The document discusses API sandboxes and their role in empowering developer experience. It outlines the developer journey and how sandboxes fit in by providing an isolated testing environment. Two common design patterns for sandboxes are described: cloning resources or using API mocks. The patterns each have strengths and challenges. The document recommends choosing a pattern based on factors like use case, budget, and API strategy. Overall, sandboxes are said to improve developer experience, expand API reach and growth, and increase revenue.
Axa Assurance Maroc - Insurer Innovation Award 2024
apidays LIVE Jakarta - API Sandbox: empowering Developer Experience (DX) by Faisal Banaeamah, Solutions by STC
1. 1
Faisal Mohammed Banaeamah – محمد فيصل
باناعمة
Just an Architect, Solutions by STC
banaeamah@gmail.com; fbanaeamah@solutions.com.sa
February 24, 2021
API Sandbox: Empowering Developer
Experience (DX)
3. 3
Solutions by STC at a Glance
Healthcare Education Real Estate Government
~24 K
Clients
https://www.solutions.com.sa/
4. 4
Agenda
• Developer Experience
• Developer Portal
• Case Study – Financial Services
• Developer Journey
o Steps in Developer Journey
• API Sandbox in Focus
• Design Patterns for API Sandbox
o Strengths
o Challenges
• API First Lifespan
• Which Design Pattern to Choose?
• Conclusion
6. 6
Developer Portal
A marketplace represents a channel of
(1) Publishing API
Plans Guidelines
(2) Communications
API Provider
API Consumer
(Developer)
A single point of
interaction
Developer Experience
(DX)
7. 7
Case Study – Financial Services
• Online payment channels
o To send money, make online payment, receive
money, process payment, … etc.
• Digital wallets
o To cash withdrawal, purchase, transfer money, …
etc.
• Get and use dummy data
o Credit card
o Account
• Simulate with dummy transactions
o Pre-Authorization
o Capture
o Purchase
o Refund
o Charge
o Transfer
8. 8
Steps in Developer Journey
Browse and
Discover
Explore and
Subscribe
Test and Consume
9. 9
Developer Journey
Developer Access Developer
Portal
Discover Available
APIs
Browse API Plans
(Packages)
Register for an
Account
Subscribe to an
API Usage Plan
Get API Access
Credentials
Explore API
Documentation
See Example Code
(or SDK)
Pay for the API
Usage Plan
Perform API Test
Requests
Execute Actual
Production Loads
10. 10
API Sandbox in Focus
Developer Access Developer
Portal
Discover Available
APIs
Browse API Plans
(Packages)
Register for an
Account
Subscribe to an
API Usage Plan
Get API Access
Credentials
Explore API
Documentation
See Example Code
(or SDK)
Pay for the API
Usage Plan
Perform API Test
Requests
Execute Actual
Production Loads
Here comes the
sandbox role.
• Provides a testing environment isolated
from the operational systems
• Protects the operational and transactional
system of record and data source
• Offers to developer free of charge traffic
11. 11
API Sandbox in Focus: 3 Focal Dimensions
Documentation
• Integrated with API
Documentation
• Industry specifications
• OpenAPI
• AsyncAPI
• … etc.
Behavior
• Behave similar to API on
production
• Decouple from underlying
implementation
• Security policy
• Keys or OIDC
Provisioning
• Self-service
• Access credentials
• API URL
• Dynamic plans
• … etc.
12. 12
Design Patterns for API Sandbox
API Sandbox via Cloned Resources
API Sandbox with API Mocks
13. 13
Implemented Resources
Cloned Resources
Contract BSS/OSS Data Store
API Sandbox via Cloned Resources
Developer
Client App
Developer
Portal
API Docs
API Lifecycle
Manager
System of Engagement (SoE)
API Management
API
Gateway
API
Gateway
Sandbox
Gateway
ETL
CI/CD
Pipeline
BSS/OSS Data Store
System of Record (SoR)
Testing Traffic
Production Traffic
Sandbox
Implementation
Contract
Decoupling
API Mediation
Data
privacy:
shuffling,
masking
14. 14
API Sandbox via Cloned Resources (Cont’d)
Strengths
Suitable for a program with many
interdependent components
Easy and straightforward to
implement
Simulates performance criteria
especially for internal components
Multi-staged deployment and
checks prior to production
Challenges
Needs effort to setup required
resources e.g. infra, licenses, … etc.
Expensive (cost inefficient) in term
of infrastructure resources
Requires endless synchronization
processes to maintain data
To maintain two environments at
same time; operational overhead
15. 15
API Sandbox with API Mocks
Developer
Client App
Developer
Portal
API Docs
API Lifecycle
Manager
System of Engagement (SoE)
API Management
API
Gateway
API
Gateway
Sandbox
Gateway
BSS/OSS Data Store
System of Record (SoR)
Testing Traffic
Production Traffic
Sandbox
Implementation
Mock Server
Contract
Decoupling
API Mediation / Mocking
CI/CD
Pipeline
Standard
contract
16. 16
API Sandbox with API Mocks (Cont’d)
Strengths
More friendly API-First strategy with
API design and mocking
Combines business-focused and
consumer-driven; agile and iterative
Optimizes IT resources efficiently
(cost/time) and effectively (functions)
Utilizes centralized stacks to support
many API programs at enterprise-level
Challenges
To change in delivery process to
include mocks as deliverables
To maintain horizontal mocking servers
for all delivery stages (DEV, QA, … etc.)
To upskill team (owners, analysts,
developers, testers, … etc.) in API-First
To use extra supporting tools for API
contract design and documentation
18. 18
Mocking
• Microcks
• SoapUI
• ReadyAPI
• Postman
• Stoplight Prism
• API Sprout
• … etc.
Supporting Tools
ETL
• Kafka Data Streaming
• Talend Open Studio
for Data Integration
• SQL Server Integration
Services (SSIS)
• … etc.
Design
• Apicurio Studio
• Swagger UI
• Apiary
• Stoplight Studio
• … etc.
Documentation
• Apicurio Studio
• SwaggerHub
• Swagger Inspector
• … etc.
19. 19
Which Design Pattern to Choose?
Decision
Factors
Use
Case
Budget
API
Strategy
Enterprise-
Wide
Per-
Program
API
Styles
REST
Event-
Driven