Professional Documents
Culture Documents
Organization
Leverage APIs to connect your systems in today’s web-based world.
Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice.
Info-Tech’s products and services combine actionable insight and relevant advice with
ready-to-use tools and templates that cover the full spectrum of IT concerns.
© 1997-2015 Info-Tech Research Group Inc. Info-Tech Research Group 1
Our understanding of the problem
• Organizations are looking for ways to leverage web APIs in order to • Make web API development a
increase app quality, code reusability, and improved development strategic competency that is critical
throughput. to enabling speed of development,
• Organizations are looking for opportunities to create an application quality of applications, reusability,
ecosystem which can expose internal services across the organization innovation, and business alignment.
and/or external business partners. • Design your web API as a product
to be consumed which will promote
speed of development and service
Complication ? reuse.
• Web APIs are regularly designed for short-term code reuse. When they • Incrementally optimize the design,
eventually break, the redevelopment effort is significant. development, testing, and
monitoring of your APIs to cover all
• Web APIs are commonly tested using functional testing through an
use cases in the long term.
application’s user interface. This ignores other testing techniques that are
available, resulting in missed test cases.
Resolution
• Define the business purpose of the web API and the common uses cases that it will service.
• Understand the development techniques are required to develop an effective web API based on Info-Tech’s web API
development framework.
• Continually improve your web API development approach to demonstrate to business stakeholders the value your web
API provides.
Consulting
Onsite
Info-Tech Involvement
Workshop
Guided
“Our team does not
Implementation
have the time or the
“We need to hit the knowledge to take this
DIY Toolkit project on. We need
ground running and
get this project kicked assistance through the
“Our team knows that entirety of this
we need to fix a off immediately. Our
team has the ability to project.”
“Our team has already process, but we need
assistance to take this over once we
made this critical get a framework and
project a priority, and determine where to
focus. Some check-ins strategy in place.”
we have the time and
capability, but some along the way would
guidance along the way help keep us on track.”
would be helpful.”
Degree of Customization
Diagnostics and consistent methodologies throughout all four options
The light blue slides at the end of each section highlight the key activities and exercises that will be
completed during the engagement with our analyst team.
Use these icons to help guide you through each step of the blueprint and direct you to content related to
the recommended activities.
Guided Implementation
Signifies an opportunity to speak with an Info-Tech analyst to receive tailored advice for your organization on the completion of this
project.
Workshop Activity
Indicates that there are further details regarding the completion of this project while working in workshop setting.
Info-Tech Insight
A symbol of unique insight from an Info-Tech analyst that relates to the completion of the current step of the project.
1 2 3 4
PHASE
Examine the Opportunities Web APIs Can Enable 1
Info-Tech Research Group 8
Phase 1: Examine the opportunities web APIs can enable
1 2 3 4
2.1 Design a Web API 3 Test the Web API 4 Monitor & Continuously
Optimize the Web API
1 Examine the Opportunities 2.2 Develop a Web API
Web APIs Can Enable
Info-Tech Insight
• Project launch Deliverables from this Phase
Major
Milestones • Web API benefits
Reached identification No deliverables created for this
Web API development is a tactical phase.
competency that is important for
enabling speed of development,
quality of applications, reusability, Key • Web API project
innovation, and business alignment. Activities aligned with business
Completed objectives
∞
Application Architecture Evolution
Monolithic
Application CORBA/IIOP SOAP REST
Libraries
Any change Implementation was Inconsistent APIs Consistent Technological
required would complex and across providers. approach for web Advancements
necessitate a sometimes non- services to make in APIs…
recompilation of the implementable. function calls using
entire application. Costly to implement. GET, PUT, POST,
DELETE.
• Microservices Architecture
Where in web services is REST being applied today? • Enterprise Integration & Development
• Cloud Services (SaaS, PaaS, IaaS)
Protocol
External Web APIs
Web APIs are instruments which enable your development teams to increase the
quality of applications and adopt a “code once, use many” development approach.
Web APIs are an essential component that enable the strategy of an organization.
The apps, data, and APIs that are driving this digital An API is only as valuable as the data or functionality to
transformation are not just enabling business; they are which it provides access. So if an organization delivers a
becoming its very fabric. Whether digital native or particular core competence…it stands to reason that the
analog immigrant, today’s digital pioneers recognize most valuable APIs this organization could provide link
that an app strategy is the key to customer to and drive volume to exactly these core competencies.
engagement, user experience, and business success.
– Steve Willmott. “The Five Axioms of the API
– Promod Hague. “Businesses must embrace the Economy, Axiom #4 – Organizations must provide
programmable world. Or die.” Fortune.com. 2013. core competence through APIs.” 3scale. 2014.
In an effort to leverage the mobile channel more
effectively, enterprises are increasingly exposing data to
mobile developers via APIs. Traditional web service
based on SOAP and designed for a world prior to Industry Facts
ubiquitous mobile computing is being transformed to The first annual API community survey indicates:
REST APIs that are better suited for mobile applications.
• The most common protocols are REST (91.9%)
– Peter Crocker. “Mobile Apps in the API Economy: and SOAP (41.9%).
Avoiding the Mobile Cliff.” Smith’s Point Analytics. 2013. • The most three important factors for APIs are
complete and accurate documentation, service
APIs are the new dial tone…APIs are the connective
availability/uptime, and service
tissue of everything you do.
responsiveness/performance.
– Jeff Lawson, cofounder of and Chief Executive of
Twilio as quoted by Dean Takahashi. “The new dial DuVander, Adam. “API Consumers want reliability,
tone: How the API economy accelerates the growth of documentation, and community”. ProgrammableWeb. 2013.
cloud apps.” The API economy panel at CloudBeat.
2013.
Info-Tech Research Group 13
Web APIs should enable business strategy execution
There are real above-the-line and below-the-line benefits that web APIs can unlock.
Most significant business motivation for using web APIs: Most significant technical motivation for using web APIs:
75% of organizations want to connect to more partners. >80% of organizations want to integrate applications.
APIs enable flexibility in terms of partners Organizations using web APIs found that they:
connecting to web services…APIs let you put • Increased their customer/partner reach by 50%.
business logic and services in a centralized spot. • Increased the number of platforms reached by 57%.
This logic can be reused and it becomes incremental • Increased the number of apps built from web APIs by 50%.
to expand to different devices.
…APIs enable an increase in traffic and usage Organizations using web APIs found that they:
by enabling developers and partners to more • Increased web/device traffic by 70%.
easily develop apps that tap into a company’s • Increased web service usage by 58%.
online services.
