Assuring quality across teams when it comes to the delivery, operation, and evolution of APIs is top of mind for any enterprise organization. Realizing quality across many different teams and the APIs they develop takes a significant amount of planning and execution to ensure that there are contract, integration, performance, security, and other types of tests in place across 100% of APIs in operation.
- Testing - Contract and performance testing should be present across as close to 100% of the organization as possible, but this is just the starting point. Tests for l integration, user acceptance, and other processes can be layered on from there. Make sure that all APIs and teams make testing a default part of how they work–no compromises
- Security - All APIs use encryption by default. Leverage standardized authentication and authorization and test all APIs against the OWASP Top 10 list of vulnerabilities, setting the baseline for security across nearly 100% of APIs across domains. Then add other security practices, setting a baseline for all teams to apply in their work.
- Governance - A base seat of governance rules and policies must be in place. Translate governance into enablement early in the life cycle, applying rules and policies to shape behavior at the source control, CI/CD, and gateway layers of the API life cycle, helping both enforce the rules and enable teams.
- Runners - All tests are self-contained as collections. They are documented and shareable, but also executable using local and cloud runners. That allows tests to be manually executed by not just QA and developers, but by other technical or business stakeholders, helping make sure that everyone contributes to quality and is held accountable.
- Pipeline - Testing, security, and governance are baked into the CI/CD pipelines that keep production moving forward, establishing a common, well- known regime of collection-defined testing that is baked into the API build process. That will prevent unwanted behavior when API operations are in production.
- Monitoring - All testing, security, and governance is modular and reusable, available for manually executing using runners and baked into the CI/ CD pipeline. It is scheduled via monitors across the regions that matter to consumers, helping ensure that quality is automated and executed as a regular part of team operations.
- Observability - Every test–including security audits and governance tests– publishes results into the enterprise APM, ensuring that every API and the operations behind it are observable both individually and , collectively, across teams and domains. Make sure the state of enterprise quality is observable to leaders through dashboards and reporting.