apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Reaching common agreement on standards
David O'Neill, CEO at APImetrics
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
apidays LIVE New York 2021 - Reaching common agreement on standards by David O'Neill, APImetrics
1. BuildingTrust in the API driven frameworks
Banking, health and beyond….
David O’Neill – CEO APImetrics
david@apimetrics.com | @daveon
2. Trust
• noun
a) assured reliance on the character, ability, strength, or truth of someone or
something
b) one in which confidence is placed
3. What we’re going to cover
1. How trust applies to APIs in regulated eco-systems
2. How we measure and gain trust in eco-systems
3. How we maintain trust over time
4. “Software is eating the world…”
Marc Andreessen
“…but APIs are how they’re
doing it…”
Ron Miller – Tech Crunch
5. This Photo by Unknown Author is licensed under CC BY-SA
The world of “Open” everything
6. This Photo by Unknown Author is licensed under CC BY-SA
Concept: The API ecosystem as a restaurant
7. Kitchen Front of House External
Personas
Needs /
provides
Kitchen
team
Position
• Skills
• Equipment
• Support staff –
washing up,
cleaning
• Supplies – heat,
light, water, food
• Recipes
• Meals
Wait staff,
hosts,
customers
• Deliver the meals
• Eat the meals
• Seat the clients
• Clean the tables
• Take the orders
• Take payment
• Manage the
business
Reviewers,
critics,
inspectors
• Facilities oversight
– fire, health etc…
• Review the quality
• Report on issues
• Suppliers
The Restaurant Eco-System
8. Technical Consumers Compliance
Personas
Needs /
provides
Developers
Position
• Technical standards
to implement
• Technology stacks
• Tooling
• Monitoring and
support technology
Non-technical
Directors and
Managers
• Service
discoverability
• API contract
management
• Accurate use,
performance and
consumption data
• Discoverability
CXOs, Sourcing
teams,
regulators
• Standards
development
• Continuous
compliance
• Accurate,
meaningful
reporting
• Dispute resolution
The API Eco-System
OBUK, FDX, FHIR,
FAPI, OpenID
PSD2, OBUK, FCA,
ACCC/Treasury
“Trust Gap”
9. This Photo by Unknown Author is licensed under CC BY
Barriers to trust
10. This Photo by Unknown Author is licensed under CC BY-SA
Alignment of expectations
16. This Photo by Unknown Author is licensed under CC BY-SA-NC
Reliance on one particular tool or
methodology… “Our preciousssss…”
17. 1) Things you should do anyway
2) Things we should agree to do
in the same way all the time
18. Stuff we can all do
1. Use standard specifications and document what you do – lots of
tools for that, Open API, Postman, Stoplight, and so on…
2. Hire humans who don’t know your stuff to try and onboard with
your documents
3. Track changes and make sure that you recheck regularly
4. Measure from the place
oLots of tools for that APImetrics, Postman, Checkly etc…
19. This Photo by Unknown Author is licensed under CC BY-NC
But what is missed out?
1. Agreement on WHAT and HOW we
measure
oWe should ALAWAYS measure in production…
o…from the outside in
oMeasure the same things in the same ways
2. Parties in dispute need to have somebody
OUTSIDE the delivery chain to mediate
3. Agreement on what is good (or bad)
within our vertical
20. The API Ratings Agency – a small plug
We need a Ratings Agency for APIs
• Independent of:
• Standards setting
• Technology delivery
• Regulators
• Providing:
• Standard techniques for measurement
• Best practices for documentation and service delivery
• Support for disputes
If you want to get involved contact me…
21. Bigger Plug – check out API.expert
https://api.expert
Free Independent API
performance metrics for
common APIs
I’m going to talk about trust within the current and future regulatory frameworks and what that already means for API ecosystems
What does this mean for APIs?
APIs have grown up
Being grown up means that regulators and others are taking an interest
This is most obvious in Open Banking and Healthcare but will become obvious in Travel, Insurance, Open Government much more over the next few years
Trust in the kitchen – do they have the tools, supplies and equipment to deliver
Trust the food quality
Trust in performance
Do you get seated quickly, do you get a drink, does the food come out in time, is it the right food, is it cold when it arrives?
Trust in expectations and delivery
McDonalds and The Fat Duck in Bray are both restaurants – only one has 3 Michelin stars
Some of this might hard – if you expected a 3* Michelin meal but you go to McDonalds because it’s easier to get into – you’re not going to have the same experience
Honestly, try it with your other half – if you’re married I know somebody who handles divorces
Happens all the time in France
What are the API equivalents of the barriers to trust and what causes them?
Barriers to entry / Expectations
Measurement
Confusion
Human error happens to everybody – mistakes are made
Documentation can be wrong
Can be hugely painful with things that are badly handled by specifications like open API
Documentation can be incomplete
Documentation can be unusable
It’s 2021 – please no more PDFs
Documentation ages badly
Some APIs, especially regulated ones have very high barriers to entry
Poor sandboxes don’t always do what the final API does
Lack of attention to specifications, standards and mocking at the tooling side of things
Unclear or incomplete standards
Lack of conformance testing / lack of enforcement
One tool to rule them and in the darkness bind them… “my preciousssss”
There is a natural desire to have one tool that you use like a swiss army knife for all the monitoring, data collection and observation of your entire IT chain. If you’ve spend $XXXXXXX on something you want to get your monies worth
A) such tools don’t exist, there are reasons to have specialist tools for specialist tasks
B) people who don’t use the tool or who are measuring in a different way will see different things and you’ll never agree on what is up or down
Meaning – no consistent measurement
We’re talking delivery supply chains across entire industries and not just a single entity
Next steps
Measure from the point of view of your users/customers/front of house (back to the restaurant) & not from the point of view of dev/the kitchen