Today Apiary introduced Apiary for Enterprise to promote API design best practices across distributed development teams. This new offering provides the tooling to ensure API designs conform to internally defined standards without the overhead of a governance model that can impede the speed of API innovation.
Apiary for Enterprise builds on Apiary’s existing API design toolchain by adding support for API design assertions that can validate an API design's adherence to various best practices and internal standards. These assertions can be built using a Javascript-based language that can evaluate API Blueprint structures.
From the press release:
“Apiary is already an integral part of our API development process", said Kris Chant, API Product Manager at Salesforce Marketing Cloud a Salesforce.com [SFDC] company. “With this new offering, Apiary is enabling us to codify our API style guide. This will provide realtime feedback to our designers when they create an invalid API specification, saving us a tremendous amount of time and frustration, and ultimately providing our API consumers with a better, more consistent experience of our APIs.”
Apiary for Enterprise provides a library of assertions derived from various customers and the future intent is to enable sharing of assertions among a community of users to promote best practices.
InfoQ caught up with Andrew Brown, head of enterprise products at Apiary, to discuss the new offering:
InfoQ: How are the team collaboration features different from Apiary for Teams Offering? Is there an enhanced access control model?
Andrew: The access control model is not different, except that we made an addition. We added a new role, which we are calling "architect". People in this role go by many different titles, but they all have similar roles. They collaborate with various team members to create style guides, and then work with multiple teams to socialize and promote API design patterns. In the end, we are helping both groups. We make it possible to codify the style guide and then we make it easy to conform to it, without having to read the manual.
InfoQ: How are enterprise teams onboarded? Do you provide integrations with on-premise LDAP or other user stores?
Andrew: We make it super easy to onboard using an invitation system. We don't support LDAP yet, but user provisioning enhancements are on the roadmap. We are getting more requests for SAML 2-based SSO integration than LDAP, so it's likely that you will see us announce SSO before LDAP.
InfoQ: Why was Javascript chosen for building assertions?
Andrew: A couple of reasons. Based on our research, users in this discipline are most comfortable working in JavaScript. To enable this, we create an intermediate JSON representation of an API Blueprint which makes it easy for our users to write simple JavaScript to express assertions based on the style guide. JavaScript combines a wide user base with some great expressiveness around evaluating JSON so it's a very happy medium.
InfoQ: What are some of the assertions that are provided out of the box?
Andrew: To test our design assertion language, we actually obtained style guides from a group of our customers and implemented what we thought made sense. Some of the assertions that are provided out of the box include casing checks (camel, snake, etc), checks for appropriate HTTP status codes, proper error formats, consistent time formats (UTC/Unix), auditing fields (createdAt, modifiedAt, etc.) proper UUID formats and even one for a New Zealand customer that checks all documentation for British spelling.
InfoQ: What are some reliability and performance SLAs offered with Apiary for Enterprise?
Andrew: We will provide quarterly reports on availability to our enterprise customers, along with SLAs for turnaround on premium support.
InfoQ: Do you have plans for an on-premise deployment offering of Apiary for Enterprise?
Andrew: Our largest opportunities have on-premise deployment as a requirement, so you will be seeing announcements around that capability in the near future.