RESTification — Process Access to REST APIs
RESTification — Process Access to REST APIs for Partners
An organization undergoing modernization needs to manage and secure access to its REST APIs for external partners.
Microservices
REST API
Cloud
Problem statement
An organization undergoing modernization needs to manage and secure access to its REST APIs for external partners. The existing SimpleSOAP integration is outdated, and a new process is required to enable secure access to REST services while adhering to Service Level Agreements (SLAs) and managing partner-specific requirements, such as bypassing bot protection and enabling data crawlers.
Challenges
• Modernization Needs: The legacy system (SimpleSOAP) is no longer sufficient, requiring a replacement to manage REST API access securely.
• Partner Management: There is a need to track and manage partners who require access to REST APIs, including approved crawlers.
• Security Concerns: Implement a solution to securely grant access to REST services while bypassing bot protection for approved partners.
• SLA Enforcement: Ensure that partner access to REST services complies with agreed-upon SLAs and that these SLAs are enforced.
• Load Management: Manage the load generated by certain partners and implement a throttling policy to prevent system overload.
• Reporting & Statistics: Provide detailed reporting on partner usage of REST APIs, including cost allocation based on load generated.
• Data Accuracy: Maintain an accurate and up-to-date list of partners with access to REST services.
• Revenue Impact: Protect the revenue associated with partner integrations, especially those contributing significantly to revenue streams.
Proposed solution
To address these challenges, the following approach was implemented:
• REST API Access Management: Implemented a technical solution to securely grant partners access to REST services, bypassing bot protection for approved entities like data crawlers. Used a client identification mechanism (e.g., x-client-id) for onboarding and authenticating partners.
• SLA Enforcement: Defined, implemented, and enforced SLAs for each partner, ensuring access is aligned with business agreements. Implemented a monitoring system to track SLA compliance, including response times, uptime, and throughput.
• Throttling Mechanism: Implemented a throttling mechanism based on the partner’s x-client-id to manage and limit API requests, preventing system overload and ensuring fair usage.
• Reporting & Analytics: Set up detailed reporting and analytics for partner usage, tracking key metrics such as API call frequency, data consumption, and load generated. Implemented cost allocation based on resource usage to ensure transparency and manage costs.
• Crawlers & Data Collection: Enabled approved crawlers to gather relevant market data while bypassing bot protection and adhering to SLAs. Ensured continuous integration of crawlers with the REST APIs, updating the system as needed to accommodate changes in partner requirements.
• Centralized Partner Management: Established a centralized system to track all partners accessing the REST APIs, ensuring the partner list is up-to-date and that relevant SLAs and credentials are accurately managed.
Value proposition
The proposed solution provides a scalable, secure, and efficient way to manage external partner access to REST APIs while enforcing SLAs and optimizing resource usage. By modernizing the access process, the organization enhances its operational efficiency, protects key revenue streams, and ensures transparency in partner engagement. The solution's flexibility ccommodates both current and future partner needs, contributing to long-term sustainability and business growth.
Download extended use case in .pdf