In the digital economy, building application programming interfaces (APIs) is essential for executing ideas quickly and seizing new business opportunities. They are the building blocks of digital transformation, enabling organizations to deliver exceptional customer experiences, create new revenue streams and connect employees, partners, apps, and devices to data—anytime, anywhere. APIs are not necessarily a new technology, but in today’s digital world, they have risen in prominence and become important to every facet of the enterprise. This in turn has increased the demand for effective API management.
In the digital economy, building application programming interfaces (APIs) is essential for executing ideas quickly and seizing new business opportunities. APIs are the building blocks of digital transformation, enabling organizations to deliver exceptional customer experiences, create new revenue streams and connect employees, partners, apps, and devices to data—anytime, anywhere. APIs are not necessarily a new technology, but in today’s digital world, they have risen in prominence and become important to every facet of the enterprise. This in turn has increased the demand for effective API management.
But what does an effective API management look like? A good place to start answering this question is by examining a case study.
Anzeige
Case Study: IceMobile
IceMobile helps leading food retailers across the globe boost footfall and basket size. Ralph Cohen founded the then creative agency in 2002 after recognizing that mobile devices offered a great potential for increasing customer engagement, loyalty and, ultimately, spend. 1
In 2012, IceMobile took two steps that transformed its business into the global mobile loyalty program provider it is today. First, it merged with BrandLoyalty, extending its reach beyond the Netherlands. Secondly, it built the Bright Loyalty Platform, which helps food retailers engage with shoppers on a personal level, driving turnover, increasing basket size and bringing in new customers.
At the solution’s front-end, the Bright Stamps product makes loyalty campaigns digital. Shoppers can easily collect stamps and redeem using their mobile phone, resulting in increasing spend and more people joining the campaigns. At its back-end, the Bright Loyalty Platform analyses shopper data from retailers’ back office point of sales (POS) and customer relationship management (CRM) systems to ensure the shopping experience resonates with customers.
Located in offices across 14 countries, IceMobile’s 120 developers, designers, and engagement experts offer retailers a range of loyalty services. These include concept and strategy, user experience design and research, solution design, implementation, project management, and data analysis.
Anzeige
When IceMobile talked to retailers regarding its product Bright Stamps, despite commercial departments being enthusiastic about adding the Bright Stamps solution to their loyalty programs, retailers’ legacy IT systems were often a hurdle to overcome. “Retailers were concerned their IT departments, which were often starved for time and budget, would not have sufficient resources available for integrating IceMobile with their various legacy systems,” reveals Jeroen Pietryga, IceMobile’s Chief Executive Officer.
The company needed to find a safe and manageable way of accelerating and simplifying the integration between its Bright Stamps solution and retailers’ back office systems. “We wanted to take some of the IT headaches and risk away from retailers’ IT departments,” adds Pietryga. “We wanted to make implementation faster, cheaper, and a better experience.” Application Programming Interfaces (APIs) gateway provided IceMobile with the perfect solution. An API gateway solution would only require limited changes to the food retailers’ back office systems while reducing the amount of time IceMobile engineers needed to spend on implementing the integrations.
By simplifying integration, IceMobile has cut implementation times from 14 to 8 weeks while minimizing impact on retailers’ busy IT departments.
The solution also ensures IceMobile meets security standards for inter-operating with retailers’ IT systems; ensuring the digital stamps IceMobile collects and stores for customers are safe.
The API gateway also enables IceMobile to:
Minimize impact on its own and retailers’ IT departments.
Integrate with almost any technology used by a retailer, safeguarding sales. To date, the solution has simplified connections with multiple back office systems for various food retailers. These back office systems include POS systems, such as Wincor Nixdorf, NCR, and IBM, and CRM systems, such as Siebel, eFuture, and SAP.
Standardize the way it delivers its services as it expands across the globe.
