Clarity- API integration should be as straightforward as possible
- Consistency - Make sure that the design, architecture, and usage are consistent across the planned solution
- Complimentary to existing architecture - Reuse existing assets and business logic, don’t recreate the wheel
- Discoverability - Consumers of the API need to be able to easily find which capabilities the interface provides
- Adherence to industry standards (such as HTTP, REST, OAuth, JWT)
- Use API design tools like Swaggerhub
- Contract-first approach (WSDL)- Design the APIs contract first before writing any code
- Gather feedback early
- Reduce risks
- Reduce time to market
Is the code doing what it’s supposed to do? This is the driving question in the mock phase. Mocks are nothing but imitations that simulate the behavior of real APIs in a controlled environment. The purpose of a mock is to get quick and consistent feedback for a test in order to help facilitate continuous integration. Interface mocking is a powerful concept because it enables a number of development and testing workflows that greatly enhance the agility of development teams in businesses with complex infrastructures and systems. They can also be put to use in several development and testing scenarios on many levels such as code, API, service, and infrastructure.
Here are some best practices when mocking:
- We recommend using the acceptance test-driven development approach to refine the specifications for the business case and define a meaningful payload
- Stimulate unexpected errors, long response times or even invalid messages to make sure your API client handles those smoothly
- Use mocks to enable continuous testing of your components by mocking out any external dependencies
Sometimes conducted with the mock stage, the test phase highlights significant formal models that aren’t noticed in the API contracts such as error codes that are observed when someone under 21 tries to buy alcohol online from a retail company. Thus, the test plan needs to contain a detailed outline of the workflow that reflects both mocks and tests. The following are several test types applied in this phase:
• Unit Tests: Intended to test separate code units. The purpose is to validate that each unit of the software performs as designed
• E2E Tests: End-to-end are black-box tests intended to ensure the integrated components of an application function as expected from start to finish - from an end-user point of view.
• Manual Tests: Manual testing is the process of finding out the defects and bugs in a program. The developer runs the test in the end-user role and verifies if all the features are working properly. They should be performed as a cross-test inside the engineering team (using developer portal + Postman).
This is where your API is developed. Applying an integration framework is a key part of developing an API. The goals of the interface framework are to reduce the costs and potential risks of building an API. Interface development can take a lot of time, money and resources, so following best practices can help reduce those costs throughout the process. The main way to mitigate those costs is by uncovering mistakes early on in the development and to continue uncovering them along the cycle. Using agile development practices in the integration framework helps promote reuse of resources, fast iterations and value additions through orchestration.
In the deploy phase, make sure your CI / CD pipeline automates the delivery of your interfaces to the production environment. As seen in the diagram, the CI/CD pipeline reuses resources and tests that were utilized in earlier stages and ensures that the APIs that are going to be deployed, still operate in the classified specifications without any red flags.
An essential step in the lifecycle is the security phase. APIs don’t just receive information; they increasingly make calls to external URLs allowing API consumers to receive real-time notifications. This makes them vulnerable to misuse. To uphold better security, we recommend several best practices in particular:
- Static analysis tools in the CD pipeline to check an application’s code for software vulnerabilities and coding errors that could lead to defenseless doorways into the interface. Use IDE plugins and linters to standardize security efforts.
- Peer code reviews improve the quality of code with informal walkthroughs or inspections. Create security checklists such as OWASP’s top 10 reports.
- Focus on security development and testing security. Unit testing is important for developers to conduct when analyzing misuse and abuse of cases. Unit testing is also important when searching for common vulnerabilities.
- Functional security testing is useful in ensuring that the interface fulfills authentication, authorization and session management. Companies should design these tests to evaluate whether users can do something that isn’t authorized.
Automate security testing to secure the API infrastructure with these best practices :
In the management phase, your attention is directed to setting up sufficient management systems to aid in maximizing the value of API capabilities and expose any potential areas where the interface could become more efficient. Once the API is developed and deployed, managing includes cycles of versioning (semantic versioning scheme), deprecation and retirement.
Are you promoting your APIs?
APIs can generate massive amounts of value when promoted and shared. The more developers know about your API the more can connect to your assets like data, algorithms, transactions and business processes available through interfaces to external business ecosystems. Promotion allows companies to construct and expand their ecosystems and connect to industry marketplaces, networks, and other organizations to unlock new revenue opportunities from existing services and information. It’s the network effect. The bigger the network or ecosystem, the faster the exponential growth of the company. That’s why taking the time to document your APIs and promoting their capabilities is a must.
After your interface has been deployed and exposed, you enter the discovery phase. In this step, you need to help third parties and partners discover your APIs. To highlight this, make sure all documentation is based on open API standards (former swagger) and your CI/CD process contains the tools which keep the interface documentation up to date with the latest versions. The developer portal which is similar to a showroom, allows your consumers to easily discover your API and its capabilities. Additionally, it enables a developer to effortlessly get access to an interface reference and determine how it can be integrated. The portal is a great tool and is also the fastest way to interact with an API - either via an interactive console, code snippets or SDKs.
As a best practice, note that the interface reference should document every endpoint (resource routes, input requests, output responses and what each domain object and its attributes mean). It should be auto-generated and distributed either as a separate artifact or as part of the API developer portal. We recommend using ReDoc for interface reference creation and distribution.
Once you enter the development phase, third parties will start discovering and developing applications based on your APIs. User experience will depend on the quality of your APIs and the applications that are developed from them. To provide third parties with the opportunity to better their user experience in applications, make sure you’re providing enough resources for developers to get the most out of the interface. Those resources include your API best practices, information on security control, retirement, and error messages. Although this is similar to the interface reference in the discovery phase, it providers third parties a guide on how to manage your APIs, not just how to integrate them into their development.
This phase is all about the user experience. In order to provide users with high-quality products, it’s necessary to have staged plans to match growing consumption. To ensure high-quality user experience, revert to your interface strategy and run a validation process to provide evidence that the design meets the specifications. Design validation is an imperative process during any product development because it verifies the designed product is the same as the intended use.
As a best practice, continuously monitor and document the designs which enable you to meet the user-defined requirements at every stage. Documenting the procedure will help you easily understand the functionality at any stage, especially in the future when you plan to prepare the next version of the API. Keeping a detailed outline of the procedure also assists in reducing development time, improving productivity and increasing delivery output.
Setting up a validating process isn't enough; you must also monitor your APIs and any feedback loops you have set up to ensure you know exactly what needs to be improved next. To receive accurate data in your feedback loops, you must monitor various aspects of your interfaces such as:
- Developer engagement
- API Health
- API Usage
- "Time to First Hello, World!"
The API journey goes through many steps, but your delivery process should encompass all these phases to be truly agile, stable and profitable as well as meet the needs of your clients and partners.
We are living in the age of the consumer which means businesses can't afford to take their API strategies lightly. Consumers demand top-notch experiences that can be created with properly managed interfaces. A research study by Mulesoft found that 80% of large enterprises, generate more than $5 million a year from APIs alone. Although this post isn’t geared toward enterprise companies, it’s important to note how much interfaces can help generate opportunity for your small to midsize company once a properly formatted ecosystem is in place. Companies of all sizes, in all sectors, are using interfaces to level the competitive playing field and respond to rising volume, scale and volatility of customer-facing APIs.