As the API Lifecycle fast-track is tailored to be... fast and focussed on SaaS start-ups ready to securely deliver their first public API(s), let's get straight down to business.
The Fast-track package includes 5 steps in 5 days.
1- API Audit
We define the currently accessible data during the API audit, either through DB models or existing APIs. These target models form the basis of future OpenAPI contracts.
The existing security models and data-flow diagrams are also reviewed.
2- API Lifecycle guide
Based on the current models, we look at the industry best practices for a combined API lifecycle guide. This documentation will be the reference for future API business and development.
3- Validation of OpenAPI contracts
We use the API Lifecycle guide to model the OpenAPI contracts and the tech team. Once integrated, we validate the target contracts with the actual output until the desired quality output is reached and the target API's are ready for publication.
Penetration testing: Once the authentication model is implemented and the API contracts are validated and ready for public use, we plan a "pen-test" to ensure the SaaS data models' secure and controlled exposure.
Proof of security audit: The penetration test concludes with a security certification, which can be used to convince stakeholders and partners to jump on board in the last mile: service integrations.
Automated testing: The OpenAPI contracts will be processed in an automated testing boilerplate, which is usable on delivery but is also intended as the foundation for more extensive testing and quality monitoring of future releases.
The API Fast-track includes Cyrex unique API security expertise.
4- Business and technical work session
At the end of the "API lifecycle fast-track", the results and next steps for the tech team will be explained in a technical work session. The connection with API Suite will be provided for the business workstation, and business cases will be discussed.
5- API "SLA" assistance
To ensure that the executed works are implemented in real-life, our team remains on standby for 3 months to assist in API-specific challenges.