From Little API Acorns Big Things Grow
Like IceMobile, many companies have wisely invested in an API strategy and are reaping the benefits. Of course, this includes some pioneers, like Netflix and the streaming of content to over 200 devices types, thanks to APIs, or Twitter, who receives a staggering 13 billion API calls to its platform each day. But it’s more about big business than big numbers. APIs enable Expedia to conduct $2 billion of business through its partner affiliate network, and 60 percent of eBay’s listings are made through its API.
While software-driven companies have much to benefit others in the “physical product” world have realized the API carpe diem moment. Withings have transformed the humble bathroom scale into a hub for a fitness ecosystem, while Nest Labs’ thermostat is a marvel in intelligent home energy management.
So irrespective of whether business sell sedans, soda, or sneakers, executing a successful API strategy can deliver numerous advantages.
Customer satisfaction—No matter how fast the new features are released, customers still expect more. By exposing applications and data to external partners, developers, and customers, APIs can significantly ease the feature and release pressure on IT teams.
Scale and reach—With API enabled networks, business can work with partners to build new sales channels without relying on existing functions to generate and support them.
Business efficiency—Customers look to the provider for specific customizations. If each of these requests had to be addressed, development could be distracted from delivering more strategic features across the customer base. By exposing functionality through APIs, implementation teams and partners could provide this as a differentiated service, which is another revenue generating opportunity.
APIs provide the essential glue that binds together internal business departments, allowing them to operate as a seamless whole. They enable resources and information to be decoupled from functional silos and made available for greater business benefit. So if sales needs access to marketing data or marketing needs customer analytics, the secret sauce will be an API.
This is extremely beneficial from a DevOps perspective. Since APIs help unify people, process, and technology across the software lifecycle, every group becomes a partner of the other. If development needs access to application performance information from production monitoring tools, it’s an API that’ll service the request. If a production-based API needs to be tested against changes to a back-end system, it’ll be another API (together with service visualization software) that helps removes the constraints.
API Management: Stakeholders and Requirements
Because different stakeholders perceive APIs in different ways, they will require specific management capabilities in context of their role.
Business executives–APIs and management must be a strategic enabler for launching new innovative products, forging new business partnerships and improving the customer experience. These stakeholders will be especially interested in planning and tracking API revenue and ROI.
API owners/product managers—This group will have responsibility for creating and owning an API strategy and roadmap. As such, they be subject matter experts and oversee how APIs are released and managed. They’ll also review API roadmaps with key stakeholders to determine API priorities, including new enhancements.
Enterprise architects—Being responsible for translating digital initiatives into an optimum technology infrastructure, they’ll regard APIs as the connective tissue. API management will provide tools to help them model, design, shape, and optimize critical integrations across both legacy and modern infrastructure.
Application developers—Developers build front-end applications, while discovering, acquiring, and consuming APIs as their gateway to enterprise data and capabilities. For this group, API management represents stable, secure, and scalable access to both cloud and on-premise systems, with tools that help them leverage APIs quickly by removing development and testing constraints.
Security managers—Because APIs “open the enterprise,” they create new security challenges and opportunities. For this group, API management is about providing advanced threat protection, data encryption, and authentication, all without compromising the goal of increasing connectivity and convenience.
API support group—Regardless of which team supports APIs (development or operations), advanced monitoring will be needed to ensure consumers have optimum access to the API and related services (e.g., back-end systems and cloud infrastructure).
Note
Because of the importance of APIs, many companies organize teams around their development and ongoing support. Rather than engage multiple stakeholders on an as-needed basis, dedicated cross-functional API teams are established. This can be a very effective DevOps practice since it removes functional silos and aligns teams around desired business outcomes—versus managing APIs in technology silos.
APIs Are Products
APIs are the building blocks of great products. With APIs, modern applications can be developed faster and integrating existing systems becomes easier. And because APIs can help facilitate new partnerships and business opportunities, they can in fact be considered actual products in their own right.
