API Lifecycle Elements

These are all of the elements available across all the lifecycle blueprints available in this site.

API Lifecycle

It is impossible to govern an API lifecycle that is not defined. It takes a clear and articulate definition of how the API lifecycle is put into motion across teams to reach a point where you can measure, guide, enforce, and evolve how APIs move across a well-defined API lifecycle in any consistent way. -

Activity

The changes made to any aspect of operations by team members, providing observability into when APIs, mock servers, documentation, testing, monitors, and other critical elements of API operations are changed, configured-- helping give a log of everything that happens at the operational level.

Application Performance Management (APM)

The monitoring and management of performance and availability of APIs, actively detecting and diagnosing performance problems to maintain an expected level of service, translating API operational metrics into business meaning value at scale across hundreds or thousands of internal or external APIs.

Applications

Desktop, web, mobile, device, or network applications that apply API resources and capabilities delivering the intended business value of API resources and capabilities, putting individual or series of API requests to work powering business operations.

Archive

Establishing a formal process for how APIs are taken down, stored, and kept for potential usage in the future, avoiding the deletion of each API soon as it is deprecated.

AsyncAPI

AsyncAPI is a machine readable specification for describing the surface area of your asynchronous APIs. OpenAPI is meant for describing synchronous APIs like REST using HTTP, and AsymcAPI is for describing websockets, MQTT, Kafka, NATS, and other syncrhonous, event-driven, and message APIs.

Audit

Auditing the usage and operations of each API, or a group of APIs to understand how APIs work, what dependencies are to understand the actual state of any part of API infrastructure is performing or under-performing, to better inform the road map for API operations.

Authentication

The consistent application of standard authentication as part of a standardized API management layer striking a balance between access to digital resources but ensuring that undesirable actors do not have access to valuable assets.

Automation

Automated production or consumption of API resources, allowing for repeatable API-driven processes to be triggered or scheduled, allowing teams to define and set into motions certain aspects of operations while focusing on the more manual, creative, and human aspects of doing APIs.

Bitbucket Repository

A dedicated Bitbucket repository for an API provides a single place where code and other artifacts can be managed, with a pipeline, issues, and other supporting elements an API will need to operate.

Business Logic

The custom rules or algorithms that handle the exchange of information between a database and user interface, defining the logic that exists in between APIs and backend systems, allowing data, content, media, and other resources to be transformed, remixed, and personalized for consumers, optimizing the overall experience.

CI/CD Pipeline

Like other aspects of the software development lifecycle, APIs benefit from well defined, repeatable CI/CD pipelines to deploy, test, automate, and orchestrate throughout the API lifecycle, publishing APIs to development, staging, production, and other stages, but then also ensuring other elements like publishing of documentation, and tests are baked into the process.

CLI Governance

Governance can be applied at the command line interface (CLI) level, enforcing API governance locally during development, ensuring that APIs are 100% compliant with rules, contract, and script-based API governance established centrally as part of broader governance efforts.

Change Log

A detailed history of the changes that have been made specifically to an API, showing all of the changes to the structure of an API as part of the design and development process, providing a single list of what has changed for consumers, and other stakeholders to get up to speed.

Client

A web or desktop client for making calls to APIs, providing a way for anyone to make requests or publish messages to APIs, see the responses, and put APIs to work without having to write code, helping make authentication and other recurring aspects of API usage easier.

Client SDKs

The software development kits (SDKs) in a variety of programming languages that API consumers can use to bootstrap their application development and integrations, helping reduce friction when it comes to developers building on top of APIs.

Client Snippets

Simple easy to apply snippets of code in a variety of programming languages for each individual API request, providing ready to go resources for developers to use when learning about how an API works, while also potentially jump-starting integration and putting to use in applications.

Code

Instructions for a computer program in any language that can be used to power APIs on the back or integrate, automate, and orchestrate on the client side, providing executable instructions that accomplish a specific business object, providing what operations needs to power information technology across an organization.

