APIs, Integration, and Event-Driven Patterns

Three API paradigms dominate modern digital integration. Each addresses a different set of integration constraints, and choosing the wrong one for the context creates friction that compounds over years.

REST (Representational State Transfer) is the most widely adopted pattern for public and partner APIs. Roy Fielding defined REST in his 2000 doctoral dissertation at UC Irvine, specifying six architectural constraints: client-server separation, statelessness, cacheability, a uniform interface, a layered system, and optional code on demand. The uniform interface constraint is the most consequential: REST APIs use standard HTTP methods (GET, POST, PUT, PATCH, DELETE) against resource URLs, making them predictable and straightforward to consume without bespoke tooling.

REST's limitation is over-fetching and under-fetching. A REST endpoint returns whatever its designer chose to return. A mobile client needing only a user's name and profile image from an endpoint that returns 40 fields fetches 40 fields over a constrained mobile network. A client needing data from three related resources makes three sequential or parallel requests. Neither is efficient.

GraphQL was developed at Meta (Facebook) in 2012, open-sourced in 2015, and transferred to the GraphQL Foundation in 2019. Clients specify exactly which fields they need in a single query. The server returns only those fields. GitHub's v4 API and Shopify's Storefront API use GraphQL because their consumers span mobile apps, web clients, and third-party integrators with radically different data requirements. The trade-off is server-side complexity: a GraphQL server must implement a typed schema, a resolver for every field, query depth limiting to prevent denial-of-service through deeply nested queries, and a caching strategy that cannot rely on HTTP cache headers alone.

gRPC (Google Remote Procedure Call) uses Protocol Buffers (Protobuf) as its serialisation format and HTTP/2 as transport. Binary serialisation is faster than JSON; HTTP/2 multiplexing eliminates the per-request connection overhead of HTTP/1.1. gRPC generates strongly typed client and server stubs from a .proto schema definition, making integration type-safe by default. It is best suited to internal service-to-service communication in microservices architectures where both ends of the connection are under organisational control and performance matters. Browsers do not natively support gRPC, disqualifying it for public APIs.

API versioning manages changes to an API in a way that does not break existing consumers when the API evolves. A well-designed versioning strategy must define three things: how versions are named, what constitutes a breaking change, and how long deprecated versions are maintained before removal.

URL versioning embeds the version in the URL path: /api/v1/payments, /api/v2/payments. This is the most visible approach and the easiest to route at the API gateway layer. Its weakness is that it encourages hard-coding of version numbers by consumers, creating a migration forcing function when a version is deprecated.

Accept-Version header versioning specifies the desired version in an HTTP request header: Stripe-Version: 2023-10-16. Stripe uses dated versioning: each API version is named by the date it was released. An integration built on 2023-10-16 continues to receive the exact API behaviour from that date, regardless of later changes, until the integration explicitly opts into a newer version. This approach is optimal for platforms with many integrators who cannot all upgrade simultaneously.

A breaking change is any modification that causes existing consumer code to fail or behave incorrectly without modification. Removing a field, changing a field's data type, changing a response status code, or removing an endpoint are breaking changes. Adding a new optional field to a response is not a breaking change for most consumers, though strictly typed consumers using schema validation may reject unexpected fields.

The UK Government API Standards recommend a minimum of six months' notice before removing or breaking a versioned API. For APIs consumed by automated payroll, benefit eligibility, or tax filing systems, six months represents the minimum time for consuming organisations to plan, develop, test, and deploy updated integrations. Many commercial API agreements specify longer periods by contract.

Event-driven architecture (EDA) is a design paradigm where components communicate by publishing events to a shared infrastructure rather than calling each other directly. Producers do not know who will consume their events; consumers do not know who produced them. This decoupling allows independent scaling and deployment of services, and allows new consumers to be added without changing producer code.

Three distinct event patterns exist within EDA. Choosing the wrong pattern for the context introduces either unnecessary coupling (notification when state transfer is needed) or unnecessary payload size and complexity (sourcing when notification is sufficient). The choice is driven by the data requirements of consumers and the audit obligations of the system.

A message broker receives events from producers and routes them to consumers, decoupling the two ends of the communication. Producers publish to topics or queues without knowing the identity or location of consumers. Consumers subscribe without knowing who produces the events they receive. New consumers can be added without modifying producer code.

Apache Kafka was developed at LinkedIn in 2010, open-sourced that year, and became the dominant open-source event streaming platform. Kafka's core abstraction is a durable, ordered, partitioned, append-only log. Events written to a Kafka topic are retained for a configurable period (days to indefinitely) and can be replayed from any offset. Consumer groups maintain their own offsets, allowing independent consumers to read from different positions in the same log. Kafka is appropriate for high-volume, high-throughput scenarios: financial transaction streams, CDC events, clickstream data, and telemetry.

RabbitMQ is a queue-based message broker: messages are acknowledged and removed from the queue once consumed. RabbitMQ does not retain messages for replay. It is appropriate for task queues, work distribution, and scenarios where exactly-once processing matters more than event replay.

AWS SQS and AWS SNS are managed queue and notification services. SQS provides at-least-once delivery with configurable message retention up to 14 days; SNS provides fan-out to multiple subscribers. Both are appropriate for cloud-native architectures on AWS where operational overhead matters more than the advanced features Kafka provides.

Choosing between Kafka and managed queue services requires answering three questions: is event replay needed (if so, Kafka); what is the throughput requirement (Kafka handles millions of events per second; managed queues handle thousands); and how much operational expertise is available (Kafka cluster management is operationally demanding; SQS and EventBridge require almost none).

CQRS (Command Query Responsibility Segregation) separates the write model of a system (commands that change state) from the read model (queries that return data). The two models can use different data structures, different storage technologies, and different consistency guarantees, each optimised for its specific purpose.

The motivation for CQRS is the tension between write and read optimisation. A data model normalised for efficient writes (minimal duplication, foreign key relationships) is often poorly suited to complex analytical reads that require joining many tables. Conversely, a denormalised read model optimised for fast dashboards is cumbersome to keep consistent when writes occur. CQRS allows each model to be optimised independently.

HMRC applied CQRS to the MTD tax account read service. The write model records each VAT submission event in normalised form; the read model materialises a pre-computed view of the taxpayer's current compliance position, updated asynchronously after each write event. The read service can return a taxpayer's full compliance view in under 100 milliseconds because the view is pre-built, not computed on demand.

CQRS adds significant complexity: two data models, asynchronous synchronisation between them, and eventual consistency for reads. It is appropriate only when a demonstrated performance or consistency problem cannot be solved by simpler means. Most digital services do not need CQRS and should not adopt it as a default architectural pattern.