New API Using the AsyncAPI Specification

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores et quas molestias excepturi sint occaecati cupiditate non provident, similique sunt in culpa qui officia deserunt mollitia animi, id est laborum et dolorum fuga. Et harum quidem rerum facilis est et expedita distinctio. Nam libero tempore, cum soluta nobis est eligendi optio cumque nihil impedit quo minus id quod maxime placeat facere possimus, omnis voluptas assumenda est, omnis dolor repellendus. Temporibus autem quibusdam et aut officiis debitis aut rerum necessitatibus saepe eveniet ut et voluptates repudiandae sint et molestiae non recusandae. Itaque earum rerum hic tenetur a sapiente delectus, ut aut reiciendis voluptatibus maiores alias consequatur aut perferendis doloribus asperiores repellat.

Define

Ensuring that operations supporting an API is properly defined, as well as what is needed to properly design and bring an API to life. A little planning and organization at this step of an APIs journey can go a long way towards ensuring the overall health and velocity of an API, and the applications that depend on this internal, partner, or public API.

Use Cases

Understanding the real world business use cases for an API is important to the design, delivery, and operation of each individual API, but also many different APIs working in concert to move an organization forward. Use cases should be defined for each API as simple narrative or bulleted examples, written in plain language, and reflecting actual business value generated for consumers. API use cases should be made part of the API contract, documentation, and other elements of the API lifecycle, helping ground testing, discovery, and other needs in actual business outcomes. Ensuring that anyone can quickly find the use cases for each API and understand why it exists and how it provides value for consumers.

Schema

In the world of APIs schema define almost every aspect of our operations, providing us with a framework for how something is structured, but because schema are machine readable, it also provides us with how something will work, and with linting and validation also whether something is working as defined by a specific contract. Schema is most often associated with data made available via APIs from databases, but schema also is used to define every stop along the API lifecycle, and provides us with the artifacts we need to properly govern the API lifecycle. Schema is how we define shared meaning across our API operations, between teams moving APIs forward, but also with the consumers who are putting the digital resources, capabilities, media, and algorithms we make available via our APIs to work in their applications and integrations. There are numerous opportunities for defining, managing, and putting schema to work across the Postman API platform when it comes to producing or consuming APIs.

Events

When it comes to synchronous or request and response APIs events manifest themselves as part of the operation of webhooks, where API calls are made outward when some new event happens. When it comes to asynchronous APIs events take a much more front row seat as part of event-driven approaches to API design where API connections are sustained and messages are published to APIs and events can be subscribed to, bringing a more real-time view of the API landscape. Understanding what events are occurring around API operations is a valuable exercise no matter what type of architectural patterns are applied, and can make for a view of operations that reflects actual business events that matter to operations.

Develop

Provide a mock for the API.

Code

Coded instructions in a variety of languages is necessary for both producing and consuming APIs. There are many views of what the role code has when it comes to delivering APIs and putting them to work, with many modern approaches evolving towards a low-code or even no-code approach to integrating, automating, and orchestrating with APIs. Code is not going away as a fixture across the API landscape, but how it is applied, and the overall role of the developer is rapidly evolving towards a more DevOps approach to not just putting individual instances of APIs to work, but also the underlying architecture that is used to operate APIs.

Business Logic

Business logic can be applied to APIs at request, publish, subscribe, integration, and automation time. Adding rules regarding the transformation of API payloads to suit specific applications and business needs better, helping evolve data, content, and algorithm at run time. Business logic can be a critical part of allowing API providers and consumers to evolve legacy infrastructure. Still, it also comes at a cost, introducing latency and complexity into the mix, and business logic should be applied thoughtfully and not used to replace to evolution and iteration of API resources to meet the business needs of consumers.

Operate

Operate an API in production.

Deploy

The deployment or publishing of APIs can come in many forms, but modern approaches to API deployment almost always involve source control, CI/CD, as well as API gateways, producing repeatable, tested, and automated approaches to putting APIs into all stages of the lifecycle. API deployment will reflect your existing software development lifecycle and the tools and processes your existing development teams use to deliver applications, but is something that has been evolving through evolution in the cloud, containers, serverless, and gateways, while continuing to be stabilized using source control and repeatable CI/CD workflows.

Secure

The securing of API infrastructure should be the number one concern for organizations. With the number of APIs powering desktop, web, mobile, and device applications, the surface area for vulnerabilities is only increasing, raising the stakes when it comes to how secure an organization. This element of the API lifecycle spans multiple other areas including management via authentication, and testing using security testing and monitoring practices. Security is about not just securing each individual API, but also being able to consistently apply it across hundreds or thousands of APIs. How secure an organization is is increasingly dependent on how teams are able to apply the latest security practices as part of their regular work without having to become security experts on top of their existing role. Because of this DevOps shift in how our organizations are operating, security is shifting left and becoming something that isn’t an afterthought or a stage of the API lifecycle later on, and moving earlier on in the design and development of APIs.

Audit

Auditing API infrastructure is essential to understanding how we got where at a high level within operations. Auditing allows the ability to tune into the most meaningful events occurring across the infrastructure—understanding the billing associated with different solutions, domain management, authentication configuration, role-based access control, and many of the high-level operational activities occurring. Rising above individual or groups of APIs and understanding the moving parts of operations, keeping stakeholders aware of what has happened in real-time, and when anyone needs to go back and understand how we got here as part of a post mortem.

Monitor

Postman monitors allow you to schedule the run of any collection, automating the run of API testing, governance, workflows, and anything else that is API-driven and can be defined as a collection. Monitors allow for the automation and orchestration of an almost infinite number of API capabilities, allowing for automating working with APIs, but also the API lifecycle. Monitors are how the API lifecycle becomes the moving API factory floor of an organization across different teams. API monitors run collections combined with different environments then allow the results to be published and piped into existing APM and other solutions, helping make API operations more observable.

Inform

Keeping everyone informed around what is happening with the design and development of an APIs can be a full time job, and requires a regular investment into strategies for making sure information is getting where it is needed, when it is needed, meeting the needs of a mix of roles involved in the API lifecycle. There are many proven ways for keeping teams producing APIs, as well as consumers putting APIs to work on the same page, but ultimately each team will have it’s own unique needs and should be exploring different approaches until they find what works for their community.

Discover

Discovery involving an API.

Events

When it comes to synchronous or request and response APIs events manifest themselves as part of the operation of webhooks, where API calls are made outward when some new event happens. When it comes to asynchronous APIs events take a much more front row seat as part of event-driven approaches to API design where API connections are sustained and messages are published to APIs and events can be subscribed to, bringing a more real-time view of the API landscape. Understanding what events are occurring around API operations is a valuable exercise no matter what type of architectural patterns are applied, and can make for a view of operations that reflects actual business events that matter to operations.

Relationships

APIs are just about managing relationships between producer and consumers, as well as across the mix of stakeholders involved in the process to bring an API resource or capability to life and keep in active and bringing value to an organization. The relationships within a team, with other teams where there are dependencies will all dictate the forward motion and velocity an API will possess, which will further be defined by, but also dictate the relationship with the consumers. A healthy and robust API lifecycle is defined by the relationships that exist, something that is easier to cultivate when you are deliberate in defining and cultivating the right relationships, over being in denial and avoiding the relationships that exist.

Conclusion