Code Annotations

Language specific code annotations can be used to generate OpenAPI definitions for APIs in a variety of programming languages, allowing developers to provide the necessary information to create an APi contract from within their natural development environment, embracing a code-first approach to the API lifecycle while still ensuring there is an OpenAPI to be used for the rest of the lifecycle.

Collection

A machine readable artifact that acts as a container for storing and organizing multiple API requests, providing an executable, self-documented reference for a complete API, a subset of an API, as well as workflows containing multiple requests from across many different APIs in a specific order, with a precise business function.

Collection Governance

A Postman collection for applying governance provides a flexible way to apply rules, schema, or script based governance, allowing governance to be defined as modular collections which can be manually run by developers, scheduled using a monitor, or easily dropped into a CI/CD pipeline.

Comments

Comments on APIs, collections, and other elements of API operations allows for more tightly coupled and inline conversations to occur around entire elements or specific parts nd pieces of elements, allowing teams to collaborate and communicate across the API lifecycle.

Contact Governance Rules

Rules can be defined to govern the contact details provided for each API, leveraging the contact object for OpenAPI or AsyncAPI contracts, but then apply specific ruling looking for common patterns to be present like the contact name, email, or url of an API, meeting specific guidelines regarding what contact is needed.

Contract Testing

Contract tests can be derived from API artifacts like OpenAPI, JSON Schema, and GraphQL, and used to ensure there are no changes to what has been promised when an API was designed or developed, providing a repeatable test that can be run manually, on a schedule from multiple regions, or as part of a CI/CD pipeline to ensure contracts with consumers are upheld.

Contract Testing Monitor

Monitors can be setup for all API contract testing, scheduling the run of contract testing when needed and configuring to run from the regions that matter most to business operations, making sure that each individual API contract is never breaking with consumers, making sure that each API is delivering as expected on a 24/7 schedule.

Contract Testing Monitor Report

A report that allows the one time or historical results of contract testing monitors to br visualized, providing visibility into whether or not an API contract has been broken at any point in time as defined the schedule of the contract testing monitor runs.

Contract Testing Results

The results of any contract testing run can be rendered as test results, presented using visualizer, and posted to existing APM or other destination that can be used as part of wider observability systems, allowing contract tests across all APIs to be centralized for understanding API performance at scale.

Contract-Based Linting

Contract-based linting allows for the validation of OpenAPI, AsyncAPI, and other artifacts used as part of the API lifecycle against specific contracts as defined by JSON Schema, providing a definition of what should exist as part of the design for each API, but done in a way that allows it to be verified across the API lifecycle.

Data Sources

Providing the sources of where an API retrieves it's data, mapping the API to backend databases that contain the actual resources that will be made available via each API, allowing each API to be able to find data as requests are made by consumers.

Deploy

Using an API gateway to deploy and manage APIs provides a single or federated approach to providing access to backend services using well defined APIs, standardizing how APIs are published to development, staging, production, or other environments, while also consistently apply authentication, logging, and the other elements needed to properly manage APIs at scale.

Deprecate

API deprecation occurs eventually for all APIs, and having a formal process to the deprecation of APIs or specific versions of an API helps API producers prepare for this inevitable future in a way that keeps consumers properly informed about what is happening, allowing the deprecation of APIs to happen consistently across all teams, groups, and the entire enterprise organization.

Design Patterns

Utilizing common design patterns and standards for the design, development, and operation of APIs helps ensure APIs leverage a common vocabulary and increases the chances that consumers will understand how to put an API to work in their applications, increasing the effectiveness of an API, and helping increase the productivity and velocity of producers and consumers.

Design Review

The API design review process ensures that all APIs being put into production go through a rigorous review to ensure that they comply with the standards set by organization, ensuring all APIs are as consistent as possible.

Design Review Feedback

Feedback as part of an API design review is essential for each designer or developer to learn and progress in the design of an individual API, but also will evolve their skills in support of future APIs.

Design Review Outcomes

Every review process should have a well defined outcome, providing details on whether an API meets expectations when it comes to an organizations design guidelines, or it needs to go back for work and resubmission when ready.

