• Strategy-Driven API

Lifecycle Sample
Proposal
Strategy-Driven API Management Objectives
CLIENT would like to define and implement an API management program that drives
CLIENT’s strategy across the API lifecycle.
CLIENT’s API Strategy Key Objectives

Common Services Platform: APIs expose data • Confirm the desired use cases and the success
and resources that as part of an API strategy deliver conditions that result from the API strategy.
business agility and value; support internal
integration and reduces the work involved in • Define API management policies around security,
developing applications for multitude of platforms traffic management, and analytics needed to
such as iOS, Android, Windows and Mac support the use cases.

Self-Service Model (Development Partner • Build repeatable policy blocks and patterns that
Network): Expose key services via APIs to enable bakes-in best practices and the necessary
self-service models that helps others help monitoring and management to implement the
themselves. This access enables internal groups, policies at the API gateway, the end-client
partner organizations, and independent developers interface, and the backend REST service.

Opportunity to Monetize: Expose unique services • Demonstrate use of policy block patterns by
and data that enable partners and drive usage; applying the patterns on the API set.
create an opportunity to monetize. • Design the visualization dashboard.
• Configure the developer portal.
• Develop the operations playbook for on-boarding
and tracking users and APIs.
• Install out-of-the-box on-premise API gateway
Scope of Strategy-Driven API Lifecycle Work
Implement end-to-end management policies and operations, apply to existing APIs

SCOPE OF WORK: Accenture implements a strategy-driven API lifecycle that adds the reusable,
standardized management model to CLIENT’s API program.

DESCRIPTION OF WORK: Starting with CLIENT’s goals and use cases, Accenture will develop the
API management policies, implement them within the CLIENT environment, and demonstrate their
effectiveness as applied across an existing set of CLIENT’s APIs. The result is a working prototype
that is near production ready.
IN SCOPE: OUT OF SCOPE:
- Install Apigee API Gateway (OOTB or cloud- - Install Multi-site On-Premise Deployment
based) (additional 6 weeks of 2 FTE)
- Design Reusable API Management Patterns - Develop Custom Developer Portal (e.g.,
(across API Gateway, client interface, backend custom governance and approval flows)
interface) - Implement Custom Analytics
- Build API Patterns as Policy Blocks - Perform Functional Testing
- On-Board and Apply Patterns to Existing API
Set (assume ~35 APIs)
- Produce Reference Implementation
- Perform Reference Testing
- Complete Production Sizing
- Configure Developer Portal and Analytics
Dashboard
- Document Operations Playbook
API Management Implementation Approach
API Management program will need a phased approach based on first identifying
relevant use cases and then designing the standard patterns of instrumentation, security,
traffic management, etc. Build and application of API grows the patterns by adding one of
the desired policy at a time across the API gateway, client interface, and backend services.

Plan & Setup Apigee On-Premise Build and Apply API Patterns Test and Handover
Setup Identify Set of Implement Design Test and Handover
Apply Patterns
Environment Design Patterns to Patterns
Support Use Cases … To
1 6 11
8 Production
4 Developer
API Review Client Interface Apply to Developer
API Review Defined Standard Portal
existing APIs Portal
Defined
AccessStandard
Patterns
Access Patterns

2 7 12
API Gateway 9
Setup Apigee Policy Reference Operations
Setup Apigee
environment 5 Performance Operations
environment Playbook
Test Playbook
Direct pass
Direct pass
through
through
of APIs 8
3 throughofApigee
APIs
Backend Service 10
On-board through Apigee Backend Service
On-board Interface Augment Analytics
current APIs Interface
current APIs and Visualization

Leverage Techlabs team’s Gradual application of patterns to

Resulting Reference
experience with patterns based on existing on-boarded APIs
Implementation of Use
user class, device, location, etc. Case
API Management Project Delivery Plan
API Management project will be done in three stages to ensure the success of the roll-out,
based on our analysis.

