[Author]
Purpose..................................................................................................................................1
Introduction............................................................................................................................1
Apigee Clients.............................................................................................................................. 2
Connectivity................................................................................................................................. 2
Security Requirements.............................................................................................................................. 2
Transport Security..................................................................................................................................... 2
Application and User Identification and Authorization...............................................................................2
User Identity Validation............................................................................................................................. 2
IP Control.................................................................................................................................................. 2
Apigee Targets............................................................................................................................. 3
Connectivity................................................................................................................................. 3
Load Balancing............................................................................................................................ 3
Security Requirements................................................................................................................. 3
Transport Security..................................................................................................................................... 3
Apigee Identification and Authorization..................................................................................................... 3
User Identity Forwarding........................................................................................................................... 3
IP Control.................................................................................................................................................. 3
Data Security............................................................................................................................................ 3
PCI Requirement...................................................................................................................................... 4
Operational Requirements...................................................................................................4
Datacenter/Region Requirements................................................................................................4
Failover Requirements.................................................................................................................4
Client-Side Load Balancing Requirements...................................................................................4
Availability Expectations...............................................................................................................4
Development................................................................................................................................ 5
Deployment.................................................................................................................................. 5
Source Code Management.......................................................................................................... 5
Performance...........................................................................................................................5
Performance Expectations........................................................................................................... 5
Target Response Times............................................................................................................................ 5
Target Throughput..................................................................................................................................... 5
Apigee Response Times........................................................................................................................... 5
Apigee Throughput................................................................................................................................... 5
Solution Requirements.........................................................................................................6
Traffic Management.................................................................................................................................. 6
Security..................................................................................................................................................... 6
Mediation.................................................................................................................................................. 6
Analytics...................................................................................................................................... 7
Custom Reports........................................................................................................................................ 7
Custom Statistics Collection..................................................................................................................... 7
Data Retention and Archival Strategy....................................................................................................... 7
API BaaS..................................................................................................................................... 7
Organizational Structure........................................................................................................................... 7
Data Import Requirements........................................................................................................................ 7
Data Export Requirements........................................................................................................................ 7
Security..................................................................................................................................................... 7
Collections................................................................................................................................................ 7
Entities...................................................................................................................................................... 8
Developer Portal.......................................................................................................................... 8
Branding................................................................................................................................................... 8
Security..................................................................................................................................................... 8
API Console.............................................................................................................................................. 8
API Documentation................................................................................................................................... 8
Developer and Application Statistics......................................................................................................... 8
Browser Support....................................................................................................................................... 8
Onboarding.................................................................................................................................. 8
Application Onboarding............................................................................................................................. 8
Developer Onboarding.............................................................................................................................. 8
Support.................................................................................................................................10
Maintenance Expectations......................................................................................................... 10
Testing Considerations.......................................................................................................11
Functional Testing...................................................................................................................... 11
Testing Approach..................................................................................................................................... 11
Test Cases.............................................................................................................................................. 11
Performance Testing.................................................................................................................. 11
Testing Approach..................................................................................................................................... 11
Test Cases.............................................................................................................................................. 11
System Maintenance.................................................................................................................. 12
Training.................................................................................................................................12
Purpose
This document is to capture the comprehensive set of functional and non-functional requirements. The requirements are
specific to the Apigee implementation and cover all aspects: design, architecture, infrastructure (on-prem), and
interactions of Apigee with other components. The details captured will be further refined into user stories and this
document will be archived as the team executes to the prioritized user stories.
Functional requirements should detail specific behaviors or functions for the solution (e.g. REST to SOAP mediation,
business rules, Oauth 2.0 Authorization). Non-functional requirements specify the criteria that can be used to measure the
operation of the system (e.g PCI Compliant, Supports Failover, Disaster Recovery, Performance).
Introduction
This section introduces the solution and outlines the goals for this project.
Project Objectives
[Explain primary objectives for the Apigee integration objectives of the Apigee project. What are the success criteria?]
Edge
Feature
Analytics
Feature
Developer Portal
Feature
AppServices
Feature
Description
[API Name]
Scope of Work
Item 1
Item 2
Item 1
Item 2
Apigee Clients
[What are the client systems/applications? Types of client systems; browser, mobile apps, B2B, ESB, internal systems,
external systems, etc.]
