Wednesday, July 22, 2020

API Management and Strategy

API Management Strategy

  • Robust strategy is mandatory
  • Allowing users to create, manage, secure, analyze and scale APIs is important
  • Managing the architecture, performance and security is critical
  • Managing and engaging developers is crucial
  • Permitting developers to rapidly create PIs from existing data and service is essential

 

API management infrastructure

  • API gateways are platform for hosting API proxies
  • API developer portals allow for the usage of published APIs
  • API management UIs permit the management and development of APIs, API proxies and API environments

 

API management features

  • Analytics and statistics help understand how the API is being used
  • Developer friendly documentation with examples is crucial to encourage developers to use the system
  • Engaging the API consumers, developers and partners is extremely important for on boarding
  • Sandbox environments allow for developing and testing code
  • Support should be provided for public and private cloud
  • Identify and access management should be provided for security
  • Traffic management and caching features should be provided
  • Support should be provided to monetize the API
  • Support should be provided for legacy systems
  • The service should be available, scalable and redundant

 

API Management Best practices

  • Ensure the system allows for authorization, billing and payment for API usage
  • Provide an easy to use environment for user to integrate and compose APIs
  • Permit the management of the API life cycle and SOA governance
  • Provide users with a unique API key that can be used to track and set permission for SLAs
  • Enable throttling and configure SLA tiers to help prevent abuse
  • Ensure security detection and prevention are available to prevent malicious functions
  • Standards need to be enforced during the API life cycle
  • APIs should be easy to read about, discuss, and test
  • Cataloging should be performed to enable API discovery and use
  • APIs need to be monitored to track usage, errors and malicious attacks
  • An API portal should be available to engage with developers and B2B partners
  • APIs should be ritualized and protected using an enterprise gateway
  • Notification should be sent when an event impacts an API
  • APIs should be searchable using custom taxonomies or search functionality
  • API traffic should be monitored to track metrics to track metrics for monetization purposes

 

API monitoring strategy

  • Determines if APIs are available and functioning at expected
  • Works together with CI/CD automatically test new version of
  • Provides important performance data to the developers and operational teams

 

Tool selection

  • The tool needs to be intuitive in order to use it to its full potentials
  • Existing scripts created with API tools should be reusable and importable
  • Scheduling should be available to run monitors at peak times and various intervals
  • Sequencing and assertions should be available to ensure that APIs return the correct data
  • The tool should make data easy to consume and share to provide actionable insights
  • The tool should be adaptable and easy to integrate into your existing infrastructure
  • The tool should be able to alert he users when something goes wrong quickly and using multiple methods

 

Methods for creating API monitors

  • Import open API specification or swagger specification files
  • Import test scripts from soapui or ready API
  • Create new API endpoint monitors using a url and add assertions and validations
  • Create a chained API endpoint monitor using endpoints, urls and validations

 

Advantages of reusing functional tests

  • Real API functionality can be continuously tested
  • Existing functional tests already have assertions and more descriptive error messages
  • Functional API monitors imitate real usage and provide insight to technical operations
  • Using a single tool for testing and monitoring  APIs decreases expenses and the learning curve

 

API monitoring best practices

  • API availability needs to be tracked and logged
  • API transactions and authentication need to be monitored
  • Data collected from monitoring needs to be bench marked against competitors
  • To prevent SLA breaches, alerts should be sent for any outages or performance issues
  • Tests need to be configured with request headers for simulating and API transaction
  • Basic HTTP authentication needs to be supported to ensure secure and reliable data
  • Multiple APIs need to be monitored if they are part of an application to determine any performance bottlenecks
  • Analyse performance trends on monitoring data collected over time
  • APIs need to be tested to ensure the data is correct and in the right format
  • Integrate the API testing system data with the monitoring systems
  • API monitoring for performance and functional up time testing can help avoid security breaches
  • Comprehensive end to end testing and monitoring should be performed understand the big picture
  • Functional monitoring should be performed at regular interval to reduce human error
  • Business activity should be monitored to determine throw users are deriving business value from the APIs
  • Metrics need to be tracked to determine how much money is created from the API for both client and business
  • Functionality should be available for clients to write their own customized tests

 

API management tools

Tool selection criteria

  • Tools need to be easy to use and have good training and support documentation
  • Tools need to support scalability and growing demand for APIs
  • Strong single sign on and SSL support are crucial in maintaining security
  • The tools should provide functionality for publishing and consuming APIs