…APIs lead to developer/partner productivity Organizations using web APIs found that they:
improvements and create an environment that • Reduced the time it took to onboard partners by 30%.
supports innovation. • Increased partner productivity by 30%.
Source: Fern et al. “Web API Study: The Benefits of APIs in the App Economy.” Hurwitz & Associates. 2011.
A study conducted by McKinsey Global Institute estimated that organizations can improve productivity levels by
20 to 25 percent by improving internal collaboration through the use of an internal API.
Source: Boyd. Mark. “6 Business Benefits of Private APIs”. Nordic APIs Blog. 2014.
a le
3 sc
e:
urc
So
• Wine.com strives to be the primary • APIs were built using REST • Created brand awareness through
resource for wine enthusiasts by principles and the retrieved content third-party applications.
providing helpful information. can be in XML or JSON format. • Leveraged new customer channels
• The goal was to provide • Wine.com chose a cloud API without additional IT resources.
developers access to its wine management solution to provide • Included mobile in-app commerce
catalog and related content in an easy and rapid integration and with selected partners in order to
open and accessible way. quick distribution of information. develop new revenue streams.
b
leWe
e: ab
ourc amm
S gr
o
Pr
Based on the applications in which you plan on exposing to the web API, Info- INPUT
Tech recommends conducting a before and after survey to determine how
satisfied users are with using a non-web API enabled application and a web API • Business objectives
enabled application.
Instructions OUTPUT
1. On a whiteboard, write down your business objectives. Some examples include: • Web API
• Increase client reach through engaging marketing campaigns. development
• Reduce business operation costs. initiatives prioritized
• Create innovative products to remain competitive in the market.
2. Map the objectives to use cases that will allow you to realize these objectives. Some use
cases can be mapped to multiple objectives. Materials
3. List IT solutions that are web API enabled and will support your use cases. • Whiteboard and
4. Prioritize your use cases and business objectives based on value to your business. This markers
step is a valuable step in determining which web API development projects to embark on
first. Business value definitions can include the following drivers:
• Revenue generation
•
Participants
Cost savings
• Compliance • CIO
• Strategic importance • IT Director
• Dev Manager
Instructions INPUT
• Business objectives
5. Determine what metrics will be used to measure and monitor the effectiveness and
business value of your web API. Determine metrics that map back to business objectives.
See the following slide for an example of how Exercise 1.1 is mapped out.
Example:
Business IT Solutions – Web
Use Cases
Objectives API Enablement
transformation
ERD
use cases
• Optimize the design, development, testing, and monitoring of your APIs incrementally and iteratively to cover all
use cases in the long term.
• Once you’ve created an initial web API, determine if it needs to be versioned based on API consumer feedback, process
changes, and analysis from monitoring initiatives. If this is the case, iterate through the web API development model to
include the use cases realized during monitoring.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-
3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Phase 1 Results:
• Understanding of business alignment with web API development initiatives.
• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-
Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to
Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email
Workshops@InfoTech.com for more information.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Verify how your web API initiatives support your overall business
objectives
1.1
An Info-Tech facilitator will discuss what Info-Tech is seeing trending in the API
development landscape and how these trends can benefit your organization. The
facilitator will assist in identifying web APIs that support your prioritized business
objectives.
1 2 3 4
PHASE
Design & Develop a Web API 2
Info-Tech Research Group 28
Phase 2.1: Design a web API to determine endpoints
1 2 3 4
1 Examine the Opportunities 3 Test the Web API 4 Monitor & Continuously
Web APIs Can Enable Optimize the Web API
2.1 Design a Web API
Design your web API that promotes speed of development and service
reuse.
3
Test the web API
3.1 Create test cases using model, synthetic, and scenario-based test design techniques.
3.2 Create a test plan for your web API.
Participants
Business Analyst(s)
Monitor and continuously optimize the web API Development Manager
4 4.1 Identify roles for your API development projects. Data Architect
4.2 Develop governance for web API development.
4.3 Measure the value of your web API project.
An off the shelf or custom application An API used to enable internal API consumers to
API Consumer that uses the web API. operate within the firewall of the organization.
Use a consistent, standardized method to design, build, and deploy API solutions.
INPUT
• Even though organizations plan for integration initiatives in their projects, very few have
developed a holistic approach to their integration problems, resulting in each project • Existing business
deploying different tactical solutions. process documents
• Architecture provides the footings, boundaries, definitions, and dimensions of information
and application integration with your integration technologies such as ESBs and APIs.
• Without an architectural view, it is difficult to align API integration technology solutions with OUTPUT
business drivers.
• High-level system
architecture
Instructions
1. Develop a high-level system architecture in context of developing your web API with
architectural components that apply to your organization (e.g. ESB, process Materials
orchestration, web servers, partner gateway services, data, infrastructure).
• Identify specific entities pertaining to architectural components, each unique to • Whiteboard and
markers
your organization (e.g. corporate database for data architectural component).
• Web API Design
• Identify how the APIs you are developing are connected to application
Document Template
architectural components. This will drive how your API will be designed in
exercises 2.1.2 through 2.1.7. Participants
2. Document Step 1 into the Web API Design Document Template. Giving your
developers a web API design document provides them with development guidelines on • Business Analyst
interfaces and data payloads, and also gives your operations group guidance on what to • Development
expect for performance, integration, and network connectivity components. Manager
Refer to the following slide for an example of the final output of this exercise.
Example:
Process Orchestration BPM
Legend:
Corporate
Website HTTPS
CRM Apps Web API being
Business
Web developed
Server ERP Apps
Users
Infrastructure
A focus on design is a key part of ensuring user productivity Data Model Object Representation
and a good ROI for the solution. A poor design will frustrate
developers and lead to longer development cycles or complete App Interface HTTP
abandonment of the solution. A well-designed web API will be from_resource()
• In the design stage, expect to go through several iterations before settling on a stable It is worthwhile saying that you
web API. It is more cost effective to design a web API with initial expected should develop an API with the end
functionality and include additional features once more use cases come to light. user in mind, and it’s something that
◦ Determine and document what your web API is trying to accomplish for your needs to be reinforced continually.
web API consumers. The people providing the API as a
◦ Determine what the use cases of your web API will be. Brainstorm and interview service have a certain perspective on
as many potential web API consumers as possible to determine these use cases. the technology they’re building. It’s
◦ Determine how these use cases would translate into specifications for your web necessary to be able to step out of that
API. Keep these specifications short as they will be easier to modify. Determine perspective and consider the
each specification’s appropriateness to the web API. For API specifications, technology being used to implement
categorize each specification into: (1) routines, (2) data structure, (3) object class, the clients to the API and what those
(4) methods, (5) parameters, and (6) variables. client developers are trying to
- When in doubt, leave it out. It’s better to leave out specifications that you achieve.”
are unsure of. – Ken Toole, Senior Director of
Engineering at Adobe Systems
Info-Tech Research Group 35
Run your design sessions as a product development effort
aimed at the consumer of your web API
Establish the key objectives for your web API in order to obtain the right
resourcing to deliver a suitable product.
