Platform API Design Checklist

1. Functional Requirements
   1. What is the business problem this API will solve?
2. Technical Requirements
   1. How many requests are expected per second for this API?
   2. What should be the TPS limit of this API?
      1. What is the potential max throughput of this API’s downstream dependencies? (Since TPS limit of this API has to be lower than that.)
   3. What should be the availability SLA of this API?
   4. What should be the latency SLA of this API?
3. Use Cases
   1. What are the use cases of this API?
4. Systems Design
   1. What is the end to end flow between the components?
   2. Should this API have a sync flow or async flow? i.e. Maybe for large volume requests it will take too much time to process and it should be an async API instead, that just starts an async process.
5. Database Design
   1. Is the DB design normalized or denormalized?
   2. If denormalized, will this design be able to maintain the denormalized database properly under all use cases, will it be able to remain consistent?
   3. If denormalized, is it really needed? Because normalized db design is more maintainable.
6. Data Model
   1. What are the key data models about this API?
   2. Is the response size small enough for the consumer or could it cause network/cpu/memory bottlenecks on the consumer due to large amounts of data?
7. Reliability
   1. Are there any edge cases that this solution will not work?
   2. Is there any possibility of data inconsistency?
   3. If the requests are made concurrently will the solution still work?
      1. Or it requires some additional locking design such as optimistic or pessimistic locking?
      2. Can there be some thread safety problems?
   4. If the requests are received out of order, would this design still be able to handle as if the order of requests were correct?
8. Reliability - Retries
   1. Is there a retry requirement if the API fails to process a request or event?
9. Reliability - Rollbacks
   1. Is there a rollback requirement if the API fails to process a request or event?
10. Availability
    1. How the solution is meeting availability SLA in the technical requirements?
    2. Are there some scenarios that would require downtime?
       1. During the deployments, would there be any downtime or misbehavior?
       2. Can schema/model changes cause downtime during the deployment?
    3. Can this design cause downtime on an external service?
11. Scalability
    1. How much max potential throughput this API can achieve with this design?
       1. If this is a redesign, how does it compare with the existing?
    2. What are the bottlenecks that are limiting the potential throughput?
    3. Does this solution require some capacity planning?
       1. Can this solution handle the projected load of upcoming years?
    4. What is the scaling model (serverless / horizontal scaling / vertical scaling)?
    5. On the flow of the systems design, what is the limitation of the other components in the flow in terms of
       1. What is the allowed execution time / latency budget for each component? (e.g. APIGW has 30 seconds hard limit)
       2. What is the payload size limit of each component? (e.g. 6MB limit on Lambda sync invocation, 256KB limit on Lambda async invocation)
12. Performance
    1. How the solution is meeting latency SLA in the technical requirements?
13. Maintainability & Future Extensibility
    1. How easy is it to handle new use cases, or adapt to modifications on existing use cases?
14. Testability
    1. How this solution will be unit tested?
    2. How this solution will be ad-hoc end to end tested?
    3. How this solution will be integration tested (automated)?
15. Cost
    1. What are the projections on infrastructure cost?
    2. If this is a redesign, how this design’s infra. cost compare with the previous one’s?
16. Monitoring
    1. Performance metrics
       1. How latency of the API will be monitored?
    2. Reliability metrics
       1. How error count and error rate of the API will be monitored? (Internal server errors)
    3. Usage metrics
       1. How the quota utilizations of this API will be monitored?
          1. Utilization of downstream services, i.e. utilized TPS percent out of the TPS limit
    4. Custom metrics
       1. What should be the KPIs (key performance indicators) for this API, also considering the business impact?
17. Alarms
    1. Are alarms planned to be created for each monitored key metric?
    2. How the team will get notified by the alarms and resolve?
       1. Email notifications
       2. Ticketing system integration (e.g. JIRA REST API)
18. Security
    1. What is the payload size limit for this API?
    2. How the TPS limit will be applied for this API?
       1. API level (basic, minimum requirement)?
       2. Per-client (advanced)?
    3. Is the data encrypted at transit and at rest?
19. Development Effort
    1. If long term outcome of multiple design options are equivalent, how they compare about the effort needed to implement?
20. Backwards compatibility / Impact (if this is a change on an existing API)
    1. How this design makes sure none of the existing clients will break?
21. Change management
    1. What would be the procedure to roll back this change?
22. DevOps
    1. How the integration tests will be included in the CI/CD pipelines?

Please also check Platform Implementation Checklist.