Design Review Timeline

Having a standardized timeline for how long API design reviews will take place, ensuring that all APIs are moved through the process as efficiently and effectively as possible.

Design Rules

Machine readable rules that can be applied at design, develop, or build time to govern the design of each API, evaluating artifacts to ensure that specific design patterns are followed when crafting each API, helping make sure that APIs follow common API patterns within an industry, or as defined by the enterprise organization.

Design Time Governance

Governance can be applied and automated at design time, providing real time or manually triggered application of governance rules, contracts, and scripts, providing a tighter feedback loop with API designers in regards to the guidance around what is expected of the design of each API.

Development Environments

Machine readable environments for APIs allow for abstracting away common elements of a API development environment from the definition of each API, allowing different environments to be paired with collections for each API at design, develop, and build time.

Documentation

Documentation published as human consumable HTML pages help potential API consumers learn about what an API does by describing the paths, channels, parameters, headers, schema, messages, and other building blocks of APIs, showing examples of what is possible or by providing an API client to make calls to each API as part of the documentation.

Documentation Rules

Machine readable or codified rules that govern whether or not documentation exists for each API, making sure there is accessible HTML documentation available for API consumers, and even validating there are examples, and other specific parts of API documentation present.

Environments

Machine readable environments for APIs allow for abstracting away common elements of an API environment from the definition of each API, allowing different environments to be paired with OpenAPI and collections for each API at design, develop, and build time.

Environments

Machine readable environments for APIs allow for abstracting away common elements of an API environment from the definition of each API, allowing different environments to be paired with OpenAPI and collections for each API at design, develop, and build time.

Events

Meaningful occurrences across business operations that triggers notifications or make calls to other APIs when resources are added, updated, deleted, viewed, or other action is taken with an individual API or the operations surrounding the API, making activity across API operations more interactive, dynamic, and alive.

Examples

Examples of API request, responses, and messages used across API operations helps provide a versioned, evolvable, and reusable set of example and synthetic data that can make documentation richer and testing more relevant to actual business needs.

Fast Healthcare Interoperability Resources (FHIR)

Fast Healthcare Interoperability Resources, or FHIR, is a standard describing data formats and APIs for exchanging electronic health records (EHR).

Gateway

API gateways provide a centralized or federated approach to the deployment and management of APIs at scale across an organization, leveraging commercial or open source API gateways to deploy APIs into development, staging, production, or other environment, allowing for the standardization of common elements of API management, and configuring APIs using common policies.

Gateway Usage Report

A usage report for an API provided by the gateway, providing data regarding consumption of API resources and capabilities, offering detailed or aggregate views of what is happening with each API and across operations, providing observability into how APIs are being put to use within applications and as part of integrations.

Github Repository

Having a dedicated Github repository for an API provides a single place where code and other artifacts can be managed, with a pipeline, issues, and other supporting elements an API will need to operate.

Gitlab Repository

Having a dedicated Gitlab repository for an API provides a single place where code and other artifacts can be managed, with a pipeline, issues, and other supporting elements an API will need to operate.

Goals

Ensuring the goals behind an API are well defined and accessible as part of the operation of an API help ground a team's activity when it comes to supporting consumers and iterating upon API, helping ensure that the API design and operation is in alignment with business objectives.

Governance

Defining all the practices and process across the organization for delivering APIs, establishing well known and communicated areas, elements, and actions that shape how API operations function, providing all teams with what they need to effectively deliver API infrastructure from start to finish.

Governance Guidelines

Often published as API design guidelines, governance guidelines provide details on the standards for the design of APIs, but also provide guidance on documentation, testing, and other aspects of API operations. Providing a human readable document that is maintained centrally or across teams, helping API designers and developers understand what makes for good quality APIs.