Project Setup Implementation Release Readiness

Discovery-Sprint 0 Sprints Final Tests & Deploy

Key Activities:

• Identify key use cases to support • Implement Management Patterns • Package reference
API strategy as Policy Blocks at the API implementation of use case
• Design standard Management gateway, client interface, and • Configure developer portal
Patterns contained in use case backend service • Document operations
• Environment & tools setup for • Apply policy blocks and patterns • Size infrastructure needs and
working PoC to existing APIs performance characteristics to
• Develop test approach and plan • Verify correctness and flexibility standup production
of policy blocks and patterns • Conduct training sessions
<See Slide 10 for more details>

Major Deliverables:

• Standard API Management • Policy Blocks • Reference Implementation of

Patterns • Design Patterns Key Use Case
• Project Approach • Application of Patterns on • Analytics Visualization
• Test Approach Existing APIs (Over ~35 APIs) Dashboard
• OOTB Apigee Gateway • Reference and Performance Test • Operations Playbook
Installation, On-boarded APIs • Test Plan, Conditions, Scripts, • Developer Portal
Results
Implementation Process
Build management patterns by adding standard reusable blocks for each policy to add to
the “your code here blocks.” Sprints tackle one policy at a time.

• Implementation stories will go 35 APIs

through a common path 3 Use Cases
3-5 Design
 Confirming the functionality Patterns
and business needs of the
policy per the use case
 Develop the standard policy
block that implements 1 policy
 Apply the policy block to
appropriate APIs; update unit
test cases if needed Project Management
 Test the functionality Quality Control
 Incorporate the policy into the Detailed Migration Process
code block
Analyze Update & Test Deploy
 Update the analytics and Compile
visualization
• Maintain continuous integration
with automated & manual
functionality test during the
sprints
New Standard Policy
Block to Pattern
Application of Updated
Pattern on APIs
API Management Estimated Timeline
Current plan indicates the implementation effort can be completed in a 8-22 week schedule
depending on the number of policies to be implemented, leveraging an Agile approach with
2-week sprints
1 2
Sprint 0 Sprint 1 to n (1 sprint/policy block) 3 Final Sprint (s)

• Standard API • Policy Blocks, e.g.,: • Reference Implementation

1 sprint
Management Patterns o Instrumentation • Developer Portal
• Project Approach o Traffic management Configuration
• Test Approach o Authentication • Operations Playbook
• Apigee Gateway o Serialization
Installation o Encryption ---- optional-----
• API onboarding o Caching • Infrastructure sizing for
o Client Telemetry production

1 sprint
o Service Interface (e.g., • Analytics Visualization
messaging) • Customized Developer
• Pattern Creation Portal
• Application to APIs
• Reference Testing
• Analytics Integration

Assumptions and Considerations

Out of the box Apigee gateway installation or cloud deployment
Backend REST services complete—Handoff to API Management Team expedited by CLIENT and existing Accenture team.
User story consists of the implementation and addition of one policy as a policy block to the pattern
2 week sprints based on experience adding differentiation at the management layer (e.g., based on users, device type, location)
Reference testing focuses on functional and performance testing around the management layer, assumes backend services is correct
Existing test cases and scripts can be used for reference testing with addition of user, device, or location features
Delivery Roles and Responsibilities
The following is a summary of core responsibilities for Accenture delivery roles

Role Primary Responsibilities

Tech Lead • Drive delivery approach and plan, aligning with CLIENT and industry standards
• Lead technical design, development and unit test of the solution, sprint planning and execution and
defect support for QA activities
• Manage delivery quality processes including continuous integration, peer and oversight review and
solution demos
• Identify and communicate issues and risks, create and execute mitigation plans
Architect • Lead API gateway architecture design and review effort
• Act as a SME, working with Apigee to resolve product-related technical issues
• Coordinate with CLIENT architect and business teams to ensure the overall approach is inline with
CLIENT roadmap
• Conduct architecture review and code-review on updated code
Developer • Implement policies across API gateway, client interface, and backend services wrapper
• Update and perform unit-test, if applicable
• Participate in the full development life-cycle: analyze, design, implement, test
• Support QA activities such as bug fixes
QA/BA Lead • Responsible for creating test strategy and detailed test execution plans
• Coordinate closely with CLIENT QA, RM, Product owners to understand & document functionality
and test conditions
• Create/compile test artifacts such as test cases, test scripts, and report on test execution status
Test Engineer • Create/compile test artifacts such as test cases, test scripts
• Perform manual test execution and report status
Apigee Consultant • Assist in design and certify the API management approach
• Work with Architect to provide a solution that meets CLIENT business needs
Cost Estimate
# of policy Example policy blocks to # of final Total number Length (in Cost ($)
blocks to implement sprints of sprints* weeks)
implement

