API Backlog Jumpstart Reference

davissean · ‎10-12-2020

The first few sprints are critical to the success of a program. Here is a suggested backlog when getting started.

Project Bootstrapping

These are the tasks that might be included in a Sprint 0 and can be seen as prerequisites for development to begin.

Task	User Story	Notes
API Platform Infrastructure Provisioning	As an API Operator, I want infrastructure, so that I can deploy Apigee
API Platform Installation	As an API Operator, I want to deploy the API Platform, so that the organization can expose APIs	Not required for SaaS Hybrid OPDK
Source Control Setup	As an API Developer, I want to store my code in source control so that I can collaborate safely with others and track changes	Community
Artifact Store Setup	As an API Operator, I want releases to be stored in an artifact store so that release management is simplified	Optionally push .zip to artifact store
Continuous Integration Setup	As an API Developer, I want to automate deployment and testing of APIs so that all changes are testing throughout the development lifecycle	DevRel Reference
Monitoring Tooling Setup	As an API Operator, I want to monitor API deployments so that production SLAs are met	Community
Project Management Tooling Setup	As an API Team member, I want to use tooling so that I can communicate with others and understand the project status	Chat tool, Sprint board, email alias

Platform Configuration

Once our tools are set up, we can configure them and deploy to them.

Task	Description	Notes
Configure Northbound	As an API consumer, I want to securely access the API Platform so that I can have confidence in sensitive data transmission	Configuring Virtual Hosts Hybrid Virtual Hosts
Configure Southbound	As an API developer, I want to connect the API Platform with backend systems so that I can proxy API calls securely	Typically involves southbound Mutual TLS and IP Access Control
Deploy Common Shared Flows	As an API Developer, I want to reuse common flows so that I consistently apply best practices to my API	DevRel Reference
Configure Project Template	As an API Developer, I want to reuse a common proxy template so that I consistently apply best practices to my API	DevRel Reference
Initial Governance Rules	As an API Developer, I want to understand the platform standards so that I create consistent APIs across the platform	Community Reference
Configure SSO	As an API Operator, I want API Platform users to log in with Single Sign On so that their credentials are centrally managed
Configure Role Based Access	As an API Operator, I want to reduce the actions of some API Platform users so that they don't perform dangerous actions
Deploy Developer Portal Base	As an API Developer, I want a developer portal to be deployed so that I can customize and extend it with API documentation	Drupal Kckstart

Identity Tasks

Identity APIs should be treated separately to other APIs, as they can be considered a prerequisite to any secure API and will often be implemented as the first APIs on the platform.

Task	Description	Notes
Identity BDD Features and Scenarios	As an API Developer, I want to write behaviour-driven tests so that all stakeholders understand our quality assurance results
Mock Identity Endpoints	As an API Developer, I want to mock our third-party identity provider so that I reduce dependencies during implementation	DevRel Reference
Implement Identity [client credential/password/auth code/implicit/hybrid] Grant Type	As an API consumer, I want to obtain a token using a grant type suitable to my client type so that I can access protected APIs	Docs
Implement Client Registration	As an API consumer, I want to register so that I can obtain credentials to access Identity APIs
Add Token Validation to Project Template	As an API provider, I want to validate a consumers access token to ensure they are entitled to access protected APIs
Implement Token Refresh	As an API consumer, I want to refresh expired tokens so that end users don't have to re-authenticate
Implement Token Revocation	As an API provider, I want to revoke compromised tokens so that protected APIs are not abused

Proxy Tasks

For each API that we developer, we can consider the following tasks.

Task	Description	Notes
BDD Features and Scenarios	As an API developer, I want to write behaviour driven tests so that all stakeholders understand our quality assurance results	Apickli
Mock Backend	As an API Developer, I want to mock backends so that I reduce dependencies during implementation
Traffic Management	As an API Operator, I want to ensure that our backends receive acceptable rates of traffic so that the system remains stable
Mediation	As an API Developer, I want to expose a simple, RESTful API so that consumers enjoy using my API
Orchestration	As an API Developer, I want to reduce multiple APIs requests into a single request so that consumers have a simpler experience when using my API
Security	As an API Developer, I want to extend the base Security policies so that additional protections can be applied for an API
Analytics	As an API Product Owner, I want to understand the usage of the API Platform so that I can understand the needs of my customer	Statistics Collector
Developer Portal	As an API Consumer, I want to read documentation and onboard to an API so that I can quickly develop my own application	Upload specification to portal
Monitoring	As an API Operator, I want to understand the deployment and latency status of production APIs so that I can maintain SLAs
Monetization	As an API Product Owner, I want to charge for Premium APIs so that I can open a new revenue channel for my organization
Performance test	As an API developer, I want to understand the performance profile of my APIs so that I can have confidence in their stability under load in production

davissean · ‎10-13-2020

Could we add some epics/groupings to this?