3 good ways to validate APIs

IFTTT platforms, TDD methodologies, and integration platforms make life easier for developers seeking to prototype and test their own APIs or understand the APIs of third parties.

3 good ways to validate APIs
TNS Sofres (CC BY 2.0)

Here’s a situation I am certain many software developers have faced when building or enhancing a new application.

The product owner defines an epic and several features requiring integrations with a new SaaS application. She’s made several assumptions about what capabilities the SaaS platform exposes in their APIs and has baked these into workflow and front-end application requirements. She expects the agile development team to complete a spike, ideally in one sprint, to validate these assumptions.

The question is, how easy is it for the development team to perform this investigation and ideally implement proofs of concept that validate assumptions?

Keep in mind that these validations must go beyond reviewing the endpoints on what transactions and views they expose. They should also check data quality, consider performance, and ultimately determine what development work is needed to fulfill requirements using the available APIs. Developers should also review the authorizations required and other security considerations as part of this evaluation.  

Can you perform this challenge in a sprint, ideally without writing too much code?

Since integrating with APIs is a common application and data integration requirement, development teams should consider using tools to help review capabilities and test assumptions. Organizations that integrate with many SaaS, enterprise, and other third-party tools should also consider integration platforms that can speed up development, provide robust integration capabilities, and also perform operational functions around the integrations.

Here are three different approaches to API validation.

What integrations do IFTTT platforms enable?

Suppose the requirement is to integrate with a commonly used SaaS platform. In that case, one simple approach is to review what actions and triggers If This Then That (IFTTT) platforms enable, what data is required to trigger the API, and what data types, formats, and quality it returns.

Zapier offers integration with more than 3,000 apps where triggers and actions can be reviewed and tested. Integrations can be simple and used to push new records from one app to another, or they can be more complex and leverage filters, paths, formatting, and other functions. The latter steps are often necessary when a trigger in one app requires finding the right record and updating it in a second app. The format function also enables data cleansing and other data manipulations.

Zapier also offers tools to test and monitor integrations. These operational functions are very useful when validating more complex integrations and APIs where different scenarios trigger various types of actions. 

Other IFTTT automation tools include Automate.io, IFTTT, Integrately, Tray.io, and Workato. These tools can help test and develop an API proof of concept as a rapid starting point. But development teams should also consider using these tools in production when developers can create, test, and operationalize the required integrations through them.

Use a test-driven development approach to validate APIs

What happens when the required integration is with a noncommercial third-party API or is an industry-specific platform that isn’t wired into IFTTT platforms? Or what if more complex integrations, workflow orchestrations, data manipulations, or data volumes make using IFTTT platforms less attractive?

Development teams might consider test-driven development (TDD) methodologies to validate and prototype with APIs. This approach asks development teams to construct unit tests and higher levels of orchestrated, automated, and continuous testing before using the API’s capabilities directly in composite services or applications.

TDD is a powerful approach when developing APIs and microservices because it defines and documents the expected uses and boundary cases. Test automation helps flag any changes to the service that might create downstream impacts.

The approach works equally well when consuming third-party APIs. Developers can use tools like Postman to import API specifications, understand the API, build test suites, and then integrate the tests into continuous integration/continuous delivery (CI/CD) pipelines and other devops tools. Other tools to review include Katalon, RapidAPI, Parasoft, and SmartBear ReadyAPI.

These tests not only help validate the APIs, but developers can also use them later for automated and continuous testing. In production, they can help validate if and when third-party API changes break tests and require review and fixes of any services and applications using them.

Use low-code integration platforms to build reusable gateways

What happens if you plan to integrate with multiple platforms, and the integrations need to be reusable in numerous services and applications? Maybe your organization is customizing employee onboarding applications, marketing tools, and field operations workflows that require integrating with HubSpot, Workday, SAP, or other platforms.

I spoke to Ed Macosky, head of products at Boomi, about the opportunities in trying to share data and enable workflow and collaborations with everyone in medium and large organizations. These organizations need more than validating APIs; they require a scalable integration process. He expresses the challenge this way: “How can developers solve this end-to-end picture of connecting everyone to everything, like connecting all the data sources, understanding all the data within an organization, integrating that data, developing services, creating user-driven workflows, and exposing it to front-end applications that engage users?”

Integration platforms such as Boomi come with connectors to common SaaS and enterprise platforms along with low-code tools to enable rapid development, testing, and deployment. Instead of creating point-to-point integrations, one integration can serve multiple downstream applications and composite services.

Other integration platforms include Jitterbit, MuleSoft, PMG, and SnapLogic. Application integration or Integration Platform as a Service (iPaaS) platforms differentiate on a wide range of capabilities, including ease of use, data management features, operational functions, and self-service options.

Using an integration platform is highly strategic for organizations that want to tailor experiences to different business needs and departmental workflows. For example, the onboarding application can be customized to only show basic steps for someone joining an operation in a specific role, whereas it may allow new technical hires to select equipment or sales reps to set travel preferences.

What’s important for developers to remember is that validating an API is just the first step in the integration journey. Developers must then create reusable, scalable, robust, and supportable integrations. Doing this well requires plugging integrations into an operating environment designed to support integrations with the expected business service-level objectives. Integration and iPaaS platforms offer these options and can be highly beneficial to organizations looking to make integrations a core development and operational competency.

Copyright © 2021 IDG Communications, Inc.