AASHTOWare OpenAPI Architecture & Configuration
The AASHTOWare OpenAPI is a cloud-based solution that incorporates an API management system. This API management system includes a dynamic policy-driven gateway which acts as the API request "switchboard" for endpoint routing. The AASHTOWare OpenAPI does not host API implementations, nor does it store AASHTOWare application data. Instead, it orchestrates API requests to their proper target endpoints. API implementations are deployed to existing agency AASHTOWare assets and are then registered within the AASHTOWare OpenAPI. These API implementations require http(s) traffic between their endpoints and the platform's gateway. The AASHTOWare OpenAPI is public-internet accessible, however, agency endpoints are only required to communicate with the dedicated gateway.
API Request Routing via Gateway to Backend Service Implementations at Agencies
Configuration Steps
- Install/Deploy the API implementation package – this process will vary between AASHTOWare product contractors: The corresponding AASHTOWare product teams provide guidance documentation and installers.
- Establish a root URL endpoint for the implementation deployment
- Provide this URL to the AASHTOWare OpenAPI coordinating point of contact and the AASHTOWare contractor technical contact
- Enable internet traffic between the endpoint resource and the AASHTOWare OpenAPI gateway public IP: 20.85.141.79
URL Path Convention
The AASHTOWare OpenAPI includes a URL path convention that is then used to determine a unique lookup (which in turn achieves the policy-based request routing). The API request URL contains platform conventions used to resolve the endpoint target:
Incoming API requests share the same root. The AASHTOWare OpenAPI supports a portfolio of distinct APIs. The "main" API is accessed through the API alias of "awapi" from that root. Within the main API, the individual AASHTOWare products are then aliased. A unique "instance" value follows, and it is this value that is associated to a DOT agency. Finally, the API operation that gets project data is at the end of the URL.
Data Traffic
All requests, even if originating from one AASHTOWare product on the same server to a different product (potentially on the same server), will route through the platform gateway. Firewall rules to support the AASHTOWare OpenAPI are simple. External-originating requests from API consumers will come from the platform gateway with the same public IP address listed in the configuration steps. When AASHTOWare applications use the API, product-to-product or even between cooperating agencies, the AASHTOWare OpenAPI gateway target remains the same.
As an example, referencing the first architecture diagram, an inter-agency data exchange between Ohio and Kentucky would route through the gateway against that same 20.85.141.79 IP address. Requests originating from either Ohio or Kentucky would also rely on that single firewall provision.
AASHTOWare OpenAPI Implementation Installation Dependencies
AASHTOWare applications are developed using the Microsoft .NET framework which was initially released in 2002 and its final version, 4.8.1, was made generally available in August 2022. The successor to the .NET framework, known simply as .NET, is a familiar analog to the original however it is not a continuation nor is it legacy-compatible.
AASHTOWare OpenAPI Implementation deployment installations run tandem to the standard AASHTOWare application installations and do not share components. These AASHTOWare OpenAPI-supporting implementations target the new .NET and its current LTS (long term support) version. .NET runs on multiple operating systems, supports side-by-side execution (including running parallel to the prior .NET framework), and is a more powerful but simpler and more compact platform. .NET is fully compatible with windows server and IIS (internet information server). The latest .NET web technology, ASP.NET core, is included as part of the platform.
.NET 8, the current LTS version (version 10 arriving soon), is best installed to include ASP.NET using the Microsoft .NET Core Hosting bundle when using an existing IIS environment: Administrators Overview of ASP.NET Core with IIS . These guidelines will align to implementation installation instructions provided by AASHTOWare product teams. .NET LTS versions are released every two years with patch support for three years. AASHTOWare OpenAPI will maintain current against LTS versioning schedules.
AASHTOWare OpenAPI Monitoring & Analytics
The AASHTOWare OpenAPI usage is captured to a robust logging system. Activity can be analyzed down to individual operation requests. Statistics by agency, AASHTOWare product, API Consumer (subscription or user), and even geographic origination are all included. Granular request information and aggregate rollups allow for detailed insights for agency administrators.
Additionally, as part of the core monitoring and operational framework, the AASHTOWare OpenAPI incorporates application-level instrumentation for use by each AASHTOWare product application. With this additional level of advanced logging, agencies are not only provided with a more detailed usage profile picture, but also incorporates proactive scenario-based alerts. If any of the defined criteria are met and not (automatically) resolved in a brief period of time, the platform support resources are engaged to preemptively address the problem.
Smart Detector Monitoring Rules
The table below illustrates the benchmark "smart detector" monitoring rules:
| Monitoring Rule | Description |
|---|---|
| Response Time | Monitors API response times and alerts on degradation |
| Error Rate | Tracks error rates and triggers alerts on anomalies |
| Request Volume | Monitors unusual spikes or drops in traffic patterns |
| Availability | Ensures endpoint availability and uptime |
Agencies may request custom monitoring criteria which are applied (only) to their specific activity. Additionally, these alerts can be used in automation triggers, configured directly by agency technical staff (beyond simple email alerts).
AASHTOWare OpenAPI Infrastructure & Security
The AASHTOWare OpenAPI is a 100% PaaS (platform-as-a-service)/iPaaS (integration platform-as-a-service) modern cloud architecture solution, based on Microsoft Azure. In this role, the platform behaves more like a business or enterprise orchestration system than a data repository. As such, the AASHTOWare OpenAPI does not host or provision typical virtual assets. There are no VMs, no OS patching, and no operational software "installations" (or corresponding updates): all platform resources target serverless, microservice, and "native cloud" practices.
By leveraging the PaaS/iPaaS approach, the platform is more readily aligned to current security and resource stewardship practices. Automated audits are continually conducted through the use of benchmark standardization rulesets (SOX, CIS, and FedRAMP). Data pipelines and services that use multitenancy are isolated by agency, environment, (application) product, and related vendor(s).
Data Security
With the AASHTOWare OpenAPI service foundation, agency data is not persisted. In the key API scenarios, the AASHTOWare OpenAPI functions exclusively as a (data) orchestrator, mediator, and clearinghouse.
Encryption & Compliance
In its extensibility features, if agencies require any type of persisted storage from the platform, that data is fully controlled by the agency, encrypted at rest, and agencies may retain/use their own keys to ensure full compliance with any applicable standards.
Hybrid Cloud Support
AASHTOWare OpenAPI also incorporates a "BYOE" (bring your own enterprise) with which agencies may fully benefit from the commissioned resource in a hybrid cloud configuration – further allowing flexibility if required by a technical practice mandate.
The AASHTOWare OpenAPI quality controls extend past automated checks and include comprehensive inspections for reliability, security, performance, and (technical architecture) best practices. The platform also provides, "audit on demand" for each or all of these aspects at any time. Audit results are compiled, tracked, and referenced for historical analysis.
The AASHTOWare OpenAPI reflects a commercial-caliber, enterprise grade, formal solution on par with other similar industry offerings (Mulesoft, Twilio, Stripe.com, Contentful.com, etc.).
Real-Time Operational Monitoring
Alert Rules & Smart Detection
Geographic Usage Distribution
Performance Timeline Analytics
Comprehensive monitoring dashboards provide real-time insights into API performance, usage patterns, and system health
Ready to Get Started?
Join hundreds of developers and agencies using AASHTOWare OpenAPI to build the future of transportation technology.
Access the Developer Portal →AASHTOWare Alliance Manager
Shakita L. Battle-Morrow
American Association of State Highway
and Transportation Officials
555 12th Street NW, Suite 1000
Washington, DC 20004
Phone: (202) 624-8815
Email: sbattlemorrow@aashto.org