API ManagementBusiness leaders increasingly understand the potential of  APIs but still too few understand the need for API management. An yet API management is a necessity in today’s digital economy. The initial motivation could come from mobile, improving B2B Integration, SaaS solution integration, or an alternative to SOAP for internal system-to-system communication. APIs expose data for use by apps and the developers that create them. They make enterprise assets reachable by apps, and they’re the tool that enterprises use to add a digital layer to their interactions with customers, employees, and partners.

Every API Management solution contains three components:

API Gateway

Security, developer portals, analytics and monetization are but some of the key reasons why you need a robust API management tool to participate in the digital economy.Security is paramount for companies when they expose their backend systems via APIs. The first reason why any company would consider API management is to secure their APIs. This is not just about authenticating and authorizing access to APIs, it is also about policies to block attacks, ensure sensitive data is not accidentally or intentionally leaked and to revoke compromised an API that was granted to a user.

API management should also provide logs and audit trails to support both offline analysis and real-time troubleshooting. Another important capability is API quotas and spike arrest so that traffic to backend systems is properly throttled and managed.

Developer Portal

API ManagementDeveloper experience is key to adoption and success of your APIs. Your company’s APIs are useless if nobody use them. To enable rapid adoption of your APIs, you need a portal to put all of your APIs in one place for easy discovery and testing. The best portals provide a complete self-service experience, where developers can select the APIs and service levels they need, get secured access, monitor their API usage and even monetize and participate in revenue sharing with the API provider.

Another very important feature of the portal is a feedback mechanism, such as customer-support blogs, forums and community-contributed content.

Management Portal

Now that you have provisioned your APIs, you need to have visibility on your APIs.  How is your API traffic trending over time? Who are your top developers? Are you attracting more developers? Where do you see most API traffic?

Robust API management tools answer questions like these. They provide dashboards and reports that can be used by both business and operations to gain a 360-degree view of their digital business.

API Governance is also part of API Management. In fact, it is probably the most important and the least sexy part of API Management–yet, it is likely the most often neglected. Governance is not a bad thing. In fact, for anything to be truly adopted by the enterprise, it must have adequate and functional governance. The key phrase there is “functional governance”. A gauge I have long used to determine whether a new technology, process, or thing is “functional” is whether it solves more problems than it creates. If the answer to that question is no or you’re not sure, rethink the approach.

API Governance addresses:

  • Tracking the life-cycle of each API from inception to sun-setting (more below)
  • Tracking the API Consumers and subscriptions (relationships)to APIs utilized
  • The API Security Model employed and the details of managing it
  • Defines the API interface standards used for creating APIs (an organization’s standards for usage of something like Swagger) in the organization
  • Gathering statistics of both the Developer Portal and API Gateway usage
  • Utilization-based billing
  • API versioning
  • JSON (or XML) Schema versioning for input and output data structures
  • Tracking of routing information