Blog

API development with APIOps

How APIOps can delivery innovation, compliance, and security at speed

Melissa van der Hecht

Businesses need new digital experiences but API operations are often a barrier to innovation.

The pandemic accelerated the adoption of microservices. Nine in ten technology leaders worldwide now reckon that creating new digital experiences to address COVID-19 challenges is critical to their business’s success. But for many, API operations are becoming a barrier to this, making their dream unachievable.

Technology is advancing, and our use cases are maturing, but it is time to innovate too in API lifecycle management. We currently depend on too many manual processes, complex steps, and costly activities to build the APIs that these new digital experiences rely on, which in turn worsens the quality of those experiences and our overall service to loyal customers and employees. APIOps, with its application of proven DevOps and GitOps principles throughout the full API lifecycle, removes this barrier.

STAY TUNED!

Learn more about API Conference

Requirements are increasingly complex

To deliver the agility needed for rapid innovation, APIs must be built for consumption and reuse. This must be true for every service across the distributed ecosystem.

In the world of API management 1.0, achieving this meant putting your APIs in a themed portal for consumers to find and access. But in the API economy today, this is not enough; reuse is now a more complex equation, dependent on multiple criteria, from the organisation’s operating model to the desired end user experience.

As a result, the culture in successful API teams follows a product mindset, where each of the organisation’s APIs is regarded as a product with a goal, value, and its own lifecycle, rather than technical entities running in the background. For any of those “products” to be reused, delivering operational efficiency and agility, they need to be consumable. This means they are:

  • Well-designed, secured, and compliant, following industry and your own organisation’s best usage and security practices. Example: If you couldn’t lock your iPhone, would you still use it?
  • Documented, discoverable and accessible for consumers to find and (re)use. Example: if it was difficult to find an iPhone, how long would you keep looking before buying something else?
  • Performant, reliable and scalable, so consumers enjoy a high-quality service and want to continue reusing your services.

Example: How long would you stay loyal to Apple if their phones were consistently unreliable? An absence of any one of these properties won’t prevent you from deploying an API but will limit the value it provides you. APIs missing these properties may be unreliable and difficult to use; they could even cause security risks that are exploited and land you in the news. In fact, successive API security issues damaging company reputations have changed mindsets; leaders are now prioritising API and application quality over speed.

The key to reuse is to ensure all of your APIs always have all these properties, thus making them consumable. But given the increasing scale of the decentralisation of data, systems, and people, achieving this has become impossibly hard. In fact, based on our anecdotal research, 80% of teams are now forced to trade-off between the delivery speed and quality of their APIs.

Why the trade-off?

Some organisations give API developers considerable scope to deploy, manage and publish their APIs, without the necessary quality gates to enforce standardisation. This freedom promotes innovation at speed, but with widely distributed teams following different processes, it results in API platforms full of inconsistencies. APIs will often overlap, have different documentation and security standards, and won’t be reused.

Learning from this, most organisations tasked centralised API platform teams to enforce standards by reviewing designs and implementations pre-deployment. But this process introduces bottlenecks: the reviews of each new API and version depend on manual processes − or require the building of customised tools and workflows to do so. It’s neither sustainable nor scalable.

Some companies have seen varying levels of success by evangelising their best practice across API designers and engineers, and mandating compliance. The intention is good but success still depends on everyone adhering to these standards through those manual processes rather than actually alleviating any of the burden. In a world driven by automation and self-sufficiency, our teams deserve better.

 

Manage complex distributed systems

Explore the API Management Track

Introducing APIOps

This is the problem scope of APIOps. We apply the proven principles of DevOps and GitOps to the API lifecycle, automating processes to free API practitioners from these challenges.

APIOps equips developers, architects and operators with self-serve and automated tools to ensure the quality of API specifications, implementations, and operations throughout the lifecycle. It works by combining a service connectivity platform that supports APIOps, with declarative delivery pipelines, automated governance checks, and version control: tooling in use by most organisations today.

