BreadcrumbHomeResourcesBlog How To Define API Requirements September 20, 2020 How to Define API RequirementsAPI Lifecycle ManagementDefining API requirements is an important step to developing your APIs.But what are API requirements? And how do you define API requirements? That's what we break down in this blog. Table of ContentsWhat Are API Requirements?How to Define API RequirementsPutting API Requirements Into PracticeTable of Contents1 - What Are API Requirements?2 - How to Define API Requirements3 - Putting API Requirements Into PracticeBack to topWhat Are API Requirements?API requirements include functional requirements (what your API should do) and nonfunctional requirements (how your API should perform in terms of service level agreements). On top of that, API requirements also include a third type — the way your system implements requirements. The illustration below shows this breakdown of API requirements from functional to nonfunctional to implementation. Back to topHow to Define API RequirementsHere's how to define your API requirements.Understand and clearly articulate the detailed requirements for the API.Make sure there is agreement between key players before development starts.Separate functional from non-functional requirements and develop only to the functional requirements.Iterate through the API development process.Utilize an API platform. Requirements For Your API Management SolutionCheck out The Forrester Wave™: API Management Solutions, Q3 2020 report to learn about key requirements for your API management solution.📕 get the ReportExamples of API Functional RequirementsFunctional requirements define what the API does and how the API will be used.The way in which the API will be used affects several issues such as the technology choices, regulatory issues, and security. For example, an API that’s being used to perform financial transactions will have more constraints than one delivering advertisements.Some examples of how APIs will be used include the following functional requirements:Within a mobile application.Delivery of banner ads on a webpage.As part of a mashup.Servicing financial transactions.Providing a self-serve portal.Enabling the connection of a new business to the existing enterprise.Examples of API Nonfunctional RequirementsThere are two big differences between functional and non-functional requirements:Non-functional requirements are much more variable than functional requirements.Implementing non-functional requirements by declarative policies is much quicker and easier than implementing functional requirements.Because of the differences between them, it’s important to separate out these two types of requirements.Availability, scalability, logging, security, and performance are all critical to the successful use of an API. But none of them have anything to do with the business process or domain of the API’s resource.Here are some examples of nonfunctional API requirements. Nonfunctional API Requirement ExamplesNonfunctional API RequirementDefinitionCorrectnessAbility with which the software respects the specification.PerformanceEase with which the software is doing the work it is supposed to do. Usually measured as response-time or throughput.ReliabilityAbility with which the software performs its required functions under stated conditions for a specified period of time.RobustnessAbility with which the software copes with errors during execution.ScalabilityAbility with which the software handles growing amounts of work in a graceful manner.SecurityDegree to which the software protects against threats.UsabilityEase with which the software can be used by specific users to achieve specific goals. It's important to address nonfunctional compatibility for APIs. For example, if a particular security mechanism was applied to an API, but other consumers required a different security mechanism, that API is not reusable. This is true for any non-functional capability, including logging and failover.But functional and nonfunctional aren't the only requirements for APIs. There are also implementation requirements — which are typically heavy on security. Examples of API Implementation RequirementsThere are lots of examples of API implementation requirements, but let’s just take a look at a couple of security specifics for SOAP and REST. Implementation Requirements For APIs: ExamplesAPI RequirementSOAPRESTUser AuthenticationWS-Security Supporting TokenOAuthData privacyWS-Security Message EncryptionHTTPSApp AuthenticationWS-Security Message SignatureHMAC Header Signature or OAuthThe implementation specific requirements are the way in which you meet functional or nonfunctional requirements for a particular API implementation. There is a big difference between an API and an API implementation. In fact a single API could have lots of implementations.Even more important than the idea of implementation specific requirements (which I’ll abbreviate as ISRs from now) is the question:Does the API address functional requirements? Or are the functional requirements really addressed by the system that exposes the API?Back to topPutting API Requirements Into PracticeIt’s one thing if you happen to be Facebook or Twitter/X and have a platform that was built with exposing an API in mind — or if it was built with an API-first mindset. But in most enterprises that won’t be the case.You will have a whole bunch of different enterprise applications, all of which deliver some valuable capabilities. But what you need to do is deliver real business value to your partners and customers by delivering an API that uses functionality from many of these applications.In this case, most of your functional requirements will be met by the applications themselves with your service or API platform tweaking a few things in the process of delivering the API.What you need to focus on is how you can ensure that your API will meet its functional and implementation specific requirements.In many cases your API platform will be responsible for creating the various different implementations. In this case, you need to ensure that your API platform can enforce security and QoS policies. But it also needs to take multiple backed services of different types and create a consistent API interface that it can expose as SOAP, REST/XML, REST/JSON, WebSockets, AMQP — and whatever the industry will throw at you next.Akana Provides the Best Platform To Fulfill API RequirementsAkana provides the best platform to fulfill your API requirements. That's because Akana makes it easy to create, publish, consume, and monetize APIs. Because Akana makes it so easy to deploy APIs, you can achieve faster-time-to-market. Plus, you can automatically apply security policies. And you'll get the support you need to drive your API strategy forward. On top of all that, Akana makes it easy to deliver real business value to your organization. Seriously — check out how much you can save based on your API performance indicators >>Learn More About AkanaSee for yourself why Forrester ranked Akana as a leader in API management — and the top vendor for API policy and security. Watch an on-demand demo to see Akana in action. ▶️ Watch the Demo 👉 Become an ExpertExplore additional resources:API BasicsAPI LifecycleAPI StrategyRequirements Management This blog was originally published in 2014. It has been updated for accuracy and comprehensiveness.Back to top
