B2Bi customers are making large time, resource, and budget investments in automation. These automation projects rely heavily on the B2Bi API framework. The current API framework and documentation do not lend itself to large scale automation projects.
Requirement 1: Documentation and Server-side validation updates
Improve the validation and robustness of the APIs. The current API UI contains some client-side validation that prevents misuse of the APIs, but it's not clear what these validations are from the documentation alone (e.g. the delete API on UI forces the user to enter an ID to delete, but the documentation does not show this as a mandatory attribute). Any UI validation the "enforces" the correct use of the APIs must be documented. This type of validation should also be included on the server-side since automation uses any number of ways to call an API, from a simple curl script to a complex custom application.
As an example, the SFG Swagger UI already provides better or clearer documentation in the UI itself, compared to the b2biAPIs. But it would be even better if the APIs are fully documented in product documentation, since not all customers can easily access the API UIs from their browsers due to very tight security measures on user endpoints (browsers in this case).
Requirement 2: Improve specific APIs
The list of Delete APIs below all "enforces" proper use through the API UI. In the delete case, the user must enter an ID to delete (the ID being the ID of the component or record to be deleted).
When calling the APIs from curl, for example, they all accept "null" or blank inputs (no ID) which results in all records on the affected tables being deleted.
If the "delete all" function is intentional, this should rather be a separate API, e.g. delete for single records and deleteAll for "all records".
Alternatively, an explicit ID can be passed to the existing API, e.g. instead of passing a specific ID, pass "deleteAll" as an ID (just an example). This will invoke the intentional "delete all" functionality, rather than inadvertently deleting all records as is currently the case.
Below is the current known list of delete APIs that requires updating:
Service for deleting Authorized User Key Names
Service for deleting BaseEnvelopes
Service for deleting bpNameValuePairs
Service for deleting Ca Certificate Names
Service for deleting certGroups
Service for deleting Cipher Suites
Service for deleting Codes
Service for deleting Daily Schedules
Service for deleting Date Exclusions
Service for deleting Digital Certificate Duplicate Checks
Service for deleting EnvelopeParameters
Service for deleting generated passwords
Service for deleting JDBC tracking services
Service for deleting knownHostKeyNames
Service for deleting mailbox contents
Service for deleting message batches
Service for deleting Monthly Schedules
Service for deleting Organizations
Service for deleting Permission Names
Service for deleting provisioning facts
Service for deleting Routing Channel Duplicate Checks
Service for deleting Schedule Exclusions
Service for deleting ServiceDefinitions
Service for deleting SSH Duplicate Checks
Service for deleting Sterling Connect Direct Node Duplicate Checks
Service for deleting Sterling Connect Direct Node Names
Service for deleting Sterling Connect Direct XREF Duplicate Checks
Service for deleting testProtocols
Service for deleting the test trading partners
Service for deleting Timer Schedules
Service for deleting User Group Names
Service for deleting UserVirtualRoots
Service for deleting Weekly Schedules
Service for deleting FgArrivedFiles
Service for deleting WorkFlowMonitors
Service for deleting FgDeliveries
Service for deleting FgRoutes
Service for deleting Custom Protocols
Service for deleting AS2CertificateDetails
Service for deleting AS2Organizations
Service for deleting Identities
Service for deleting AdditionalHttpClientAdapters
Service for deleting AS2TradingPartners
Service for deleting AS2TradingRelationships
Service for deleting AS2TradingRelationshipTestStatus
Service for deleting As2TestStatus
Service for deleting ScheduleTimers
Service for deleting HttpClientAdapters
Service for deleting TestSFGDeliveryStatus
Service for deleting sshHostIdentityKeyGrabbers
Business Impacts/Benefits
Customers want to leverage APIs for automation, but they currently feel that the APIs are not suitable for large scale automation solutions.
Customers expect the APIs to be more user friendly and clearly documented. Some customers have multiple development teams across the globe currently building solutions on these APIs, and either finding them difficult to work with (poor documentation), or in some cases causing severe impact through inadvertent “misuse”, e.g. the Delete API that deletes all records on a table without validation or verification (or any form of alert that this is what will happen).
Customers question the overall robustness and stability of the APIs, which in turn leads to questions and concerns about the B2Bi product overall.
Great initiative. Another challenge we've faced in supporting the B2B APIs is security. Only supporting Basic Auth makes using them a non-starter in highly regulated industries like financial services.