Involve Key Stakeholders Info-Tech Insight
• A team of development and data experts need to be intimately involved at • API development is driven from the
this stage as there are many possible implementations for a given set of outside in with clear intent. What you
business requirements.
• Also, consider including the following roles:
are trying to achieve will drive many of
o Business Process Owner the design decisions and make it
o Test Lead easier for web API consumers to
understand. It is aimed at improving
the productivity of those who will
Follow Best Practices consume your API.
• Use a multi-pass design approach, where optimization is progressive.
• Conduct an ongoing cost/benefit analysis looking at the trade-offs • Don’t count on your initial API
between short- and long-term objectives. design reaching stability right away.
• Sometimes a less than optimal solution is necessary so that the overall Design efforts can continue for a long
organization benefits through standardization. time since it is an iterative process. Aim
for a minimum viable product at each
We try to provide APIs that are clear in their intent and usage so that iteration rather than trying to over-
you can avoid having clients make assumptions that are invalid. As a engineer a web API.
service provider, you have to take a bit of ownership over, “Did you
provide an API that allowed clients to do things that become • Document your changes as part of
problematic in the future, or were you very clear and explicit about an overall enterprise architecture.
how your API should be used in the design of the API itself?” This will enable discussions related to
– Ken Toole, Senior Director of Engineering at Adobe Systems impact analysis for process or system
changes to be simplified.
Use these best practices to define API requirements, use cases, and
design entities in the next exercise.
Instructions INPUT
1. As a team, define your web API requirements (business, functional, non-functional). • Web API use cases
Brainstorm the use cases of how your web API will be used by API consumers. For more from the business
information on defining requirements and use cases, and design techniques, please refer to
Info-Tech’s blueprint on Application Development.
2. Using the sticky notes and the whiteboard, define design entities for your web API based on OUTPUT
requirements. Map design entities to the requirements and use cases of your web API.
• Web API use cases
3. Document steps 1 and 2 in the Design Requirements Template.
• Design entities for
web API
RQMT RQMT RQMT
1 2 3 Materials
• Whiteboard and
markers
USE • Sticky notes
CASE • Design Requirements
USE USE Template
USE
CASE CASE
CASE
Participants
• Business Analyst
• Development
DESIGN DESIGN Manager
DESIGN ENTITY ENTITY
ENTITY DESIGN
ENTITY
• In some cases, multiple processes can benefit from a single web API.
• Use the detailed design to provide context for business use cases which, in turn, can be used to create
functional test cases for applications that make use of each web API.
Make It Happen:
• List all the business rules in a given process. This can be done by initially looking at decision points
within each process flow. You can create test cases to ensure your web API works under those
conditions.
• Determine the URI filters based on how your web API will be consumed. If, for example, most
cases only require a subset of the entire data available, don’t send all the data unless a particular flag
has been set in the URI.
• Design your web API to be consumed easily. If the API consumer is expecting JSON data, for
example, but your web API only offers XML, that will require additional development effort which could
make your web API less attractive.
Instructions INPUT
1. Map the high-level step-by-step process of the use case to show your best estimate at the
• Existing business
intent of how the web API will be used.
process documents
2. Identify where business rules exist in the process workflow.
3. Identify which business processes belong to a specific application/system. Then, identify
where web API integration is required. OUTPUT
4. Document steps 1 through 3 in the Web API Design Document Template.
• Business process
Example:
workflow
Above/Below $5,000
Budget?
Materials
Create a Get Finance Generate Email
• Whiteboard and
Campaign Approval Below Budget List
markers
• Web API Design
Above Budget Document Template
JSON
Get Additional data Participants
exchange
Funds • Business Analyst
• Development
Manager
Push Emails
Launch
Into Email
Campaign
server
Info-Tech Research Group 39
Map the relationships among data tables through Entity
Relationship Diagrams (ERD)
Use ERDs to document the relationships and understand the construction of
objects exposed by your web API.
Why is it important?
• You need to understand how internal objects are connected for maintenance purposes. Entity
relationship diagrams describe how one data set (entity) uses or points to another entity. Actions indicate
the purpose or logic behind the use of each entity.
• Your data may be coming from different systems that require customization to support your web
API. The ERD could be an abstracted view of a database and the relationships among multiple
databases which all need to be based on the same semantic understanding.
• To serve as a framework for developing wireframes and storyboards. Each entity can be an
interface with each data type as an interaction object and in which the action defines the interactions
between the wireframes of a storyboard.
How should ERDs be created and documented?
• Elicit process descriptions and make all nouns into entities, noting any hierarchical dependencies
between them.
• Begin with an end user or requirement and flush out the types of data required to support each use
case.
Instructions INPUT
1. Determine hierarchical model will be used to create your entity-relationship diagram (Class
• Documentation on
Type, Ownership, or Association).
data sets
2. Denote all data sets into data tables. Map data tables that will be specifically exposed by
the web API being developed. If you are not certain which ones will be exposed, include all
data tables that you would think would be valuable to the API consumer.
OUTPUT
3. Map relationships among data tables. This will depend on the hierarchical model used.
Make sure to define the actions between entities which will map the interaction workflow • Entity relationship
from one data set to another. diagram
4. Document steps 1 through 3 in the Web API Design Document Template.
Example:
Materials
Campaign Customer Organization
• Whiteboard and
Name FirstName OrgName markers
• Web API Design
Description LastName Address
Document Template
StartDate Role Phone
Participants
EndDate Organization City
Description Items
Availability Date
• Identifying data inputs and outputs can lead to discussions around establishing the true source of data
within the enterprise.
• It can help assess the payload necessary and provide insight into network traffic and possibly
performance issues.
• In some cases data may not be immediately available due to dependencies from other systems, which
leads to discussions around workarounds. Temporal aspects of data are documented in the data flow
diagram.
• Security restrictions should be documented in the data flow diagram including firewall port requirements
and payload limitations.
Instructions INPUT
1. In process flow-like diagram, determine how each data set relates to another using verbs • Documentation on
that are based on HTTP methods. data sets
2. For each data set, determine all associated attribute variables and function methods.
3. Identify in your data flow diagram where data integration is required. This will be where your
web API be located. OUTPUT
4. Consider the following when conducting this activity:
• Is the data read-only or can the application and users edit and modify it? • Data flow diagrams
• Which components are managed and operated by third-party providers? What is
your level of control?
