All about API

Our UX director often says that great API design encourages use and adoption. Delivering a successful API program requires a systematic approach to optimize the API user experience (APX) to make it convenient for the developer community to discover the API purpose, functionality, and updates. For example, an API for a Provider Compare dataset should return data that a beneficiary actually uses when searching for and selecting a provider. It is also important to start releasing an API incrementally so early users can provide feedback quickly.

The SIMPLE Experience

Public API development

For public APIs, it’s important to start with a pilot program and offer a sandbox with synthetic data. The developers who consume our APIs are part of the ecosystem that we need to build and support to drive the success of our API. eSimplicity’s CIO, Keith McFarland shares from the technical perspective that we need to ensure consistency in API reuse patterns and operations management including logging, metrics, privacy/security, etc. We have designed and developed APIs supporting these business functions: Content Administration, Authentication, Authorization, Data Transfer, Data Catalog, Data Transformation Services, Serverless APIs and API testing frameworks.

API guideline and standards

An API should be optimized to fulfill a specific business request in a specific context. Too often APIs are modeled after the design of the back-end services or applications they expose instead of the use case they fulfill. When creating APIs, eSimplicity uses an APX process and leverage gateway patterns, design patterns, and reference patterns. Large scale architectures with hundreds of microservices require gateways to create reliable API pathways, security, metrics, prioritization and authorization controls. Major cloud vendors such as AWS, Microsoft and Google regularly publish recommendations as API patterns continually evolve.

API security

API security is a continuous iterative process. New exploits are routinely discovered. eSimplicity uses an automated security focused DevSecOps pipeline to continuously test and improve the security posture of all project APIs. These efforts include ongoing developer OWASP training, automated scanning tools, and black-hat role playing.  We also ensure that we use correct authorization controls, obscure PHI and PII in logs, as well as regularly running penetration testing.