Pattern: Solution-Internal API

How can access to and usage of an API be limited to an application, for instance, components in the same or another logical layer and/or physical tier?

Foundation Category Overview


The final version of this pattern is featured in our book Patterns for API Design: Simplifying Integration with Loosely Coupled Message Exchanges.

Pattern: Solution-Internal API

a.k.a. Application-Internal Programming Interface

Context

It has been decided to provide a subsystem of an application with a remote API that exposes one or more API endpoints, but it is not clear yet which level of visibility the API services should have. The API clients that are supposed to use the API (and therefore must reach it) are part of the same application (or solution, possibly service-based).1

Problem

How can access to and usage of an API be limited to an application, for instance, components in the same or another logical layer and/or physical tier?

Forces

The forces listed under Public API and Community API (also dealing with API visibility) apply here too:

  • Business model and stakeholder concerns
  • Target audience size, location, and diversity
  • Complexity and maturity of required backend systems and data stores
  • Security considerations
  • Size, location, and technical preferences
  • Lifecycle management
  • Budgets

These forces are discussed in the two other patterns. For the sake of brevity, they are not elaborated upon again here.

Solution

Decompose the application logically into components. Let these components expose local or remote APIs. Offer these APIs only to system-internal communication partners such as other services in the application backend.

Sketch

A solution sketch for this pattern from pre-book times is:

Solution-Internal API in Context: Architecture Overview

Example

In the Lakeside Mutual case study, the interface between the Customer Core and its utility services such as city lookup (by zip code) and phone number validation can be seen as examples for this pattern. The same holds for the risk calculation service:

"/riskfactor/compute": {
  "post": {
    "tags": ["risk-computation-service"],
    "summary": "Computes the risk factor for a given customer.",
    "operationId": "computeRiskFactorUsingPOST",
    "consumes": ["application/json"],
    "produces": ["*/*"],
    "parameters":[{
      "in": "body",
      "name": "riskFactorRequest",
      "description": "the request with customer attributes (e.g., postal code, birthday)",
      "required": true,
      "schema": {
        "$ref": "#/definitions/RiskFactorRequestDto"
      }
    }],
    "responses": {
      "200": {
        "description":"OK",
        "schema": {
          "$ref":"#/definitions/RiskFactorResponseDto"
        }
      },
      "201": {
        "description":"Created"
      },
      "401": {
        "description":"Unauthorized"
      },
      "403": {
        "description":"Forbidden"
      },
      "404": {
        "description":"Not Found"
      }
    }
  }
}

Are you missing implementation hints? Our papers publications provide them (for selected patterns).

Consequences

The resolution of pattern forces and other consequences are discussed in our book.

Known Uses

Many internal APIs exist in firms, government agencies, and other organizations around the world; many of these qualify as Solution-Internal APIs. Few of these are documented publicly; for some of them, experience reports have been published. Object-oriented APIs and classical RPCs can be found more often in solution- and company internal integration efforts, but message-based ones are also common.

The Apigee Edge products provide product-internal management APIs for topics such as analytics and billing. Eclipse exposes many local APIs, but also enabled interprocess communication via its Eclipse Communications Framework. Built primarily for the Eclipse IDE’s collaboration and communication features, e.g. shared editing, file transfer, messaging, it can be used in any application based on Eclipse’s Rich Client Platform. The actual communication is handled by so-called distribution providers, which are implemented, amongst others, for ActiveMQ, gRPC, MQTT and Jax-RS.

Terravis (Lübke and Lessen (2016)) exposed system-internal functionalities as API operations in Solution-Internal APIs. These APIs are called by a process engine and include operations to generate documents and invoke domain-specific services. These services offer access to otherwise non-public master data such as bank partner information and payment configurations as well as non-public parcel indices (metadata).

More Information

Related Patterns

A Solution-Internal API may support Frontend Integration and/or Backend Integration. The siblings of this pattern that describe other visibility levels are Public API and Community API.

The Private Cloud pattern in Fehling et al. (2014) has a similar context and intent, but is more concerned about IT infrastructure (rather than API design).

The API refactoring Extract Endpoint splits an existing API into multiple ones.

Other Sources

The Design Practice Repository (DPR) and DPR eBook feature many techniques for API design.

Blog posts on MAP provide additional examples.

References

Amundsen, Mike. 2020. Design and Build Great Web APIs: Robust, Reliable, and Resilient. Pragmatic Bookshelf.
Fehling, Christoph, Frank Leymann, Ralph Retter, Walter Schupeck, and Peter Arbitter. 2014. Cloud Computing Patterns: Fundamentals to Design, Build, and Manage Cloud Applications. Springer.
Lauret, Arnaud. 2019. The Design of Web APIs. Manning.
Lübke, Daniel, and Tammo van Lessen. 2016. “Modeling Test Cases in BPMN for Behavior-Driven Development.” IEEE Software 33 (5): 15–21. https://doi.org/10.1109/MS.2016.117.

  1. Note that this context is similar to that of the sibling patterns Public API and Community API.↩︎

Pattern Index

Foundation Patterns

Responsibility Patterns

Structure Patterns

Quality Patterns

Evolution Patterns

Cheat Sheet

Back to homepage