• What is the taxonomy of data in your system? Is it standardized and is the data
encrypted? Materials
• How often are your databases updated? Is it real-time or periodic extract, transfer,
• Whiteboard and
and load (ETL)? markers
Example: • Web API Design
Customer Account Manager Document Template
GET Account Manager
FirstName Name Participants
POST Customer
LastName Customer • Data Architect
• Development
Role Level CRM ERP
Manager
Organization
API
Type Private Cloud
• APIs are critical components of your system architecture which provide access to native INPUT
hardware features and facilitate communication with enterprise systems, third-party
services, and other devices. • Documentation on
• By not paying attention to your API development, you risk: data sets
o Heavy-weight communication over slow mobile networks which will drive down
performance.
o App misuse due to exposed and unsecured APIs. OUTPUT
o Unavailable services because APIs do not accommodate changing end points
and fragmented data schemas. • Data flow diagrams
• Identifying potential risks associated with data exposed by your web are important when
determining the development practices that need to be used to mitigate those risks.
Instructions Materials
1. Using your data flow diagram as a reference, identify existing and potential • Whiteboard and
markers
performance bottlenecks, security gaps, integration issues, and other • Web API Design
technical issues. Document Template
2. Write your gaps on sticky notes and place them on top of your diagram.
3. Determine development-related practices that mitigate the identified risks for Participants
successful API development. Write these practices on sticky notes and place • Data Architect
them on top of the gaps on your data flow diagram. • Development
Manager
Refer to the following slides for leading questions to reveal current or potential security,
performance, and integration risks in your data flow and for an example of the final output of this
exercise.
Example:
High Payload, Data
Encryption
Legend:
Slow
Application CRM
Execution
ERP
API Risk of Data Performance
Consistent
Leak Issue
Object
Notation
Data Customers Account Manager Security Gap
Managed by Integration
Infrastructure Corp. Database Private Cloud
Third Party Risk
Solution
Customer Account Manager
GET Account Manager
FirstName Name
POST Customer
LastName Customer
Organization
API
Type Private Cloud
Instructions INPUT
1. Based on the data flow diagram created in 2.1.3, group data sets into objects. Name the
objects in plural and as nouns. • Documentation on
data sets
2. Document step 1 in the Web API Design Document Template.
OUTPUT
Example:
• Data flow diagrams
/customers with web service
objects defined
1 2 3 4
1 Examine the Opportunities 3 Test the Web API 4 Monitor & Continuously
Web APIs Can Enable Optimize the Web API
2.1 Design a Web API
Considerations
Web API API
Consumer
• Be prepared for extra development and
testing required to support the override.
Considerations
API
• Be prepared for designing your web API so Web API
Consumer
that each format can be supported. Non-
alphanumeric characters can sometimes
throw off the formatting.
Example Description:
• There are well known HTTP response
• In this example, the client side submits a bad request
codes that should be passed after a
which your web API will capture and send an error status
response has been processed.
with additional details in JSON format.
• Provide an additional payload information to
assist developers who use your web API HTTP/1.1 400 Bad Request GET /customers/cust10
during development and troubleshooting. ... ...
Considerations
• Lack of industry consistency. Facebook, for API
Web API
example, returns only status code 200 with Consumer
error messages in the payload. Twilio provides
hyperlinks in their payload to aid in
troubleshooting.
Generate documentation for your web APIs Train your team on proper design of APIs
• API Academy
• APIBlueprint
• Pluralsight
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-
3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Phase 2 Results:
• Understanding of best practices for design and development for web APIs.
• Web API design created.
Understand how your web API fits into your system architecture
2.1.1
The facilitator will walk you through the exercise of developing a high-level system
architecture to determine how your web API development project fits into your
business processes.
2.1.2 Info-Tech will facilitate discussion around how the web API should be designed
based on requirements and use cases.
2.1.3 Info-Tech will facilitate discussion on the current state of your business process and
walk you through an exercise on mapping your business processes using process
workflow diagrams.
2.1.4 Info-Tech will facilitate discussion on the current state of your data and walk you
through an exercise on mapping your relationships between data sets using entity
relationship diagrams.
2.1.7 The facilitator will walk through an exercise on how to create data collections
(objects) for web service exposure.
1 2 3 4
PHASE
Test the Web API 3
Info-Tech Research Group 58
Phase 3: Test the web API
1 2 3 4
1 Examine the Opportunities 2.1 Design a Web API 4 Monitor & Continuously
Web APIs Can Enable Optimize the Web API
2.2 Develop a Web API 3 Test the Web API
There is no single test tool that can test all perspectives of a web API.
Use specialized tools that can effectively test different components of
the API stack.
Design & develop a web API
2.1.1 Understand how your web API fits into your system architecture.
2.1.2 Define high-level design details.
2 2.1.3 Define your process workflows and business rules.
2.1.4 Map the relationships among data tables through ERDs.
2.1.5 Document your web API data flow diagrams.
2.1.6 Identify the integration risks, security gaps, bottlenecks, and other risks in your data
flow.
2.1.7 Define your objects by effectively referencing your data model.
3
Test the web API
3.1 Create test cases using model, synthetic, and scenario-based test design techniques.
3.2 Create a test plan for your web API.
Participants
Development Manager
Monitor and continuously optimize the web API Test Teams
4 4.1 Identify roles for your API development projects.
4.2 Develop governance for web API development.
4.3 Measure the value of your web API project.
Every web API has an interface that is an agreed upon contract. Changing this
contract means testing for backward compatibility and performance. Changing the Schema
interface often means a change to the schema which should also be tested.
Interface design is difficult and you should expect to see this type of testing quite
frequently early in your API development. Depends on
Schema Changes
Interface
This could involve either addition, modification, or deletion of schema entities.
Emphasis should be placed on testing backward compatibility to ensure schema
changes do not affect marshalling and unmarshalling of parameters. Depends on
Plan for the worst-case scenario by developing test cases using the following security
test techniques.
Fuzzing Technique Malicious Content Technique
Use of random data to see whether your API crashes. Taking advantage of the API hosting infrastructure to
Data can either be generated randomly or using force a crash. Examples would be recursive objects that
modeling techniques to break the API using its original result in out of memory errors or passing corrupt binaries
intended usage. in the API call.
