API Management and enterprise Integration

The Challenge
This major public organisation had been increasingly adopting an API led approach to application integration within the enterprise and the wider suppliers and third-party chains. As this becomes more widespread the need to establish an enterprise wide approach to managing and governing APIs becomes critical in order to minimise the total cost of ownership, increase re-use, simplify integration and enable data to be used more effectively used across the department. The proposed Enterprise API Management Service is envisioned as a shared Platform as a Service capability to be used to publish resources for internal and external services to consume. 

​

The Opportunity
Building the strategic integration platform for the organisation presented us with a huge opportunity to achieve some key enterprise integration objectives e.g.

• APIs are a key enabler for agile development decoupling services and using simple standards to access data services.

• The API lifecycle management features of strategic platform will enhance agile development and reduce organisation silos and barriers.  

• APIs should be discoverable and customisable to suit a client’s specific requirements.

• The integration platform would promote reuse and discovery by providing a developer portal which will enable integration and api client developers to discover, develop and test integration with APIs before implementation.

• apis should be designed for reuse. A key factor in re-use is granularity, such that APIs can become building blocks with solution patterns. 

• Consistency is required regarding data structure, representations, URIs, Error messages and the behaviour of APIs.

Keeping in consideration above needs and opportunities, we designed ,built and deployed the organisation integration platform using modern devops tools and practices.

​

The Outcome
Working  with the organisations enterprise and solution architecture community we proposed the design for enterprise integration capability which was approved by relevant authorities. The platform was then built from scratch. The enterprise integration platform was underpinned by Microsoft API gateway and consumed number of other Azure PAAS services such as Application Gateway, traffic manager, App services, Keyvault integration, Application insights, Azure SQL PAAS  and several others.

​

Additionally the organisation had several third-party consumers who needed to be safely authenticated and authorised for various system APIs. We integrated the platform with the Microsoft Azure B2c (Business to consumer) service enabling third-party identity journeys such as user sign-in, sign-up, password-reset and several others in a secure way. Custom policies were put in place to ensure proper threat analytics were built-in in the system and user journeys were logged and monitored for forward feature planning.

​

We worked collaboratively with the various teams to understand their needs and then subsequently build a devops tooling for them enabling them to publish, discover and consume the apis and systems within the organisation. The initial api catalogue built by us was widely credited and used by several services within the enterprise.

​

We also built a platform wide backup and restore capability which provided a scheduled nightly backup functionality for all services instances in each environment. The platform was pen (penetration) tested by a  third-party and passed with no objections. The platform built by us is now used by many teams within the public organisation as well as several third-parties to build modern api led integration reducing lead time to value generation.