Is it advisable to create a single API to access the database? [closed]
-
10-12-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Got an organization that its core work is acquiring various sources of data, validating it and integrating it to existing mostly financial data sets and then availing that data to many different types of customers through various web, mobile, USSD and API applications it has developed internally and others which have been outsourced.
Some of the challenges they are having and will continue to have is enforcing application authentication to access the database, managing DB sessions and importantly, ensuring that the various developers from different countries and organizations return the same result as other applications.
We want to enhance security by encrypting the DB -Postgresql DB- and want to be able to manage access to it. There is also more development work for new applications but all new applications will now be fully outsourced.
Since data is the core asset of this company, is it advisable that the company provides one API that all other applications call when they want data from the company? Will this be a bottleneck to manage and maintain or its actually the best way to go about in such an environment? By such an environment I mean the core job is data aggregation, securing the data and then giving access to business partners who are building web apps, USSD applications, SMS applications etc making hundreds of thousands of calls a day.
Solution
If you do heavily custom things like your own layer of authentication and encryption, it's a good idea to have a canonical, well-supported API. It's easier to maintain one API than several.
I'd try to have a single low-level API, something like a layer that can pass through clients' SQL while handling auth and encryption transparently. Higher-level interfaces can be built on top of it, by your team and other teams alike.
With some luck and consideration, the low-level interface can be built in such a way that standard tools will access it as is. E.g. providing a JDBC and/or Python DBI interface on top of your custom layer would greatly simplify further development.
