How to select an API Management platform for your business — part I
Why do you need an API Management platform for your business?
It is a common pattern in the technology world that people go after trendy keywords and technologies adopted by digital-native companies such as Netflix, Uber, and Airbnb. But not all trendy keywords and technical innovations bring value to all the companies out there. Hence it is important to understand why a certain technology is required for your business and how it will impact the business growth in the longer term. Application Programming Interface or API is such a trendy word that you would hear day-in, day-out within the enterprise ecosystem. It has become so popular that you cannot avoid the passion and the enthusiasm that is out there in the enterprise architects towards using APIs in their platform.
In this 3 part tutorial series, we are going to discuss how to select and API Management platform for your business by starting with the business need of an API Management platform and ending with building a future-ready API Management solution for your organization.
What is an API?
In layman's terms, an API is an interface that is used (by a server) to deliver business capabilities and business data as valuable information to the consumers (clients). As an example, if you own a retail store, you can sell an item to a customer who is sitting on his couch at his home through an API that is accessed from a mobile application. Isn’t it amazing?
If you want to grow your business, you need to reach out to more customers. APIs allow you to reach out to customers who you could never reach before. Who would have thought 20 years ago that you can shop everything you need without stepping out of your home? With APIs, you can make virtual connections with your customers, partners, and even employees and build a connected supply chain.
What is the business need for an API Platform?
Business leaders who fund enterprise IT projects need more clarity on the project from the business perspective. They would come up with questions like below.
- What will this project bring to our company?
- How will this project make us gain more business?
- What are the initial cost and recurring cost? (Opex vs Capex)
- How long will it take to reap the benefits of the program and return the investment?
- How the business is going to be profitable with this?
It is a must to have answers to these questions if you are to succeed with an API Management project since these questions are directly related to the business impact of the project. To come up with answers to these questions, we need to come up with a set of KPIs that can show the value of the API Management platform. Given below is a list of KPIs to measure the business impact of the solution.
- New revenue ($$$) gained through APIs
- Total sales executed through APIs
- No. of new partners integrated through APIs
- New customer sign-ups via API channel
- Cost reduction through automation via APIs
- Time to market improvements using APIs for integration
- Average time to build a new functionality
- Count of API related security incidents
- Direct revenue generated through monetization
Having these KPIs will help business leaders to understand the business impact of the project and evaluate the project throughout the lifecycle to decide on future investments and the continuity of the project.
Identifying the key technical requirements of an API Management Platform
Once the business requirements are identified and mapped with a set of KPIs, the next step is to identify the technical requirements of an API Management platform. There are many API Management platforms available in the market with various features. Let’s take a look at the fundamental requirements of an API Management platform.
- Support for standard API interface definition models like Swagger and Open API Specification to create APIs
- Support to reuse existing SOAP and REST services with APIs
- Support for API Security with capabilities such as OAuth2, API Keys, and Basic Authentication
- Ability to view statistics about APIs and support monitoring APIs for troubleshooting
- Support for controlling access based on usage with rate-limiting and throttling capabilities
- Support for threat protection to prevent malicious user attacks
- Support for an external developer portal so that external application developers can expand the usage of APIs
In addition to the features mentioned above, there are non-technical aspects that we should consider when selecting an API platform as well. We will discuss those aspects in detail in an upcoming section.
How to get started with APIs?
In today’s world with the increased adoption of information technology within businesses regardless of the scale of the business, we can assume that there is some sort of an IT system in place. With the growing popularity of cloud platforms like Amazon AWS, Microsoft Azure, and Google Cloud and Software as a Service (SaaS) tools, you can own an IT platform without having a single server within your premises. The only thing you require is a device with a browser interface.
Having said that, let’s assume that you have a set of systems (this can be10s, 100s, or even 1000s) that you are already using to store various business data and execute business processes. If you don’t have a component that integrates all these systems together, it is a good idea to use an integration platform (like ESB) to do that while getting started with the APIs. It is optional but recommended.
The fundamental idea of an API is to build an interface that exposes your business functionality to internal and external users. The most common and well-adopted mechanism (protocol) for exposing services through the internet (or network) is REST (REpresentational State Transfer) over HTTP. You can define your interface as a contract between the customer and your system. This contract can be defined using standards like Swagger or Open API Specification (OAS) or RAML. That contract explains basic details like
- How you can access this interface
- What you get out of this interface
- What you need to present when accessing the interface
- What happens if something goes wrong
Once you define this interface (contract) using a standard mechanism, then users can prepare their client applications (e.g. mobile, web) according to that contract. What happens behind the contract and within your business applications is no longer relevant to the customer.
The component that hosts all these interfaces so that customers can access those is called an API gateway. Let’s see how you can use an API gateway to deliver business functionality to your users through APIs.
As depicted in the above figure, users get access to business functionality using the client applications by contacting the API gateway. Let’s see what capabilities are required at the gateway layer. You can imagine that gateway is like a doorkeeper or a receptionist. At the fundamental level, it needs to have the following capabilities.
- Hosting APIs based on a standard format (e.g. REST, Swagger, OAS)
- Allow multiple users to access at the same time
- Validate the API users based on some form of identification
If you are starting off your API journey, the above-mentioned functionalities are more than enough to expose your business functionality to a wider audience. There are many other advanced features you would be interested in with the popularity of your API program. Let’s keep these basic capabilities to get started.
That’s all for the first part of the tutorial. In part II of the tutorial, we will cover the aspects of growing the API Management platform adoption within the organization.