CON: Might have poor code
PRO: Bugs found using
coverage so it won’t
this approach can be PRO: Allows you to CON: You need to be
validate secure coding
severe and reveal prepare response teams careful not to bring down
practices and the focus
issues that are for such cases and to your entire system while
tends to centralize around
sometimes overlooked test incident response testing which could
boundary conditions to
even by experienced time. lengthen test cycle time.
avoid unbounded testing
testers.
time.
Invalid/Out-of-bounds Content Technique Injection Attacks Technique
Uses boundary conditions to test local and global Exploits the web API’s internal code syntax to execute
maxima and minima values, incorrect value types for with malicious intent. It could be at any stack level (SQL,
parameters, and incorrect HTTP headers. XSLT, JSON, JavaScript).
PRO: It is easy to CON: Any hard coded values PRO: Common attack
construct test cases could require maintenance CON: Requires code level
vectors are available
from well-defined as compilers continue to knowledge to create test
online so you have a
metadata during improve the range of values cases.
good starting point.
development. for data types.
Continually stay up to date on common security issues using well-known resources such as OWSAP, WS-
Attacks, and Zed Attack Proxy.
Info-Tech Research Group 62
Expect to augment your legacy testing tools
When you test your web APIs today, look for certain key features in your testing tools.
HTTP
A GUI-based tool that allows you to simulate HTTP requests
HTTP Client with payload for both request and response.
Client
1 POST /blog/posts
2 ACCEPT: application/json ... Request Capture Ability to capture all incoming requests from API consumers.
From
DLC
Time Length Source Aimed at capturing all relevant inbound and outbound
I
Destination Protocol Summary
Traffic Capture HTTP/S network traffic to and from the API endpoint.
Development Tool Integration with common development tools like Eclipse and
Integration Visual Studio.
/api/login Authentication Allowing web API testing through proxy and authentication.
Step-by-Step Unit
Permits single step examination of requests and responses.
Testing
Using a test suite can help with test case automation and integration with a continuous
integration suite. Realize what web API testing and monitoring tools are out there
before conducting custom in-house testing.
Frisby
The eventual goal of test case creation should be insertion into a continuous
integration suite of cases for automation.
• In the long term, your web API testing will lend itself well to automated testing because your web API interface will
eventually be stable and test case execution will be repeatable.
• Start with manual testing and eventually integrate your often repeated test cases into a CI tool to form a robust regression
suite.
1 Create your testing from test types 2 Create your test cases
• Security testing: Focus on metrics around authentication,
endpoint certificate security, caching/session replay, and • Model based: Use finite state machines, symbolic
modification to data in transit. execution, and theorem proving to drive out test
• Load testing: Look at performance metrics like response time cases.
per call and number/type of API exception errors returned. • Synthetic based: If your API is orchestrated,
• Usability testing: From a design perspective, look at create test cases based on the way you know your
consistency of your API signatures and call methodology. API is being consumed by most developers.
• Anti-fragility testing: Test for graceful degradation cases, • Scenario based: Using a use case or functional
default responses, and time to recover from faults or failures. approach, define the scenario in a “Given, When,
• Error testing: Ensure the correct error codes and Then” syntax.
descriptions are returned.
API testing is not the same as testing through an application GUI. Application functional testing tends
to be black box and can mask logic and performance errors that white box API testing reveals. In some
cases, it may not be possible to conduct testing for legacy APIs – either the code is no longer available or
API testing might be expensive. In such cases, performing functional regression testing is a reasonable
alternative compared to not testing at all.
Model Based Testing Example Synthetic Based Testing Example Scenario Based Testing Example
STATE 2: Username USE CASE 1:
SUCCESSFUL Password API User requests USER AUTHENTICATION
LOGIN User
FLOW 1 authenti GET
logs in
Username STATE 3: -cates /customers… IF: API consumer tries to authenticate;
Password INCORRECT THEN: return success code 200;
STATE 1: LOGIN WHEN: the credential exists in AD.
API does API
NOT LOGGED User
Username Username FLOW 2 not responds to
IN logs in
authenticate user…
Password Password
Instructions INPUT
1. Determine the test type that you will create test cases for (e.g. performance, load,
usability). • Previous testing
experiences and
2. Determine which test design techniques will be used to generate test cases (model,
documentation
synthetic, or scenario based).
Model-based Testing:
1. Determine the different states of your web API. Use sticky notes to document the various OUTPUT
states and place them on the whiteboard.
2. Generate test cases by determining how to go from one state to another. Use markers to • Web API test cases
draw lines to illustrate state transitions.
Synthetic-based Testing:
3. Determine the most common ways your web API is used. Represent these in flow diagrams.
Use sticky notes to document each component of a flow. Materials
Scenario-based Testing:
4. Determine all scenarios of how your web API can be used (if use cases/user stories have • Whiteboard and
been already developed, use these). markers
5. Determine scenarios of how each use case will be proceed in a “If. Then. When.” syntax • Sticky notes
template. Use sticky notes to document each scenario in the “If. Then. When.” syntax
template. Participants
Synthetic-Based Testing Scenario-Based Testing
Model-Based Testing Example
Example Example
• Development
Manager
Transition
Action IF: …..
• Test Teams
COMP- COMP-
FLOW THEN: …..
STATE STATE ONENT ONENT
1 WHEN: …..
1 2 1 2
• A test plan specifically for your web API provides guidance on testing activities required. INPUT
The test plan forces testers to confront what test activities take priority based on time and
resource constraints. • Previous testing
• Communicate with members of the project team and other test stakeholders the scope of experiences and
testing and realistically determine what can and cannot be tested. documentation
Instructions OUTPUT
1. Define your test approach by defining what features are to be tested and not to be tested. • Web API test plan
2. Determine what test types will be conducted for your web API (e.g. payload testing).
Determine what test design techniques are to be used for each test type to determine test
cases (e.g. malicious content). Define roles and responsibilities associated with each test
type. Materials
3. Determine what tools and test environment requirements are necessary for your web API • Whiteboard and
testing activities. markers
4. Identify the high-risk assumptions of your test plan. Specify contingency plans for each • Web API Test Plan
(e.g. delay in delivery of test items might require increased night shift scheduling to meet Template
delivery date).
Participants
5. Document steps 1 through 4 in the Web API Test Plan Template.
• Development
Manager
A tester’s definition of risk relates to the likelihood of a defect occurring, whereas • Test Teams
the business sees risk from a feature prioritization perspective. It is important to
ensure the business has sufficient information to make a decision regarding risk
to the organization.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-
3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Phase 3 Results:
• Understanding of the different techniques to generate effective test cases.
• A comprehensive test plan for web APIs is developed.
