Molina Healthcare, a major healthcare provider and administrator in the US, has APIGEE as their API Management Platform. As part of their digital transformation effort, several APIs are to be onboarded onto APIGEE and thereby provide a centralized API ecosystem for their internal and external consumer (consuming applications). There are a variety of consumer applications which include, Web Portals, IVR, Mobile Apps etc.
The key objectives for this program are:
- Provide a centralized API management solution.
- Configure and Implement centralized security protocols in the APIGEE layer.
- Implement Traffic Monitoring, Logging and Caching policies for these APIs in the APIGEE layer.
- Develop robust analytics using API transaction data and metadata.
- Secure the backend APIs / data sources behind the APIGEE layer.
As part of this program, there are ~1700 APIs to be onboarded onto the APIGEE platform and there by implement policies which are identified as required at a use case level.
All APIs are classified at an application level, namely:
- Public Website: APIs for Publicly available website of Molina Healthcare (www.molinahealthcare.com)
- EPortal: APIs for Self-Service Portal for Members and Providers
- IVR: APIs for Telephony system for Members and Providers
- CRM: Internal CRM application APIs
- Mobile: Mobile Application/s related APIs
All the backend APIs are .NET based services which are hosted on Azure IaaS.
APIGEE has been 5 environments: Dev, QA, UAT, Staging and Production and all the APIs and related configurations will be promoted through these environments while maintaining environment specific configurations.
API Development Lifecycle is followed as part of executing this program under a waterfall (SDLC) methodology.
Requirements are collected from each API/App Owner. As the APIs on APIGEE layer were primarily a pass through with application of several policies, the requirements collected were more non-functional in nature covering the aspects of: Security, Logging, Performance, Traffic Monitoring, Caching and Monetization.
OpenAPI Specification based design was followed as part of this program. All proxies were designed using Swagger 2.0 and the OpenAPI specs were leveraged for development to remain consistent.
APIGEE Edge UI was used for initial development of the proxies. Additionally, Swagger Hub plugins for APIGEE development were leveraged to develop the proxies in a automated fashion directly from the OpenAPI specifications
Unit and System Integration testing were performed using POSTMAN. All aspects of security, logging. monitoring and exception handling were covered as part of these two test cycles.
Security Scans are done using Fortify On Demand (FOD).
Performance Testing is done using JMeter.
Integrated DevOps process was implemented to build and deploy the proxies through the value chain of APIGEE environments. APIGEETOOL was leveraged to implement DevOps process for both Continuous Integration and Continuous Deployment.
Program Key Deliverables
The following were the key deliverables addressed as part of this program
- OpenAPI Specification (design) for ~1700 APIs.
- API Proxies for ~1700 APIs.
- Robust, Reusable and Configurable frameworks such as
- Security Frameworks
- Traffic Monitoring Frameworks
- Logging Frameworks
- Exception Handling Framework/s
- Developing API Build accelerator using APIGEE Management APIs
- End to End OpenID Connect and SAML Implementation using AZURE AD.
- APIGEE SSO into Edge UI.
- APIGEE CI and CD (DevOps) using Azure DevOps pipeline.
- Enabled and Published APIs onto Developer Portal.
- Mock APIs for all the ~1700 APIs.