Governance Leadership

It is important to establish who the leadership for organization-wide governance, determining who will be developing the strategy, evaluating feedback, and reaching out across the organization to help provide guidance when it comes to governance, while helping evolve and iterate upon the strategy based upon what is working and what is not. -

Governance Strategy

Having a well defined and clearly articulated strategy for what the governance of APIs across an organization looks like is important for helping teams find alignment across an organization. API governance strategies often start small, but then should evolve and grow to define, measure, and guide API operations across an organization. -

Governance Structure

Establishing a formal approach to how API governance is structured across an organization, providing a top down as well as bottom up structure for how API governance guidance is provided, but also how feedback on the guidance and approach to governance is gathered and woven back into the next iteration of API governance. -

IDE Governance

Governance can be applied at the integrated development environment (IDE) level, enforcing API governance locally during development, ensuring that APIs are 100% compliant with rules, contract, and script-based API governance established centrally as part of broader governance efforts.

Info Governance Rules

Rules can be defined to govern the information provided for each API, leveraging the info block for OpenAPI or AsynCaPI contracts, but then apply specific ruling looking for common patterns to be present like the title and description of an API, meeting specific guidelines regarding what information is needed.

Inform

Ensure that all stakeholders for an API have all the relevant facts and information regarding an API, keeping teams behind APIs up to speed all what they need to know to design, develop, and manage an API across it's evolution, allowing everyone to make the best possible decisions when it comes to delivering APIs.

Integration Monitor

Monitors can be setup for all API integration testing, scheduling the run of integrations tests when needed, making sure that each individual API is regularly certified as working as expected, ensuring that APIs do not become a liability due to changes, but also keeping all APIs compliant with the latest level of integration testing that is occurring across an entire organization.

Integration Monitor Results

The results of any integration testing run can be rendered as test results, presented using visualizer, and posted to existing APM or other destination that can be used as part of wider observability systems, allowing integration tests across all APIs to be centralized for understanding API performance at scale.

Integration Testing

Integration tests can be defined for any API using executable and shareable collections, testing integrations, as well as other more custom scenarios or business approaches, providing a single or suite of integration tests that can be manually run, schedule across multiple regions, or executed as part of a CI/CD pipeline, automating integration testing consistently across APIs.

Integration Testing Monitor Report

A report that allows the one time or historical results of integration testing monitors to br visualized, providing visibility into whether or not an API integration has been broken at any point in time as defined the schedule of the integration testing monitor.

Intelligence

The acquisition of knowledge from across API operations, providing the data that is needed to make decisions regarding the operation and evolution of each API, ensuring that teams are well informed and have what they need to do what matters the most to business.

Interceptor

Running traffic through Interceptor in Chrome to capture API traffic, allowing the details of requests and response to be translated into a collection that can be re-run, organized, shared, monitored, automated, and put to work consuming API resources, or even used to inform the evolution of an API by defining the surface area of each API based upon how it is used.

Key

API keys provide the simplest form of access to an API, allowing consumers to sign up for an account, define what their application is, and then receive a key they can include in headers or other parameter to identify themselves, ensuring that API producers are fully aware of everyone who has access to an API, and all consumers have a way to clearly identify themselves and receive personalized usage data for each key.

Linting

Validating an API schema against a known set of constraints, ensuring that all artifacts in use across API operations are well defined and match known and intended schema for use as part of requests, responses, and the messages being sent, published, and subscribed to across API operations.

Management Rules

The governance rules to apply to API management, ensuring that policies are being applied consistently across APIs, standardizing how APIs are managed in production, making sure there are limitations, constraints, and observability present across all APIs in ways that are defined as part of a centralized governance strategy.

Mock Server

A mock server helps replicate as much of the functionality and API would have in production, before the time to actually have to write any code, making APIs be more tangible and real early on in the lifecycle, allowing teams to rapidly design an API that meets the needs of everyone involved, providing usable elements that power design, documentation, testing, and other elements of the API lifecycle.

