Now a days APIs are the gateway of your digital business. Delivering your core business as APIs is the first step in providing digital experience to your customer. If you are getting delay entering the digital world you would be soon thrown out of the market.
There are two steps in delivering your business as APIs. If you are starting your business today then you are lucky, you can design your infrastructure from ground up by keeping in mind your API strategy as your core architectural principle. But what about the enterprises that are running their business using legacy systems which are not designed to support APIs.They will not have time to redesign their entire system to support API strategy. They need to find a way to convert their existing system to support APIs without giving time for the competitors to kick them out from the market due to lack of digital presence. This is where the commercial off the shelf API management solutions are come into the picture to help the enterprises to quickly expose their business as APIs without worrying a lot about all the nuts and bold of an API ecosystem.
There are bunch of companies providing API Management solution as commercial off the shelf products as well as cloud services. it is very difficult and time consuming to select appropriate solution considering the technical background and budget of the enterprises. Enterprise architects and solution architects first need to collect the requirements internally and build a reference architecture around the requirements. Then they can look for a solution in the market with all characteristics required to build the reference architecture. Some time financial, technology background ,regulatory and compliance requirements and scale of the project will play a major role in vendor selection process. Regardless there are bunch of common characteristics of an effective API management solutions that every should look for.
Following s are some key requirements or characteristic of an effective API Management platform.
- Design,Implement and publish APIs
- Empower Developer by providing collaborative environment
- QOS for APIs
- Insight into API usage, developer behavior and system
- Optionally provide ability to monetize the API
Let’s look at these characteristics in detail.
Design, Implement and Publish APIs
First you have to decide which services are going to be exposed as APIs.It depends on why do you want to expose it.Let’s say you want to release a mobile app for your customers then you need to expose all the services as APIs to give a digital experience to your customers through the mobile app.if you want to connect to your partner then you need to expose all the services which is relevant to the partners. If you want to enable internal innovation by automating the process through apps then it is not bad to expose everything as APIs so that your internal app development team can come up with new ideas and quickly implement it.
Once you decide the list of services you want to expose then the next step is to think about how you going to create APIs from the current systems you have.If you have REST/SOAP APIs available within the system then you are lucky you need to only think about other matters.if your system does not support exposing a REST or SOAP then you need to have an integration layer to convert or create APIs from your system.There are variety of integration product out there to help you.Even some vendors provide integration capability as part of the API management solution.When you have services ready to be exposed as APIs you should define guidelines for defining APIs and the tool should provide way to govern it.Some time your organization may allow the API developers to go to a portal and expose the APIs in self service manager, in some case you would expect it to be automated as part of CI/CD process. In both case you would like to manage the life cycle of the APIs through a single place and even to implement a approval process for lifecycle transition. in short there should be a single place where API developers can design API interfaces for existing REST APIs(By giving OpenAPI specification or by designing by hand) ,implement the APIs by providing backend details, security policies and rate limiting settings and publish.
Empower Developer by providing collaborative environment
Once your APIs are ready you need to make sure that the audience of your APIs are informed.The developers who is going to use the APIs should have a platform to discover the APIs then read about the APIs and figure out how the APIs are going to help them develop applications.This is where the developer portal play an important role in providing a platform for the application developers to collaborate with API providers and achieve their goal.
Typically developer portal provides a way to easily search and find APIs get more information about the APIs such as documentation and SDKs even some provides a way to try the APIs from the browser itself.if the API consumption is based on a subscription then the developer portal should provide a way to subscribe to the APIs and get required access credentials according to the security applied to the APIs.It is good to have some statistics to provide better insight into the APIs as well.
QOS for you APIs
When you open your business secret to outside world or even inside for more audience you should definitely worry about the safety of the data that you going to expose.API security is the first concern of your API management platform.There are various way of securing an API, from traditional method such as basic auth, digest auth and token to modern Oauth2 security.You should choose the security mechanism that is going to provide strong authentication and authorization capability to your APIs.It is always good to go with Oauth2 security since it is pretty strong security mechanism and can be easily implemented in multiple application platform such as mobile app and web app.Other aspect of the security is cutting off over usage and preventing DoS attack.The API platform should able to identify over usage and throttle out such attempts to preventing outage due to resource over usage.Some time throttling or rate limiting capability can be used to monetize the API by proving different level of throttling limit for users who are willing to pay for more peak usage.
Statistics
The API management platform should provide insight for multiple people who are looking for different aspect of the project.CEO will be interested in seeing over all number of APIs and applications.API developer will be happy to see the usage and performance of the APIs.The devOps need some insight on the overall health of the platform.The app developer also need insight into to the usage pattern of the subscribed APIs to improve the design of the application to cater the user demand.
In this article we have seen some of the key characteristics that you have to look for when you design your API management platform.
