Journey™ Workshops

Definitions

Helping us organize the definitions used across your API life cycle. Beginning with basic descriptions of services, common schema for resources, while developing OpenAPI contracts that help define the business value an API will deliver. Complete with machine-readable tests that can be executed regularly so you can ensure each API is meeting your service level agreement (SLA).

Design

Understanding what the basics of RESTful API design are, while also considering hypermedia, GraphQL, microservices, and other emerging patterns that help us establish a robust, and diverse API design toolbox. Allowing us to deliver a wide range of services for different use cases.

Versioning

Talking through the different ways in which API providers are versioning their API definitions, interfaces, and the SDKs, connectors, and other artifacts that are essential to your API life cycle. Keeping your APIs moving forward in a shared and organized way, so that all stakeholders are kept in sync with all forward motion.

Virtualization

Understanding the common approaches to virtualization, mocking, and synthesizing API resources, providing a sandbox, laboratory, and test versions of APIs, and the data they serve up. Delivering robust, production-like versions of your API resources that can be used to develop, test, and hard API solutions, before they ever enter into a production environment.

Deployment

Exploring the many ways in which APIs can be deployed from the handcrafted artisan variety using frameworks, to gateways, proxies, SaaS solutions, containers, serverless, and much more. There is no single way to deploy an API, but your teams can learn to work together to deploy an API using a shared OpenAPI contract, providing consistent interfaces for use across all applications.

Orchestration

Understanding how developers are orchestrating the API life cycle, establishing reproducible pipelines, that employ regular builds, pre-and post-commit strategies, and other ways to orchestrate the delivery, as well as the integration of APIs across internal groups, with trusted partners, and 3rd party API services.

Authentication

Understanding what a common authentication model looks like across all API infrastructure. Understanding Basic Auth, API Keys, JWT, OAuth, and other common approaches to securing our API. Maintaining proper identity and access management, while still encouraging the ease of use and integration of all digital assets by whoever is entitled to access them.

Management

Properly serving up, authenticating against, and defining what API access looks like. Having a common API management strategy across all APIs that are made available, whether they are for your internal team, partners, or for public use. Developing an awareness of who is accessing API resources, exactly what they are accessing, and understanding what they are doing with it while measuring and quantifying the value being extracted or generated along the way.

Logging

Establishing a comprehensive approach to shipping logs across the entire API stack, then making all logs a first-class citizen within the API stack. Exposing database, web server, DNS, and other layers as secure APIs that can be used to manage, audit, and secure API access at all levels.

Plans

Defining the different plans of access that will be available, requiring that ALL APIs exist within a plan, even if it is just for internal or trusted partner access. Applying limits to all API consumption, while understanding the costs associated with the delivery and integration of all digital assets across your organization.

Portals

Providing common portals, available at simple, known locations. Providing one, or potentially multiple locations where APIs can be published, and in turn, discovered and consumed. Establishing a common approach to delivering APIs across internal, partner, and public stakeholders through known locations.

Documentation

Ensuring there is always up-to-date, accurate, and complete documentation for all APIs. Leveraging the OpenAPI definition to continually build and deliver interactive documentation that can be made available via common developer portals.

Clients

Delivering explorers, and client tooling that augments API documentation, but allows for on-boarding and integration with an API to be portable, and localized, enabling developers and other consumers to make calls from their desktop and browser.

SDKs

Understanding what is possible when it comes to providing code samples, SDKs, plugins, connectors, and other starter code for developers to use when integrating with an API. Making it as easy as possible for developers to get up and running with their application built on top of your API(s).

Support

Ensuring that all APIs are properly supported, providing multiple channels for your internal team, partners, and the public to consider when getting assistance during their onboarding and integration journey. Using email, phone, ticketing systems, repositories, social media, and other methods for keeping developers supported throughout this ongoing relationship.

Communications

Making sure there is regular communication occurring around all APIs, providing the required feedback loop that begins with outwardly focused storytelling, but also involves support, and gathering feedback from stakeholders, consumers, and the wider public.

Roadmap

Gathering internal, partner, and public feedback and establish an ever-evolving roadmap, communicating what changes are coming for each API. Providing API specific details on how the API will be changing, and what version releases are being planned in the foreseeable future. Including an active list of known issues, as well as the change log for what has already been done, showing the entire history for each API.

Evangelism

Understanding how APIs need to be evangelized between development teams, with business and leadership groups. Making internal, partner, and public consumers aware of valuable API resources, as well as the process involved with the delivery, operation, and support of APIs.

Monitoring

Defining what the monitoring of your APIs looks like, ensuring APIs are available when and where they are supposed, and meeting required SLAs.

Testing

Going beyond just monitoring, and defining a common approach to testing APIs, ensuring each API is doing exactly what it should, and nothing more.

Performance

Understanding the performance limitations of each API, defining how fast it can deliver across a variety of geographic regions, and platforms.

Security

Defining security beyond authentication, logging, monitoring, testing, and performance. Making sure encryption is the default across all APIs, in transport and storage, and all APIs are known and scanned on a regular basis for any vulnerabilities.

Discovery

Ensuring all definitions are discoverable through a single document placed in a known location, providing a machine-readable index of API operations, as well as the details of authentication, and all APIs using OpenAPI, JSON Schema, Postman Collections, and other common API discovery formats.

Event-driven

Moving the discussion beyond just a request and response approach to delivering API resources, and employing webhooks, real-time streaming APIs, publish and subscribe models, and other approaches to delivering digital assets where they are needed, when meaningful events happen. Allowing API consumers to tune into, sync with, and subscribe to exactly the events they want, and receive only the data, content, and media that matters in the moment.

Governance

Quantifying, measuring, and reporting upon every stop along the API life cycle. Developing an understanding of how APIs are being delivered, establishing benchmarks for what is desirable or undesirable outcomes, and having an awareness of where ALL APIs fit into the overall governance landscape.

Consulting Approach

25 Steps Along the API Life Cycle Covered By the Experts