Connectivity
[Explain the protocol and means by which API clients will connect to Apigee, e.g. HTTP, HTTPS (one-way or mutual),
message queuing, CDN, VPN, dedicated network, internal network etc.]
Security Requirements
Transport Security
[How will the transport be secured? If SSL, explain who has ownership of generating and maintaining the certificates]
IP Control
[Explain whether clients will be IP whitelisted, IP Blacklisted, Dedicated IPs. If they will be, explain customers expectations
on how IP list will be maintained. If list is cacheable, TTL of this cache]
Apigee Targets
[What are the target systems/applications? Type of target systems; B2B, internal systems, external systems, message
queues, SMTP, etc.]
Connectivity
[Explain the protocol and means by which Apigee will connect to target systems, e.g. HTTP, HTTPS (one-way or mutual),
message queuing, CDN, VPN, dedicated network, internal network etc.]
Load Balancing
[Does target systems have load-balancing capability or Apigee target load balancing should be used. If load balancing will
be used, explain algorithm to use (round robin, weighted, least connections), any fallback servers, retry configuration,
target node health monitoring configuration, max failures, session stickiness, etc.]
Security Requirements
Transport Security
[How will the transport be secured?]
[If SSL, explain who has ownership of generating and maintaining the certificates. If Apigee is generating self-signed,
would customer willing to sign the certificates]
IP Control
[Explain if Apigee IP addresses will need to be whitelisted, blacklisted by the target. If so, document IP addresses here]
Data Security
[Does Customer require any special data privacy consideration with regards to APIs? Does Customer require any special
data privacy consideration with regards to Analytics data? Does Customer require any special data privacy consideration
with regards to the data in Logs? Does Customer require any special data privacy consideration with regards to Reduction
of payload data based on application type, user role, etc? Does Customer require any special data privacy consideration
with regards to Reduction of payload data from responses? Does Customer require any special data privacy consideration
with regards to Data storage (location, context)? Does Customer require any special data privacy consideration with
regards to personal sensitive data? Does Customer require any special data privacy consideration with regards to CC
Data?]
PCI Requirement
[Does Customer expect that its APIs will be subject to regulations around the storing and management of sensitive data?
Investigate if PCI is required for this solution. Note that northbound open HTTP connections are not allowed by default in
PCI organizations.]
Operational Requirements
[Explain whether the solution will be deployed on-premise or Apigee Cloud. Explain the reasons why customer wants to go
this way.]
Datacenter/Region Requirements
[Document the number of datacenters to be used and locations of those datacenters.]
[If there are more than 1 DC, active/active or active/passive.]
[Investigate data confidentiality/protection requirements, e.g. data must not go outside EU, etc.]
[Understand the connectivity between datacenters if this is on-premise, speed, pipe type, etc.]
[Does all APIs required to pass through those datacenters, e.g. there might be specific APIs that must only be deployed to
EU due to data confidentiality laws, etc.]
[Data caching requirements for multi-datacenter note the geolocation and data protection limitations.]
Failover Requirements
[Explain cross-region failover requirements (Apigee Cloud), on-premise datacenter failover requirements (on-premise).]
Availability Expectations
[Explain customers availability expectations in terms of percentage availability. Make sure that datacenter or region
considerations above matches this expectation.]
Environment
Purpose
Environment
Northbound Domain
Southbound Domain
Deployment
[Explain the progression of a specific version of API bundle through various environments, e.g. DEV -> QA -> UAT ->
PROD]
[If self-service, explain tools to be used to deploy APIs to Apigee environments, e.g. Apigee Enterprise UI, bash scripting,
maven, custom, etc.]
[If self-service, explain any continuous integration and deployment tool to be used, e.g. TeamCity, Jenkins, etc.]
Performance
This chapter captures clients traffic volume, performance and throughput expectations.
Performance Expectations
Target Response Times
[Document clients expectations in terms of expected API response time and/or latency range that target system(s) are
expected to have. If client has expectations/measurements for each individual API, include those here. If client has no
expectations or measurements planned in a future date, include that here as well.]
Target Throughput
[Express clients expectations in terms of API throughout per second/minute for target system(s). If client has expectations
for each individual API, include those here. If client has no expectations, include that here as well.]
Apigee Throughput
[Express clients expectations in terms of API throughout per second/minute. If client has expectations for each individual
API, include those here. If client has no expectations, include that here as well.]
