Category: Coding Patterns & Practices

Engineering API Governance

I’ve written this post to provide a detailed look at what a role around API Governance, or simply the functions of API Governance, would be centered around.

Why does this role exist?

An API Governance function or role would be responsible for overseeing the governance of APIs within an organization. It would center around ensuring that APIs are developed, implemented, and maintained according to established standards, best practices, and business requirements.

Here are the primary reasons why this type of work and role exist:

  1. Growing Importance of APIs: APIs have become the backbone of modern software development and integration. They enable different applications and systems to communicate and share data seamlessly. As organizations increasingly adopt microservices architecture and cloud-based solutions, the number and complexity of APIs they use grow significantly.
  2. Consistency and Standardization: In large organizations with multiple development teams and projects, maintaining consistency in API design, implementation, and usage becomes challenging. An API governance role ensures that APIs adhere to standardized guidelines, leading to better interoperability and reusability.
  3. Security and Compliance: APIs expose access points to an organization’s systems and data. Ensuring the security of these access points is critical to prevent data breaches, unauthorized access, and other security risks. An API governance role focuses on implementing robust security measures and compliance with relevant regulations.
  4. Efficient Collaboration: When different teams create APIs independently, they may not be aware of existing solutions or may duplicate efforts. An API governance function facilitates collaboration, knowledge sharing, and reuse of APIs, leading to more efficient development processes.
  5. Scalability and Performance: Proper governance includes performance monitoring and optimization of APIs. This helps identify bottlenecks, improve response times, and ensure that APIs can handle increasing workloads as the organization grows.
  6. User Experience: APIs are used by developers, both internally and externally, to build applications. A well-governed API ecosystem includes clear and comprehensive documentation, which enhances the developer experience and enables faster integration with APIs.
  7. Risk Mitigation: By setting up a structured governance process, organizations can identify and address potential risks associated with APIs early on, reducing the chances of costly issues arising in production.
  8. API Lifecycle Management: APIs have a lifecycle that includes planning, development, versioning, and deprecation. Proper governance ensures that APIs are maintained and updated according to their lifecycle stages, preventing the accumulation of outdated or obsolete APIs.
  9. Compliance with Business Strategy: API governance aligns API development and management with the organization’s overall business strategy, ensuring that APIs support the company’s goals and objectives effectively.
  10. Adoption of Best Practices: An API governance role stays updated with industry trends and best practices, continuously improving the organization’s API strategy and development processes.

Engineering API Governance Primary Functions

The API Governance function or role is responsible for overseeing and managing the governance of Application Programming Interfaces (APIs) within an organization. It ensures that APIs are developed, implemented, and maintained according to established standards, best practices, and business requirements. Here are some key aspects of an API Governance function or role:

  1. Defining API Standards: The API Governance team establishes and documents API design standards, naming conventions, versioning practices, security guidelines, documentation requirements, and other relevant policies. These standards promote consistency and facilitate seamless integration among different APIs.
  2. API Lifecycle Management: The API Governance function oversees the entire lifecycle of APIs. This includes planning and design, development, testing, deployment, monitoring, version control, and eventual retirement or deprecation when necessary.
  3. Security and Compliance: Ensuring the security of APIs is a critical aspect of the API Governance role. The team establishes security protocols, access controls, authentication mechanisms, and data protection measures to safeguard APIs and the systems they interact with. Additionally, they ensure compliance with relevant industry regulations and data privacy laws.
  4. Documentation and Communication: API Governance teams create comprehensive and easily accessible documentation for APIs. This documentation helps internal and external developers understand how to use the APIs effectively and provides details about their capabilities, limitations, and potential use cases.
  5. Monitoring and Performance: The API Governance function sets up monitoring systems to track API usage, performance metrics, and error rates. This data helps identify potential issues, bottlenecks, and areas for improvement. It allows the team to optimize APIs to meet service-level requirements and user expectations.
  6. Collaboration and Coordination: The API Governance role involves collaborating with various teams, including development, product management, security, and operations. Effective coordination ensures that APIs are aligned with business objectives and developed in a way that meets the needs of different stakeholders.
  7. Review and Approval Process: The API Governance team establishes a review and approval process for new APIs and changes to existing ones. This process ensures that APIs meet the required standards, security measures, and compliance before they are deployed.
  8. Education and Training: The API Governance function may conduct training sessions for developers and other stakeholders to promote best practices in API development, usage, and maintenance.
  9. Adoption of API Management Tools: API Governance teams often utilize API management tools to facilitate API governance tasks. These tools can assist in monitoring, versioning, security, analytics, and documentation management.
  10. Continuous Improvement: The API Governance function remains updated with industry trends and best practices to continuously improve the organization’s API strategy and governance approach.

In a large enough organization even these individual functions become individually staffed work. However, a single API Governance staff member often would be tasked with these items and would need to delegate and organize the priority of the various functions throughout the organization.

In following posts (which I’ll include here once they’re posted) I’ll write up some scenarios, from working as an individual contributor and leader (i.e. managing staff) as well as hiring for API Governance roles. I’ll get into the nitty gritty of how process, practice, and patterns can be used to elaborate on things like education, adoption of API management tools, continuous improvement and the many other functions.

