Designing your API
An application programming interface or API is built for consumption by other applications. It needs to be reliable, scalable and simple to integrate with. At OWA, we can assist with the design and creation of new APIs, and additions, maintenance and documentation of existing APIs, along with integrations with third-party APIs.
Do you need to provide an API to expose data or services? We can review your existing codebase to determine how this may be made available outside your application. The design will take into account the most suitable style, such as REST or GraphQL, the format used for data transfer, for example JSON or XML, and authentication, API versioning, resource organisation and request / response / error formats.
We will discuss the pros and cons with you, taking particular care to ensure your API is designed correctly first time to reduce the need to make changes in the future. Once an API is released, it can be very difficult to redesign and redevelop without affecting users and requiring them to make corresponding changes to their own systems.
We can assist with the development of your API, even if we were not involved in the development of your existing system. With our experience of working with third-party developers and adopting ownership of third-party systems, we can advise on and undertake the necessary development to take your API into production.
Our API development service covers backend APIs for mobile apps, integration with online forum software to allow posts and other data to be transferred, providing memberships and payments data to back-office systems for processing, and also providing APIs to integrate with a large network of video recording and storage devices.
While we recommend working with newer more standard technologies when creating APIs, we recognise there’s sometimes a need to use or integrate with legacy systems. We have experience working with API technologies such as SOAP and RPC and can assist with the creation of new APIs in legacy codebases, allowing functionality to be added while retaining existing systems at a much lower cost than a full redevelopment.
Keeping your API secure
The addition of an API does open up another avenue for attackers, especially for APIs which must be made available over the open internet, so we ensure API security is a priority consideration. All our API design and development follows the OWASP ASVS best practices for secure development, in particular section V13 (API and web service) which ensures that the functionality exposed by the API has the correct authentication and authorisation, validates data sent to the API and the relevant security hardening.
Depending on the requirements of your API, we can discuss the possible security threats which may exist and suggest mitigations such as signing API communication or detecting and blocking or throttling unauthorised use.
As well as creating APIs, we can also assist with the integration of existing internal or third-party APIs. Many common Software as a Service (SaaS) applications – for example those used in payments, document management, social media and customer relations management (CRM) – have APIs available which can be used to automate certain functionality or provide additional services.
We have experience integrating with many common SaaS APIs, including Salesforce to allow leads to have accounts set up via an API, MailChimp to enable the automated management of email lists, and a number of payment providers, including Barclaycard EPDQ, Stripe and Worldpay, to integrate complex payment flows.
Say Eng Loo, senior applications analyst, London borough of Camden
I would recommend their services.