2 • Authentication 1 4 8 <see
• Traffic Mgmt spreadsheet>

4 All of the above plus: 1 6 12 <see

• Instrumentation spreadsheet>
• Encryption

6 All of the above plus: 2 9 18 <see

To be updated
• Serialization spreadsheet>
• Caching

8 All of the above plus: 2 11 22 <see

• Client Telemetry spreadsheet>
• Service Interface (e.g., messaging)
*= 1 initial sprint + # of policy blocks + # of final sprints
Assumptions and Considerations
~35 APIs with 3 Use Cases result in 3-5 Patterns each with up to 8 policy blocks (see table above)
Average delivery team size is 5
Out of the box Apigee gateway installation or cloud deployment
Backend REST services complete—Handoff to API Management Team expedited by CLIENT and existing Accenture team.
User story consists of the implementation and addition of one policy as a code block to the pattern
2 week sprints based on experience adding differentiation at the management layer (e.g., based on users, device type, location)
Reference testing focuses on functional and performance testing around the management layer, assumes backend services is correct
Existing test cases and scripts can be used for reference testing with addition of user, device, or location features
• Appendix
API Management Benefits
Strategy-driven API lifecycle management provides the visibility and control into the users
and use cases to ensure that your API strategy remains on track.
Challenge / Pain Point Recommendation and Considerations

No visibility into API access Implementation of an API gateway (Apigee) combined with support from
performance or usage. lightweight client telemetry exhausts and IT service monitoring provides visibility
into API health and usage. Analytics and visualization track against the key
metrics to support the API strategy. Required step for monetization and
troubleshooting.

APIs for internal use only. No Design of security policy at API gateway and across standard management
implementation of authorization pattern that captures best practices. Scope of access vetted weighing both the
and authentication. enablement of the identified user stories and data governance.

Any differentiation requires Handling of traffic management, mediation (e.g., XML<->JSON transformation,
updates directly within the SOAP validation), security, and custom mash-ups (i.e., service-callouts) as a
backend REST services. standard design pattern in the API management layer preserves the API façade
that separates access updates from backend service implementation.

Ad-hoc definition and promotion Definition of a common methodology and framework for documentation,
of APIs is not sustainable amidst promotion, versioning, and decommissioning of APIs.
rapid API growth.

Focus on backend REST Development of management patterns in the form of “Your Code Here” blocks at
services use cases the API gateway, client interface, and backend. Application of design patterns
across existing APIs. Demonstration of end-to-end user scenario.
Strategy-Drive API Lifecycle Workshop
An Accenture facilitated API Strategy Workshop confirms the goals and existing APIs, and
identifies the set of design patterns needed to be supported by the API lifecycle in order to
enable desired use cases.
Drive policies and monitoring

What access What are key

What do you What data is Who are the
should you indicators of
want to do? required? end-users?
enable? success?

Pass through
Mobility Program Customer Internal Security
Revenue

Reduced
Accelerate
End-User Business Partner Caching Implementation
Development
Time

Value of 3rd Party

Monetize Content Paid user Transformation
Applications

PII Free user Traffic Shaping

 Standardized Policy Block Patterns
Realize design patterns as combinations of standard, reusable policy blocks that allow for “your
code here” customization while ensuring built-in best practice at the API gateway façade, the
client interface, and the back-end service
Sample Pattern Behavior Decision Criteria Consequence

Cache as SoR All data - Smaller data set - DB offline operation

(System of cached - Limited parameters - Best synchronous
Record) before hand - Low volatility data performance
- High cache hit % - Published contract

