2. Östergötland
• Östergötland is the fourth most
populous region of Sweden
• Approximately 442,000 people
call Östergötland their home
• The region houses 13 different
municipalities
3. Responsibilities
of Region Östergötland
• Most of the health care that inhabitants need
• Public transport
• Promotion of culture, urban development and the
private sector
4. How Region Östergötland
is governed
• Region Östergötland is a democratically
governed organisation
• The region's model is client/provider-based
• The highest decision making body is the
Regional Council consisting of 101 elected
officials
5. The Challenge
5
Must be able to deliver new
functionality in order to to be
able to digitally sign data!
Primarily:
• Legal Agreement
• Electronic Health Records
• Social Care
§
6. • We needed a service that could meet
the current and even future demands
for use in the mobile world.
• The service needed to support use
with both legacy systems and modern
apps.
What did we need?
6
7. 1. First we signed a contract with a partner
who offered service for digital signing.
2. Then we changed the system so it could
make the necessary API-call to that
service.
What we did!
7
Done!
10. Next step - Take control over the API
10
API
Gateway
Production
API key
Production
API key
Production
API key
Unique
API key
Unique
API key
Unique
API key
Management
Cost
14. Documentation with Swagger
14
Swagger RESTful API Documentation Specification
http://swagger.io/specification/
+
Tools
Tool Description
Swagger Core
Java-related libraries for generating and
reading Swagger definitions
Swagger Codegen
Command-line tool for generating both
client and server side code from a Swagger
definition
Swagger UI
Browser based UI for exploring a Swagger
defined API
Swagger Editor
Browser based editor for authoring Swagger
definitions in YAML or JSON format
We had no ability to trace anything.
Couldn´t measure performance, either current nor over time.
Manage cost became problematic when a second
system connects to the service.
Not able to see the trend of usage niether over the day or night
And for security reasons we didnt want the system owner
to have the knowledge of the production api keys.
Connect it through API Gateway so we can be able to:
Trace everything.
Measure the performance, current and over time.
Manage the cost so the system owner pays for the right amount of signing activities.
Able to see the trend of usage over day and night
For security reasons we didn´t give out the knowledge of the production api keys, we gave out new unique keys for each system.
We used swagger specification to deliver documentation for our API,
Which made it easy for developers to adapt their
software for use of the service.
Backend API keys and connectivity all managed by our infrastructure.
So when a changed needs to be implemented we give out a new version
and make the change in onAbstractione place and because we know
who the consumers are we can easily inform the ongoing/upcoming
change before any problem arise.
By designing the api in our infrastructure we can maintian control,
By able to take responibilities over all security aspects, such as availability
tracability and confidentiality.
We used swagger specification to deliver documentation for our API,
Which made it easy for developers to adapt their
software for use of the service.
We used swagger specification to deliver documentation for our API,
Which made it easy for developers to adapt their
software for use of the service.
By designing the api in our infrastructure we can maintian control,
By able to take responibilities over all security aspects, such as availability
tracability and confidentiality.
We used swagger specification to deliver documentation for our API,
Which made it easy for developers to adapt their
software for use of the service.
Backend API keys and connectivity all managed by our infrastructure.
So when a change needs to be implemented we give out a new version
and make the change in one place and because we know
who the consumers are we can easily inform the ongoing/upcoming
change before any problem arise.