Api Management Poc Requirements
Api Management Poc Requirements
Introduction
Purpose of the proof of concept
Business need/value alignment
Key technical drivers
PoC timeline
High-level evaluation approach
PoC Prerequisites
High-level architecture of backend services/applications
Infrastructure
API details
Use Cases
API management requirements
API lifecycle
API Runtime
API Backend-as-a-Service
Analytics
Developer portal
Monetization
Operations and architecture
2
©2016 Apigee Corp. All Rights Reserved
1
Introduction
● Create easy to customize and manage, well-designed APIs from existing services
● Enable API consumers and app developers to build innovative, engaging apps, by providing
frictionless self-service onboarding, easy access to API keys and API secrets, and rich interactive
API documentation
● Drive developer adoption and help build a community of internal and external (i.e. partners and
independent third-party) developers
● Extract operational and business insights from our API and app ecosystem
● Provide the ability to monetize APIs using different rate plans
The solution should sit between back-end services and consumers, providing much-needed flexibility to
complement and enhance a variety of business and low-level functionality. This will enable the API
team to focus on creating value from core business functionality via APIs and off-load all
non-functional aspects of exposing and managing the APIs to the API management solution.
2 Purpose of the proof of concept
This section in the document details the key objectives that drive the evaluation, covering both
functional and nonfunctional aspects of the API management product to establish viability and
differentiation.
Business need/value alignment
● Example: Improve agility of our business units in creating omnichannel ecommerce experience
● Example: Reduce amount of time required for partners to start conducting business with us
● Business need #3
● Business need #4
● Business need #5
3
©2016 Apigee Corp. All Rights Reserved
Key technical drivers
While specific use cases will be defined further in this document, at a high-level the following items are
specific technical drivers this proof will validate:
<<Replace the following with your specific key technical drivers>>
● Example: Need the ability to provide user and product data to various internal business units
responsible for our omnichannel ecommerce strategy
● Example: Need to enable our partners to place orders with us in real-time from their mobile
apps
● Technical driver #3
● Technical driver #4
● Technical driver #5
3 PoC timeline
4
©2016 Apigee Corp. All Rights Reserved
● Implement POC use cases
● Demonstrate use cases
● Conduct POC readout meeting
● Define and document next steps
5
PoC prerequisites
Outlined below are the necessary prerequisites for completion of the POC.
5.1 High-level architecture of backend services/applications
5
©2016 Apigee Corp. All Rights Reserved
5.3 API details
6
©2016 Apigee Corp. All Rights Reserved
6 Use Cases
Priority
No. Key Focus Area Description
(H/M/L)
6.1.2 API Runtime
Priority
No Key Focus Area Description
(H/M/L)
7
©2016 Apigee Corp. All Rights Reserved
Traffic
Demonstrate out-of-the-box traffic throttling capabilities
1 management/
to protect the back-end systems from unusual spikes
throttling
8
©2016 Apigee Corp. All Rights Reserved
E.g. if API “X” is caching a state about the user
preferences, retrieval of that stored state (cache) from
API “Y” should be enabled.
9
©2016 Apigee Corp. All Rights Reserved
Map internal authentication/authorization mechanisms
to API keys and OAuth. Should be able to perform
16 Credential Mediation.
10
©2016 Apigee Corp. All Rights Reserved
Network or transport-level security between the API tier
and our backend systems is needed. This should be
23 demonstrated using standard protocols like TLS. All the
options of client-server hand shaking for this should be
explored.
11
©2016 Apigee Corp. All Rights Reserved
either in JavaScript, Java, Python or, for some IO-based
utilities, we might want to handle that with Node.js
12
©2016 Apigee Corp. All Rights Reserved
Because APIs are stateless and used to build modern apps, they require a Backend-as-a-Service that
provides the ability to do state management, provide server-side support to manage and authenticate
app users, and the ability to create APIs for sending in-app push notifications or issue geolocation
queries. These capabilities make it easier for API consumers to build robust interactions and
applications.
13
©2016 Apigee Corp. All Rights Reserved
We want the ability to store and
create a relationship between users
Device/user specific data
6 and their mobile devices and need
store
the ability to query data for a
specific user and/or device.
14
©2016 Apigee Corp. All Rights Reserved
notifications to users. We want the
ability to leverage Apple, Google,
and Windows push notification
service notifiers.
6.1.4 Analytics
Robust analytics provides complete insight and visibility from the developer apps that are using the APIs, the
APIs themselves—their traffic, performance, success rate—right down to the target endpoints that the APIs hit.