Monitor

Monitoring any process across API operations defined as a collection, then bundled with any environment, setting a schedule for the execution of the collection, and viewing or publishing of the results to any other location, providing a very wide definition of what monitoring can mean across API operations.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (or MFA) is an authentication method to ensure a digital user is who they say they are. During an MFA process, a user is granted access to a software system only after successfully presenting two or more pieces of evidence to the authentication service. Evidence may be in the form of knowledge (a password), possession (a device), or inherence (biometric data). MFA significantly increases the security of logins, with each additional factor decreasing the ability for an unauthorized individual to pretend to be a legitimate user.

Newman

Newman is an open source collection runner, allowing Postman collections to be executed as part of CI/CD pipeline runs, executing all of the API requests, pre-request, and post-request scripts, and providing results reporting that can be used as part of testing and automation.

Notifications

Providing notifications about activity around the operation of any API, allowing for in-application, email, or type of message via integration with common platforms, providing real time updates about what is happening across API operations.

Onboarding

Offering a consistent and well defined onboarding experience for all APIs, making it as easy and straightforward for consumers to onboard with an API, while also providing API producers with an easy way to onboard new consumers with their APIs without any custom work required, reducing friction when it comes to putting APIs to work by utilizing well known approaches to onboarding.

Onboarding Documentation

It can be helpful to provide new users with documentation designed specifically for onboarding new consumers to an API, only introducing them to the most relevant paths of an API, reducing the cognitive load when it comes to getting started with an API and complimenting more complete reference documentation showing everything that is possible with an API.

Open Banking

Open banking is a banking practice that provides third-party financial service providers open access to consumer banking, transaction, and other financial data from banks and non-bank financial institutions through the use of application programming interfaces (APIs).

OpenAPI

The OpenAPI specification provides a common vocabulary for describing the surface area of request and response APIs, as well as webhooks, ensuring that API producers and consumers are on the same page when it comes to integration, but also helps stabilize multiple areas of the API lifecycle providing a contract that can be used for delivering documentation, mocks, testing, and more.

Operations Governance Rules

Rules can be defined to govern the operations provided for each API, leveraging the operations objects for OpenAPI contracts, but then apply specific ruling looking for common patterns to be present like summary, description, operation ids, and other elements of operations.

Overview

Providing a single overview of an API so that all the moving parts of an API viewed in a single dashboard helps ensure that all team members will be able to get up to speed on the overall picture of an API in a way that doesn't require another meeting.

Parameter Governance Rules

Rules can be defined to govern the parameter details provided for each API, leveraging the parameter object for OpenAPI or AsyncAPI contracts, but then apply specific ruling looking for common patterns to be present like the parameter name and description meeting specific guidelines regarding what is expected of a parameter.

Partner Workspace

A workspace just for a specific partner or group of partners, providing an invite only location to collaborate around the production or consumption of an API, making API operations accessible to trusted partners, but not to the general public, establishing a trusted space for the iteration and integration with an API.

Path Governance Rules

Rules can be defined to govern the paths provided for each API, leveraging the path object for OpenAPI or AsyncAPI contracts, but then apply specific ruling looking for common patterns to be present like words used, ensure no acronyms exist in the path, meeting specific guidelines regarding what a path can contain.

Performance Testing

Performance tests can be defined as individual tests using collections, pulling from one or many individual API paths and measuring the time it takes for the response to be sent, providing a test that can be run manually, scheduled across multiple geographic regions, or executed as part of a CI/CD pipeline, helping ensure an API is always meeting it's expected performance benchmarks.

Performance Testing Monitor

Monitors can be setup for all API performance testing, scheduling the run of performance testing when needed and configuring to run from the regions where performance makes the most difference on business, making sure that each individual API SLA is met, identifying API performance issues early on and responding to ensure there is no significant business impact.

Performance Testing Monitor Report

A report that allows the one time or historical results of performance testing monitors to br visualized, providing visibility into whether or not an API performance has been reduced at any point in time as defined the schedule of the performance testing monitor.

Performance Testing Monitor Results

The results of any performance testing run can be rendered as test results, presented using visualizer, and posted to existing APM or other destination that can be used as part of wider observability systems, allowing performance tests across all APIs to be centralized for understanding API performance at scale.

