API Management Fundamentals: View APIs as Products, Not Projects

     

API ManagementIf you build the API, they will come…and then what? Building an API doesn’t stop at releasing the API. While an API is not a piece of software in the traditional sense, API management is critical to ensure that it is helping your organization meet its intended goals.

An API needs the proper controls in place, as well as routine maintenance and monitoring to make sure it’s operating the way it was envisioned. Issues that crop up can be dealt with before they become big problems. Additionally, managing and monitoring the API can help determine ROI and provide valuable user information that helps your organization optimize the API for its audience.

According to an Enterprise Management Associates survey on the API economy, most organizations use API gateways and platforms as their primary methods of tracking API transactions. Additionally, almost half of the companies surveyed have created a dedicated API Manager role within the organization, often under the IT umbrella.

This has become necessary as most of the companies surveyed are delivering and managing dozens of APIs to both providers and consumers. 

The API process is a lifecycle, and that requires ongoing testing, upgrades, and post-deployment support, among other services.  Let’s explore some the basics around managing APIs.

APIs as Products

Like any product offered by your organization, any API released to partners or customers requires management. It comes with its own challenges—both technical and organizational—that will require addressing customer/consumer preferences, how well it performs, how to govern and control it, how it fits into the overall partner API ecosystem, and others.

Monitoring APIs, preferably with an API management platform (such as IBM API Connect or MuleSoft Anypoint Platform), can provide crucial insight around how your API is being used and by whom. For example, the API manager in the organization could see that API users are interested in location data and would share that information with the API developers—who in turn would refine the location data access for consumers. It would be similar for partners, as it’s important to understand how the APIs are being used by business partners as they’re introduced into the organization’s ecosystem.

The information used by APIs also must be carefully monitored and managed to prevent misuse. Aside from preparing at the beginning to segregate data that will not be shared, organizations and their API managers need to monitor how their data is being used. For example, a competitor could be “scraping” data to use for its own purposes, turning what was once a useful partner API into a weapon against your organization.

In addition to creating policies, organizations will need to implement tools that detect and prevent this and other types of misuse, helping to address problems while they’re still small.

Set API Standards

To monitor and manage APIs properly, standards are very important. APIs must be defined and structured properly, and must be well-documented. An API management platform can provide tools for publishing information that helps developers and users find the appropriate APIs and their documentation. Also, it can help to ensure that performance, process, and infrastructure standards are being met from the beginning.

Secure Your API for Your Company and Users Alike

No discussion of API management can be complete without mentioning security. High-profile breaches and attacks have brought an even stronger standard of security into the limelight—and it extends to APIs as well. Remember the unique API key each user gets? Any API management tool you use needs to do more than just validate the key and direct the traffic to the appropriate gate. It should also detect malicious IPs, potential DDoS attacks, and possible content threats using JSON or XML. Not only do you need to secure your API to protect your own data, you also need to protect sensitive user data.

Furthermore, policies and contracts are essential for enforcing security and managing service level agreements (SLAs) with API consumers.  An API management platform can help with this, providing tools to easily create, update, and remove policies and contracts. They can provide alerts as well, making API managers aware of policy and SLA violations so they can take quick action.

Managing Access

The ongoing management of access, roles and permission levels of individual users and teams are also critical components of an API program. API managers must be able to quickly provision and adjust access as needed, and know whether or not roles are being enforced.  An API management platform can help streamline this, enabling mangers to set access privileges, manage users, define roles and policies, view audit logs, and more.

Monitoring API Performance Metrics

As with other products, API management also involves determining ROI and assessing performance. Monitoring the API from both the IT and business perspectives will help put that into perspective. slo

Analytics are essential for tracking key performance metrics—like API usage, transactions by user, company, or geographic region, and performance against SLAs. 

In addition to providing insight around how the API is being consumed and how it fits into the overall partner API ecosystem, the information gleaned from monitoring should be applied to future versions of the API—including introducing new data sources or capabilities that would appeal to users.

This information can be used to shape the business case for additional APIs as well. For example, you can segment usage data by customer type and industry, helping to identify areas of need and opportunity. You can build dashboards to help monitor API service contracts and the overall performance of the APIs, helping to make a case for change.

Involve the Developer Community

Furthermore, you can work with the developer community and users to gather input and feedback for improving APIs and creating new ones. The developer community can be a great resource for enhancing the success of an API initiative.

Additionally, within the organization, it’s important to share API consumer and developer feedback and development team and business teams, helping them understand issues and opportunities for improvement. We’ll explore this topic further in our next post on API management best practices.

API Management is Critical to Success

If there is one takeaway from this article, it’s recognizing that API management is just as important—if not more important—than the initial API development and deployment. A well-managed API can continue to unlock opportunities and ensure the satisfaction of the API’s consumers.

We'll explore additional API management best practices in upcoming posts.  In the meantime, I recommend checking out the ebook below to learn more on this topic—especially if you’re fairly new to APIs.

APIs for Dummies

Of course, if you have an API initiative and would like to learn how Lightwell can help you achieve your digital vision, contact us today.

About the Author

Lori Angalich

Lori Angalich is the VP of Marketing at Lightwell. She loves exploring new technologies and business models, learning how things work, solving problems, and developing new ideas with others. She has a Bachelor of Science in Biology and an MBA in Marketing, and she enjoys applying her knowledge from both each and every day.  Lori has a passion for travel, art, wine, music, wildlife (including her two dogs, who are a bit on the "wild side"), and most of all, creating great memories with her family. 

Connect with Lori on LinkedIn