The solution must provide:
● complete activity, performance, and error/alert reporting
● API segmentation by traffic, performance, success rate, and a host of other metrics
● a fine-grained view of how APIs are being used by the consuming apps and usage by API method to
know which APIs to scale
● assistance in troubleshooting anomalies and errors
● the ability to create custom reports on both operational and business-level information; as data passes
through the API management layer, default types of information should be collected, including URLs and
IPs for API call information, and latency and error data
Besides out-of-the-box information that’s collected, the solution must also provide the ability to easily configure
extraction of data from the XML or JSON request or response and make it available for analysis. All data should
be pushed to analytics where it can be aggregated and leveraged by built-in or custom reports. Analytics should
also provide fundamental administration services, including user and role management.
15
©2016 Apigee Corp. All Rights Reserved
environments including test and
production.
16
©2016 Apigee Corp. All Rights Reserved
trends in API usage over specific time
periods, as well as API transaction rates
at specific times. The platform should
also provide real-time trends such as
top APIs and top apps, based on API
usage over time, such that business
users can measure the adoption of
APIs.
17
©2016 Apigee Corp. All Rights Reserved
11 Demonstrate how to support reports
Developer analytics
for developers on their own API usage.
18
©2016 Apigee Corp. All Rights Reserved
The API management solution should provide a developer portal, which should have out-of-the-box
community features including blogs, forums, and FAQs that will help build a developer ecosystem for
internal developers or externally exposed to partners and third-party developers. It should be easily
customizable and rebranded, and should include mechanisms for secure self-service registration and
developer onboarding(whether internal, partner, or external).
The portal should also include the ability to create intuitive interactive documentation that can be
annotated by each developer and used to test and view API results in real time. Apart from content
management, the portal should offer features for community management such as manual/automatic
user registration and moderating user comments. It should offer a Role Based Access Control (RBAC)
model that controls access to portal features (for example, it should be able to control whether
registered users can create forum posts or use test consoles).
19
©2016 Apigee Corp. All Rights Reserved
developer account, to access APIs provided on
the portal.
Developer roles
Demonstrate how parts of the portal can be
restricted to specific developer and admin roles.
6
Make API documentation and API product
access role-dependent.
20
©2016 Apigee Corp. All Rights Reserved
Provide the ability to embed code snippets for
each API into the documentation, as references
13 to invoke the API in different programming
languages and platforms (Java, JavaScript,
Android, and iOS, for example).
21
©2016 Apigee Corp. All Rights Reserved
The platform should be extendable to
19 Extensibility accommodate future needs like integration with
a ticketing system, JIRA, SFDC, and SSO.
6.1.6 Monetization
22
©2016 Apigee Corp. All Rights Reserved
We want to be able to create several
different packages out of our APIs, grouping
them by functionalities. Our consumers
(developers and partners) should be able to
subscribe to product offerings and access
those services, which will be mandated by a
count (“X” number of calls per month).
23
©2016 Apigee Corp. All Rights Reserved
then charge them after the promotion
period.
24
©2016 Apigee Corp. All Rights Reserved
The notification should be personalized with
Notifications, branding,
9 the name and account ID of the recipient,
logos
and company branding.
6.1.7 Operations and architecture
Alignment with our operations and architectural principles is an important aspect to evaluate as
part of this POC. The volume of API calls in a successful API program requires tremendous
scalability. The solution needs to fit in with existing tools and best practices, and must also be able
to integrate with existing monitoring, CI, and software configuration management (SCM) tools.
25
©2016 Apigee Corp. All Rights Reserved
No. Key Focus Area Description Interest
● latency
Operations
● usage
● throughput
2 so that:
26
©2016 Apigee Corp. All Rights Reserved
We should be able to integrate with our internal
logging system(like Splunk) so that we can
4 rationalize the API traffic with back-end traffic
and requests. We would like to integrate API
message logging and operational logging.
27
©2016 Apigee Corp. All Rights Reserved
● internal active directories for API
developers
28
©2016 Apigee Corp. All Rights Reserved
The platform should enable deployment of
15 components across security zones so as to
comply with our security requirements.
29
©2016 Apigee Corp. All Rights Reserved
Demonstrate the performance characteristics of
the platform for different concurrency, different
payload sizes, and different policy management
22 Performance scenarios.
30
©2016 Apigee Corp. All Rights Reserved