With that, subscribe for updates, and you’ll get any new posts direct to your inbox! (check side bar for subscribing)

Single Responsibility Principle for GraphQL API Resolvers

The Single Responsibility Principle (SRP) states that a class or module should have only one reason to change. It emphasizes the importance of keeping modules or components focused on a single task, reducing their complexity, and increasing maintainability.

SRP defined.

In GraphQL API development the importance, and need, of maintaining code quality and scalability is of utmost importance. A powerful principle that can help achieve these goals when developing your API’s resolvers is the Single Responsibility Principle (SRP). I’m not always a die hard when it comes to SRP – there are always situations that may need to skip out on some of the concept – but in general it helps tremendously over time.

By adhering the SRP coders can more easily avoid the pitfalls of large monolithic resolvers that end up doing spurious processing outside of their intended scope. Let’s explore some of the SRP and I’ll provide three practice examples of how to implement some simple SRP use with GraphQL.

When applying SRP in GraphQL the aim is to ensure that each resolver handles a specific data type or field, thereby avoiding scope bloat and convoluted resolvers that handle unrelated responsibilities.

  1. User Resolvers:
    • Imagine a scenario where a GraphQL schema includes a User type with fields like id, name, email, and posts. Instead of writing a single resolver for the User type that fetches and processes all of the data we can adopt SRP by creating separate resolvers for each field. For instance we would have resolvers.getUserById to fetch user details, resolvers.getUserName to retrieve the respective user’s name, and a resolvers.getUserPosts to fetch the user’s posts. In doing so we keep each resolver focused on a specific field and in turn keep the codebase simplified.
  2. Product Resolvers:
    • Another example might be a product object within an e-commerce application. It would contain fields like is, name, price, and reviews. With SRP we’d have resolvers for resolvers.getProductById, resolvers.getProductName, resolvers.getProductPrice, and resolvers.getProductReviews. The naming, by use of SRP, can be utilized to describe what each of these functions do and what one can expect in response. This again, makes the codebase dramatically easier to maintain over time.
  3. Comment Resolvers:
    • Last example, imagine a blog, with a comment type consisting of id, content, and author. This would break out to resolvers.getCommentContent, resolvers.getCommentAuthor, and resolvers.getCommentById. This adheres to SRP and keeps things simple, just like the previous two examples.

Prerequisite: The examples below assume the apollo-server and graphql are installed and available.

User Resolvers Example

A more thorough working example of the user resolvers described above would look something like this. I’ve included the data in a variable to act as the database, but the inferred premise there would be an underlying database should be obvious.

// Assuming you have a database or data source that provides user information
const db = {
  users: [
    { id: 1, name: "John Doe", email: "john@example.com", posts: [1, 2] },
    { id: 2, name: "Jane Smith", email: "jane@example.com", posts: [3] },
  ],
  posts: [
    { id: 1, title: "GraphQL Basics", content: "Introduction to GraphQL" },
    { id: 2, title: "GraphQL Advanced", content: "Advanced GraphQL techniques" },
    { id: 3, title: "GraphQL Best Practices", content: "Tips for GraphQL development" },
  ],
};

const resolvers = {
  Query: {
    getUserById: (_, { id }) => {
      return db.users.find((user) => user.id === id);
    },
  },
  User: {
    name: (user) => {
      return user.name;
    },
    posts: (user) => {
      return db.posts.filter((post) => user.posts.includes(post.id));
    },
  },
};

// Assuming you have a GraphQL server setup with Apollo Server
const { ApolloServer, gql } = require("apollo-server");

const typeDefs = gql`
  type User {
    id: ID!
    name: String!
    email: String!
    posts: [Post!]!
  }

  type Post {
    id: ID!
    title: String!
    content: String!
  }

  type Query {
    getUserById(id: ID!): User
  }
`;

const server = new ApolloServer({ typeDefs, resolvers });

server.listen().then(({ url }) => {
  console.log(`Server running at ${url}`);
});

In this code we have the db object acting as our database that we’ll interact with. Then the resolvers and the GraphQL schema is included inline to show the relationship of the data and how it would love per GraphQL. For this example I’m also, for simplicity, using Apollo server to build this example.

Product Resolvers Example

I’ve also included an example of the product resolvers. Very similar, but has some minor nuance to show how it would coded up. For this example however, to draw more context I’ve added an authors table/entity, and respective fields for authors, as per related to reviews.

