Guest post by Lorinda Brandon. Lorinda Brandon is the Senior Product Mktg manager for API Products at SmartBear Software and has worked in the high tech industry for various companies, including Intel/Mashery, RR Donnelley, EMC, Kayak Software and Intuit, among others. She often speaks and writes about APIs, from a technology and business perspective. Follow her on Twitter @lindybrandon.
One of the turning points for many organizations is that moment when they decide to host their API on an API management platform. Usually, the driver for this is the realization that your API is a business-critical asset for you and you need to invest in the infrastructure that provides stability, oversight, and reporting. But all too often, businesses view an API management platform as the sole investment they need to make in their API.
If your API is integral to your business objectives, you need to invest in more than just the operational aspects of it. Whether your API is available to external development teams or internal product teams, you should make sure you have a robust API Readiness plan, just as you would prepare a Product Readiness plan for a standard application. As you develop and manage your API, you need to continually ask: is it ready?
In an effort to make it easy for you to answer this basic question, IBM and SmartBear have joined forces to create an integration that brings the two technologies together. By using the IBM API Management plugin for Ready! API, you can focus on API quality in addition to API operations. The plugin provides functionality for both the API Consumer and API provider, regardless of whether you are using SOAP or REST as your protocol.
For API Consumers
API consumers rely on third party APIs to provide critical functionality for their applications. Itâ€™s important for API consumers to focus on the quality and availability of any APIs they rely on. So, what are the most essential things for an API consumer to focus on?
Validate functionality and resiliency
There are many ways to test APIs as part of your application project. You can choose to test them passively by simply testing your application. But if there are issues with your applicationâ€™s behavior, you can end up wasting valuable time troubleshooting an issue that is caused by poor API behavior. Rather than trusting your API provider to perform the kind of robust testing you would perform, you should run some basic API tests on any API you rely on.
- Continuous functional testing â€“ use the service description to generate a test suite that steps through all of the API methods so you can quickly create a smoke test that can be hooked to your build system. In addition to validating API behavior on a continual basis, this technique will also catch any changes made by the API provider that might impact your applicationâ€™s functionality.
- Monitoring â€“ if you rely on it, you should monitor it. That philosophy applies to APIs as well. A well-built API monitor focuses on the most important business-critical aspects of the API and includes only the steps that are tied to that functionality. For example, if product search is critical to your application, make sure you have a monitor that checks those API responses (as well as the response times) so you know that your usersâ€™ experience isnâ€™t compromised.
Virtualize for application testing
Where many people fall short on their application testing is testing the applicationâ€™s response to API failures. If you are using third party APIs and you only have access to their production APIs, itâ€™s very difficult to cause an API failure so you canâ€™t validate that your application fails gracefully when the API fails. Considering that the API is providing part of your functionality and therefore having a big impact on the user experience, this is an important gap in many development projects. One way to close that gap is to create virtual versions of the APIs you rely on. You can essentially create a sandbox where you can generate API failures, sub-optimal server conditions, and overloaded APIs without hitting any of the production APIs.
How does the IBM API Management plugin help API Consumers?
The IBM API Management plugin lets you select any APIs you have access to on the platform. Once youâ€™ve selected the APIs you want to work with, Ready! API will read the service description for the API and automatically generate a test suite for you based on that description. Likewise, with a few simple clicks you can create virtual versions of those APIs that let your application testers exercise your code against various API responses and response times.
For API Providers
Just as with any product you develop, the responsibility for ensuring API quality rests on you. When you make your API available for people to use, you are essentially releasing a product to market. Make sure you take the appropriate steps so your consumers can trust your API â€“ itâ€™s a competitive world out there and they do have other choices. How do you ensure API quality?
Commit to a full range of tests
Running a smoke test against your API doesnâ€™t count for ensuring API quality. Smoke tests tend to be â€śhappy pathâ€ť tests, validating that the code responds as expected when given reliable requests. Your consumers need more than that. They need to know that you have exercised your API completely to verify that it works properly under a variety of conditions and inputs, can generate reasonable and reliable error messages, and can scale to handle your user volume. Make sure they can rely on you by performing the same kind of testing you would perform on any other product you deliver to market.
- Functional â€“ this is more than â€śhappy pathâ€ť testing. Validate your APIâ€™s response and behavior when the expected AND the unexpected happen.
- Load â€“ API load testing is a complicated beast because your load is really the culmination of the volume incurred by all of the applications using your API. Understanding your API thresholds will let you set the right rate limits and throttles.
- Security â€“ Protect your data and your consumers by running a variety of security scans against your API.
Provide virtual APIs for development and testing
Your API consumers need to perform similar types of tests for their application, which means they need to simulate a variety of conditions related to your API performance. Give them the tools they need so they donâ€™t load test their application against your production APIs or cause instability for your APIs because they are trying to break them. By creating virtual APIs for them to use in their application testing, they can perform all of their sandbox actions without impacting your production APIs.
How does the IBM API Management plugin help API Providers?
Before you publish your API to the IBM API Management platform, make sure you take all of the steps necessary to ensure API Readiness. The Ready! API platform provides tools that allow you to perform all of these activities before you make your API generally available. When youâ€™re ready, you can use the IBM API Management plugin to publish your API to the platform and make it available for your consumers.
To try the IBM API Management plugin, download your free trial of Ready! API (or use your existing licensed copy) and select the plugin from the Plugin Manager. You will be able to access the IBM API Management portal to read in an API from the platform or publish an API to the portal.
Sign-up here for a 30 day free trial version and start building your APIs right away using IBM API Management Service.Â
Follow IBM API Management @ibmapimgt to find out more.