At UK Export Finance (UKEF), we have been developing new digital services and enhancing existing platforms in order to provide businesses with seamless and secure experiences as part of UKEF’s digital strategy.
An integral step of this journey has been modernising application programming interface (API) management, which involves adopting an open source, cloud-based solution that benefits from being flexible, cost-effective, and scalable.
This transition has been led by the UKEF software team, whose goal is to develop digital solutions that empower UKEF to effectively manage and expand its operations while fostering a culture of digital, data, and technology-driven transformation.
Our approach necessarily meets the needs of both external and internal users, while also promoting transparency, collaboration, and interoperability. This also aligns with the aims of the blueprint for modern digital government in delivering resilient and future-proof digital services.
Identifying a need
Open source adoption has already proven to be the way forward for modern digital government, with many departments already planning to implement new systems and strategies in order to take advantage of the benefits of open source offerings.
Similarly, in UKEF, we knew that we required a reliable, efficient, and secure API gateway and saw this as an opportunity to make the shift towards open source.
Business analysis revealed that our existing closed source API wrapper could be improved, as the fragmentary APIs could sometimes cause inefficiencies and inconsistencies in delivering critical services in time. This analysis also suggested that moving to open source would reduce costs, increase functionality, shorten production deployment time and reduce operational inefficiencies.
Building a scalable and secure API infrastructure
Our solution was an open and adaptable model that would allow us to innovate more freely, while also ensuring security and reliability.
This open source, cloud-native approach used Node.js and Azure API management (APIM) to centralise our API ecosystem, which would reduce our dependence on proprietorial systems, and reduce operating costs and time to production.
For a more in-depth look, our model could be broken down into the following components.
Open source
We purposely decided to migrate to an open source solution, in this case nest.js, using strict TypeScript and containerisation to ensure portability and swift deployments.
Centralised API management
This streamlined access and governance, as well as reducing complexity and improving consistency across our digital services.
Topology
Our hub-and-spoke topology model uses an Azure API management gateway to centralise API endpoints.
Microservices architecture
Our APIs are now structured into three key service areas to make them more efficient, scalable, and easier to maintain. These areas offer unique endpoints for UKEF’s internal and external use.
Critical business endpoints were also integrated in APIM, such as GovNotify, Companies House API, and Ordnance Survey API. This ensured ‘don’t repeat yourself’ (DRY) code and standardised request bodies and responses.
Automated infrastructure
We used infrastructure as code (IaC) to ensure that our API environment remains reliable, secure, and consistently configured.
Secure by design
We followed best practices to protect our data and services, including private access controls, automated key rotation, and advanced threat mitigation tools.
OpenAPI
Adhering to OpenAPI (Swagger), we constructed and documented our API endpoints, body parameters and expected responses. This allowed for a seamless integration into Azure APIM, improved API documentation for integration and an on-the-fly API portal. Endpoint updates were seamlessly reflected across all the remits.
CI-CD-CM
We ensured continuous integration (CI), continuous deployment (CD) and continuous monitoring (CM) to all of our environments with a series of automated test suites, such as Unit, API, E2E, and Linting. Software composition analysis (SCA) security vulnerability testing and code quality allowed for a robust, well-documented and DRY code deployment.
Agile development for faster delivery
We decided that agile development was the best way to implement our new model. This was because the agile methodology allows for:
- small, incremental updates for continuous improvements based on real-time feedback, and faster feature releases
- enhanced collaboration so that developers, security teams, and business stakeholders can work together to align on goals and priorities
- data-driven insights so that performance metrics can help us to proactively optimise API efficiency and security
Security and compliance
Security was an incredibly important aspect to our transition, so we followed the National Cyber Security Centre’s (NCSC) Secure by Design principles. As a result, we included:
- private endpoints and domain name system (DNS) zones for enhanced security
- an Azure front Door and web application firewall (WAF) with custom rule sets for threat mitigation
- access control lists (ACLs) and principle of least privilege (PoLP) to restrict access
- a single subscription key per microservice (or API) for controlled security
- automated key rotations to maintain resilience
- an azure container registry for containerised deployments
- auto purge old artifacts in an azure container registry (ACR) using cron-based GitHub Actions
- TypeScript using nest.js for structured backend development
- OpenAPI 2.0 for standardised API documentation
Delivering measurable benefits
Once implemented, this shift to a cloud-native API ecosystem resulted in significant and measurable improvements. These including:
- cost savings, with a substantial reduction in API management costs
- increased efficiency with faster development and deployment times
- better governance as our centralised approach has streamlined processes, minimised duplication of efforts and improved our development velocity
- higher system reliability as improved security and monitoring have reduced downtime and enhanced performance
- scalable and resilient infrastructure as the cloud-native architecture improved scalability and system reliability
- positive business outcomes with reduced time to production, swift triaging, improved efficiency and productivity and a huge reduction in operating cost.
- improved developer experience, from API development to deployment
A future ready API strategy
Our adoption of modern, open source technologies has allowed us to create a more agile, scalable, and cost-effective API management platform. This will allow UK businesses to access our services easily and reliably.
Going forward, we’ll be even more dedicated to innovation and continuous improvement, and in ensuring that our digital infrastructure meets both current and future business needs.
To learn about our journey as well as lessons learned, behind-the-scenes stories and the latest updates, visit the UKEF digital, data and technology blog.
Leave a comment