Personal Workspace

A workspace setup just for a single user to use within their space, establishing a place for working on the production or consumption of APIs that is only accessible to a single user within their own account, preventing it from being access by other team members, partners, and the public.

Pipeline Governance

Governance can be applied at the pipeline level, enforcing API governance at build time, ensuring that APIs are 100% compliant with rules, contract, and script-based API governance established centrally as part of broader governance efforts.

Private Network

Private API networks all organizations, groups, and teams to establish private catalogs of APIs, collections, and the other artifacts and elements around them, making it easier for producers and consumers to find APIs that are being designed, developed, or operating in production, making APIs more accessible but only to an intended audience.

Private Workspace

There will be APIs that require limited visibility across teams depending on where it is at in it's lifecycle, or the nature of resources or capabilities it provides access to, making a private workspace something that is necessary to tightly control who has access and visibility.

Production Environments

Machine readable environments for APIs allow for abstracting away common elements of an API production environments from the definition of each API, allowing different environments to be paired with collections for each API at design, develop, and build time.

Prototype Collection

Prototyping an API using a Postman collection provides a quick and intuitive way to articulate what an API should do in a way that can be documented, mocked, and shared with other team members and consumers, offering an alterative approach to the API design first methodology which can push the need for an OpenAPI artifact further downstream in the process, but achieving similar outcomes.

Proxy

Running traffic through a proxy to capture activity to capture the details of each request and response, then generating a collection that provides a machine readable and executable representation of API traffic that can then be executed, tested, automated, monitored, and documented as part of the production or consumption of APIs.

Public Network

Public API networks allow for teams, APIs, collections, and other elements to be made available for searching and browsing by a public audience, helping API producers reach a larger audience, but also allowing consumers to quickly find the APIs and other resources they need in their applications and integrations, networking consumers with producers in an ongoing and collaborative way.

Public Workspace

Some APIs will benefit from establishing a public workspace where 3rd party consumers can learn about an API, view the moving parts of it's operation, and engage with the team behind, making the API lifecycle much more transparent.

Reference Documentation

It is helpful for API consumers to have complete documentation for the entire surface area of an API, providing a complete reference of what is possible with an API to help consumers explore every path, parameter, schema, and other details of how an API works, making the resources and capabilities available within API something consumers can find and put to use without much work.

Relationships

Defining and understanding the way in two concepts, objects, or people are connected with APIs, helping connect the dots between the more human and business operations side of how APIs work, acknowledging that people and process are a critical part of how APIs work, and will influence there usage and evolution over time.

Reports

Visual reports that aggregate data from across operations, making APIs and the operations around them something that team members can see activity, hisotry, and other dimension of what is happening across API operations, allowing different views to be organized and presented via dashboards.

Request

An individual request being made to an API, possessing all of the technical details to make the request, including URL, authorization, headers, body, and even scripting to apply business logic before a request is being made to any API.

Request Bodies Governance Rules

Rules can be defined to govern the request body details provided for each API, leveraging the request body object for OpenAPI contracts, but then apply specific ruling looking for common patterns to be present like whether it should have a body, the media type, example, and other details of an API, meeting specific guidelines regarding what contact is needed.

Resolvers

The bindings that map incoming queries to specific data sources so that APIs know where to find resources, distilling down API requests into meaningful queries that will make sense to backend systems, connecting the front end requests to the backend stores, routing API requests to where they need to go.

Response Governance Rules

Rules can be defined to govern the response details provided for each API, leveraging the response object for OpenAPI or AsyncAPI contracts, but then apply specific ruling looking for common patterns to be present like the status code, media type, and other details of an API, meeting specific guidelines regarding what responses should look like.

Retire

The retirement of an API or specific version of an API is an inevitable thing and there should be a formal process in place to inform API producers about what the steps are in a process to retired, and set in motion the deprecation of an API, keeping an API or version of an API active for a specific amount of time, while acknowledging that at some point it will go away.

