One size doesn’t fit all: API Versioning and Mediation »

(continuing our series on API roadmap considerations)

TrueCredit.com tells a story of calculating they would need thousands of IP addresses for all the different versions and flavors of their open API - to account for different variations and versions needed by partners.  

Even if you have a ‘one sized fits all’ API - you might need to be able to transform data, mediate terms or customize SLAs without coding each change or a creating a new version of the API. Reasons could include:

•    Protocol needs - A SaaS customer with a REST API had an important deal on the table with a bank, but the Bank insisted on a SOAP API with WS-Security.  Some SOAP shops want to offer a RESTful API because it’s easier for developers to work with. And you might need to transform between different syntaxes of SOAP, REST, or REST/JSON, etc...
•    Monetization – You might want to sell a premium version of your ‘one size fits all’ free API.   For example, a search API provider wanted to do a BD deal with it’s free API and needed to insert extra data ('enrich the API' as they called it) the partner wanted to pay for.
•    Standardization –  A customer of ours grew from offering 1 API to 40, and needed to add some standard fields to each API - enforcing some consistency without needing to coordinate a bunch of teams to write code.
•    Versioning - Ever used an API where you get an email every month asking you to upgrade to a new version?   TrueCredit wanted to provide API upgrades to customers that needed it while holding the API fixed for everybody else longer, to reduce versioning headaches.

So you may need to figure out how you to provide and manage different flavors or versions of the same API – or ‘mediate’ (or transform) API content and syntax.

Alternatives might be to support multiple APIs (painful), hold off as long as possible and push back on customers to snap to a ‘one size fits all’ model (more painful), or create a ‘mediation’ capability or layer that can transform between different ‘shapes of the API – protocol, data, version, credentials, etc.

(And going back to TrueCredit’s story at the top, this is what led them to think about an API gateway for mediation, caching, load balancing, and more.)

So ask if and when any of these issues might apply to your roadmap:

Will you need to mediate protocols?

• Will you need to offer more than one protocol or a different protocol?  (SOAP for enterprise customers? REST or JSON for developer adoption? )
• Would you ever need to map across different security or credential schemes?  (ex: from simple HTTP auth to WS-Security)
• Will you need to handle syntax issues across a particular protocol (SOAP 1.1 vs. 1.2, etc.)
• How important will it be to minimize API versions?

How important is version management?

• How often will you need to release upgrades to the API?  What is your process for asking customers to upgrade and how long will it take to sunset a version?
• If you offer more than one API, any need to standardize elements of the API (header or payload)?  Do different teams need to do this or does it make sense to put this capability at one point?

Will there be a need for payload transformations?

• Will you ever need to enrich an API for a particular customer or class of service?  (such as a big customer that licenses more data..)
• Will you need to remove or clip certain fields for certain customers or classes of service?
• How fast will you need to turnaround these requests for the business vs. your dev or product cycle?

A mediation layer (see more flavors here) can be important to handle complexity so you can focus development on business specific API capabilities.

(and thanks to collinanderson for the photo)