If networking equipment is visualised as the pipes of the internet, Application Programming Interfaces (APIs) are the connectors, taps, and valves that enable the many different systems that make up modern applications to securely connect, share, and process data. We all use APIs every day, from websites that embed an interactive Google map or enable consumers to log into a third-party service via Twitter; to internal business APIs that let a microservice query a database for a customer’s current credit allowance.
Providing an API for a service can help businesses increase market penetration by making it easy for partners to integrate that service into their own systems. For example, using an API to provide delivery updates, can increase a retailer’s customer satisfaction, and make the courier firm that provides the API a preferred supplier to the retailer.
As consumers and lines of business increasingly demand more deeply integrated experiences, which require real-time data to inform decisions and smooth transactions, the number of APIs and the protocols to implement them are multiplying, and without effective API management, the risk of service degradation and outages increases. Business agility will also be lost, slowing innovation and increasing the threat of being disrupted by a more agile competitor.
Composable commerce: building agility with innovation
Growing pains
To manage the complexity of the API ecosystem, organisations are embracing API management tools to identify, control, secure and monitor API use in their existing applications and services. Having visibility and control of API consumption provides a solid foundation for expanding API provision, discovery, adoption and monetisation.
Many organizations start with an in-house developed API management approach. However, as their API management strategies mature, they often find the increasing complexity of maintaining and monitoring the usage of APIs, and the components of their API management solution itself, a drain on technical resources and a source of technical debt.
A common challenge for API management approaches is becoming a victim of one’s own success. For instance, a company that deploys an API management solution for a region or department may quickly get requests for access from other teams seeking to benefit from the value delivered, such as API discoverability and higher service reliability.
While this demand should be seen as proof of a great approach to digitalization, it adds challenges and raises questions for example around capacity, access control, administration rights and governance.
As API management solutions get rolled out to production environments, additional technical aspects need to be considered to ensure that the technical and architectural components involved in the solution can be monitored and governed effectively. For example, a company might start with a single server to handle the incoming API calls for a particular region. As the number of API consumers increases, and more critical workloads are served by the system, additional servers might be needed to ensure high availability and enable load balancing. Additionally, many companies have a multi-regional or multi-cloud strategy, which increases the complexity of the deployment architecture, and the challenge of effectively monitoring the whole system’s performance across the business.
As development teams evolve, for example working towards Continuous Integration and Continuous Deployment (CI/CD) the API management system will need to develop to serve their workflow. For example, in a CI/CD pipeline supported by multiple environments for development, test, acceptance and production, the API management strategy and system need to mature to actively support each stage of that pipeline. Gaining the ability to be alerted to API changes that break systems, and visibility into the impact of system changes on API demand, can significantly reduce rework, and hence accelerate feature delivery.
The above examples are not an exhaustive list of the challenges organisations will face as the demands on their API Management deployment grow, but let’s look at capabilities that advanced API management tools can offer to address them.
Maintaining governance and controlling access across multiple regions, business units and departments
Regardless of the degree of centralisation of IT, most organisations will eventually need a strategy that enables them to roll out and control multiple API management units and deployments. Consider ACME, the mythical manufacturing company with a global presence, organised into several regions. ACME’s modern API management platform was initially procured and deployed by a single department within the central region; now multiple regions and departments are asking for access to the system.
Enabled by their multi-tenant API management system, ACME’s strategy to meet this need is to enable each region and department to roll out the platform. While each region or department can have its own environments, technical components and user access, the central team will ultimately control which departments get their own environments and what specific features are enabled for them. This means that each department will be responsible for their architecture and user access, maybe with their own identity provider, while allowing a central team to set policies and features shared across the entire enterprise, such as the enforcement of policies for data protection and encryption.
The ACME strategy enables individual departments and business units to cater for their specific needs. Modern API management platforms support the full range of architectural and management approaches, from ACME’s department led strategy to fully centralised deployment and setup of each department’s components and infrastructure.
Regardless of strategy, the key to successful organisation-wide API management is maintaining full visibility of API use and an in-depth understanding of the IT estate.
Paying it forward: why APIs are key to easing technical debt
Monitoring and maintenance
The ACME central team needs to monitor the entire company deployment. To achieve this the team will configure a set of dashboards to provide a high-level overview of the departments, their environments and the API Gateway installations that power them. Departmental teams will also have dashboards configured to monitor their specific environments and components.
Through the dashboards, the ACME teams will have visibility into:
- The overall ACME footprint, including departments, their environments, and installed API management components.
- APIs in use, plus usage metrics for the company as a whole, and individual departments; including numbers of API consumers, APIs, API calls, etc.
- The versions of the API management system and features enabled for each installation.
- The status of API management platform components; server health, CPU and memory utilisation, etc.
In addition to system visibility, both central and local ACME administrators need to control and maintain the solution. The system control panels will enable ACME departments to upgrade to a new release of a particular API management component from a central interface or to manually restart individual API Gateways.
Fine-grained controls for the central team will enable the onboarding of new regions, departments, and environments as the API management solution grows across the business. The central team will also be able to drill down into data on the various departmental installations and their components from one, or several, dashboards.
Prepare to scale API management to realise the full value of your API ecosystem
While a growing number of internal users, departments, and architecture components are among the signs of a successful API management strategy, this growth brings challenges.
Companies need to plan and structure the systems they use for API management to scale-up and scale-out across multiple regions, business units and departments. They also need to ensure that they can enforce varying internal and external requirements around secure access and governance within both global and local policies.
With a well-defined strategy for API management, and the capabilities of a modern, multi-tenant, developer-first API management platform to enable it, companies can be confident of increasing the business value of their API ecosystem as they scale.