API Productization Takes API Management
Treat your API like a product. This is the established wisdom in the enterprise. Rather than relegating the API to a techy niche, treat your API as a product for others to use. Then you can better tap into its potential to transform your business. At the same time, it is critical to understand the role of API management and security in the API productization process. If the API is not well managed or secure, it won’t live up to its business potential as a product.
APIs are driving digital transformation in the enterprise today. Enterprises are restlessly inventive with APIs, leveraging them to innovate and grow their digital businesses. For example, a financial institution might create an API that exposes their account management systems. The firm’s partners could then build mobile apps that allow their customers to access their accounts at the financial institution.(e.g. access your stock portfolio while logged into your savings bank.) A manufacturing company could use an API to connect the logistics applications of its supply chain partners. Or, an oil company could build an API that can be used by remote sensors that check on the condition of oil wells and pipelines. This last case is an example of APIs at work in the Internet of Things (IoT).
What’s involved in making each of these APIs into a product? A good way to answer the question is to think about what happens if these companies choose not to treat the APIs like products. What if they simply wrote the code for the API, provided minimal documentation and circulated an email saying that the API was available for use if anyone wanted it. What would happen in this case? Not much, probably…
Productizing an API takes work. The payoff is there if you invest the time and effort.
If a partner did use such a thinly documented API, its developers would have little information to go on. They probably wouldn’t know whom to contact if they had a problem. If the API broke, who would know? This may sound extreme, but this is how many otherwise smart enterprises treat their APIs. To them, APIs are bits of code for use in developer-to-developer collaborations.
Alternatively, imagine if the financial institution, manufacturer and oil company each wrote a business plan for their respective APIs, developed feature sets, a go-to-market plans, success metrics and future API roadmaps. When an organization commits to its API like this, their API becomes part of a bigger picture that includes management vision, strategic planning and execution. Ideally, some person or team will be responsible for the execution of the API’s business plan. For instance, the financial institution might create a roadmap like the one shown below. Here, V1 of the API would support one transaction type, with access to a single system. V1 has a defined success metric of 10 apps developed and 10,000 transactions a month.
This modest start gives the company a realistic way to get its API product off the ground. Everyone can learn in the process. V2 and V3 grow more ambitious, with the ultimate goal of supporting 100 apps and a million transactions a month. The API(s) will expose five systems and handle three transaction types.
To succeed at creating the above productized API, the financial institution needs to be in control of how the API is designed, documented, published and used in product. This is known as API Management. Broadly, API management enables the following capabilities:
- Ease of use – App developers should be able to easily learn how to use the API through documentation.
- Developer community – The API owner needs a way to share information about the API with potential developers. A developer community portal could be a helpful venue for this process.
- Version control – Developers need to be aware of new versions of the API so they can incorporate it into their apps.
- Usage monitoring, SLAs, alerting and failover – An API should be monitored so all stakeholders can be aware of how well it is performing. If the API is overloaded and running slowly, the relevant administrators need to be alerted in real time. If it fails, there should be a failover instance. The API should be able to adhere to agreed-upon service level agreements (SLAs), with reporting and alerting when the API fails the SLA.
- Orchestration and mediation – APIs typically work in combination with other software components, including other APIs. A well-managed productized API will make it easy for developers to orchestrate use of the API in multi-step business processes.
- Choice of cloud or on-premises deployment – This is essential in today’s enterprise IT environment. If an enterprise is set on deploying its new IT assets in the cloud, it should have the option of putting its APIs in the cloud. Or, if they are pursuing a hybrid strategy, the API should support a choice on-premises or cloud.
- Integration with SOA and other application integration technologies – Many enterprises already have earlier generations of application integration, such as enterprise service buses (ESBs). For optimal adoption, an API should be able to integrate easily with these existing entry points into enterprise applications and data assets.
- Data analytics on API use – The owner of the productized API has to know how the API is being used. APIs naturally generate a great deal of data about their usage. Analysis of this data may yield useful insights about how the product is performing, in business terms. In this sense, data analytics can be a valuable tool for the owner to estimate return on investment (ROI) for the productized API.
- Security – Because APIs expose back end systems to outside users, security is non-negotiable. This is not a controversial point of view. The issue, however, is whether an API can be secure and flexible enough to succeed as a product. API security tools should enable the API owner to define and enforce security policy – but also to change those policies easily as requirements and use cases shift.
Productizing an API takes work. The payoff is there if you invest the time and effort. In some cases, dedicated API management and security solutions can smooth your path to success. They do the heavy lifting, providing the capabilities described above – allowing you to focus on the business strategy and execution you need to transform your business through APIs.