API Lifecycle Management: Policy-driven Development, Deployment, and Retirement of APIs

APIs are the building blocks of the interconnected world we live in today. Hence, like a feature of a product, APIs too should be well-planned, built, managed, updated, and retired. Having a defined process for the APIs that are being created is termed API lifecycle management. 

 As Druva is a SaaS-based cloud backup and recovery solution, customers often look for APIs to integrate with third-party tools or in-house dashboards. These tools help them monitor the health of their IT ecosystem and automate actions in case of a crisis. Druva has made this possible via REST APIs. They can be integrated with third-party tools like Ansible, Chef, ServiceNow, and many others. Druva’s customers use these APIs to automate the day-to-day tasks of the Druva administrator. This eliminates the necessity of logging on to the Druva Cloud Platform for trivial tasks.

At Druva, we wanted to build APIs that customers can use to integrate a wide range of products. For this, we took the REST APIs route. However, right from the get-go, we knew that we needed a strategy so that all functions across Druva follow an established process to maintain consistency and viability of the APIs. To achieve this, we built a robust API lifecycle management system.

What Is API Lifecycle Management?

API lifecycle management is a process that tracks the API stages from its design to retirement. It includes stages like analysis, design, development, testing, deploying, documenting, managing, and retiring.

Why Is API Lifecycle Management Important in the Context of Data Protection?

API lifecycle management enables APIs to be easily discoverable, adaptable, and deprecable.  It also ensures that they are properly managed and secured.

6 Stages of API Lifecycle Management

Typical API lifecycle management consists of 6 phases.

1. Plan
2. Design
3. Develop
4. Deploy
5. Document
6. Deprecate

These six different stages are owned by different teams. If there is no standard guideline, then there will be no common best practices or standards that are followed. This may result in slow development, testing, and customer adaptability.

That’s where the API lifecycle is helpful. It enables developers to follow well-defined procedures, guidelines, and standards. These not only help in developing an API, but also help in testing, deployment, documentation, and retirement of an API.

API Lifecycle Management at Druva

This section explains how we use API lifecycle management at Druva and goes into the details of every step that we follow.

1. Plan 

In the planning phase, we identify the operations that the API will perform. Each operation is evaluated with its business use case and how it will benefit the customer. Once such operations are finalized, they are considered for the API design. One should always make sure that the API is resource-centric and facilitates the consumer for basic CRUD operation. 

2. Design

The APIs are designed using REST protocol as it has benefits like simplicity, ease of use, scalability, and many more. Along with the protocol, we design the API signature. It’s the API contract and should be easy to understand for customers and be consistent across Druva products. This is the most important phase as it focuses on various aspects of the API, such as architecture, resource naming, specifications, and request and response structures.

3. Develop

Based on the plan, the API is implemented with ease and in tandem with the API design. We made this possible by creating API guidelines that state the exact steps to follow while designing and developing. Application-specific middleware and lib functions help in speeding up the implementation process in turn helping the organization with the quick releases of APIs.

4. Deploy

We developed CI/CD pipelines to test the APIs in various pre-production environments with detailed test scenarios to make them robust. We leveraged Open API Specification 2.0 to achieve a seamless deployment process. This was done by writing a pipeline that will convert the API specification written in Golang into Swagger JSON format containing the deployment specifications. This gave great control to developers by removing additional dependencies on the DevOps team.

5. Documentation

We have well-documented API specifications and guides on the Druva Developer portal. This portal is the best resource for customers who want to get started with API integration. For example, when you generate an authentication token, the portal shows how the request will be integrated with various programming languages. It also provides the functionality to run the API on the portal itself and check the output. 

6. Deprecation

This involves continuous support of existing and new features in the APIs that are already available. Backward-compatible and incompatible changes are managed through API versions. These API versions are maintained till their deprecation. Before deprecating an older version of an API, we notify all the consumers of the API regarding the deprecation. Once all consumers migrate to the new version of the API within the defined timeline, the older version of the API is removed from the Druva Developer portal. 

Maintaining the lifecycle 

A process is good as long as it’s followed. As Druva is in a high-growth phase, the development team is rapidly expanding and getting bigger and more distributed. In such a situation, ensuring that everyone sticks to the guidelines is a challenge. 

To overcome this challenge, we ensured that the API lifecycle management process is part of the developer onboarding process. Developers are encouraged to go to the Druva Developer portal and try out the APIs. Introducing the concept early helps new folks be aware of this methodology and they are able to recollect it quicker when they start working on APIs. 

We urge you to visit the Druva Developer portal and try out our interactive APIs.