Denys Rudyi - Fotolia
Editor's note: This article is part 2 of a two-part feature on API management. Click here to read the first part.
There is a significant to-do list for developers and IT shops before making strategic use of APIs. Most businesses will likely need to write new code to support data accessed through an API, since the original application probably uses data differently than how consumers or partners may need or want to access that data.
Once access is established through application programming interfaces (APIs), companies should create a formal API management strategy. In doing so, they should secure, manage, authenticate and authorize access to API data, said Anne Thomas, an analyst at Gartner Inc., in Stamford, Conn. She recommends using API gateways and other tools to make sure APIs are not overwhelmed.
Most of the major software companies, such as IBM, Oracle, Microsoft, TIBCO Software Inc., and Software AG, make API management tools for both internally and externally facing APIs. Some small independents are also in this market, such as 3scale, APImetrics, Runscope Inc. and Apigee Corp.
The market is in somewhat of a consolidation phase, as Layer 7 Technologies is now part of the CA Technologies API management suite. The aforementioned Axway owns the API developer, Vordel. TIBCO Software recently acquired Mashery from Intel. Most vendors offer API management tools that focus on both internal and external APIs.
The use of API data in new ways may create some unintended internal conflicts in a company. When you create services to share across internal workgroups, one group could potentially shoulder the entire cost of the service. Placing the cost burden on one group over another could lead to corporate infighting, said Randy Heffner, an analyst at Forrester Research, in Cambridge, Mass.
But there could also be some enormous benefits. By having immediate access to data through an API call, companies might see patterns of access that might not have been visible before, which may result in entirely new products for the company.
A well-known example is from farm machinery maker, John Deere, which has collected telemetry data from customer farm equipment since the mid-2000s. Data flows from an external API to a software application that helps farmers make decisions about crops, such as what kind of seeds to buy and how fast to buy them. John Deere can share this data with external sources that might make recommendations for farmers regarding their seed selection and fertilizer, according to the company.
Rolling out new APIs
One way to start an API management strategy is to create taxonomy of existing corporate APIs. APIs are governed differently and have different design points and security requirements depending on whether the application is internally facing, externally facing or mobile.
Companies that decide to develop an externally facing API that gains revenue must deliver a high quality API out of the gate. If a potential business partner tries to link with that API but has trouble with the data, the problems may extend farther than bad design. "All good will and enthusiasm evaporates," said Bernard Sanders, CTO at CloudBolt Software, a cloud management software company.
Building a great API -- and API management strategy -- requires the attention of both developers and operations teams. Operations must tune the linkages for performance, reliability, capacity and security. Developers must ensure that APIs are backwards compatible so any changes don't break previously existing API clients. Version management and communicating new API versions to partners is crucial if partners are accessing your API data.
If a company does create a new business out of API data, it may need more than security or monitoring software; it may require service level agreements. The APIs are now part of your business model, so they had better work.
- CLOUD API SECURITY RISKS: HOW TO ASSESS CLOUD SERVICE PROVIDER APIS –SearchSecurity.com
- The Cloud Risk Framework –ComputerWeekly.com
- Service-Oriented Cloud Computing Infrastructure (SOCCI) Framework –ComputerWeekly.com