Role Based Access Control

Role based access control allows for the artifacts and elements for each API to have clear team access to only viewing and running or being able to actually edit and change, helping prevent unwanted changes to API elements across the lifecycle.

Roles

Identifying the roles of each team member working on an API helps establish clear directives for who can make changes to an API, something that can drive and configure other elements applying to an API across the lifecycle.

Rules-Based Linting

Rules-based linting allows for the defining of YAML or JSON rules for elements of API governance and applying them in a programmatic way against OpenAPI, AsyncAPI, and other machine readable artifacts, helping apply desired constraints to the design or other area of the design, development, and operation of an API.

Schema

Defining all objects use as part of API operations using JSON Schema provides for a definitions that can be used as part of modeling and the API design process, as well as for validation at development, build, or even run time.

Schema Governance Rules

Rules can be defined to govern the schema details provided for each API, leveraging the schema object for OpenAPI or AsyncAPI contracts, but then apply specific ruling looking for common patterns to be present like the schema name and description meeting specific guidelines regarding what is expected of a schema.

Script-Based Governance

A script-based approach to governance involves using the same collection based approach used to apply contract, performance, and other types of testing with Postman collections, but instead of testing an instance of an API, you are testing the surface area of the API by pulling the OpenAPI and writing test scripts for specific governance assertions.

Scripts

Lightweight scripts that can be run as part of each API request, providing pre-request scripting, or post-request scripting that help appy business logic at either end of the request, helping transform, test, and automate with each API request.

Search

Ensuring APIs are always available via search helps make sure that APIs can be found by consumers, but also by other producers who are looking to develop similar APIs, making search for APIs, as well as the operations around each API a critical aspect of the API lifecycle that should be considered as early on in the design and development of an API, but at least as it is deployed into production.

Secure

Ensuring that an API is secure from threats and vulnerabilities, making for a pretty wide spectrum of different processes and technologies that ensure digital resources and capabilities made available via APIs are only accessible to an intended audience and bad actors are not able to find ways to get access via an API.

Security Monitor Results

The results of any security testing run can be rendered as test results, presented using visualizer, and posted to existing APM or other destination that can be used as part of wider observability systems, allowing security tests across all APIs to be centralized for understanding API security at scale.

Security Testing

Security tests can be defined for any API using executable and shareable collections, testing for common OWASP vulnerabilities, as well as other more custom scenarios or business approaches, providing a single or suite of security tests that can be manually run, schedule across multiple regions, or executed as part of a CI/CD pipeline, automating security consistently across APIs.

Security Testing Monitor

Monitors can be setup for all API security testing, scheduling the run of security tests when needed, making sure that each individual API is regularly certified as being secured, ensuring that APIs do not become a liability due to changes, but also keeping all APIs compliant with the latest level of security testing that is occurring across an entire organization.

Security Testing Monitor Report

A report that allows the one time or historical results of security testing monitors to br visualized, providing visibility into whether or not an API security has been compromised at any point in time as defined the schedule of the security testing monitor.

Server Code Generation

Generation of code in a variety of programming languages so that it can be used on the server for the deployment and deliver of APIs, providing code stubs that help reduce the repetitive work for developers.

Sharing

Sharing of elements used to produce or consume APIs across workspaces, externally with consumers, allowing an intended audience to view, download, and access artifacts and other elements of API operations so they and collaborate around the production or consumption of API resources and capabilities.

Single Sign On (SSO)

Single sign-on (or SSO) is an authentication approach that allows users to access several related yet independent software systems with a single set of credentials. When fully implemented, SSO allows a user to log in once and access services without re-entering authentication factors.

Tag Governance Rules

Rules can be defined to govern the tag details provided for each API, leveraging the tag object for OpenAPI or AsyncAPI contracts, but then apply specific ruling looking for common patterns to be present like the tag name and description meeting specific guidelines regarding what is expected of a tag.

Team Members

Formerly defining who the team will be moving an API forward through all stages of it's lifecycle, providing a clear definition of who is responsible for each part of producing an API.

