The first few sprints are critical to the success of a program. Here is a suggested backlog when getting started.
Project Bootstrapping
These are the tasks that might be included in a Sprint 0 and can be seen as prerequisites for development to begin.
Task | User Story | Notes |
API Platform Infrastructure Provisioning | As an API Operator, I want infrastructure, so that I can deploy Apigee | |
API Platform Installation | As an API Operator, I want to deploy the API Platform, so that the organization can expose APIs | Not required for SaaS Hybrid OPDK |
Source Control Setup | As an API Developer, I want to store my code in source control so that I can collaborate safely with others and track changes | Community |
Artifact Store Setup | As an API Operator, I want releases to be stored in an artifact store so that release management is simplified | Optionally push .zip to artifact store |
Continuous Integration Setup | As an API Developer, I want to automate deployment and testing of APIs so that all changes are testing throughout the development lifecycle | DevRel Reference |
Monitoring Tooling Setup | As an API Operator, I want to monitor API deployments so that production SLAs are met | Community |
Project Management Tooling Setup | As an API Team member, I want to use tooling so that I can communicate with others and understand the project status | Chat tool, Sprint board, email alias |
|
|
Platform Configuration
Once our tools are set up, we can configure them and deploy to them.
Task | Description | Notes |
Configure Northbound | As an API consumer, I want to securely access the API Platform so that I can have confidence in sensitive data transmission | Configuring Virtual Hosts Hybrid Virtual Hosts |
Configure Southbound | As an API developer, I want to connect the API Platform with backend systems so that I can proxy API calls securely | Typically involves southbound Mutual TLS and IP Access Control |
Deploy Common Shared Flows | As an API Developer, I want to reuse common flows so that I consistently apply best practices to my API | DevRel Reference |
Configure Project Template | As an API Developer, I want to reuse a common proxy template so that I consistently apply best practices to my API | DevRel Reference |
Initial Governance Rules |
As an API Developer, I want to understand the platform standards so that I create consistent APIs across the platform |
Community Reference |
Configure SSO | As an API Operator, I want API Platform users to log in with Single Sign On so that their credentials are centrally managed | |
Configure Role Based Access | As an API Operator, I want to reduce the actions of some API Platform users so that they don't perform dangerous actions | |
Deploy Developer Portal Base | As an API Developer, I want a developer portal to be deployed so that I can customize and extend it with API documentation | Drupal Kckstart |
Identity Tasks
Identity APIs should be treated separately to other APIs, as they can be considered a prerequisite to any secure API and will often be implemented as the first APIs on the platform.
Task | Description | Notes |
Identity BDD Features and Scenarios | As an API Developer, I want to write behaviour-driven tests so that all stakeholders understand our quality assurance results | |
Mock Identity Endpoints | As an API Developer, I want to mock our third-party identity provider so that I reduce dependencies during implementation | DevRel Reference |
Implement Identity [client credential/password/auth code/implicit/hybrid] Grant Type | As an API consumer, I want to obtain a token using a grant type suitable to my client type so that I can access protected APIs | Docs |
Implement Client Registration | As an API consumer, I want to register so that I can obtain credentials to access Identity APIs | |
Add Token Validation to Project Template | As an API provider, I want to validate a consumers access token to ensure they are entitled to access protected APIs | |
Implement Token Refresh | As an API consumer, I want to refresh expired tokens so that end users don't have to re-authenticate | |
Implement Token Revocation | As an API provider, I want to revoke compromised tokens so that protected APIs are not abused |
Proxy Tasks
For each API that we developer, we can consider the following tasks.
Task | Description | Notes |
BDD Features and Scenarios | As an API developer, I want to write behaviour driven tests so that all stakeholders understand our quality assurance results |
Apickli |
Mock Backend | As an API Developer, I want to mock backends so that I reduce dependencies during implementation | |
Traffic Management | As an API Operator, I want to ensure that our backends receive acceptable rates of traffic so that the system remains stable | |
Mediation | As an API Developer, I want to expose a simple, RESTful API so that consumers enjoy using my API | |
Orchestration | As an API Developer, I want to reduce multiple APIs requests into a single request so that consumers have a simpler experience when using my API | |
Security | As an API Developer, I want to extend the base Security policies so that additional protections can be applied for an API | |
Analytics | As an API Product Owner, I want to understand the usage of the API Platform so that I can understand the needs of my customer | Statistics Collector |
Developer Portal | As an API Consumer, I want to read documentation and onboard to an API so that I can quickly develop my own application | Upload specification to portal |
Monitoring | As an API Operator, I want to understand the deployment and latency status of production APIs so that I can maintain SLAs | |
Monetization | As an API Product Owner, I want to charge for Premium APIs so that I can open a new revenue channel for my organization | |
Performance test | As an API developer, I want to understand the performance profile of my APIs so that I can have confidence in their stability under load in production |
Could we add some epics/groupings to this?