Add exception to rule 224 for merchant gateway APIs

Question

Add exception to rule 224 for merchant gateway APIs

ePaul opened this issue 5 years ago · 12 comments

As discussed in the guild meeting on 2020-07-14, the host name api.merchants.zalando.com (and api-sandbox.merchants.zalando.com) is used by several APIs exposed to merchant partners via the merchant gateway.
We want to extend rule 224 to allow this as an exception to the general *.zalandoapis.com rule (for external-partner APIs)

When the same services are used inside the company (not through the gateway), they should use "normal" naming schemes for their API.

Zally should then also be updated to allow those domain names.

Answer 1 · 2020-07-21T07:57:52.000Z

@ePaul is api.merchants.zalando.com and api-sandbox.merchants.zalando.com that should be whitelisted when the audience is external-partner

Answer 2 · 2020-07-30T14:44:14.000Z

@rbarilani is it just a host name or you use functional names also? Do you have something like <functional-name>.api.merchants.zalando.com?

Answer 3 · 2020-07-30T14:45:21.000Z

@vadeg is just a host name

Answer 4 · 2020-07-30T14:56:14.000Z

We missed the Rule 223 where external-partner API's MUST use functional naming schema which is not true in this case.

Answer 5 · 2020-07-30T15:53:09.000Z

@vadeg sorry I don't get completely your comment, what is the action item that you are suggesting?

Answer 6 · 2020-07-30T21:18:07.000Z

@rbarilani Rule 223 says that external-partner must follow functional naming. Since this is no longer true and external-partner audience has an exception by only using two hostnames api.merchants.zalando.com and api-sandbox.merchants.zalando.com which violate rule 223 also my question is should we update rule 223 also by, for example, moving external-partner from must to should?

Answer 7 · 2020-07-31T07:07:28.000Z

@vadeg IMHO we should not change that rule to a SHOULD but state the possibility to have exceptions which need to be backed up by business reasons and approved by the api-guild (If I remember correctly that was also the preferred solution discussed during the JF).
When talking with @tkrop I outlined that the main action item will be extending/modifying Zally FunctionalNamingForHostnamesRule to be configurable so we can provide the zalando specific configuration with this exception. WDYT?

Answer 8 · 2020-07-31T07:32:43.000Z

@rbarilani I mean the table inside the rule but not the rule itself. In the table 'external-partner' must follow functional naming schema what is not true in this case. It means it can not be in 'must' but in 'should' imho.

Answer 9 · 2020-08-11T14:53:29.000Z

Can we just add a * to the MUST in the table, and then in a footnote point to the exception? I would prefer to not make it non-MUST.

Answer 10 · 2020-08-18T14:12:44.000Z

Hey folks, any update on this, I also favor the suggested change from @ePaul, @tkrop I am also interested on how do we move forward on Zally

Answer 11 · 2020-08-19T16:35:26.000Z

@ePaul

I would prefer to not make it non-MUST.

Why? It seems to me as SHOULD because there are circumstances to ignore it, e.g. using Merchant Gateway.

This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course.

Answer 12 · 2020-08-25T13:31:00.000Z

@tfrauenstein will propose an update to the guidelines.