Kong API manament tool

  • One of the best open source API gateway
  • Good for startups, small, medium, and large sized businesses
  • Delivery can be as a proxy solution
  • Enterprise pricing plans are available as wella s a free evalution plan

 

3scale API management tool

  • Provides a strong developer portal
  • Good for startup, small,medium and large sized businesses
  • Delivery can be as a proxy, agent and hybrid solution
  • Professional and enterprise pricing plans are available

 

Apigee api management ool

>best tool for monetization of API

Good for small and medium sized business

Delivery can be as a proxy, agent or hybrid solution

Professional and enterprise pricing plans are available as well as free evalution plan

 

Akana

  • Has strong life cycle management tool
  • Good for large enterprise sized businesses
  • Delivery can be as proxy, agent or hybrid solution
  • Proessional and enterprise pricing plan

 

API monitring tools

  • Both open source and commercial api montiorning tools are available
  • Endpoints can be monitored for uptime, availability , response time, performance and other variables
  • Provide functionality for logging, visualization and time series data

Time series data gadgets

Assertible api management tools

Alertsite api monitoring tool- support mobile and saas  application

Open source tools- Prometheus is time series monitoring tool, graphite is push based monitoring tool, influxDB is part of large tick stack

 

API Metrics stakeholders

  • The infrastructure teams needs metrics to ensure the API services are running correctly
  • Development teams need metrics to ensure the apis are running quickly and bug free
  • Sales and marketing need to ensure the customers needs are being met with the apis features
  • Product management needs to balance creating new apis with maintaining existing apis, while ensuring all stakeholders are satisfied

 

Infrastructure API metrics

  • Uptime is one of the key metrics for measuring service available
  • CPU usage can indicate high demand or API performance issue
  • Memory usuage can help determine if memory needs to be increased or decreased

 

Development API metrics

  • Requests per minutes can be used by development to help make API more efficient
  • Average and max latency indicate to the developers and infrastructure team that there is something slowing down the api services
  • Errors per minute indicates that there is an issue with api having bugs or that is being called with incorrect parameters

 

Business API metrics

  • Unique api consumers is used by product managers to determine number of customers using the APIs
  • API usuage is important for product managers to determine demand for existing apis
  • Top customers by api usage tells the business who they should work with to develop new api services
  • Api retention allows the business to determine if more funding should be spent on development or growth
  • Time to first hellow world determines the effectiveness of the documentation, tutorials and marketing efforts
  • Api calls per business transaction indicates the effectiveness and efficiency of your endpoints

 

SOAP UI API testing

  • Can be used for testing SOAP and restful web services
  • Can be used for functional, performance, security interoperability and regression testing
  • Can be used for creating virtual services that be used for test driven development
  • 2 error- 400 client something wrong, 500 api something wrong

SOAP UI Rest API testing

  • Create, read, update and delete
  • Get requests can be used to read or retrieve data
  • Post requests can be used to add new data
  • Put requests can be used to update existing data
  • Delete requests can be used to remove data

 

SOAP UI SOAP API testing

  • WSDLs can be imported and default requests can be auto generated
  • Supports common standards such as ws-security, ws-addressing, ws-reliabile messaging, and MTOM
  • WS-I compatibility testing permits validating both contracts and methods
  • Mock services can be created from WSDLs to simulate simple and complex user behavior

 

SOAPUI performance testing

  • Baseline testing examines the system under normal load, which can be compared with other tests
  • Load testing involves increasing the load to test how the system performs
  • Stress testing involves increasing the load until the system stops working
  • Soak testing includes running baseline or load testing over a period of time
  • Scalability testing involves testing the system to ensure it scales as expected

 

SOAPUI API security testing and options

  • Performs common security tests such as SQL injection attacks and XML bombs
  • The empty option creates a test with no pre-configured security scans
  • The automatic option creates a default set of security scans
  • The full control option allows you to select security scans for your tests

 

SOAPUI automated testing

  • Create REST project> enter URL and click ok
  • Get resource appear as request1
  • Top window- method> get and endpoint and run the request
  • Right side shows response with XML, html, JSON
  • Right click on request one >add testcase> enter testsuite name>click ok>enter test case name> enter request name and click ok
  • Click on assertion tab in bottom of window > click + sign>JSON path expression
  • On project url> right click add resource> post
  • Same steps to add test case

 

 

 

 

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)