api-integration
Installation
SKILL.md
API Integration Skill
Purpose
Provide robust patterns for integrating the CIA platform with external government data APIs, including the Swedish Riksdagen, Election Authority, World Bank, and ESV (Swedish Financial Management Authority). Covers resilience, caching, and error handling.
When to Use
- ✅ Integrating new external data sources
- ✅ Improving reliability of existing API connections
- ✅ Implementing caching for frequently accessed political data
- ✅ Adding rate limiting to respect API provider constraints
- ✅ Debugging API integration failures
Do NOT use for:
- ❌ Internal service-to-service calls (use Spring patterns directly)
- ❌ Database access patterns (use JPA/Hibernate skill)
CIA External API Landscape
| API | Base URL | Data Type | Rate Limit |
|---|---|---|---|
| Riksdagen Open Data | data.riksdagen.se |
Parliament data, votes, documents | Best effort |
| Swedish Election Authority | data.val.se |
Election results, parties | Low volume |
| World Bank Open Data | api.worldbank.org |
Economic indicators | 50 req/sec |
| ESV | www.esv.se |
Government finances | Best effort |
Retry Logic Pattern
Exponential Backoff with Jitter
@Service
public class ResilientApiClient {
private static final int MAX_RETRIES = 3;
private static final long BASE_DELAY_MS = 1000;
private static final Logger LOG = LoggerFactory.getLogger(ResilientApiClient.class);
public <T> T executeWithRetry(Supplier<T> apiCall, String operationName) {
int attempt = 0;
while (true) {
try {
return apiCall.get();
} catch (Exception e) {
attempt++;
if (attempt >= MAX_RETRIES || !isRetryable(e)) {
LOG.error("API call failed after {} attempts: {}", attempt, operationName, e);
throw new ApiIntegrationException(operationName, e);
}
long delay = calculateBackoff(attempt);
LOG.warn("Retry {}/{} for {} after {}ms", attempt, MAX_RETRIES, operationName, delay);
try {
Thread.sleep(delay);
} catch (InterruptedException ie) {
Thread.currentThread().interrupt();
throw new ApiIntegrationException(operationName, ie);
}
}
}
}
private long calculateBackoff(int attempt) {
long exponentialDelay = BASE_DELAY_MS * (1L << (attempt - 1));
long jitter = ThreadLocalRandom.current().nextLong(0, exponentialDelay / 2);
return Math.min(exponentialDelay + jitter, 30_000);
}
private boolean isRetryable(Exception e) {
if (e instanceof HttpClientErrorException httpErr) {
int status = httpErr.getStatusCode().value();
return status == 429 || status >= 500;
}
return e instanceof ResourceAccessException
|| e instanceof SocketTimeoutException;
}
}
Circuit Breaker Pattern
@Component
public class CircuitBreaker {
private enum State { CLOSED, OPEN, HALF_OPEN }
private State state = State.CLOSED;
private int failureCount = 0;
private long lastFailureTime = 0;
private static final int FAILURE_THRESHOLD = 5;
private static final long RECOVERY_TIMEOUT_MS = 60_000;
public synchronized <T> T execute(Supplier<T> action, Supplier<T> fallback) {
if (state == State.OPEN) {
if (System.currentTimeMillis() - lastFailureTime > RECOVERY_TIMEOUT_MS) {
state = State.HALF_OPEN;
} else {
return fallback.get();
}
}
try {
T result = action.get();
reset();
return result;
} catch (Exception e) {
recordFailure();
return fallback.get();
}
}
private synchronized void recordFailure() {
failureCount++;
lastFailureTime = System.currentTimeMillis();
if (failureCount >= FAILURE_THRESHOLD) {
state = State.OPEN;
}
}
private synchronized void reset() {
failureCount = 0;
state = State.CLOSED;
}
}
Caching Strategy
Spring Cache Configuration
@Configuration
@EnableCaching
public class ApiCacheConfig {
@Bean
public CacheManager cacheManager() {
CaffeineCacheManager manager = new CaffeineCacheManager();
manager.setCaffeine(Caffeine.newBuilder()
.maximumSize(10_000)
.expireAfterWrite(Duration.ofHours(1))
.recordStats());
return manager;
}
}
@Service
public class RiksdagDataService {
@Cacheable(value = "politicians", key = "#personId")
public PoliticianData getPolitician(String personId) {
return riksdagClient.fetchPerson(personId);
}
@CacheEvict(value = "politicians", allEntries = true)
@Scheduled(cron = "0 0 2 * * *") // Refresh at 2 AM daily
public void evictPoliticianCache() {
LOG.info("Evicting politician cache for daily refresh");
}
}
Cache TTL Guidelines
| Data Type | TTL | Reason |
|---|---|---|
| Politician profiles | 24 hours | Changes infrequently |
| Voting records | 1 hour | Updated during sessions |
| Document content | 7 days | Immutable once published |
| Election results | 30 days | Updated only at elections |
| Economic indicators | 24 hours | Daily updates from World Bank |
Rate Limiting
@Component
public class RateLimiter {
private final Semaphore semaphore;
private final ScheduledExecutorService scheduler;
public RateLimiter(@Value("${api.rate.limit:10}") int maxRequestsPerSecond) {
this.semaphore = new Semaphore(maxRequestsPerSecond);
this.scheduler = Executors.newSingleThreadScheduledExecutor();
this.scheduler.scheduleAtFixedRate(
() -> semaphore.release(maxRequestsPerSecond - semaphore.availablePermits()),
1, 1, TimeUnit.SECONDS
);
}
public <T> T throttled(Supplier<T> apiCall) throws InterruptedException {
semaphore.acquire();
return apiCall.get();
}
}
Error Handling
public class ApiIntegrationException extends RuntimeException {
private final String operationName;
private final int httpStatus;
public ApiIntegrationException(String operationName, Throwable cause) {
super("API integration failed: " + operationName, cause);
this.operationName = operationName;
this.httpStatus = extractStatus(cause);
}
}
Security Considerations
- Never log API keys or tokens — mask sensitive headers in logs
- Validate all API responses — treat external data as untrusted input
- Use HTTPS exclusively — reject insecure connections
- Timeout connections — set connect (5s) and read (30s) timeouts
- Sanitize data — escape or validate all data before database storage
ISMS Alignment
| Control | Requirement |
|---|---|
| ISO 27001 A.8.24 | Use of cryptography for API transport |
| NIST CSF PR.DS-2 | Data-in-transit protection |
| CIS Control 12 | Network infrastructure management |
Related skills
More from hack23/cia
iso-27001-controls
Verify implementation of ISO 27001:2022 information security controls across CIA platform development and operations
15playwright-ui-testing
Playwright browser automation, visual regression testing, accessibility testing, and E2E workflow validation for CIA platform
15ui-ux-design-system
Design system management, Vaadin component library patterns, consistent UI/UX, accessibility integration
15code-quality-checks
Enforce code quality with SonarCloud, CheckStyle, SpotBugs, and maintain quality gates
14business-model-canvas
Business Model Canvas framework for value proposition, customer segments, revenue streams, and sustainable business model design
14legislative-monitoring
Voting pattern analysis, committee effectiveness, bill tracking, parliamentary oversight for Swedish intelligence operations
13