After the initial creation of an OpenAPI specification – the API design – APIOps orchestrates checking the specification for best practice; testing the design and implementation; generation of a declarative configuration file for the deployment; application and configuration of security, observability, and operational policies in a gateway to manage the API; publishing of endpoints and documentation in a dev portal for discovery and self-serve access; and ongoing day 2 operations. Where historically this has been inconsistent and inefficient, this is now a fully automated process, end-to-end, mastered through version control such as Git, with the ability to instantly pause, test, reject, and roll back at every step.

This breakthrough incorporates end-to-end automation and tooling for consistent, continuous delivery of teams’ connectivity services – regardless of who’s building them, the tools used, and the target deployment environment.

APIOps increases speed

Building on GitOps, APIOps uses declarative configuration for automated deployments, which has superseded imperative configuration as the best practice approach to CI/CD because of its simplicity and efficiency. Modern service connectivity platforms support declarative-driven automation, enabling API gateways to configure themselves based on those instructions, rather than wasting time building and maintaining scripts to manage the configuration of policies and endpoints.

Removing manual effort further, platforms that support APIOps will automatically generate the declarative configuration itself from the API design. These core capabilities ensure:

  • A quicker time-to-market by catching deviations from standards earlier in the pipeline
  • Faster, repeatable, and predictable deployments into our API ecosystem
  • Easy rollbacks to previous deployment states using declarative config files from your version control system
  • Reduced risk by automating application and configuration of security policies

APIOps raises quality

APIOps programmatically enforces API, security, and governance standards throughout the pipeline, making it much easier than before to deliver consumable, high-quality APIs. It enables us to achieve:

  • Consistent quality and standards across all APIs from embedding automated governance checks and tests into the CI/CD pipelines
  • More productive developers who are empowered to meet standards themselves without needing separate documentation
  • Better collaboration and reduced refactoring because standards are met earlier on
  • A single source of truth for APIs deployed and managed states across deployment environments, teams, and processes
  • Smoother deployments, as a version-controlled declarative configuration file lets teams see changes between configurations, helping to identify when something will break.

How service connectivity platforms enable APIOps

Design time

When designing an API, leading platforms enable developers to design, test, and debug in one place. The designs should be instantly linted so developers know they are following industry best practices. Developers should be able to generate unit tests for the service’s functionality and follow policies for governance and security. They can automatically generate the declarative config for an API in the API design platform for rapid local checks – before committing and pushing their code to the right repo. Each API is thus governed from the design phase onwards with instant local testing of design and governance available throughout.

Build phase

Continuing on with our lifecycle, when someone makes a pull request (PR) in that repo, we know there is new code to review. For example, when there is a new API design, or the developer has built the API implementation and added this new code to the repo, we must ensure the API submitted for review still meets our standards before merging the code in.

With APIOps, teams can use the API platform’s CLI to programmatically invoke all the quality and governance checks available to the developers any time a PR is made. As a result, teams can configure the different checks to run in whichever order best suits the use case, pipeline stage and deployment target – and limit approval of the PR to when all checks have been passed. No manual intervention is needed and with everything automatic and programmatic, teams can meet all requirements at speed.

Deploy time

Completing the process, the operator can programmatically upload the declarative config to the various modules and runtimes in the service connectivity platform (e.g., through its CLIs), which automatically self-configures. The benefits of GitOps for continuous deployment are being applied to the full API lifecycle, enabling fully automated, faster, and repeatable deployments and configurations in the service connectivity platform.

STAY TUNED!

Learn more about API Conference

APIOps: innovation, compliance, and security at speed

Technology complexity is not the limiting factor of innovation. Quite the reverse. The more easily we can build a prototype in an untested tool, rebuild, and reassemble business capabilities, and adopt a plug-and-play approach to our IT landscape, the more effectively we innovate. What limits our success is when we forget to innovate behind the scenes, and legacy processes hold our technology adoption back. APIOps provides the automation so desperately needed for accelerated API delivery and adoption, against a backdrop of increasing complexity, scale, and expectations.

Top Articles About Blog

All News & Updates of API Conference:

Behind the Tracks

API Management

A detailed look at the development of APIs

API Development

Architecture of APIs and API systems

API Design

From policies and identities to monitoring

API Platforms & Business

Web APIs for a larger audience & API platforms related to SaaS

ALL NEWS ABOUT THE API CONFERENCE!