These are the tests that can be run that apply to the gateway.
These are the areas of tests that can be applied at the gateway layer, augmenting earlier testing and governance to ensure configurations are present at the gateway.
- Caching - null
- Cross-Origin Resource Sharing (CORS) - Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos. Certain "cross-domain" requests, notably Ajax requests, are forbidden by default by the same-origin security policy. CORS defines a way in which a browser and server can interact to determine whether it is safe to allow the cross-origin request. It allows for more freedom and functionality than purely same-origin requests but is more secure than simply allowing all cross-origin requests. The specification for CORS is included as part of the WHATWGs Fetch Living Standard. This specification describes how CORS is currently implemented in browsers. An earlier specification was published as a W3C Recommendation.
- Keys - API keys provide the simplest form of access to an API, allowing consumers to sign up for an account, define what their application is, and then receive a key they can include in headers or other parameters to identify themselves, ensuring that API producers are fully aware of everyone who has access to an API, and all consumers have a way to clearly identify themselves and receive personalized usage data for each key.
- Logging - Like other API infrastructure, the logging of webhook calls is a common part of system operation, providing a record of every webhook transaction that occurs.
- Models - Artificial Intelligence and machine learning models are developed, iterated upon, and applied in increasingly modular ways using APIs. That’s because APIs can access the data we have stored in databases and collected from daily operations and use it to iterate upon algorithms to make them more useful.
- Plans - Organizing APIs and their consumers into standardized, but sometimes customized access plans allows you to govern which APIs are available, helping align APIs to business domains and objectives and keeping the API catalog current.
- Rate Limits - Establishing the limits for the number of requests that can be made of an API within a specific time period, providing logical constraints for each API that will help reduce abuse from consumers.
- Request Transformation - null
- Request Validation - null
- Response Status Codes - Needs a description for this elements
- Response Transformation - null
- Paths - Individual paths that can be taken when making requests to a specific API, providing a series URL path parts derived from keywords that are relevant to digital resources and capabilities, allowing API consumers to select specific paths they choose to take when requesting data, content, media, and algorithms via APIs.
- Stages - Allow multiple stages to be deployed, providing development, staging, production, and potentially other environments for deploying and testing APIs. That will allow APIs to be reliably deployed into production with the highest possible quality.
- Tags - Needs a description for this elements
- Tracing - A trace tracks an incoming request to your API and the various events, along with the precise timings of each event representing spans in the trace, helping understand the journey and experience involved with each individual API request.
- Timeouts - The time an API call will run before it throws an error, setting the threshold of time necessary to acceptable process each request, while still providing an optimal experience for the consumer.
- Versioning - Applying semantic versioning to individual artifacts to help manage change across each API and wider operations, providing a structured approach to how APIs are evolved, helping identify minor changes from patches, and clearly defining major revisions that would introduce breaking changes.