As with any software product, APIs will go through a lifecycle where they are designed, created, secured, managed, and optimized. With revenue and reputation increasingly riding on APIs, this will need to be conducted on an enterprise scale. API management provides organizations the ability to achieve this, as long as capabilities embody the principles of DevOps and continuous delivery. While many individual tools address the discreet needs of the individual stakeholder groups, the goal of API management should place overall business improvement above everything.
Managing the API Lifecycle
API management embodies the principles of DevOps by managing the API lifecycle; providing the platform, visibility, and tools that architects, developers, security professionals, and administrators need to drive continuous delivery. Without effective API management, organizations will increasingly struggle to deploy, control, measure, and optimize the growing volume and variety of APIs needed to support digital transformation initiatives.
Since API management inherently addresses the DevOps lifecycle for APIs, it should address all elements (see Figure 4-1) and empower every stakeholder described in this chapter.
Figure 4-1.
API management lifecycle
×
It should be noted from Figure 4-1 that the definition, design, deployment, promotion, protection, and optimization of APIs is not limited to just the development team. IT operations and business stakeholders also need to be involved to ensure APIs are aligned to the overall program initiatives.
Ongoing measurement and monitoring is often overlooked in the API lifecycle. For a DevOps-driven API strategy to succeed, organizations need to be able to evaluate API utilization and performance as applications evolve; answering questions, such as who is consuming APIs and how often are they doing so? Which APIs are meeting business goals? Where are the latency issues? Will the API scale to support demand spikes?
Analytics play a critical role in answering these questions. In a DevOps context, they are also especially valuable in serving essential information and feedback to cross-functional team members in order to drive API improvements. This includes:
Performance analytics—Providing developers with real-time insight into operational performance, such as transaction speed, availability, and API latency. This helps ensure apps are meeting their users’ performance expectations, particularly during peak usage periods.
Business analytics—Help organizations monetize APIs by tracking usage and consumption by external partners and developers. This means they can better respond to market demand and prioritize future development investments in APIs.
App experience analytics—Report on metrics, such as app usage and revenue generation over the lifecycle of the app; providing complete return on investment visibility both in the short and long-term.
Automation and integration are essential for capturing such insights with minimum effort. Effective API management is founded on intelligent and integrated tools that simplify different stages of the lifecycle for different stakeholders.
For developers, API management solutions need to provide a simple point and click interface that can automatically generate scalable enterprise-grade APIs from data sources as diverse as RDBMS, NoSQL, existing APIs, and JSON.
This is particularly important as legacy monolithic systems are supplemented with dozens of microservices, each fronted by an API. While microservices decrease the size of each deployment, they increase the number of components deployed. API management tools are vital for helping developers navigate the microservices maze: first by auto-generating APIs and then by managing and providing simple yet secure access.
Access and discovery can also be simplified by leveraging an API gateway, which frees up time for developers to focus their efforts on delivering what the customers want—useful and engaging apps that work on multiple devices.
Essential API Management Plays
While API management provides capabilities to many stakeholders, the stronger methods will be those that unify teams toward continuously improving business outcomes from the API strategy as a whole. By reviewing their strategic API objectives (e.g., accelerate mobile development), organizations can assess API management capabilities using a number of tactical initiatives, or “plays”.
Create and Integrate APIs
In the past, organizations have relied on APIs from SQL calls and hand-coded business logic—often developed on an ad hoc basis. However, new digital imperatives now dictate adopting scalable and sustainable approaches to creating API-based apps faster and unlock the value from legacy applications and disparate data stores. And with DevOps processes needing to support the development of microservices that can be changed faster, this pressure will only intensify.
To address this, API owners, enterprise architects, and business executives should consider adopting methods and API management solutions that expand the scope of the API lifecycle management beyond gateway enforcement control toward the creation of APIs closer to business information.
The value proposition here is a significant reduction in the time and cost associated with manual-based API creation. Combine this with immediate API performance monitoring and security (discussed next) means quality and compliance becomes established as APIs are created.
