As SaaS and Headless are getting more important in our strategy, these topics are getting more and more important.
In the beginning, the API related ongoing stories have been moved to under this Epic, however the most relevant topics we still need to work out more are the followings:
- API gateway integration
- To choose the one we want to integrate
- Service Quotas
- For a given SaaS account, you can only make a maximum number of calls within a period of time (e.g. 10k calls within a 24 hour period).
- Probably as a "pool" given to an account/group/company/jvm
- Giving roles permission to manage
- Bring in current impl focused on DOS and then re-examine what we have.
- List of common automated attacks
- AccessControlPolicy (Service Quotas, Service access profiles)
- Integrated with JAX-RS/WS
- Who's called what API when