We spend a lot of time helping our partners and clients push forward their overall API life cycle strategy and approach to API governance as part of what we do at Streamdata.io. While we wish everyone we talked to already had robust web APIs for us to stream, and deliver as event-driven subscriptions, not everyone is quite ready. To help our customers, partners, and their customers improve upon their API stack, we conduct regular one and two-day workshops that help their teams think through the big picture when it comes to delivering APIs consistently across a large organization. Streamdata.io API Life Cycle Workshops tend to run onsite for two days, covering 25 stops along a modern API life cycle. Helping business and development teams get up to speed on some of the more progressive ways to approach delivering APIs–focusing in on these areas:
– Definitions – Helping organize the definitions used across the API life cycle, beginning with basic descriptions of services, common schema for resources, while developing OpenAPI contracts that help define the business value an API will deliver, complete with machine-readable tests that can be executed regularly to ensure each API is meeting its service level agreement (SLA).
– Design – Understanding what the basics of RESTful API design are, while also considering hypermedia, GraphQL, microservices, and other emerging patterns that help us establish a robust, and diverse API design toolbox that allows us to deliver a wide range of services for different use cases.
– Versioning – Talking through the different ways in which API providers are versioning their API definitions, interfaces, and the SDKs, connectors, and other artifacts that are essential to the API life cycle. Keeping our APIs moving forward in a shared and organized way, so that all stakeholders are kept in sync with all forward motion.
– Virtualization – Understanding the common approaches to virtualization, mocking, and synthesizing API resources, providing a sandbox, laboratory, and test versions of APIs, and the data they serve up. Delivering robust, production-like versions of API resources that can be used to develop, test, and hard API solutions, before they ever enter into a production environment.
– Deployment – Exploring the many ways in which APIs can be deployed from the handcrafted artisan variety using frameworks, to gateways, proxies, SaaS solutions, containers, serverless, and much more. There is no single way to deploy an API, but teams can learn to work together to deploy an API using a shared OpenAPI contract, providing consistent interfaces for use across applications.
– Orchestration – Understanding how development groups are orchestration the API life cycle, establishing reproduce-able pipelines, that employ regular builds, pre and post-commit strategies, and other ways to orchestrate the delivery, as well as the integration of APIs across internal groups, with trusted partners, and 3rd party API services.
– Authentication – Understanding what a common authentication model looks like across all API infrastructure. Understanding Basic Auth, API Keys, JWT, OAuth, and other common approaches to securing our APIs, maintaining proper identity and access management, while still encouraging the ease of use and integration of all digital assets by whoever is entitled to access.
– Management – Properly serving up, authenticating against, and defining what API access looks like. Having a common API management strategy across all APIs that are made available, no matter whether they are for internal, partner, or public use. Developing an awareness of who is accessing API resources, exactly what they are accessing, and understanding what they are doing with it while measuring and quantifying the value being extracted or generated along the way.
– Logging – Establishing a comprehensive approach to shipping logs across the entire API stack, then making all logs a first-class citizen within the API stack. Exposing database, web server, DNS, and other layers as secure APIs that can be used to manage, audit, and secure API access at all levels.
– Plans – Defining the different plans of access that will be available, requiring that ALL APIs exist within a plan, even if it is just for internal or trusted partner access. Applying limits to all API consumption, while understanding the costs associated with the delivery and integration of all digital assets across the organization.
– Portals – Providing common portals, available at simple known locations. Providing one, or potentially multiple locations where APIs can be published, and in turn, discovered and consumed. Establishing a common approach to delivering APIs across internal, partner, and public stakeholders through known locations.
– Documentation – Ensuring there is always up to date, accurate, and complete documentation for all APIs. Leveraging the OpenAPI definition to continually build and deliver interactive documentation that can be made available via common developer portals.
– Clients – Delivering explorers, and client tooling that augments API documentation, but allows for on-boarding learning, and integration with an API to be portable, and localized, enabling developers and other consumers to make calls from their desktop and browser.
