As organizations build more APIs, manual processes and frequent handoffs in the API development workflow can lead to a slower time to market, higher development costs, and poor-quality APIs. They can also result in APIs being poorly documented, causing poor API adoption and lower revenues.
APIOps aims to address these issues by automating the entire API lifecycle, leveraging DevOps and GitOps principles. But what is DevOps, and what is GitOps?
Building on these foundations, APIOps helps you enable automated controls in your API development workflow and deliver API artifacts more reliably.
Adopting APIOps leads to improved compliance with organizational standards and enhances collaboration between developers and operations teams. Developers benefit from quicker feedback through automated governance checks, reducing frustration during the design, build, and deployment phases of APIs. This enables organizations to ship API-enabled products and services faster, lower risk, and grow revenues.
The book "Automating API Delivery: APIOps with OpenAPI” presents the six principles of APIOps:
The automation introduced by APIOps ensures:
Kong provides a full API management platform including a suite of development tools that can help you implement these APIOps principles. Let’s look at what APIOps with Kong looks like in detail.
How can Kong help us apply the principles of APIOps? Let’s look at each of the principles outlined above and see how Kong projects and products provide us the necessary tools to implement successful APIOps methodologies.
Starting with API design allows the development process to flow from a natural source of truth in the API definition. For REST-based APIs, the de facto standard is OpenAPI specifications, which can drive a variety of development needs including documentation and code generation.
Kong Insomnia provides a collaborative development tool that is centered around API-first development. API specifications are at the heart of Insomnia allowing developers to build specifications using an integrated development environment that includes real-time collaboration, validation, and testing over your API specification files.
API specifications are perfectly suited to be stored in version control systems that track historical changes and promote automated workflows on change events. Insomnia does its part by supporting Git integration out of the box allowing you to clone, synchronize, and push design documents directly to connected git repositories. Multiple hosted git platforms are supported, including GitHub and GitLab.
Linting is a common practice that validates code against a set of rules by looking for potential errors, stylistic issues, or deviations from standards. Insomnia directly supports specification linting, and will flag rule violations while developing APIs in real-time. This process helps prevent potentially damaging changes from making their way into production systems.
Validating that your service implementation conforms to your API specification is critical. Kong Gateway can assist in this principle by providing an additional layer of specification validation for requests and responses as they flow through the API gateway layer. Kong Gateway supports an OpenAPI Specification validation plugin that will validate incoming requests against the schemata located in your OpenAPI specification prior to routing them to upstream services. Service responses can also be validated against the specification prior to routing them to requesting clients. These validations can catch errors before they arrive helping protect services and clients form invalid data and helping engineers diagnose issues faster.
Kong Gateway’s proxy behavior can be configured declaratively using the decK command line tool. The decK declarative configuration format is a simple YAML-based syntax perfectly suited for storage in version control systems.
Out of the box, decK supports the conversion of OpenAPI specifications to the decK declarative format, supporting an API-first workflow. Furthermore, decK supports various commands to enable APIOps-based pipelines within your CI/CD systems. Gateway configuration generation, transformations, and linting are all supported directly in the command line tool. These commands can be assembled together allowing you to construct very custom API specification and gateway configuration delivery pipelines.
The Kong Gateway declarative configuration assets naturally fit within version control systems and the APIOps capabilities of decK are designed to work directly in CI/CD systems supporting automated APIOps-based systems.
The decK documentation has more details on enabling these APIOps capabilities.
In addition to API specification and Kong Gateway configuration management, decK provides the ability to directly manage the state of the gateway from those configuration files. This allows users to build a full lifecycle APIOps workflow that spans API specification construction all the way to delivery. Ensuring that the state of the gateway matches the intended configuration is key to building a robust API gateway layer. Let’s see how decK can help with this final principle.
Calculating a diff from the decK configuration file with the current state of the gateway is a single command.
Pairing this command with widely available CI systems allows you to build a workflow to act upon those calculated differences in code review style development processes. Below is a snippet from an example GitHub Actions workflow that will calculate a Kong Gateway runtime diff and post the result as the description in a new PR along with the configuration changes that would create the changes.
The full file listing can be found in the KongAir example application project.
This PR workflow can be paired with a subsequent command that will synchronize the changes when the PR is approved. The Kong Gateway configuration can be easily synchronized by using the sync command.
Adding this command to another GitHub action can automate the final delivery step of the API configuration.
The full listing is available in this KongAir example.
A solid APIOps process will be key to your organization's success around API delivery. Following the principles outlined in the Automating API Delivery book sets a strong foundation for your engineering success.
Kong provides the necessary tools to technically achieve these results with Kong Konnect and APIOps. Follow the Getting Started Guide for Kong Konnect and be up and running with your first API in under 10 minutes. To learn more about APIOps, check out the on-demand webinar Harnessing AI for Rapid API Delivery.
In this Kongcast episode , Henrik Blixt, Product Manager for Argo at Intuit, gives an introduction to Argo, an open source tool for Kubernetes and incubating project of CNCF. Check out the transcript and video from our conversation below, and be su
The Neosec platform integrates with Kong Gateway Enterprise, an API Management Solution , to provide automated and continuous API discovery, API risk posture alerting and API protection through behavioral analytics and response automation. And it d
Want to learn more about the nuts and bolts of APIOps? Download our eBook, Unlocking the Full Potential of your APIs with APIOps , and learn about the stages of APIOps, get an understanding of the technical assets required, and explore the tooling
Kong’s fast, lightweight and scalable API management solution helps improve developer productivity by automating the delivery of API management. One way Kong automates API management is through a continuous integration and continuous delivery (CI/C
The numbers tell a compelling story. While 65% of organizations that use APIs are currently generating revenue from them, a significant gap exists between API adoption and AI readiness. 83.2% of respondents have adopted some level of an API-first ap