apidays Australia 2023 - Unlocking The Power: The Importance Of API Registration, David Manolitsa, Marlo

Transcript

1. The Importance of API Registration Apidays Melbourne 2023 David Manolitsas

2. None

3. Now what? API Gateway Implemented!

4. "How do I manage API registration across the organization?" "How

   can I apply API governance across an API portfolio?"

5. API Registration Accelerate API deployments Streamline the developer experience Facilitate

   API Governance Promote API discoverability

6. Why API Registration? Automate onboarding Verify business and team API

   standards Ensure consistent and repeatable deployments Manage environment workflows

7. Open API Specification Derive information from Open API Specification (OAS)

   to automate API registration Generate gateway configuration Publish OAS to a target API portal

8. OpenAPI Extensions Define generic config as an OpenAPI extension Enable

   developers to utilize gateway features Enhance APIs based on a services requirements

9. Extensions Capabilities Define gateway features in the OAS Configuration is

   gateway agnostic Map generic config to gateway specific configuration

10. Extensions Capabilities Define gateway features in the OAS Configuration is

    gateway agnostic Map generic config to gateway specific configuration --- x-plugins: rate-limiting: config: second: 3 minute: 40 hour: 120 policy: local request-size-limiting: config: allowed_payload_size: 128 size_unit: megabytes require_content_length: false

11. API Registration Modules Lint Modules

12. API Registration Modules Lint Validate Modules

13. API Registration Modules Lint Validate Process Modules

14. API Registration Modules Lint Validate Process Apply Modules

15. API Registration Pipeline

16. Lint Module Analyzes the OAS against the provided schema Completes

    type checking Schema is configurable and extendable Flags errors detected in the OAS

17. Validate Module Validate the custom OAS extensions Detect Guard Rail

    violations in the OAS extensions Outline policies and processes for API Governance

18. Guard Rails Define clear standards for API development Improve the

    quality, consistency and security of APIs Ensure APIs are compliant with organizational objectives

19. Guard Rails Define clear standards for API development Improve the

    quality, consistency and security of APIs Ensure APIs are compliant with organizational objectives --- x-plugins: rate-limiting: config: second: 3 minute: 40 hour: 120 policy: local request-size-limiting: config: allowed_payload_size: 128 size_unit: megabytes require_content_length: false

20. Guard Rails Define clear standards for API development Improve the

    quality, consistency and security of APIs Ensure APIs are compliant with organizational objectives --- plugins: rate-limiting: usage: required config: second: usage: optional min: 5 max: 10 request-size-limiting: usage: optional config: size_unit: usage: optional values: - bytes - kilobytes - megabytes

21. Guard Rails Define clear standards for API development Improve the

    quality, consistency and security of APIs Ensure APIs are compliant with organizational objectives --- x-plugins: rate-limiting: config: second: 3 minute: 40 hour: 120 policy: local request-size-limiting: config: allowed_payload_size: 128 size_unit: megabytes require_content_length: false Log: [ERROR] validate: Line 3 - rate-limiting second config is below min value of 5

22. Guard Rails Centralized repository for API policies and processes Hierarchical

    guard rails provides flexibility Layered rules across various segments of the business config/ └── guard-rails/ ├── environment/ │ ├── dev.yaml │ ├── test.yaml │ └── prod.yaml ├── team/ │ ├── loan.yaml │ └── accounts.yaml └── org.yaml

23. Process Module Transpose gateway agnostic configuration Enable gateway features across

    APIs Manage API features across the business

24. Defaults Centralized repository for API policies and processes Define gateway

    features across API portfolio Promote API standards and policies

25. Defaults Centralized repository for API policies and processes Define gateway

    features across API portfolio Promote API standards and policies --- api: rate-limiting: config: second: 10 policy: local post: request-size-limiting: config: allowed_payload_size: 64 size_unit: megabytes

26. Defaults Centralized repository for API policies and processes Define gateway

    features across API portfolio Promote API standards and policies config/ └── defaults/ ├── environment/ │ ├── dev.yaml │ ├── test.yaml │ └── prod.yaml ├── team/ │ ├── loan.yaml │ └── accounts.yaml └── org.yaml

27. API Security Automatically apply authentication to an API Supports a

    range of API authentication methods Enforce API authentication standards

28. Apply Module Generates gateway configuration files Extendable to future gateway

    versions and providers Apply configuration to gateway template files

29. API Registration Overview Lint Validate Process Apply API Registration OAS

    Publish Guard Rails Defaults </> </>

30. API First Importance of API design and documentation Establish consistent

    and reusable API contracts API Registration is the building block for an API First approach

31. Benefits & Value Add Automated API onboarding Easily govern API

    development Increase speed to market of APIs

32. GitLab Project API Registration is open sourced under the Marlo

    public GitLab repository https://gitlab.com/themarlogrouppublic/api-registration