8 Accelerators to Speed up API Development

APIs (Application Program Interfaces) are a key component of digital transformation, which help an enterprise to expand its capabilities. APIs help to expose assets and data to developers, enabling them to innovate, extend, and optimize enterprise resources, giving them a competitive edge over the competitors. Most importantly, APIs facilitate improving end-user experience along with opening up new venue to increase revenue to the enterprise. With the advent of new technologies, exposing and utilizing these hidden assets become even more flexible with the APIs. But unfortunately, enterprises have many legacy and old applications, which may not effectively utilize the new technologies and forces them to upgrade, modernize, and re-write these monolith applications to best utilize the new technologies. Below are eight repeatable accelerators that aid in developing and upgrading the APIs at a record phase, while keeping in mind reuse and scale.

1. Security

   This is the most important component of every API. It is recommended to pick proven standard security frameworks like Spring Security components with the combination of security providers like LDAP, Open AM, etc. Once the framework, patterns, and providers are finalized and developed, code can be extracted into a standard reusable component by externalizing the variable parameters (URI, creds etc.). This facilitates plug and play usage of the security patterns. Developers can easily adopt the pattern by declaring the component as a dependency in the code and use the required security function in their respective apps instead of inventing the wheel again. This drastically reduces rework, removes the dependency on security SMEs, along with faster time to market.

2. API Driven Development

   Understanding the API that is being developed is important for both the developing team and also consuming teams. Especially with layered API architecture, multiple teams are involved in developing these APIs, and development should happen in parallel to save time. Hence, having a well-defined interface is critical where API first implementation starts with defining the interface first followed by actual implementation. Tools like Swagger, RAML, etc. can greatly aid in this process. This facilitates teams to be independent and develop the components without depending on each other, speeding up the development process.   

3. Common Components

   Encryption, decryption, masking, hashing, pagination, caching, etc. are common components of APIs. These components can be packaged into its own components. Also, with multi-layered APIs, it is required to propagate the credentials to the downstream layer ex. SSO token provided by the consumer should be passed along to the downstream provider. Sometimes it is required to inject new creds to pass on to the next layer. To add to the complexity, some use cases also required to translate incoming security to a different kind of format, ex. Basic Auth to WS-Security. To handle all these cases, it is recommended to create this translation mechanism as a form of a reusable component, which can be added as a dependent library to the API code.

4. Logging and Metrics

   Logging is one of the critical components of an API, infrastructure, and Operations. With the new rules introduced by GDPR, it is even more critical to log more content about why, how, and when data is changed. Having a standard logging mechanism and standard information in the logs can greatly simplify troubleshooting, evaluating, and understanding these logs. Also, log management tools like Splunk can index logs faster for a given set of key-value pairs. To account for all the mentioned factors, it is recommended to define the logging mechanism and standard log structure. As mentioned in the above scenarios, the specific implementation can be extracted out into a reusable component and can be used as a dependency. To further enhance the flexibility, we can also create a provision to append custom key-value pairs and also specific error codes, as needed by specific APIs. 

5. Standard Schemas

   Most of the industries rely on their industry-specific standard schemas, ex. IFX (Interactive Financial Exchange), NDC (New Distribution Capability) etc. Many, if not all IDEs are capable of generating beans from these schemas, but it is recommended to have a standard component, which is packaged with these generated enterprise specific tailored structures. By doing this, we can include specific business rules on the bean and also have provision to accommodate future modifications and updates to the schemas at a single point. This greatly enhances the development velocity and facilitate to assign owners and governance on these standard schemas.

6. Standard Layered Structure

   To solve today's use cases, it is imperative to have layered architecture. Depending on the use case, we can use one to three layers (experience, process, and system) combined with SEDA, CQRS, Messaging, etc. Regardless of the industry and specifics of the use case, the core architectural scenarios are very similar. Once we identify these scenarios, it is beneficial to document these core scenarios and map specific architectural patterns with the combination of the above mentioned layered architecture with other specific software components. Along with this, it is also important to clearly demarcate the boundaries of each layer (experience, process, and system). It is recommended to create a questionnaire that can be answered and tallied to identify which pattern best suits the scenario. This will help avoid any confusion for developers and accelerate the development process.

7. DevOps

   With layered architecture and microservices, the number of APIs created had increased exponentially and the requirement for turnaround time for the changes decreased to even minutes in some cases. To accommodate this speed, it is indispensable to have a robust DevOps in place. DevOps should start with organization structure to support the DevOps initiative followed by strong emphasis to adopt and practice Agile and Lean principles. Other major components of DevOps is the automation, with the emphasis on automating every repeatable task. Having a robust CICD pipeline is critical for easing developer time and giving a rapid feedback. Automation can be further enhanced by integrating change management, release management, security, monitoring, and deployment practices into the pipeline. This greatly increases the development turnaround time.

8. Testing

   There are around twenty different tests we generally perform on software components before we call it completely tested. TDD is a good place to start the process, but that is not enough, especially when we plan to scale and deploy in multi-cloud, hybrid cloud, or multiple data centers. It is important to identify what tests are required for a specific use case and automate them into CI process. Care should be taken that we don’t overload CI with excessive test steps. Some use cases may also require reference apps, stub mills, and visualization techniques to perform thorough testing. Systematic testing gives developers and managers assurance of the quality of the code along with decreases rework.