– SDKs – Understanding what is possible when it comes to providing code samples, SDKs, plugins, connectors, and other starter code for developers to use when integrating with an API. Making it as easy as possible for developers to get up and running with their application built on top of your API(s).
– Support – Ensuring that all APIs are properly supported, providing multiple channels for internal, partner, and the public to consider when getting assistance during their onboarding and integration journey. Using email, phone, ticketing systems, repositories, social media, and other methods for keeping developers supported throughout this ongoing relationship.
– Communications – Making sure there is regular communication occurring around all APIs, providing the required feedback loop that begins with outwardly focused storytelling, but also involves support, and gathering feedback from stakeholders, consumers, and the wider public.
– Road Map – Gathering internal, partner, and public feedback and establishing an ever-evolving roadmap, communicating what changes are coming for each API. Providing API specific details on how the API will be changing, and what version releases are being planned in the foreseeable future. Including an active list of known issues, as well as the change log for what has already been done, showing the entire history for each API.
– Evangelism – Understanding how APIs need to be evangelized between development teams, with business and leadership groups. Making internal, partner, and public consumers aware of valuable API resources, as well as the process involved with the delivery, operation, and support of APIs.
– Monitoring – Defining what the monitoring of APIs looks like, ensuring APIs are available when and where they are supposed, and meeting required SLAs.
– Testing – Going beyond just monitoring, and defining a common approach to testing APIs, ensuring each API is doing exactly what it should, and nothing more.
– Performance – Understanding the performance limitations of each API, defining how fast it can deliver across a variety of geographic regions, and platforms.
– Security – Defining security beyond authentication, logging, and monitoring, testing, and performance. Making sure encryption is default across all APIs, in transport and storage, and all APIs are known and scanned on a regular basis for any vulnerabilities.
– Discovery – Ensuring all definitions are discoverable through a single document placed in a known location, providing a machine readable index of API operations, as well as the details of authentication, and all APIs using OpenAPI, JSON Schema, Postman Collections, and other common API discovery formats.
– Event-Driven – Moving the discussion beyond just a request and response approach to delivering API resources, and employing webhooks, real-time streaming APIs, publish and subscribe models, and other approaches to delivering digital assets where they are needed, when meaningful events happen. Allowing API consumers to tune into, sync with, and subscribe to exactly the events they want, and receive only the data, content, and media that matters in the moment.
– Governance – Quantifying, measuring, and reporting upon every stop along the API life cycle, developing an understanding of how APIs are being delivered, establishing benchmarks for what is desirable or undesirable outcomes, and having an awareness of where ALL APIs fit into the overall governance landscape.
We have many other areas we can discuss as part of our API life cycle workshops, but we find these 25 stops along a modern API life cycle tend to reflect where most of the companies, organizations, institutions, and government agencies we are talking to, are in their API journey. Most groups are doing or talking about doing something in most of these areas. Our goal is to help teams understand how they can step back from their current operations, look at the bigger picture, and begin crafting and evolving a strategy for delivering many APIs across a consistent and shared life cycle.
Each workshop is crafted as a GitHub repository, with each stop along the life cycle represented by a YAML collection, providing the structure and details for each stop of the API life cycle, but in a machine-readable way that can be added to, or distilled down to a real-world life cycle scaffolding that can be actually executed against. Providing a comprehensive list of API life cycle knowledge in a forkable, structured way, that we can take into each workshop, customize over the course of the workshop, while also be taken home after the workshop has ended. Providing each workshop attendee with something they can take back to their team, and begin applying on the ground within their operations.
Let us know if you’d like an API life cycle workshop for your company, organization, institution, or government agency. We work with entities of almost any shape or size. We are happy to come on-site and deliver workshops locally, or we are happy to set something up in a major city, so your team can go offsite. This outline represents the 100K view of our workshops, if you’d like to see an example of what knowledge is available, you can visit the home page of API Evangelist, where you’ll find almost 100 stops along the API life cycle, including the 25 we’ve included here. If you have any questions, feel free to reach out, and we can help you learn more about Streamdata.io API Life cycle Workshops.