As the API Lifecycle fast-track is tailored to be... fast and focussed on SaaS start-ups ready to securely deliver their first public API(s), let's get straight down to business.
The Fast-track package includes 5 steps in 5 days.
1- API Audit
During the API audit, we define the current accessible data, either through DB models or existing APIs. These target models form the basis of the future OpenAPI contracts.
The existing security models and data-flow diagrams are also reviewed.
2- API Lifecycle guide
Based on the current models, we look at the industry best practices to come to a combined API lifecycle guide. This documentation will be the reference for future API business and development.
3- Validation of OpenAPI contracts
We use the API Lifecycle guide to model the OpenAPI contracts, together with the tech team. Once integrated, we validate the target contracts with the actual output, until the desired quality output is reached and the target API’s are ready for publication.
Once the authentication model is implemented and the API contracts are validated and ready for public use, we plan a “pen-test” to ensure a secure and controlled exposure of the SaaS data models.
Proof of security audit
The penetration test concludes with a security certification, which can be used to convince stakeholders and partners to jump on board in the last mile: service integrations.
The OpenAPI contracts will be processed in an automated testing boilerplate, which is usable on delivery, but is also intended as foundation for more extensive testing and quality monitoring of future releases.
The API Fast-track includes Cyrex unique API security expertise.
4- Business and technical worksession
At the end of the “API lifecycle fast-track”, the results and next steps for the tech team will be explained in a technical worksession. For the business worksession, the connection with API Suite will be provided, and business cases will be discussed.
5- API “SLA” assistance
To ensure that the executed works are implemented in real-life, our team remains on stand-by for 3 months to assist in API-specific challenges.