What is API Access?
API access is the process of ensuring that calls to APIs with authenticated logins are able to access the APIs. API products are also a good way to control access to a specific bundle of resources/profiles or aspects of information.
This implementation guide identifies the need to manage any exposed APIs. When access control and monitoring is combined while creating an API, this can empower API implementing organisations to improve, control, limit and deny access to APIs and therefore the underlying data in a consistent mechanism. When APIs are the central mechanism for authorization and access control to your APIs.
API access control measures need to be defined alongside API creation and need to look for:
- enforcement of authorisation
- security of payload and access
- matching security with scope of use
- access and approval for particular resources
A possible mechanism for providing access to APIs is the provision of API keys for access to the APIs being provided. Please contribute for other common access methods and add to the Case Studies to show various access mechanisms to APIs.
Access and Care Connect APIs
Access to APIs needs to considered at the design phase to include the process of managing and maintaining valid and consistant APIs. The following design considerations become increasingly important as an accessible API moves through Test to Assure to Deployed.
- Access Access Management
- Endpoints Endpoints
- Report & Monitoring CCRI Monitoring
- Traffic Management CCRI Monitoring
For more information on the wider design decisions involved in providing safe access to information please see:
- Case Studies illustrates access decisions used to solve the challenges faced within the context and design patterns encountered.
Reference Implementation - Access Example
The Care Connect Reference Implementation (CCRI) provides an example API access mechanism and also shows simple Endpoint configuration, Report & Monitoring and Traffic Management. The CCRI has been designed as an example to show Access and Security for a Care Connect API implementation. The CCRI is not intended to be an offical version to follow all of the methods and principles, however, it can be used as an example of the architectural pieces required to deploy a functional Care Connect API. Each element has been described at a high level within the Care Connect Reference Implementation Guide. Also to aid developers quickly test the main components have been placed in containers (Docker instances using Docker Compose) to allow for minimal configuration.
The design of the Care Connect Reference Implementation shows how to manage and maintain valid and consistant APIs through automated testing, example data and continuous integration and deployment. The design CCRI has taken the Access considerations above to provide accessible API and resilient example API.
Other API consideration are shown below. Please click on the parts of the API process to continue your API creation journey.