Public API development
For public APIs, it’s important to start with a pilot program and offer a sandbox with synthetic data. The developers who consume our APIs are part of the ecosystem that we need to build and support to drive the success of our API. eSimplicity’s CIO, Keith McFarland shares from the technical perspective that we need to ensure consistency in API reuse patterns and operations management including logging, metrics, privacy/security, etc. We have designed and developed APIs supporting these business functions: Content Administration, Authentication, Authorization, Data Transfer, Data Catalog, Data Transformation Services, Serverless APIs and API testing frameworks.
API guideline and standards
An API should be optimized to fulfill a specific business request in a specific context. Too often APIs are modeled after the design of the back-end services or applications they expose instead of the use case they fulfill. When creating APIs, eSimplicity uses an APX process and leverage gateway patterns, design patterns, and reference patterns. Large scale architectures with hundreds of microservices require gateways to create reliable API pathways, security, metrics, prioritization and authorization controls. Major cloud vendors such as AWS, Microsoft and Google regularly publish recommendations as API patterns continually evolve.
API security is a continuous iterative process. New exploits are routinely discovered. eSimplicity uses an automated security focused DevSecOps pipeline to continuously test and improve the security posture of all project APIs. These efforts include ongoing developer OWASP training, automated scanning tools, and black-hat role playing. We also ensure that we use correct authorization controls, obscure PHI and PII in logs, as well as regularly running penetration testing.