Unveiling the API Platform: A Scalable Solution for Modern Integrations

One of the pivotal announcements at the recent Sitecore Symposium was the introduction of the API Platform within Sitecore Connect. While webhooks have been a valuable tool for handling integrations and scheduled jobs, they present several challenges when used for more complex and business-critical requirements. These challenges include limitations in delivering authenticated APIs, lower rate limits, lack of queuing strategies, inability to deliver customized responses (e.g., pre-hook webhooks in OrderCloud), etc. The API Platform is built to address these limitations by offering a robust, scalable, and secure solution tailored for business-critical, complex, and high-volume events while delivering additional benefits like better performance, security, and operational efficiency.

In this blog, I’ll share insights from my exploration of the API Platform, walking you through its features, use cases, and an overview to help you determine when and how to use it effectively in your projects.

Platform Capabilities and Use Cases

  • Better Organization & Simplified Management of APIs
    • Group APIs into collections for better organization and manageability. This helps simplify complex integrations by categorizing endpoints based on functionality (e.g., Order Fulfillment, Product Management).
  • Enhanced Security and Control
    • Clients and Access Profiles: Create clients and assign specific access profiles to clients, controlling what they can and cannot do.
    • Advanced Authentication Methods: Support for Auth Tokens, OAuth2.0, OpenID Connect, and JWT ensures robust and flexible authentication mechanisms for the APIs to meet enterprise security standards. API Platform doesn’t support no-auth, and authentication is mandatory.
    • IP Address Blocking: Restrict access based on IP addresses for added security.
  • Overcoming Common Webhook Challenges
    • Rate Limits: Mitigate rate-limits with built-in support for scalable API handling.
    • Payload Size: Handle larger payloads than those supported by webhooks, enabling more complex data exchanges.
    • Bidirectional Communication: Customize response bodies(currently not feasible with Webhooks), making it easier to provide tailored outputs for pre-hooks or complex integrations.
    • Queuing Strategies: Manage concurrent requests effectively with queuing, reject and retry mechanisms.
  • Improved Operations and Monitoring
    • Scalability: Designed to handle high-volume, complex workflows with ease.
    • Logging and Troubleshooting: Continuous monitoring of APIs with detailed logging of API calls, payloads, and responses. Test endpoints directly within the platform to troubleshoot issues efficiently.
    • Performance Metrics: Gain insights into API performance and usage patterns to optimize operations.
  • Boosted Performance
    • Response Caching: Cache responses to reduce load and latency, improving overall system performance for high-traffic use cases.
  • Proxy Setup for Existing APIs
    • Use the API Platform as a proxy for existing APIs, adding layers of security, access control, and monitoring. This allows you to expose existing APIs securely without modifying their underlying logic swiftly.

Important Considerations

While the API Platform offers a robust feature set, it is not recommended for live events. The 3-million task limit per connection in Sitecore Connect is still applicable, which could become a bottleneck in high-frequency, real-time scenarios.

Pricing:

The API Platform is available as an add-on to your existing Connect license and will incur an additional cost, calculated as a percentage of your current connection cost.

Let’s now dive into the platform!

Overview of the Platform:

API Collections

The API Platform in Sitecore Connect supports two primary types of API collections:
API Recipe Collection: Enables you to expose recipes as API endpoints.
API Proxy Collection: Allows you to create secure proxies for existing API endpoints within an HTTP connection.

To create an API Collection, navigate to Tools > API Platform from the header navigation and open the Collections tab, and select ‘New Collection’,

Select an existing Recipe folder (for API Recipe Collection) or import an OpenAPI Specification to define API endpoints quickly,

Customize endpoint settings such as timeouts, caching, and other configurations to suit specific requirements.


API Collections can also be synced with your Postman Account if needed.

After providing metadata for the collection, it will be created along with the defined endpoints,

API Endpoints

For API Recipe Collections, ensure the selected recipes include an API Request Trigger with expected request headers and schema, an anticipated response status code and schema, and a Return Action to define what the endpoint sends back to the caller.

Swagger UI Testing: Test your API endpoints directly within the platform using the built-in Swagger UI for real-time validation,

Schema Validation: Enable schema validation in the endpoint settings to ensure incoming requests adhere to the defined schema if needed,

Policies

The API Platform allows you to set up Policies to manage rate limits and usage quotas for your APIs, ensuring scalability and preventing misuse.
Rate Limits: Control the number of requests allowed per second/minute/hour.
Usage Quotas: Set quotas for daily/monthly/yearly usage for clients consuming your APIs.

Clients

Under the Clients tab, you can manage access to your APIs by defining teams/users who will consume the APIs.
Team Management: Create and organize teams or individual clients.
API Access Control: Assign specific APIs or collections to clients via Access Profiles.
Authentication Mechanisms: Configure authentication using methods like API Keys, OAuth2.0, JWT, or OpenID Connect.
Policy Assignment: Assign policy to apply rate limit and usage quota policies to specific clients, ensuring fair usage and preventing abuse.


Logs

API Platform provides robust logging that captures all request and response details, including IP address, Response Time, Response Status, Responses, detailed logs for every step of the recipe execution, etc., which helps you troubleshoot and resolve failures swiftly,

Settings

API Platform allows you to customize domain, share the collection/endpoints publicly, and configure concurrency settings with the ability to either queue or reject requests,

Dashboard

API Platform features an intuitive dashboard that provides a comprehensive summary of all API requests and client activities, enabling you to monitor performance and make optimizations quickly and efficiently.


API Platform is a transformative addition to Sitecore Connect, enabling the creation of scalable, secure, and efficient integrations. By overcoming the limitations of traditional webhooks, it equips developers to handle complex workflows, manage high-volume traffic, and deliver customized solutions with confidence. Whether you’re integrating with OrderCloud, syncing data with a CRM like HubSpot, or creating secure and managed APIs for external partners, the API Platform offers the robust tools and flexibility needed to meet your integration challenges head-on and drive success for your projects.

Leave a Reply

Your email address will not be published. Required fields are marked *