The City of Philadelphia is seeking a vendor to implement an API management solution to act as a gateway to city-managed public API endpoints. This component will be an important part of the city’s open data and developer engagement program, and will allow the city to better manage access to and use of important data resources.
The specific requirements for the API management solution can be found below.
The API management solution selected by the City of Philadelphia…
- Must provide an efficient way to manage all public facing APIs from the City of Philadelphia. The solution should allow new APIs to be integrated as they are developed and deployed for public use, and for the removal of API endpoints as they are deprecated.
- Must allow an administrator to set specific HTTP request thresholds on various API endpoints, to specify the number of requests that can be made within a specific timeframe by any one consumer or client.
- Must allow for API responses to be cached for a set period of time (depending on cache headers and other settings) outside of the infrastructure housing the API (i.e., city-managed application and/or web servers).
- Must support the use of API tokens (and possibly other authentication mechanisms) for various API endpoints. Some endpoints may require authentication, some may not – those that do may use various authentication methods depending on the API owner’s requirements or on specific business requirements.
- Must provide metrics on API usage, and allow for granular inspection of how each API endpoint is being used, when and by whom.
- Must provide the ability to rewrite (prettify) URLs.
- Should provide pro-active alerting when usage on any one API endpoint (or on all in aggregate) exceeds a specific threshold.
- Should allow specific users or IP addresses to be blocked if usage thresholds are exceeded in a manner deemed malicious.
- Should provide a mechanism for easily generating documentation for users, and ideally have things like an API console (for viewing raw API calls and responses) as well as usage examples.
- Should provide an API status page or dashboard, which summarizes the current availability of all API endpoints.
- May be either cloud-based or hosted on premise in a City of Philadelphia data center.
Interested parties should send a response detailing their solution or offering to firstname.lastname@example.org. The total cost of any solution should not exceed $32,000 / year and respondents should detail those items from the list of requirements above which will be provided based on this cost threshold.
Responses will be accepted through 11/01/2013.