Team Workspace

Establishing and properly setting up a dedicated workspace for each API helps ensure there is always a single place to go to find everything that is happening with an API across it's entire lifecycle.

Techniques

There are numerous techniques that assist API producers in better defining their operations and the APIs and microservices they are delivering across these operations, such as Microservices Canvas, Jobs to be Done (JTBD), Event-Storming, Domain-Driven Design, and other well known elements of the API lifecycle.

Testing Rules

Having machine readable or codified rules that ensure there is required testing in place for all APIs helps make sure that a baseline set of tests exist across all APIs, ensuring that contracts are upheld, integrations are maintained, performance is at acceptable levels, and there are not security vulnerabilities present in any API in production.

Uptime Monitor

A monitor for the uptime testing, making sure that each API is available on a well defined scheduling, making requests to an API to make sure it is always available for applications and integrations, allowing notifications and events to be triggered if any API becomes unresponsive so that teams can respond to make sure APIs are brought back into a healthy state.

Uptime Testing Monitor Report

A report that allows the one time or historical results of uptime testing monitors to br visualized, providing visibility into whether or not an API uptime has been maintained as defined the schedule of the uptime testing monitor.

Uptime Testing Monitor Results

The results of any uptime testing run can be rendered as test results, presented using visualizer, and posted to existing APM or other destination that can be used as part of wider observability systems, allowing uptime tests across all APIs to be centralized for understanding API performance at scale.

Usage Plan

Offering a standardized and well-defined set of usage plans for all APIs using commercial or open source API gateway or management solutions helps ensure that access to all APIs is done in a secure way that prevents exploitation by limiting the number of requests being made, or even billing for usage of an API based upon different dimensions defined within the usage plans applied.

Use Cases

Establishing a list of real world business uses cases of an API helps clarify the purpose an API, ensuring that the design and development of the API matches the business objects, and the needs of potential consumers.

Versioning

Applying semantic versioning to individual artifacts to help manage change across each API and wider operations, providing a structured approach to how APIs are evolved, helping identify minor changes from patches, and clearly defining major revisions that would introduce breaking changes.

Versioning Governance Rules

Rules can be defined to govern the information provided for each API, leveraging the OpenAPI or AsynCaPI contracts, but then apply specific ruling looking for common versioning patterns in the path, parameters, headers, and other details of an API, meeting specific guidelines regarding what information is needed.

Visualizer

The Postman visualizer can provide a visual response to any API response, allowing API calls made to be rendered as HTML, charts, and other visual elements, helping make API resources, capabilities, and the APIs themselves for visible.

WSDL

WSDL is an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information, providing the operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint.

Watch

Watching of some element of API operations, allowing team members, partners, or public users to signal they want to receive notifications of any change to an API and it's supporting elements, making API operations more observable and something that all stakeholders are able to stay in tune with as they evolve and change.

Workflow Collection

Defining workflows across many APIs and API paths provide a rich way to design and document common business workflows and practices, providing a specific sequence of API requests needed to accomplish a business objective, or just a subset of a larger API that meets the needs of a specific business sector, helping go beyond just a reference of everything an API does and getting closer to the business value.

Workflow Documentation

Providing documentation for workflow collections help introduce consumers to what a workflow define across multiple API requests can accomplish, and potentially provide a sequential walk through of each step of the flow, allowing API consumers to quickly understand what a workflow accomplishes, but also provides all the details of the workflow in an well documented executable format.

Workflow Testing

Establishing tests for specific business workflows helps to ensure that critical business capabilities are always available, defining simple or complex scenarios that mimic real world functionality complete with synthetic or actual data to try and make sure the tests reflects what will actually be happening in real life.

Workflow Testing Monitor

Monitors can be setup for all workflow testing, scheduling the run of workflow tests when needed and configuring to run from the regions that matter most to business operations, making sure that essential business capabilities are working as designed and delivering as expected on a 24/7 schedule.

Return to Main Page

This provides a link back to the home page if you need it.