API Design
Enforcing API consistency

Enforcing API consistency with a large team

In large organizations where multiple teams contribute to an API ecosystem, maintaining consistency can be a challenge. Without some sort of defined strategy, APIs may diverge in their style, error handling, naming conventions, security practices, or even call the same thing different names.

All of this causes confusion for users of the API, and this confusion costs time and money as support staff need to answer questions, profitable integrations are delayed, or breakages occur due to inconsistent behavior.

To ensure uniformity, organizations need a combination of structured guidelines, automated enforcement, centralized API gateways, and thorough review processes.

Define an API style guide

As 100 developers how to do something and you’ll get 101 answers on the best way to do it, and this can become a real headache when building APIs.

Instead of picking unique approaches to everything, and API style guide can be written as a foundation for standardization, ensuring that all teams follow a common approach when designing and building APIs.

A good guide should clearly define naming conventions for endpoints, query parameters, and request/response properties, and require establish standards for structured things like pagination, error handling, collections, and HTTP status codes.

Authentication and security guidelines must be outlined, covering mechanisms like OAuth, API keys, and rate limiting, all of which should work the same across APIs wherever possible to allow code reuse and reduce the cognitive load.

Additionally, the guide should include a versioning strategy to manage changes effectively and set documentation standards for OpenAPI descriptions to ensure completeness and clarity.

These style guides are living documents that should be updated regularly to reflect changes in best practices and organizational requirements, and can be published internally or publicly to help other organizations who might like your style. Lots of companies have done this, including Google (opens in a new tab), and many more which can be found here (opens in a new tab).

Automated style guides

Writing all these decisions down is a good start, but it’s not enough. Humans make mistakes, misread things, and misremember things. As guides evolve and new advice is added, people are unlikely to come back and read the guide again and might not spot the new advice.

API linting tools exist to help, with two popular tools being Spectral, vacuum, and the Speakeasy CLI. This will not only validate OpenAPI documents to make sure they’re syntactically correct, but can also be programmed to enforce the advice set out in the style guide.

This means that teams who have built an API can check it’s ok before deploying it to production, and teams who are following the API design-first workflow can get real-time feedback on the API as it is still being defined, further saving time and money from being wasted coding something problematic.

Spectral, vacuum and Speakeasy all automate a big chunk of the API style guide, making API design reviews considerably easier, letting the review focus on more complex issues like “is this the right way to solve the problem?” rather than “is this the right way to capitalize a property?”.

Having all APIs following the same automated style guide, all integrated into OpenAPI editors, code editors, and run again in CI/CD pipelines, teams can be certain that APIs are going to be consistent, and only get better over time.

Info Icon

NOTE

See what linting rules you can create using Speakeasy CLI’s lint command.

Leveraging API gateways for centralized functionality

One way to remove discrepancies between APIs is to not have multiple APIs doing the same thing in the first place.

API gateways like Kong (opens in a new tab), Tyk (opens in a new tab), Express Gateway (opens in a new tab), and AWS API Gateway (opens in a new tab) play a crucial role in standardizing authentication and authorization policies, rate-limiting, traffic filtering, and network caching.

Leaving these features to be implemented in multiple APIs can be tricky even when installing the same libraries. For example, while OAuth 2 is a standard and should be implemented the same way regardless of the software, two different APIs might be using two different versions of the Ruby on Rails OAuth 2 server Doorkeeper, and one might have fixed a bug that the other hasn’t. Those two will vary again from another implementation written in another framework or another language.

They also help maintain uniform logging and monitoring practices by centralizing API usage tracking and performance metrics. Additionally, gateways can facilitate request and response transformations, ensuring backward compatibility without requiring changes across multiple services. This is a helpful way to remove inconsistencies from APIs which are already in production without complicating the codebase.

API design reviews

The API Design Review is a core component of a broader API governance program, where stakeholders evaluate proposed API changes to ensure they align with the organization’s architecture and ecosystem. This process typically involves a diverse group, including API designers, developers, technical writers, system architects, and governance teams, all working together to maintain consistency and quality across the API ecosystem

Just like code reviews are now common on pull requests, design reviews allow API designers and developers to submit OpenAPI-based proposals for review either before any code is written, or at the same time as code is written.

A dedicated review committee, including API architects and experienced developers, should evaluate proposals based on adherence to guidelines and best practices.

The automated checks can be run with linting on these pull requests before manual reviews to catch common issues efficiently, then design review meetings provide a platform to further discuss key API decisions, trade-offs, and potential improvements. This catches all the things a linter cannot, like “is this the right name for this concept” or “this was just added to another API, can we reuse that?”

Summary

Achieving consistency across an API ecosystem in a large organization requires a combination of well-documented style guides, automated enforcement through linting, centralized functionality via API gateways, and a structured API design review process.

Implementing all or some of these approaches should ensure that APIs remain scalable, maintainable, and high quality, providing a surprise-free experience for API consumers and hopefully making life easier for API producers as well.