// Assuming you have a database or data source that provides product, review, and author information
const db = {
  products: [
    { id: 1, name: "Product 1", price: 19.99, reviews: [1, 2] },
    { id: 2, name: "Product 2", price: 29.99, reviews: [3] },
  ],
  reviews: [
    { id: 1, rating: 4, comment: "Great product!", authorId: 1 },
    { id: 2, rating: 5, comment: "Excellent quality!", authorId: 2 },
    { id: 3, rating: 3, comment: "Average product.", authorId: 1 },
  ],
  authors: [
    { id: 1, name: "John Doe", karmaPoints: 100, details: "Product enthusiast" },
    { id: 2, name: "Jane Smith", karmaPoints: 150, details: "Tech lover" },
  ],
};

const resolvers = {
  Query: {
    getProductById: (_, { id }) => {
      return db.products.find((product) => product.id === id);
    },
  },
  Product: {
    name: (product) => {
      return product.name;
    },
    price: (product) => {
      return product.price;
    },
    reviews: (product) => {
      return db.reviews.filter((review) => product.reviews.includes(review.id));
    },
  },
  Review: {
    author: (review) => {
      return db.authors.find((author) => author.id === review.authorId);
    },
  },
};

// Assuming you have a GraphQL server setup with Apollo Server
const { ApolloServer, gql } = require("apollo-server");

const typeDefs = gql`
  type Product {
    id: ID!
    name: String!
    price: Float!
    reviews: [Review!]!
  }

  type Review {
    id: ID!
    rating: Int!
    comment: String!
    author: Author!
  }

  type Author {
    id: ID!
    name: String!
    karmaPoints: Int!
    details: String!
  }

  type Query {
    getProductById(id: ID!): Product
  }
`;

const server = new ApolloServer({ typeDefs, resolvers });

server.listen().then(({ url }) => {
  console.log(`Server running at ${url}`);
});

Comment Resolvers Example

Starting right off with this example, here’s what the code would look like.

// Assuming you have a database or data source that provides comment and author information
const db = {
  comments: [
    { id: 1, content: "Great post!", authorId: 1 },
    { id: 2, content: "Nice article!", authorId: 2 },
  ],
  authors: [
    { id: 1, name: "John Doe", karmaPoints: 100, details: "Product enthusiast" },
    { id: 2, name: "Jane Smith", karmaPoints: 150, details: "Tech lover" },
  ],
};

const resolvers = {
  Query: {
    getCommentById: (_, { id }) => {
      return db.comments.find((comment) => comment.id === id);
    },
  },
  Comment: {
    content: (comment) => {
      return comment.content;
    },
    author: (comment) => {
      return db.authors.find((author) => author.id === comment.authorId);
    },
  },
};

// Assuming you have a GraphQL server setup with Apollo Server
const { ApolloServer, gql } = require("apollo-server");

const typeDefs = gql`
  type Comment {
    id: ID!
    content: String!
    author: Author!
  }

  type Author {
    id: ID!
    name: String!
    karmaPoints: Int!
    details: String!
  }

  type Query {
    getCommentById(id: ID!): Comment
  }
`;

const server = new ApolloServer({ typeDefs, resolvers });

server.listen().then(({ url }) => {
  console.log(`Server running at ${url}`);
});

The concept of the Single Responsibility Principle (SRP) and provided code examples using JavaScript demonstrate its application in GraphQL resolvers. The SRP advocates for keeping code modules focused on a specific data type or field, avoiding large and monolithic resolvers that handle multiple unrelated responsibilities. By adhering to the SRP, software developers can build better software that is modular, maintainable, and easier to understand. By dividing functionality into smaller, well-defined units, developers can enhance code reusability, improve testability, and promote better collaboration among team members. Embracing the SRP helps create codebases that are more scalable, extensible, and adaptable to changing requirements, ultimately leading to higher-quality software solutions.

Other GraphQL Standards, Practices, Patterns, & Related Posts

Name Casing Conventions, The Quick Comparison

There are a number of name casing practices, which I’ll cover in quick fashion here, for variables and other objects when programming.

The Quickie Synopsis

  • camelCaseLikeThis
  • PascalCaseLikeThis
  • snake_case_like_this
  • kebab-case-like-this
  • MixAnd-match_like-this

Camel Case

With Camel Case the first letter of the first word is lower case, then every subsequent first letter of each word is upper cased. For example, thisIsCamelCasedsomething if a singular word, or somethingElse.

My 2 ¢ – I’m a big fan of this case when I’m name private variables or related objects. I’m also a fan of using Camel Casing for certain types of functions, especially in JavaScript such as this.doesStuff() or somethingAnother.doesOtherStuff().

Pascal Case

In usage of Pascal Case, the first letter of each word within the name is upper cased. Examples include ThisOjectThatThing, or WhateverElse().

My 2 ¢ – This is something I like to use for class declaracters (i.e. public class ThisClassThing) and then for functions or methods on that class, or respectively similarly for functions on functions in JavaScript, or the like. Basically, anything that will be used similar to MyThing.DoesThisThing().

Snake Case

Using Snake Case has the empty spaces replaced with underscores. So a file name like this is my filename.md would become this_is_my_filename.md.

My 2 ¢ – Snake case is great when I need to have variables that would otherwise have spaces, but also wouldn’t be displayed regularly with anything that might obfuscate the underscore, such as an HTML.

Kebab Case

Kebabs are tasty, the case however is similar to Snake Case, except instead of underscores dashes are used. Each space in the name is replaced with a - character. Such as my-table-name-is-this or this-is-a-variable.

My 2 ¢ – Kebab case is excellent for filenames, URIs, or something of that sort where spacing between the words of a file or path are important to read, but an underscore would be obfuscated by the font rendering such as with a URI.