API Audit

Get Started

Publishing an API involves publishing all assets needed to use and find the API. These can be technical, product management and/or marketing assets.

API Audit

The API Audit phase helps to confirm API designs comply to guidelines. API audit consists of checklists. Areas to check are business requirements, developer experience, standards and security. When in use, API management platform compatibility is also important. Note: The APIOps Cycles API Audit checklist is not exhaustive and does not guarantee secure APIs. The checklist is often used as basis for custom checklists.

1

Audit the prototype

Does the API prototype or design consider data formats and standards? Are identifiers business friendly and usable for external API consumers? Are they considering security and privacy requiremnets? Does your API and all the endpoints have a clear business-related value proposition?

The API Audit checklist is used to validate that all relevant things have been considered in the prototype or design.  See Build API phase for details. For passing this audit stage, you don't need to have a technical design. However, all APIs going to testing or production should pass these audit criteria, too.

API AuditAPI Audit Checklist
2

Audit the API design

Are the designs, whether endpoints or message channels, optimized for use? Does the API utilize HTTP methods or messaging patterns consistently? Does it provide clear responses or acknowledgment messages? Essentially, is the API design comprehensible, technically usable, and secure?

By now, you should have a preliminary technical API design, possibly using OpenAPI or AsyncAPI. While the API might not be fully operational at this stage, any API advancing to testing or production should meet these audit standards.

API AuditAPI Audit Checklist
3

Audit the API in production

Is the API ready for publishing to the API consumers? Is it safe? Does it promote good developer experience?

In this step audit the final API design in a run-time environment (staging, production). All APIs going to production environment should pass all audit criteria.

API AuditAPI Audit Checklist
APIOps Cycles

method for lean api development

Great APIs need skilled people and a good method, which let's you create APIs as products - fast.
APIOps Cycles method is vendor & technology-neutral.

Read the free e-book "The 8 wastes of lean in API development". Learn quick tips on how to remove the wastes using the APIOps Cycles method.