At Lambert Labs, we can offer high quality API development services to our clients thanks to our wealth of experience and expertise in this area of software development.
What kinds of APIs do we build?
The two main kinds of API we build are RESTful APIs and GraphQL APIs. We are also familiar with Resource Oriented Architecture styles. By following these architectural styles, our APIs are well structured and follow familiar patterns that are easily recognisable to industry practitioners. This also makes our APIs easier to consume.
Our APIs often follow the OpenAPI schema, which is increasingly becoming an industry standard and allows for easier integration with existing systems and codebases. It also means that API client libraries can be autogenerated, making consuming the API more convenient for users.
What languages do we use to develop APIs?
We write our APIs using Python and JavaScript (NodeJS). For the majority of cases, we use the language together with a well established web API framework, e.g. FastAPI, Flask, Django REST API for Python and Express for JavaScript.
How secure are our APIs?
Our APIs are secure and follow best practice as per the recommendations from the framework and language used. This covers both authentication (establishing the identity of the API consumer), and authorisation (establishing what permissions the API consumer has and what actions they can take).
Permissions are typically role based, and can be as granular as required.
API Documentation
We make use of popular documentation formats such as Swagger, and usually these are autogenerated as per the API schema, and interactive, allowing testing of API endpoints via an interface in a web browser. As part of our API documentation, we include release notes for specific API versions. Versioning of the API follows semantic versioning which ensures breaking changes are well advertised and declared in advance, and API consumers are aware of the kinds of changes included in each release.
Deployment of APIs to production
We deploy our APIs to one of the three main cloud computing providers (AWS, GCP, or Azure) and, depending on customer requirements, each deployment follows a serverless or serverful architecture.
Serverless APIs
Serverless APIs are attractive for creating minimum viable products (MVPs) or business scenarios where cost minimisation is paramount. They also have a different cost profile to serverful architectures, with lower fixed costs and a cost that corresponds more closely to usage of the API, e.g. if the API endpoints are consumed infrequently, the cost will be very low. They also have a lower carbon footprint and scale more readily as consumption of API endpoints increases when compared with serverful architectures.
To give an example, in AWS a serverless architecture would consist of API Gateway, Lambda, and DynamoDB. Here, API Gateway is responsible for making your endpoints available and secure, and is where API requests are first handled. They are then passed upstream to the API integration, which is where API requests are routed to after authorisation and validation. The backing integration then processes the request, e.g. retrieving data from a database, performing a calculation, before sending the response back to API Gateway which forwards it to the API consumer.
Serverful APIs
Serverful APIs are more common and as a result the architecture is able to leverage existing solutions more easily, e.g. Kubernetes. In terms of running into obstacles, they are a surer bet than serverless APIs, are easier to maintain and will be better supported by open source communities. They also do not suffer from the increased latency of cold start times that serverless architectures using Functions as a Service (FaaS) can sometimes suffer from. They also lend themselves more readily to containerisation. It is also easier to adopt a multicloud solution and avoid vendor lockin with a particular cloud computing provider. They also have more mature and fully featured toolchains for local development, leading to higher developer productivity.
Automated testing
At Lambert Labs, we are big advocates of automated testing in our projects. For API development, we write unit tests to test particular business logic or I/O functionality (e.g. testing reading and writing from a database), and complement this with end to end integration tests of API endpoints, e.g. from authentication all the way through to testing the response returned by a particular endpoint.
For our Python APIs, we use pytest and for our JavaScript APIs, we use Jest
API integrations
On today’s web, more and more products and services are opening up their data and making resources availalble programmatically via APIs. If you require integrating an existing third party provider’s API into your product or system, we can achieve this for you. Examples of integrations in our past projects include Google, Microsoft, Facebook, Twitter, WordPress, and Refinitiv, to name a few.
Find out more about API Development at Lambert Labs – Meet the Team
Get in touch today if you are looking for an API development company to help build your product.