Achieving and sustaining API success
Most organizations are now embracing APIs to provide flexible connectivity between systems, making it easy for developers to get started and build digital products. While developers everywhere are, of course, familiar with API lifecycle management -- a major challenge is how to fully operationalize it.
In order to address this key issue, we must first break down precisely what API lifecycle management is. Essentially, it can be viewed as a set of operational activities that can be split into the following categories: Business Operations, Product Operations and Platform Operations, which include DevOps and InfraSecOps. So, how can organizations focus on API delivery across these categories to achieve and sustain success? There are several foundational requirements:
- Adopt the right mindset
To ensure API implementation projects deliver on key business goals, organizations should first adopt an API-first mindset that ensures they are designed, delivered and managed with crucial considerations such as usability, flexibility, consistency, performance, agility and security at their core.
Next, an enterprise's APIs must be viewed through the lens of its business strategy, which in many cases, necessitates a significant shift in everyone's way of thinking. In practical terms, this typically entails redesigning the company's operations and developing a digital platform to make its goods and services more consumable or user-friendly.
Stakeholders should also think about the enterprise's business as a set of capabilities, with products and services that are going to be supplied, rather than constructing applications or building backend systems of record. These are then brought together as a group of cohesive APIs that cooperate in obtaining the data, granting access and securing it.
Ultimately, this part of the process is all about moving from traditional software development approaches to a strategy guided by strong collaboration and a clear focus on identifying what good design looks like for each specific use case.
- Build local leadership
To deliver on the objective of adopting APIs at scale, organizations also need to get organized. This starts with ensuring that there are local leaders in place backed by a coherent team, all of whom are focused on making the process a success.
This isn’t just about establishing a Community of Practice (CoP), which can be effective in introducing new technologies such as API management, but then don’t tend to focus on subsequent ways to operationalize. This is particularly evident in situations that require a full lifecycle approach, i.e. from demand and ideation to promotion and adoption.
Instead, organizations should build what is known as an 'API Guild'. Made up of API leaders from each relevant capability area, it acts as a launchpad to help ensure stakeholders can deliver against key requirements such as ownership, accountability and the reuse of composable building blocks.
- Decide how API products will be viewed
In working to implement an API strategy, many organizations come up against some common questions. These include whether APIs should be viewed as products or code, whether they should be chargeable, and how programmers will handle downstream dependencies.
Without a doubt, the most effective digital services and products are delivered when developers and business owners work together iteratively and share end-to-end ownership. In many cases, organizations that have taken a business-led approach via API product management report that they find it easier to create new business opportunities, increase agility and revenue, and boost customer satisfaction as a result.
API Guilds not only ensure more effective management and communication processes, but teams can also maximize their shared understanding of the products that need to be delivered. As a result, API product managers become fully accountable for end-to-end API delivery and responsible for reusing key composable building blocks wherever possible. In addition, the Guild approach -- underpinned by effective team leads -- delivers an effective framework for enterprise-wide initiatives that work with shared budgets.
- Implement an API security and resilience plan
While APIs are the building blocks of the most effective digital experiences, if they are not properly managed, they can also be a security risk. To protect them, organizations need to secure and operationalize new and existing APIs by implementing a defense-in-depth strategy, regardless of development or deployment. This should be based on a layered approach to make sure that APIs remain secure from end to end.
One approach that is almost always important early in the transaction flow is to authenticate. User authentication discovers the identity of the end user from a token or process flow, often alongside API key/secret validation to identify an application and device registration to identify a particular user-app-device combination.
Next, users can be authorized from the point they get access to the API operations being called, and the data being returned. Authorization should apply at multiple levels of granularity, validating the access rights for both the user and application to a particular API, operation, and HTTP method.
In addition, traffic management is key. Managing the volume and rate at which transactions reach the various applications can protect against denial-of-service attacks and other issues that would impact server performance or availability and degrade the end-user experience.
Ultimately, a positive API security model carefully defines the expected transaction structure, content, and volume, and rejects anything that doesn’t comply with that expectation. Leveraging schema validation, network whitelists and other positive security methods, in addition to more reactive approaches, make for a more comprehensive security and resilience strategy.
Together, these building blocks help ensure that business and technology models work in harmony to help organizations to more effectively focus on the requirements of end users and customers alike, and ultimately, to deliver better outcomes for everyone concerned.
Image Credit: totallyPic.com / Shutterstock
Brian Otten is VP Digital Transformation Catalysts at Axway.