1 2 3 4
PHASE
Monitor & Continuously Optimize the Web API 4
Info-Tech Research Group 72
Phase 4: Monitor and continuously optimize the web API
1 2 3 4
1 Examine the Opportunities 2.1 Design a Web API 3 Test the Web API
Web APIs Can Enable
4 Monitor & Continuously
2.2 Develop a Web API
Optimize the Web API
3
Test the web API
3.1 Create test cases using model, synthetic, and scenario-based test design techniques.
3.2 Create a test plan for your web API.
Participants
Development Manager
Monitor and continuously optimize the web API IT Director
4 4.1 Identify roles for your API development projects.
4.2 Develop governance for web API development.
4.3 Measure the value of your web API project.
Relevant use cases of your web API come to fruition when API consumers use it. Plan
web API evolution iteratively in order to accommodate for these use cases.
In order to address you not knowing how your customers are going The hard part is that you have no idea how
to use your API, one technique to build or modify that data that we customers are going to use your API…Build
use for regression testing is to have some sort of diagnostic or way that minimum step for the initial
of tracking how customers are calling your API. Even if your deployment that lets your users do
customers are trying to call your API and are failing, you can still something, and let them iterate on that.
get some learning from that too. You collect that data and use that Observe what else they think they need, and
data to help API development as well as new test support. then add more features and go from there.
– Alan Page, Principal Software Engineer at – Alan Page, Principal Software Engineer at
Microsoft Microsoft
Monitor your web API usage patterns as a starting point for Continuous API Documentation
updates made to your web API. Provide developers with an API • Be clear in your documentation your API’s intent and usage
change log to see how the API has evolved over time. Provide to avoid API consumers from making assumptions that are
changes via release notes to provide API consumers with an invalid.
understanding of how the changes may affect their application.
• Take a well-balanced approach to documentation. If the
• RUM (Real User Monitoring) can be used to determine web API requires an API consumer to fully understand the
bandwidth and runtime platforms so you can optimize for those use of your web API, then you don’t have an optimal API
scenarios. design. The core functionality of your API should be intuitive
– include examples of advanced API features.
• Synthetic monitoring can be used to call your commonly used • Your web API has to evolve in order to remain relevant.
web API orchestrations to determine whether any error Managing this change through documentation and
conditions exist under low load conditions. versioning is critical. Keep your web API documentation up
to date. Tools like Mashery, Swagger, and APIBlueprint
Source: Lawton, George. “API World Conference reveals API developer pain can do this for you in an automated fashion.
points”.
Versioning Approaches: Source: Biske, Todd. “Get a grip! How to handle API versioning decisions”. TechTarget. 2014.
URI
URI Path api.myuri.com/v2/user/... api.myuri.com/users/12345?v=1.2
Parameter
• Adding a new parameter in your URI that indicates • Addition of a query string parameter to indicate version
the version. required.
• PRO: Distinct URIs make backward compatibility easy. • PRO: Consumers can choose which version they want to use; each
• CON: Have to manage multiple versions of the same version is stable.
URI. • CON: If consumers use the latest version, they may be surprised by
Content Accept: image/jpeg unintended
Custom changes.
X-HTTP-Method-Override: PUT
Negotiation image/gif; q=0.8 Request Header
• Uses HTTP headers to determine version. • Adds a custom attribute in the HTTP header.
• PRO: Consumers don’t have to change at their end • PRO: Consumers don’t have to change at their end because
because versioning is removed from the URI. versioning is removed from the URI.
• CON: Additional complexity, HTTP header support is • CON: Additional complexity since versioning is not highly visible.
not universal.
Source: Musser, John. “What Makes a Great Open API?”. OSCON2012. 2012.
Info-Tech Research Group 76
Establish a governance model for managing your web API
Establish an IT Service Governance Model Establish a Web API Process Governance Model
What It Means: What It Means:
• Instill processes that ensure effective and efficient • Development and implementation processes that
use of IT in enabling the appropriate use of the web execute the IT Service Governance Model for your
API. web API.
Items to Address: Items to Address:
Identify the actors responsible for offering services to Identify the actors in the architecture, development,
the business that make use of the web API. and support of your web API.
Note the specific business or partnership SLAs Articulate the process that represents the normal
agreed upon. day-to-day operations for architecture, development,
Determine who should be responsible for decisions and support under non-error conditions.
around changes to the web API (versioning, API Determine what should be done under less than
deprecation policy). ideal conditions for each of architecture,
Determine the ownership of any third-party vendor development, and support.
management.
As part of your API versioning strategy, you also need a deprecation policy. The
reality is that most new APIs today have a versioning strategy, but very few also
come out of the gate with a deprecation policy. Your policy should explicitly state
how long you will support each version of your API given some degree of notice.
– John Musser, Founder & CEO at API Science.
• IT executes a number of processes to serve business needs. These processes need be INPUT
assigned to certain individuals that are part of the web API development team.
• From an optimization perspective, IT drivers help act as high-level acceptance criteria for • Business drivers
process changes within IT. It is important to understand how IT can help support business • IT capabilities
needs and what processes need to be established to enable web API development.
Instructions OUTPUT
• Identified IT
1. Identify the actors in the architecture, development, and support of your web API
governance gaps
development projects. Determine the responsibilities for each actor in a given web API
development initiative.
2. Use the Web API Process Governance Template to document your RACI table.
Materials
Project-Specific Responsibilities
• Whiteboard and
Development Accountable for quality assurance and managing testing initiatives conducted
markers
Manager by test teams.
• Web API Process
Responsible for setting up the infrastructure and ensuring proper installation Governance
IT Operations
and availability of the test tools. Template
Responsible for providing high-level guidance on the flow of data across
Data Architect
systems to ensure integration works as expected.
Participants
Responsible for conducting testing for web APIs during development and prior • Development
Tester to deployment; consulted to provide insights on test approach deemed most Manager
suited for web APIs. • IT Director
Accountable for ensuring a high value, widely available, and sustainable
IT Director
mobile platform from design to deployment.
• You need to establish a governance structure around how to execute web API activities, INPUT
and it should be enforced by management to direct the project succession.
• Having a set web API process will ensure accountability among involved stakeholders, and • IT capabilities
help them understand what is required at critical points in the development process.
