Solved: API Management - Business rules as policies?

Report Inappropriate Content · 10-26-2017 09:59 AM

When building a new system, is it a good idea to centralize business rules (as policies) in the API management platform? The idea is that the API users(third party applications) and the web application (our business platform) will perform most business transaction related messaging through the API management platform.

Note: The application doesn't handle very large volumes (as opposed to say a banking application) and the business rule repository will probably be under 200 in count. Not all these will be executed in call. Also, this is not a microservices based application in which case the business rules within the bounded context of the microservice can be encapsulated as part of the microservice.

Are there any general do's/don't or patterns to help decide what goes in the gateway and what doesn't ? Are there potential performance or efficiency pitfalls?

Ps: I understand that this is a broad question so a black and white delineation may not be possible but I can use help on how to approach policy design.

dcouldwell

It is a broad question so let me make some assumptions and state some general guidelines.

Let's make the following assumptions / statements

Business logic should be maintained in one place
The costs of maintaining this logic should be minimised
The right tool should be used for the job
Business logic should be easily differentiated from solutions to non functional or platform level requirements.

Feel free to disagree with any of the above...

So based on the above my initial question is how complex is the business logic?

If the logic is simple and can maintained in a cost efficient fashion (e.g. using out of the box policies or simple code) and also not confused with platform functionality (e.g. traffic management, security) then go ahead and build the business logic into the proxies.

As the logic gets more complex and you may need to break this out into more involved stand alone code along with out of the box proxies but the same rules apply. Do the code extensions provided by the platform plus policies still allow you to maintain this business logic in a cost efficient and maintainable fashion?

Finally if you need to build a very complex set of business rules in code you may get to the stage where it makes more sense to break this out into it's own stand alone App that can be leveraged by the proxy as required e.g. using service call outs. At this point it make sense to look at the code extensions available in the platform and assess whether it still fulfills the rules outlined at the top.

Hope these makes sense.

View solution in original post

DChiesa

Really good question. I'd like to invite people like @Christin @Christin Brown @Dom Couldwell and @davidwallen1 to address this question.

dcouldwell

It is a broad question so let me make some assumptions and state some general guidelines.

Let's make the following assumptions / statements

Business logic should be maintained in one place
The costs of maintaining this logic should be minimised
The right tool should be used for the job
Business logic should be easily differentiated from solutions to non functional or platform level requirements.

Feel free to disagree with any of the above...

So based on the above my initial question is how complex is the business logic?

If the logic is simple and can maintained in a cost efficient fashion (e.g. using out of the box policies or simple code) and also not confused with platform functionality (e.g. traffic management, security) then go ahead and build the business logic into the proxies.

As the logic gets more complex and you may need to break this out into more involved stand alone code along with out of the box proxies but the same rules apply. Do the code extensions provided by the platform plus policies still allow you to maintain this business logic in a cost efficient and maintainable fashion?

Finally if you need to build a very complex set of business rules in code you may get to the stage where it makes more sense to break this out into it's own stand alone App that can be leveraged by the proxy as required e.g. using service call outs. At this point it make sense to look at the code extensions available in the platform and assess whether it still fulfills the rules outlined at the top.

Hope these makes sense.

Report Inappropriate Content

Thank you @Dom Couldwell. I agree with you.

We have decided not to put business rules in the gateway because of the following reasons

Our business logic is not fully centralized and the effort to centralize and codify for the Gateway will take away for the business cycles.
API gateway is being used to route calls/messages and there's a bit of a concern about vendor lock-in when it comes to business rules.
The business teams may find it hard to work on the business rules in the API gateway.

Report Inappropriate Content

Look, I own my personal company. That is a small company, but we have all our business controlled and put together technologically. And I don’t even know what API Management is. The secret is simple. You have to know good people in order to be able to rule a business! I am collaborating with a great company that is doing all that things for me, all I have to do is think. Yeah, that simple, think. Because thinking is the real key to success! If you want to know a little more about that you can check that website https://www.generationix.com/it-consulting-los-angeles/. I hope that this information will change your way of thinking and your business will grow big.

mariocleotildee

Fascinating facts about API integration modules. I also had some objections in regard to it. We are trying to launch our tour guide reference database site soon and such a module would work incredibly well I suppose. We are not so sure about what money we will need to create the site though, as the web design quote we have gotten was quite high and we really need to save money in order to finalize it. We have used several tools that helped us understand what it would take to get back on track when it comes to our financial difficulties. One of those tools was https://www.calxa.com/cash-flow-forecasting a free cash flow forecaster that really saved me time and helped me understand when I would be able to pay.