As illustrated in Figure 4-2, the API management needed to facilitate rapid API creation and integration should include:
Connect SOA, ESB, and legacy applications—The ability to streamline integrations across disparate systems, middleware, and databases by providing protocol adaptation, mediation, and transformation.
Aggregate data from multiple sources—Assist engineers integrate SQL and NoSQL databases with fine-grained data access controls and the flexibility to deploy and scale to current and future architectures.
Connect cloud services—Enable the creation of performant, yet cost-effective API-centric digital platforms that integrate and orchestrate on-premise systems and cloud solutions.
API creation from reactive logic—Instantly generate enterprise-grade REST APIs from multiple data sources, with logic-based processing to apply business rules to API calls at runtime.
Figure 4-2.
API Management for API creation and integration
×
Note
Using reactive logic models to assist in the creation of APIs can be significantly faster than hand-coding. These techniques are valuable to DevOps practitioners since concise application logic is easier and less costly to support.
Secure the Open Enterprise
As more information assets and engagement channels become digitized, security is a major concern across the API lifecycle—from the business owner and the developer to the user.
For developers, API management represents stable, secure, and scalable access to back-end systems and information stores, as well as a source of tools and utilities to help them obtain and leverage APIs more efficiently. API management allows them to simply consume existing secure encrypted APIs, for example, without needing to scribe a unique security module for each.
In a DevOps context, information security professionals will work with developers to identify and neutralize critical threats, enable robust and workable policies, offer consistent and repeatable security for mobile apps, and provide the capabilities needed to deliver features such as single sign-on and privileged user access. The goal shouldn’t be to wait for security issues later, but rather to help teams establish strong security as they design, create, and test APIs. This may include
Protection against threats and vulnerabilities—API management will provide threat detection and neutralization for key Open Web Application Security (OWASP) vulnerabilities such as SQL injections, cross-site scripting, and denial-of-service attacks.
Controlled access with SSO and identity management—Securing apps and their connections, while maintaining or enhancing the all-important user experience.
Providing end-to-end security for apps, mobile and IoT—API management will protect the digital value chain from front-end app to back-end systems. It should extend controlled access to all touch points —from web apps to IoT, while supporting convenient features such as social login and risk-based authentication.
Unlock the Business Value of Data
Competitive pressure, rising customer expectations, and the increasing pace of change mean that applications—especially for mobile and the IoT—must be delivered faster and more efficiently. Developers look for API management to help them discover, acquire, and consume APIs quickly, while also providing tools that speed up or eliminate the “dirty work” of repeatedly building core functionality to handle data and security. Therefore, comprehensive API management should support:
Simplified and controlled access to data—API management will provide a controlled way to access data that shields developers from unnecessary complexity. It should aggregate and orchestrate data, while ensuring compliance through authorization, shaping and policy management.
Tip
To protect customer privacy and ensure compliance during API testing, consider integrating with management solutions that provide synthetic test data.
Support a wider partner/public developer ecosystem—Solutions will empower internal and external developers by streamlining API consumption lifecycle tasks such as discovery, acquisition, design, and collaboration.
Reduce mobile app delivery time—Developers will need access to reusable services in the form of SDKs and APIs that provide security, messaging, and offline storage.
Accelerate Mobile and IoT Development
Digital transformation initiatives that leverage APIs create new business opportunities and channels. Businesses look to API management as a central launch point for their digital strategies, with a range of capabilities that will support their efforts to build a robust digital ecosystem by expanding partnerships, nurturing developer communities, monetizing data, and leveraging digital connections to improve operations and efficiency.
Monetize APIs to generate revenue—Advanced API management will provide the functionality needed to package, price, and sell data products or services via any combination of free, freemium, purchase, subscription, or consumption-based models. It should also simplify integration with analytics and billing services.
Build digital ecosystems to enhance business value—This involves providing granular control, compliance, security, and reporting mechanisms needed to support the expansion of digital value chains across a wide range of platforms, apps, devices, partners, and third parties.
