In this stage, the goal is to discover
1. Interview the process owners and/or the owners of the current systems, information architect or solution architects who know the domain and the related systems.
2. Fill in the template names of systems to the correct location in the “map”.
3. Put applications that are accessible by partners to the “Partner network” boxes. Partners in this context mean customers, vendors, subcontractors, anyone with an agreement and access, typically via VPN, IP restrictions or specific partner user account but only to certain systems or parts of the network.
4. If some systems are accessible only from a certain country (country-specific organization or actually restricted by location) mark them to “Country-specific network” and also note which country or geopolitical area they can be accessed from e.g. Finland, EU, EEC).
5. Put systems and data that can be accessed from anywhere in the world and in public internet to the “Different locations globally”. It’s important to know if this means that the systems are located in multiple locations, if the same data and services need to be read fast from different locations or if different locations have and can have different systems and data, even data models.
6. If there are multiple systems or if the situation is otherwise very complex, use multiple templates, or better yet, write a short description and possibly a network diagram of the situation
7. Check you have also marked the API Consuming applications in their correct places, at least those someone already knows about but also those in the near future. It’s almost always safe to assume there will be users accessing the API from at least public internet and company networks.
For example, the Finnish social security number should not be, seen or used outside the European Union area and data related to Russian citizens needs to be mastered inside Russian borders. Similar legislation exists also in other countries. There may also be trade or national security requirements related to routing, storing, or handling data in certain areas.
What is the maximum amount of time the API consumer can wait for a response to any request? What is the expected response time for API so they can keep their customers using their system?