Instructions OUTPUT
1. Based on the roles and responsibilities identified in exercise 4.1, articulate processes that • Web API
represent normal day-to-day operations for each of the architecture, development, testing, development process
and support groups under non-error conditions. Create a process flow to include sunny flow
day as well as rainy day scenarios (situations where the process is not operating as
expected). Materials
2. Determine what should be done under less than ideal conditions for architecture,
• Whiteboard and
development, testing, and support steps. Determine a reporting structure around having a
markers
clear approval and escalation process to promptly notify stakeholders of discrepancies and • Web API Process
quickly push process fixes in rainy day scenarios. Governance
Template
Participants
• Development
Manager
• IT Director
Instructions INPUT
1. Based on the metrics established in Exercise 1.1, determine the effectiveness of your • Metrics from Exercise
web APIs by documenting the measurements for each metric used to measure the web 1.1
API development project. • Satisfaction survey
2. Conduct a results survey of business users which use the applications exposed to the results
web API developed. Determine the satisfaction rating of each application to gauge the OUTPUT
value of your web API.
3. Based on your measured value and survey evaluations, determine what new • Documented web API
functionalities can be added to web API to further enhance application experiences. results
• Considerations for
Business Metric Measurement Application Satisfaction Satisfaction new web API features
Objective exposed to rating before rating after
web API Materials
Improve Number of calls to Average 100 CRM 1 out of 5 5 out of 5
customer web API which calls/hour • Whiteboard and
retention supports customer markers
marketing
Once your web API is released into production, you need to include onboarding,
monitoring, and future enhancements in your future plan.
Once your web API is in production, you need to focus on three key areas:
Monitor Usage, API Integration
1 Business Engagement 2 Reporting, & Analytics 3 Roadmap
• Have an onboarding plan for new • Questions to consider when • For managing the roadmap
teams or business partners to looking into monitoring and integration for purchased APIs,
consume your API. Some reporting initiatives: consider the following questions:
questions to consider are: o Is the load across all callers o In cases where you did not
o How will they be supported? consistent or are there outliers create the API, how will
(Think about both process and that may be affecting overall backward compatibility be
structure.) performance? assured?
o Who will handle infrastructure o Are there certain times where o What is the roadmap of the
issues like key management? API usage is higher? web API owner?
o Can they recommend API o Are there patterns where API
changes? consumers are not properly
o Will you offer some type of calling your web API? What
SLA? What happens in a can you learn from this?
breach? o Will web API consumers have
o Are there any security or access to reports? If so, which
compliance requirements for ones?
external business partners? o Can API consumers give
feedback on functionality?
An API management tool can help with most of these focus points stated above. Some leading vendors in this
space are: Apigee (Edge), IBM (IBM API Management), Intel (Mashery), and Microsoft (Azure API
Management).
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-
3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Phase 4 Results:
• Processes created for managing web APIs from business and IT perspectives.
• Web API development project measured and potential new functionalities made known for the next iteration.
Alan Page
Principal Software Engineer
Microsoft
Alan Page has been a software tester for nearly 20 years. He was the lead author on the book How We Test
Software at Microsoft, contributed chapters for Beautiful Testing and Experiences of Test Automation: Case
Studies of Software Test Automation , and recently published a collection of essays on test automation in The
A Word. He also writes about a variety of software engineering subjects on his blog at http://
angryweasel.com/blog. Alan joined Microsoft as a member of the Windows 95 team, and since then has
worked on a variety of Windows releases, early versions of Internet Explorer, and Office Lync and Xbox One.
Alan also served for two years as Microsoft’s Director of Test Excellence.
Ken Toole
Senior Director of Engineering, Platform Technology &
Services
Adobe Systems
As senior director, Ken is responsible for the day to day engineering effort required to deliver core pieces of
Adobe’s online business infrastructure supporting all of Adobe’s online services and product offerings.
Toole’s work includes the development, quality, and engineering operations of a wide array of hosted services
at the infrastructure and e-commerce level, consumer facing web applications and desktop components
embedded in Adobe’s industry leading desktop applications. His other responsibilities include contributing to
Adobe’s strategy and technology deliveries to support 3rd party developers and our large enterprise
customers that rely on Adobe’s creative products to drive their businesses. Toole’s engineering team is
spread between the U.K., India, and the United States.
Ed Anuff
VP, Product Strategy
Apigee
Ed Anuff is a respected technologist and a proven innovator with over 20 years of experience as an
entrepreneur. In 2010, he founded Usergrid, a startup that created a mobile backend-as-a-service (BaaS) to
provide cloud services for powering mobile and rich client applications. Usergrid was acquired by Apigee in
2012. Prior to starting Usergrid, he was most recently Executive VP and General Manager of Six Apart, which
is known for creating the Movable Type blogging platform, TypePad blogging service and Vox social network.
He was co-founder of Widgetbox, a popular marketplace for widgets, and he was also co-founder of
enterprise software company Epicentric, a provider of enterprise portal software. Anuff was also responsible
for the launch of HotBot, one of the first large-scale web search engines, when he was an executive at Wired.
John Musser
Founder & CEO
API Science
John Musser is CEO of API Science and previously founded ProgrammableWeb, the leading online resource
on open APIs. John is an industry expert on APIs, quoted in the Wall Street Journal, New York Times, Forbes,
and Wired, and speaking at conferences including SXSW, Dreamforce, and Web 2.0. He also consults on
API strategy and trends with clients including Google, Microsoft, and Salesforce. Find him on twitter at
@johnmusser.
Anonymous. “Building Reusable APIs in a Mobile First, Cloud First Business Environment: Technical Case Study”. Microsoft.
Feb. 2015. Web. Feb. 2015. https://msdn.microsoft.com/en-us/library/dn922163.aspx.
Anonymous. “FedEx shipping API is down, causing Shipping Service to be unavailable and causing slow response to
Storefronts”. Incident Report for Bigcommerce. 17 Jan. 2015. Web. Feb. 2015.
http://status.bigcommerce.com/incidents/4q1qm9lcxh94.
Anonymous. “Google API infrastructure outage incident report”. Google Developers Blog. 3 May 2013. Web. Feb. 2015.
http://googledevelopers.blogspot.ca/2013/05/google-api-infrastructure-outage_3.html.
Anonymous. “Model-Based Testing”. Microsoft. 2015. Web. Feb. 2015.
https://msdn.microsoft.com/en-us/library/ee620469.aspx.
Anonymous. “Top 10 2013 Security Threats”. OWASP. 2013. Web. Feb. 2015.
https://www.owasp.org/index.php/Top_10_2013-Top_10.
Anonymous. “Wine API success for commercial purposes”. 3scale. 2015. Web. Feb. 2015.
http://www.3scale.net/wp-content/uploads/2015/03/API-Use-Case-Wine.com_.pdf.
Biske, Todd. “Get a grip! How to handle API versioning decisions”. TechTarget. Dec. 2014. Web. Feb. 2015.
http://searchsoa.techtarget.com/tip/Get-a-grip-How-to-handle-API-versioning-decisions.
