Solution Patterns: Manage and Secure APIs with an API First Approach

In this solution pattern you will discover how an API First Approach provides the right framework to build microservices and APIs based systems. The stages of an API life cycle cover both the implementation life cycle and the management life cycle.

  • The Implementation phase allows you to collaboratively design an API before determining and developing the various channels and applications that will use the API. The design-first approach advocates for designing the API’s contract before writing any code.

  • The Management phase allows you to manage access to the implement APIs, measure consumption and also track utilization of the APIs to perhaps even monetize the APIs

Contributors: Bernard Tison (Red Hat), Jaya Christina Baskaran (Red Hat)

1. Use cases

Use cases that can be addressed with this solution pattern:

  • Modernize legacy systems: Run legacy and new systems within the same platform. By adding API access to legacy systems, teams can build microservices-based applications while also using existing APIs, applications, and systems.

  • Make APIs discoverable: Use APIs to connect microservices, systems, and applications so developers across the organization can easily access them through a consistent interface. This creates a sandbox where developers can test and deploy workloads.

  • Join the API economy: Expand your API library and share your APIs with developers and partners outside of your organization. Monetize the services that were built for internal use and increase revenue streams by sharing them with a larger ecosystem

A good API Management platform should allow the API teams to:

  • Deploy, monitor, and control APIs throughout their entire life cycle

  • Create policies governing security and usage

  • Use existing identity management systems through a declarative policy without requiring custom code

  • Gain insight into health and use of APIs

  • Discover and share APIs by publishing to internal or external developer portals

2. The story behind this solution pattern

Globex is a fictitious retail company. The company recently started a digital transformation and cloud adoption journey. As part of this initiative, the development and devops teams have completed the modernization of the existing multi-tier monolithic retail e-commerce web application. The monolithic application was split in a couple of loosely-coupled microservices and the application was re-hosted on OpenShift.

globex phase1

As a next step Globex would like to expand business with a multi-channel retailing strategy through a mobile app and partner channels. This means that the new channels will need access to their core backend API services.

To secure the access to Globex’s core APIs that will be used by the new channels, an API Management platform is needed. To build a holistic API Management solution, the team decides to adopt an API First approach spanning design, governance, mock and management of APIs - which will enable rapid development across teams.

3. The Solution

The dev team decides to introduce an API Management solution to expose, secure and manage the APIs to the application backend services. This allows to introduce new channels (mobile application, B2B transactions) in a controlled way.

Using a contract-first approach, the APIs are specified in a OpenAPI spec document and managed in a registry (Red Hat Openshift Service Registry). Once implemented, they are onboarded on the API management platform. Mocking of the APIs allows parallel streams of development between API implementers and API consumers.

In this pattern you will follow this journey:

  • Design an API resulting in an OpenAPI schema

  • Govern the schema with a registry for use by various teams

  • Mock the APIs to enable faster inner loop development

  • Manage and Secure APIs to allow access for external teams

4. Developer Resources