Read-through Data - Larger data set - Synchronous

cache cached on- - Limited parameters - Requires HA DB
demand - Volatile data - Published contract
- High cache hit %

Direct reads Always read - OData queries - Synchronous

from the DB - Volatile data - Requires HA DB
- Large data set - Schema changes
- Low cache hit % or
data isn't cacheable

Write through Service - Granular changes - Asynchronous write

service performs - Highly scalable - DB offline operation
write - Published contract
operation

Publish / Real-time - Always publish - DB offline operation

Subscribe notification - Highly scalable - Published contract
- Real time updates - Asynchronous
- Loosely coupled systems
API Management in Apigee
Apigee API Gateway provides the management façade between access and back-end
services providing the opportunity to implement policies along the request and reply path.
Backend Services
Apigee API Gateway
Target URL
OAuth Rate
Limit

API façade URL Target URL

Request

…
Ave. Mash- XML
Delay up JSON
Target URL
Applies a series of policies both on the incoming
flow before routing a request to a backend service
and on the outgoing flow after intercepting the
fulfilled request

Add Policies
• Traffic management protects your backend services from high traffic (e.g., rate limit, cache)
• Security controls who can access your APIs (e.g., OAuth)
• Mediation provides data transformations (e.g., JSON, XML)
• Extensions implement custom behaviors (e.g., Java, Javascript, Python, mash-up via service callouts)
• Custom analytics monitors the use and health of APIs
API Management Testing Strategy
API Management Testing focuses on the correctness and the performance of the API
management layer. Assumes correctness from the base APIs used for reference.
Perform component and integration testing per policy block. Key focus paid to the
behavior under high load conditions.
Per sprint:
• Document policy specific
conditions and test cases
(Sprint 0 baseline existing APIs
and simple pass through Apigee)
• Manual testing using Apigee Trace
functionality
• Jmeter to simulate high load
conditions

Deliverables
• Tests Plan, Conditions, Scripts,
Results
• Documentation of using Apigee
Trace functionality
TechLabs Bios
Teresa Tung is a Manager at Accenture Technology Labs where she leads the Self-Managing
Systems R&D Initiative whose mission is to bring innovation to design, architect, deploy, analyze,
and manage large complex enterprise systems in the context of hybrid cloud. Her team builds
systems that autonomously scale, heal, and protect itself across the entire technology stack –
from the infrastructure to the business process. Teresa holds a Ph.D. and an MS in Electrical
Engineering and a BS in Electrical Engineering and Computer Science, all from the University of
California at Berkeley. She applies the concepts from her Ph.D. thesis on QoS in Networking to
designing reliable, adaptive, distributed architectures.
Qing Xie is a Researcher at the Accenture Technology Labs. She received her MS and PhD in
Computer Science in 2002 and 2006 respectively from the University of Maryland, College Park.
She has published more than 20 papers at premium conferences and journals. She is a recipient
of the best paper awards from the International Conference of Software Testing, Verification and
validation (ICST'09) and International Symposium on Software Reliability and Engineering
(ISSRE'10). Her research interests include software testing, software reliability, software
maintenance, and data privacy. She is a member of the ACM Sigsoft and the IEEE Computer
Society and has served on program committees of several international conferences and as the
reviewers of reputable journals.
Qian Zhu is a Researcher at the Accenture Technology Labs. She received her MS and PhD in
Computer Science and Engineering in 2008 and 2010 respectively, from the Ohio State
University. She has published more than 25 papers at premium conferences and journals. She is
nominated for the best student paper at the SuperComputing (SC09) conference. Her research
interests include cloud computing, adaptive systems, machine learning and data steam
processing. She is a member of the ACM Sigsoft and the IEEE Computer Society. Qian has
served as program committee members for several international conferences and as the
reviewers for reputable journals
Edy Liongosari is a Managing Director at Accenture Technology Labs where he is responsible for
driving innovation in architecting, building, maintaining and operating complex software systems.
He leads his R&D team in defining a multi-year R&D agenda, generating ideas, building
prototypes, piloting them inside Accenture and to its clients and alliance partners.