Bloch, Joshua. “How to Design a Good API and Why It Matters”. Google TechTalks. 2007. Web. Feb. 2015.
http://lcsd05.cs.tamu.edu/slides/keynote.pdf.
Boyd. Mark. “6 Business Benefits of Private APIs”. Nordic APIs Blog. 13 Feb. 2014. Web. Feb. 2015.
http://nordicapis.com/business-benefits-of-private-apis/.
Crocker, Peter. “Mobile Apps in the API Economy: Avoiding the Mobile Cliff.” Smith’s Point Analytics. Aug. 2013. Web. Feb.
2015. http://www.smithspointanalytics.com/Mobile-Apps-in-the-API-Economy.pdf.
Dhall, Chander. “5 Best Practices for Better RESTful API development”. 17 Oct. 2013. Web. Feb. 2015.
http://devproconnections.com/web-development/restful-api-development-best-practices
DuVander, Adam. “API Consumers want reliability, documentation, and community”. ProgrammableWeb. 7 Jan. 2013. Web.
Feb. 2015.
http://www.programmableweb.com/news/api-consumers-want-reliability-documentation-and-community/2013/01/07 .
Fern et al. “Web API Study: The Benefits of APIs in the App Economy.” Hurwitz & Associates. 2011. Web. Feb. 2015.
http://hurwitz.com/recent-research/item/web-api-study-the-benefits-of-apis-in-the-app-economy.
Gat, Israel, and Giancarlo Succi. “Agile Product & Project Management Executive Update Vol. 14, No. 6: A Survey of the API
Economy.” Cutter Consortium. 2013. Web. Feb. 2015.
http://www.cutter.com/content-and-analysis/resource-centers/agile-project-management/sample-our-research/apmu1306/ap
mu1306.pdf
.
Giza, Maxine. “Innovative, practical API design captures travel-lover’s imagination”. TechTarget. Nov. 2014. Web. Feb. 2015.
http://searchsoa.techtarget.com/feature/Innovative-practical-API-design-captures-travel-lovers-imagination .
Hague, Promod. “Businesses must embrace the programmable world. Or die.” Fortune.com. Sept. 2013. Web. Feb. 2015.
http://fortune.com/2013/10/22/businesses-must-embrace-the-programmable-world-or-die/ .
Jansen, Geert. “The Job of the API Designer.” RESTful API Design. 2011. Web. Feb. 2015.
http://restful-api-design.readthedocs.org/en/latest/scope.html.
Jauker, Stefan. “10 Best Practices for Better RESTful API”. m-way solutions. 5 June 2015. Web. Feb. 2015.
http://blog.mwaysolutions.com/2014/06/05/10-best-practices-for-better-restful-api/.
Johnson, Tom. “API doc survey: Most challenging aspect of API documentation”. I’d Rather Be Writing. 12 Jan. 2015. Web.
Feb. 2015. http://idratherbewriting.com/2015/01/12/api-doc-survey-most-challenging-aspect-of-api-documentation/ .
Lawton, George. “API World Conference reveals API developer pain points”. TechTarget SearchSoftwareQuality. 22 Sept.
2014. Web. Feb. 2015.
http://searchsoftwarequality.techtarget.com/news/2240231187/API-World-Conference-reveals-API-developer-pain-points .
Moore, Alan and Dinesh Shetty. “Recommended Practices for Designing a Web API”. IBM Impact 2013. 10 May 2013. Web.
Feb. 2015. http://www.slideshare.net/ibmapimgmt/recommended-practices-for-designing-a-web-api.
Info-Tech Research Group 87
Appendix - Bibliography
Musser, John. “API Business Models.” API Strategy Conference. 2013. Web. Feb. 2015.
https://www.youtube.com/watch?v=gfguGS8HYvM.
Musser, John. “What Makes a Great Open API?”. OSCON2012. 18 July 2012. Web. Feb. 2015.
http://www.slideshare.net/jmusser/what-makes-a-great-open-api.
Nolle, Tom. “API security more critical as componentization grows”. TechTarget. Dec. 2014. Web. Feb. 2015.
http://searchsoa.techtarget.com/tip/API-security-more-critical-as-componentization-grows.
Pedro, Bruno. “5 Ways APIs will Increase your Revenue”. Nordic APIs Blog. 27 Aug. 2014. Web. Feb. 2015.
http://nordicapis.com/5-ways-apis-will-increase-revenue/.
Pedro, Bruno. “How to Monetize your API”. Nordic APIs Blog. 1 Sept. 2014. Web. Feb. 2015.
http://nordicapis.com/how-to-monotize-your-api/.
Plamondon, Jim. “Introducing the API Economy: A Dialogue.” Cutter Consortium Agile Product & Project Management
Executive Report, Vol. 12, No. 8. 2012. Web. Feb. 2015.
http://www.cutter.com/content-and-analysis/resource-centers/agile-project-management/sample-our-research/apmr1208/apm
r1208.pdf
.
Sahni, Vinay. “Best Practices for Designing a Pragmatic RESTful API”. VinaySahni. Web. Feb. 2015.
http://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api#docs.
Spencer, Travis and Jennifer Riggins. “APIs Power the Internet of Things”. Nordic APIs Blog. 5 Jan. 2015. Web. Feb. 2015.
http://nordicapis.com/apis-power-the-internet-of-things/.
Stafford, Jan. “How to handle challenges with API security and efficiency”. TechTarget. Mar. 2014. Web. Feb. 2015.
http://searchsoa.techtarget.com/feature/How-to-handle-challenges-with-API-security-and-efficiency .
Stafford, Jan. “Q&A: How to reduce API security threats, use Oauth, provision API keys”. TechTarget. Dec. 2014. Web. Feb.
2015. http://searchsoa.techtarget.com/feature/QA-How-to-reduce-API-security-threats-use-OAuth-provision-API-keys .
Stowe, Mike. “New Series: API Design Best Practices”. MuleSoft Blog. 6 Nov. 2014. Web. Feb. 2015.
http://blogs.mulesoft.org/api-best-practices-series-intro/.
Takahashi, Dean. “The new dial tone: How the API economy accelerates the growth of cloud apps.” The API economy panel
at CloudBeat. Sept. 2013 Web. Feb. 2015.
http://venturebeat.com/2013/09/09/the-new-dial-tone-how-the-api-economy-accelerates-the-growth-of-cloud-apps/ .
Willmott, Steve. “The Five Axioms of the API Economy, Axiom #4 – Organizations must provide core competence through
APIs.” 3scale. Sept. 2014. Web. Feb. 2015. http://www.3scale.net/2014/05/five-axioms-of-the-api-economy-axiom-4/.