Solution Requirements
Edge / API Requirements
[List the Apigee Edge / API requirements and explain in detail, e.g.]
Requirement
API Design
API Implementation
Rate Limiting
Quotas
Caching
Internationalization/Localization
Details
[Who is responsible for the design of the API]
[Who is responsible for the implementation in Apigee layer]
[Rates applied globally or based on request variable (like IP). How does
customer want to maintain the rate setting]
[Quotas applied globally or based on request variable (like IP). How does
customer want to maintain the quota allowance]
[Which resources, approximate size, TTL, globally distributed, etc.]
[Especially around data encoding (UTF-8) and languages to be supported for
Apigee responses (traffic management, security, etc.)]
Traffic Management
Requirement
Rate Limiting
Quotas
Caching
Details
[Rates applied globally or based on request variable (like IP). How does
customer want to maintain the rate setting]
[Quotas applied globally or based on request variable (like IP). How does
customer want to maintain the quota allowance? Does customer want the
ability to reset quota as an administrative function? Does customer want to
expose quota used value in the response?]
[Which resources, approximate size, TTL, globally distributed, etc. Full
response or partial?]
Security
Requirement
Threat Protection
Regular Expression Protection
OAuth
API Keys
Access Control
SAML Assertion
Attack Notification Protection
Reaction Against Attackers
Data Security
Details
Mediation
Requirement
JSON to XML
XML to JSON
XSL Transform
SOAP Message Validation
Key Value Map
Service Callouts
Details
Analytics
[List API analytics requirements and explain in detail.]
Custom Reports
[List custom reports and their specifications that will be created during implementation to fulfill analytics requirements.]
API BaaS
Organizational Structure
Data Import Requirements
[Document frequency of imports, e.g. hourly, daily, weekly, etc., number of entities to be imported per request.]
Security
[What are the client systems?]
Roles
Role
Permissions
Description
Users
[Document users that will need to be setup for each environment.]
User
Role
Collections
Collection
Purpose
Entities
[List the entities that are required for this solution.]
Entity
Purpose
Developer Portal
Branding
[Describe the branding requirements for the portal, e.g. color scheme, logo, images, font styles, header look & feel, special
formatting for certain elements like tables, any hyperlinks pointing to customer sites.]
Security
[Describe what portions of the portal are secure and unsecure. What type of security mechanism should be implemented,
e.g. forms authentication, IP whitelisting, etc.]
API Console
[Describe who is responsible for setting up, maintaining API Console. Describe WADL generation process and how to
update API Console with WADL.]
API Documentation
[Describe how API documentation will be created and uploaded into the portal. Explain whether customer requires more
than one portal deployed, i.e. staging and production. Explain the process of pushing content from staging instance to
production instance.]
Browser Support
[Describe which browsers should be supported for this solution in minimum.]
Onboarding
Application Onboarding
[Describe the process of application onboarding for this solution, specifically:
Application definition
Developer Onboarding
[Describe the process of developer onboarding this solution, specifically:
Support
Operational Monitoring Requirements
Apigee Only Health check
[Describe the approach to monitor Apigee in isolation, e.g. /ping resource deployed in Apigee that doesnt hit the target but
responds with a 200 pong response.]
Maintenance Expectations
[Include information about how and when system maintenance windows will be made available to support Apigee fix or
scheduled maintenance deployment.]
Testing Considerations
This chapter captures approach, expectations and considerations for functional and performance testing of the overall
implementation.
Functional Testing
Testing Approach
[What portions of functional testing will be implemented and executed by Apigee. What is the process of
approval/acceptance of functional tests implemented by Apigee?]
[What portions of functional testing will be implemented and executed by customer?]
[Which tools are used to do functional testing?]
Test Cases
[Document test cases and scenarios in scope for Apigee.]
Performance Testing
Testing Approach
[What portions of performance testing will be implemented and executed by Apigee. What is the process of
approval/acceptance of performance tests implemented by Apigee?]
[What portions of performance testing will be implemented and executed by customer?]
[Which tools will be used to execute performance tests?]
[What are the success criteria of performance tests?]
Test Cases
[Document test cases and scenarios in scope for Apigee.]
Training
[Discuss any specific customer requirements/needs for training for Apigee products to be used in this solution.]