What is API Management?

API management is the practice of managing application programming interfaces (APIs), often using scalable enterprise software for API design, publication, security, monitoring, and analytics. API management enables enterprises or developers that publish or consume an API to monitor the interface's lifecycle and ensure that the API is performing as it was designed.

A successful API management platform is one that drives the goals of the business: Providing API-based services while making it as easy as possible for both internal and external developers to rapidly adopt and integrate them in their applications. The details around managing a successful API program can get rather complex rather quickly but can be simplified by focusing first on the three “S’s”: scalability, security, and support.

Scalability

As the API program is adopted and becomes successful, performance can suffer as the backend systems struggle to keep up with demand. An API management solution can alleviate some of this by providing edge caching for data that does not change very often. It also places traffic limits either on individual developers or developers grouped by type.

Security

API security starts with developers and system architects who must take the effort to identify the data in the system that is security-sensitive or contains privately identifiable information. Tight controls should be put in place to ensure only approved personnel has access to that data at any time, but they must be combined with a process that makes it easy for developers to request and gain access to the data they need to accomplish the work assigned to them. API authentication is usually done with API keys which are a fast and reliable way of ensuring identity. However, API keys are only one step in an overall API security plan.

Support

Good API management platforms can help provide a positive developer experience through a variety of means, including interactive documentation, built-in static documentation, self-service key registration, and developer-specific reporting. The developer experience covers the entire lifecycle of development using your APIs. It starts with solid documentation and service discovery, extends to the registration and onboarding process, and concludes when the developer is no longer using the API. These tools must be implemented in conjunction with good processes to be successful.

What are Enterprises using APIs for?

Application Development & Integration Digital Business Platform
Internal Agility - Standardized services Channel expansion - new distribution
Cloud-native - Microservices & micro-gateways B2B & B2C innovation - partner collaboration
API Integration - SaaS and hybrid services New business models - becoming an ecosystem platform

Key Use Cases for APIs

Internal APIs

Connect to data and backend resources for integration or application development. Internal APIs are not exposed to anyone outside of the company.

  • API-led integration - for example, APIs used to integrate backend systems, delivered as a mobile app to automate cockpit flight procedures, eliminating the need for paper-based systems.
  • Modernizing Infrastructure - existing SOAP payment service refactored as microservices, exposed with REST APIs, delivering greater application agility and better scaling to support digital transformation initiatives.
  • Application development - new application styles built using microservices and event-driven APIs to support complex data flows, deliver real-time operations, and serverless computing models. May even incorporate a mix of internal APIs and APIs sourced externally.

Public APIs

Expose internal data and functionality through open APIs for use by external developers. Sometimes these APIs are monetized, but often they are not.

  • Embedded services - credit card companies and shipping companies publish APIs that allow anyone to embed credit card processing or shipping price quote functionality into their application.
  • Expanded sales channels - retailers add product catalog and purchasing capabilities to 3rd party websites. For example, image searches on Pinterest that link to the Macy’s catalog, to purchase.
  • Expanded partner network - airlines are using APIs to expand their partner networks, offering value-added services & promotions to their passengers relevant to their travel destination. For example, a Broadway play in New York, or a sporting event in Boston.

Partner APIs

Developed internally and shared with a limited set of external companies, usually B2B or channel partners

  • Partner onboarding - reduce the time & cost of onboarding new partners by exposing APIs that reduce the need for custom coding, making it easier for them to integrate with your environment.
  • Supply chain velocity - allows partners to customize information exchanges, streamlining partner onboarding and simplifying operations. APIs over the public web is often used in place of proprietary EDI networks.

Components of API Management

API Creation

Developing &and designing API’s is the first step in the lifecycle of API management. A good API Management solution enables users to quickly and easily model, develop, test, and deploy APIs all from the same tool. REST API design is a very popular option. REST APIs can handle multiple types of calls from all languages including XML, JSON or YAML or any other format.

API Portal

After API development, API portals enable users to publicize their APIs and discover other APIs with ease. API portals are essentially the bridge between API providers and API consumers. A good API portal enables you to package and manage your APIs as products and onboard, engage and empower developers and inform users of an API’s retirement.

API Gateway

An API gateway is the way you control access to your back-end systems and services. An API gateway maintains a secure connection between your data and APIs, and manages API traffic, both inside and outside your company.

API Analytics

API analytics is the way to monitor and manage of all operational aspects of an API program. With API analytics, you can acquire a deeper understanding of the ongoing business and technical impact of your APIs.

Capabilities of API Management

Power the websites, mobile apps, and devices we use

APIs have the ability to deliver data, content, and other digital information to websites, mobile apps, and IoT devices. This allows anyone to curate content. With the rise of mobile apps, APIs can be used to send and receive small, bite-size chunks of digital resources we use through our personal and business worlds, such as messages, images, and videos.

Not just for developers

While APIs are a technical concept, anyone who can use a web page can use an API. In fact, API providers are making it a priority to focus on non-developer users such as data journalists, analysts, and many other non-programming user types. When inquired, API providers can help non-developer users understand the value an API delivers and potential business uses.

Makes companies agile, nimble, observable, and competitive

API-driven businesses are the way of the future. Many organizations who are already utilizing APIs are finding that they can better interact with the public through well-designed, simple, and modular APIs. APIs make it possible for organizations to widely access resources across the organization from many different data sources. Additionally, APIs provide a level of simplicity for enterprise application development using microservices that are exposed via APIs. This eliminates duplicate development activities and allows for reuse of services.

Empowers individuals to take control

APIs empower average individuals to take control of their data online. Since APIs provide access to the data and content we are generating online, users need to be aware of who has access to data and content. That being said, users need to be API literate. API literacy is much like financial literacy; you don't have to understand how APIs work, but you should only use online services that have an API so you can have control over data access, while also being able to download and walk away with your own valuable information.