API
management in the real world
management in the real world
Robert Merlicek, Chief Technical Officer, Asia Pacific and Japan
The
business benefits delivered by APIs (Application Program Interfaces) has led to
their widespread adoption by organisations of all sizes. Providing a way to share
data between disparate systems in a consistent and secure way, they enable
innovation in new and exciting areas.
business benefits delivered by APIs (Application Program Interfaces) has led to
their widespread adoption by organisations of all sizes. Providing a way to share
data between disparate systems in a consistent and secure way, they enable
innovation in new and exciting areas.
An
organisation can use APIs to spur external development through the creation of a
third-party ecosystem. Alternatively, they can be used to enable closer
linkages with partners through the sharing of data.
organisation can use APIs to spur external development through the creation of a
third-party ecosystem. Alternatively, they can be used to enable closer
linkages with partners through the sharing of data.
While
APIs can deliver significant benefits, as their usage increases they can also
cause some challenges. Proper management is key and a strategy is needed that
covers three key areas: scalability, security and support.
APIs can deliver significant benefits, as their usage increases they can also
cause some challenges. Proper management is key and a strategy is needed that
covers three key areas: scalability, security and support.
Scalability
For
APIs to be effective, the systems behind them must be readily scalable. As
increasing numbers of users hit an API and make requests for data, the back-end
infrastructure must be able to cope with the load and maintain
performance.
APIs to be effective, the systems behind them must be readily scalable. As
increasing numbers of users hit an API and make requests for data, the back-end
infrastructure must be able to cope with the load and maintain
performance.
Here,
having effective API management tools in place is critical. They can control
factors such as how many times an individual can make a call on an API in a
given period of time, and also assist with caching often-requested data at the
edge of the network. Both these techniques can help to ensure the API remains
available even during peak periods.
having effective API management tools in place is critical. They can control
factors such as how many times an individual can make a call on an API in a
given period of time, and also assist with caching often-requested data at the
edge of the network. Both these techniques can help to ensure the API remains
available even during peak periods.
The
organisation’s IT team should also consider making use of the Swagger
specification to describe the APIs in a standardised way. It can also define
what the interface for the API is going to look like so external developers
will know what to expect when making use of it.
organisation’s IT team should also consider making use of the Swagger
specification to describe the APIs in a standardised way. It can also define
what the interface for the API is going to look like so external developers
will know what to expect when making use of it.
Good
API management tools will also themselves have APIs. This makes their management
easier when the environment becomes more complex as regular tasks can be
automated. This, in turn, helps to ensure reliability as API usage scales even
further.
API management tools will also themselves have APIs. This makes their management
easier when the environment becomes more complex as regular tasks can be
automated. This, in turn, helps to ensure reliability as API usage scales even
further.
Security
API
security is all about making sure the right people have access to the right
data at the right time. Offering functionality for users should not create any
unnecessary risks for the organisation.
security is all about making sure the right people have access to the right
data at the right time. Offering functionality for users should not create any
unnecessary risks for the organisation.
When
an IT department first starts making use of APIs, there can be some people in
the organisation that become wary about increased chances of data loss or
system intrusions. However, it is actually very rare to see a data breach
happen through an API. When one does occur, it tends to be because of poor code
security rather than poor API security.
an IT department first starts making use of APIs, there can be some people in
the organisation that become wary about increased chances of data loss or
system intrusions. However, it is actually very rare to see a data breach
happen through an API. When one does occur, it tends to be because of poor code
security rather than poor API security.
However
security is still critical and good API management tools can help by setting up
an effective authentication system. The process starts by identifying what data
is security sensitive. This data should then be tagged so its access can be
controlled both internally and externally.
security is still critical and good API management tools can help by setting up
an effective authentication system. The process starts by identifying what data
is security sensitive. This data should then be tagged so its access can be
controlled both internally and externally.
Developers
must also adopt the habit of constantly reviewing new code for security and
data sensitivity issues. They must ensure that any new or enhanced APIs are
designed from the start to be secure. Management tools can assist by offering automated
testing which will help to streamline the process.
must also adopt the habit of constantly reviewing new code for security and
data sensitivity issues. They must ensure that any new or enhanced APIs are
designed from the start to be secure. Management tools can assist by offering automated
testing which will help to streamline the process.
Support
Developers
are critical to the success of an API-based ecosystem and providing them with
the support they require is very important. This holds true both for internal
teams as well as external developers accessing established APIs.
are critical to the success of an API-based ecosystem and providing them with
the support they require is very important. This holds true both for internal
teams as well as external developers accessing established APIs.
From
the outset, you should ensure there is a standard, three-tier support structure
in place. Simple queries can be handled in Tier 1 through mechanisms such as
forums and social media threads. More complex queries go to Tier 2 where they
are handled via email or phone support. The most complicated are fed into Tier 3
where they are assigned to the product team for resolution.
the outset, you should ensure there is a standard, three-tier support structure
in place. Simple queries can be handled in Tier 1 through mechanisms such as
forums and social media threads. More complex queries go to Tier 2 where they
are handled via email or phone support. The most complicated are fed into Tier 3
where they are assigned to the product team for resolution.
In
this way, a large chunk of queries can be handled in an automated way which
keeps technical experts free to focus on the higher value-adding activities.
this way, a large chunk of queries can be handled in an automated way which
keeps technical experts free to focus on the higher value-adding activities.
API
management tools can aid in the support function. They can provide reports that
show who is accessing what resources and what they are trying to achieve.
Support can then be targeted to where it is needed the most.
management tools can aid in the support function. They can provide reports that
show who is accessing what resources and what they are trying to achieve.
Support can then be targeted to where it is needed the most.
The
tools can also provide a content management system which can be used to create
a developer portal. This will become the place that people can find
documentation and technical details in a self-service manner. Having good
documentation in place is critical, and it must be clearly written and
complete.
tools can also provide a content management system which can be used to create
a developer portal. This will become the place that people can find
documentation and technical details in a self-service manner. Having good
documentation in place is critical, and it must be clearly written and
complete.
By
focusing on these three key areas, an organisation can be sure its APIs are
being managed correctly and providing the level of performance that users will
require. The organisation will then be best placed to reap the significant
business benefits that APIs can deliver.
focusing on these three key areas, an organisation can be sure its APIs are
being managed correctly and providing the level of performance that users will
require. The organisation will then be best placed to reap the significant
business benefits that APIs can deliver.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
