CAP provides dynamic adaptable API management

Keywords:

API, SOA, REST, JSON, Transformation, sun-setting, credentials

The context:

A large enterprise over time builds up a vast set of disparate service APIs for use within the enterprise. Due to technology changes over time, these APIs tend to have high levels of duplication, disparate protocols and inconsistent data structures. In addition to this, the enterprise also relies on a number of third-party APIs for features ranging from location services to credit checks.

The solution:

Using CAP, an API management solution was created to provide the entire enterprise with a single view of the available APIs, a single method for interacting with those APIs and a uniform way to provide access credentials, version control and usage accounting.

Deployment diagram:

Why CAP:

CAP is capable of interacting with a vast array of data sources, protocols and APIs out of the box. CAP also has extensive data transformation capabilities and is capable of providing an API interface served directly from within the product.

The story:

The company had an existing development project scheduled to run over several years with a budget in the tens of millions of dollars.

It was suggested that this project could be eliminated with the use of CAP and a project was started to create a foundation for an API manager.

Within 3 weeks, a working prototype was demonstrated that included:

· A central searchable API library with access instructions and version information

· A callable API standard with a single data format (JSON over REST)

· Demonstrated capability to do version-transformation of APIs, so that applications can move from one version to another without the need to change all the calling applications at once

· Demonstrated capability to transform an external vendor API to the standard data format

· The ability to add accounting features based on the application calling the API to ensure paid external services can be billed back to the department using the API

· A central secure repository for access credentials to all paid external services

By creating an internal standard for services such a credit checks and geo-location, the company was able to abstract out the underlying service provider. In real terms, this means that the company can replace one external provider with another, enterprise wide, without changing anything else but the rules within CAP for that service.

The enterprise security team worked with the CAP team to develop a limited set of access methods based on the level of identifiable personal data and/or confidential information included in an API call. This resulted in 3 strict methods of calling APIs: unsecured, secured and digitally signed. Adding security to API calls can be a complex process, so having just three methods to learn helped API consumers tremendously.

The limitations:

A rule set needs to be created for each API that requires a version or protocol transformation. This made the actual transition to the API manager an iterative process.

Business benefits:

Having a single method of performing API calls throughout the enterprise IT department dramatically reduces the time programmers require to learn how to use an API. It results in easy, reusable code templates across different programming languages. It also enables the much easier use of orchestration software and removes much duplication.

Having a central single library of APIs also resulted in the discovery of sometimes duplicated accounts with external service providers. By eliminating these duplications immediate cost savings are realized.

The much-reduced development time through the use of CAP’s pre-built service engine and data transformation capabilities slices millions of dollars from the project and dramatically reduces the time to reach the business goal.

Rules blocks and components used:

String manipulation

Http Invocation

Custom functions

Switch

Geo location

JSON reader

SHA hash