postman-open-technologies / lifecycle

Defining the API lifecycle in a modular, reusable, and machine readable way that can help others learn about what the API lifecycle could be, as as define their own evolving API lifecycle.
https://apis.how/products/web-design/
Apache License 2.0
15 stars 9 forks source link

Playbook for API-First Transformation #89

Open kinlane opened 2 years ago

kinlane commented 2 years ago

A playbook for API-first transformation at scale- Delivery Infrastructure Platform Part 1 - https://medium.com/@jayadebaj/a-playbook-for-api-first-transformation-at-scale-delivery-infrastructure-platform-part-1-6a9176be0057

A playbook for API-first transformation at scale- Delivery Infrastructure Platform Part 2 — https://medium.com/@jayadebaj/a-playbook-for-api-first-transformation-at-scale-delivery-infrastructure-platform-part-2-639bf4f37d7d

kinlane commented 2 years ago

API Contract = capability features/operations specifications + non-functional features specifications + metadata

Choosing an Interface Definition Language (IDL) for describing an API Contract

Governance Tools CI/CD pipeline.

Linter/Validator- The API Linter/Validator runs many rulesets against the API contract IDL files (swagger.json, asyncapi.json, query/mutation.graphql etc.) and reports violations. Examples of rulesets are design standards ruleset(e.g., API styling ruleset, API protocol (HTTP/REST/GraphQL) specific ruleset, authN/authZ ruleset, i18N ruleset, internet standards format ruleset (e.g., RFC 3339), documentation ruleset, API IDL (OpenAPI, AsyncAPI, GraphQL rulesets), business domain & data quality rulesets and compliance rulesets (security, privacy, legal).

The validator should be fully integrated to the CI/CD pipeline and automatically update the maturity assessment validation criteria in Align and Design process.

Code Generator — The code generator compliments the API validator and generates all compliance policies/configurations, service code (functional) and all code/policy/configurations for all non-functional areas (AuthZ, AuthN, Logging, data handling etc.). The code generator also generates API tests (functional, negative/fault injection, security/compliance test cases) and mocks.

Gateways

Depending on the types of APIs (e.g., GraphQL, REST, Events, Websockets) that you are serving, you may even think of separate gateways for each API protocol.

Service Mesh

All the code/configs/policies generated by the code generator for all non-functional/cross-cutting concerns are deployed as part of your sidecar proxy in the service mesh infrastructure. A service mesh is also a very important infrastructure component for reliable service communication and observability.

Data Aggregator

Discovery

DDD