The project was to create 2 Developer Portals, one was external which was exclusively for the TPP on boarding and for registering and obtaining credentials on some of the exposed Bank's APIs according to the rules from Open Banking program and the second Internal Portal was for internal developers use only.
Both portals are implemented using IBM Technologies such as the IBM API Connect, an API management solution for creating, running, managing and securing APIs for external and internal consumers.
The idea behind both API Market Place Portals is to create new APIs from Swagger file definitions, add Policy to them, secure them by putting in place an authentication process which requires for all APIs a registration of an App with key.
For example, one of the most common authentication is OpenID Connect (OIDC) which requires the client to specify a client name, client url, a scope and redirect url(s). When the User register the App then obtains a client ID and Client Secret to use in order to be authenticated within the Portal in order to access to the registered list of APIs.
In general these APIs are implemented outside the Web Portal in external systems, but the authentication process is completely transparent to these backend systems and it is performed in a unique centralised place which works as a reverse Proxy for all these external resource providers.
Basically IBM API Connect creates an interface to Developers so that they do not need to know the exact real location of the APIs but they can still use them because the Drupal Portal uses the API Gateways to determine how to map those APIs.
With OpenID Connect (OIDC) users get authenticated directly by the unique centralised Web Portal which works as a sort of relying parties for all third-party APIs services.
I spent 1 year at Santander Head office in Milton Keynes and as a Full Stack Drupal 7 Developer I joined a brilliant Team of other 6 people, 1 Drupal Developers, 1 project Owner, 1 Project Manager, 1 System Admin, 2 Business Analysts and 1 Testers. As part of the Project, I had to create custom modules for the following API Management screens:
- Upload the Swagger Definition File.
- Create new versions for an API.
- Publish the APIs into the Portal.
- Allow the admin to add a policy to the APIs.
- Allow Developers to register for an App.
- Generates the App Keys.
- Categorise all the APIs using Taxonomies.
Day to day activities
In order to achieve the success on the implementation of this Drupal API Market Place Portal, my day to day Tasks were:
- Continuous integration Tools such IBM API Connect, Jenkins, GitLab and Jira.
- Full stack technology: Php / Drupal 7 / MySQL / REST APIs / OpenID Connect (OIDC) / Bootstrap Theming.
- Leant the IBM API Connect and OIDC technology.
- Follow the PSR-2 Coding Style Guide, best practices and processes in Delivering Code.
- Code reviewed with pull requests, Deployed and Built using automated custom script.
- Data Base Design, Custom REST APIs for Integrating Drupal with IBM API Connect.
Among all different challenges I was efficient in communicating and co-ordinating the tasks with different people across different teams and technologies. Starting from implementation of the new Admin screen to allow Producers to upload Swagger files, designing the new Custom Modules for the Developer's request App key screens, and creating all the Back-End CMS Management screens in a very proficient Drupal 7 full stack role.