Create efficiencies through analytics and optimization—By providing instrumentation and analytics that allow them to optimize technical and business performance, API management will encourage developers to build more efficient, performant, and scalable digital ecosystems.
API Management: Essential Integrations
When considering API tooling, it’s important to seek out integrated capabilities that help establish information feedback loops that cross-functional teams need to drive API improvements.
API Performance Monitoring
API performance monitoring provides a huge opportunity to increase quality, but has proved challenging. This is primarily because development and operations teams use two classes of tools to address specific performance issues.
API Management Gateways offer tremendous detailed insight into APIs from the client-side perspective (e.g., API throttling, policy, and routing), but lack the depth of analysis offered by Application Performance Management (APM) solutions—especially clear insight into the impact of API performance on critical business services.
Application Performance Management (APM) solutions provide powerful analysis of application performance (e.g., transaction tracing and differential analytics), but lack inclusion of API-level data for related monitoring and root-cause analysis, as well as specifics on the gateway itself.
As a result, many problems can arise:
An operations team receives calls that API gateway services are underperforming, but this is reactive and after the fact because they’ve received no alerts in APM that indicate latency issues.
An application support team is called to field problems with mobile transactions using an API gateway, but because APM visibility ends at the firewall or proxy and they can’t see the actual gateway services themselves, they struggle to identify the root cause.
An API development team has gateway insight, but because they lack visibility into back-end application performance, they cannot easily determine overall service impact.
Bridging the gap between API management and APM solutions via a dedicated integration point (see Figure 4-3) can help teams collaborate effectively.
Figure 4-3.
API performance monitoring extends the functionality of API management and APM solutions
×
By monitoring detailed API metrics and data traversing gateways in combination with APM analytics, teams can detect slow growing problems and fast acting acute ones. This allows faster response to problematic API service latency conditions before customers are impacted.
When including detailed analytics at the API layer (e.g., front-end latency, policy violations, and routing failures), root cause analysis becomes more thorough and conclusive.
Through real-time and historical analysis of API performance information, developers and operations have a clear understanding on what API design improvements are needed.
Note
Integration between API gateways and APM solutions is especially valuable in pre-production testing. With complete end-to-end API performance visibility before a system goes live, teams are better positioned to remediate complex performance issues before they impact the business.
API Development and Testing
A 2015 Freeform Dynamics report indicated that it is 2.8 times more likely that digital disrupters are utilizing APIs in development.2 However, teams remain constrained by circumstances impeding success. In a Voke report, for example, 56 percent of respondents stated that critical resources were not available when development and testing teams needed them.3
API management solutions simplify the process of developers gaining access to APIs, but if back-end systems aren’t available for testing connectivity, there can be delivery delays.
An elegant solution to this problem is the integration API management with service virtualization solutions. Described in more detail Chapter 5, service virtualization emulates the behavior of dependent systems; enabling development and testing to be conducted free of constraints.
Service virtualization is a great pairing for API management. It allows developers access to a developer portal where they can quickly discover, learn to use, and integrate APIs into their apps. Then, with virtualized services, these apps can be tested against virtual back-ends, loads, latency, etc., to validate that apps under development apps will perform optimally in a variety of conditions.
When combining service virtualization with API management, teams should seek out integrated capabilities that all allow developers and testers to:
Secure access to a directory of virtual services, enabling faster service discovery and consumption.
Switch automatically between real and virtualized environments, improving development velocity, increasing contract and data fidelity, and lowering defect counts.
Faster creation and easier maintenance of virtual services by leveraging API management data.
Note
According to the aforementioned Voke report, simultaneously accessing APIs and virtual services accelerates application development by 97 percent.
Virtualizing the behavior of APIs and services and adding API management makes it easy for developers to access APIs that have been published and secured. As illustrated in Figure 4-4, working prototype APIs can be published and connected to virtualized back-end web services, so developers can begin using them as soon as they are available, rather than having to wait until the process is complete. This also allows teams to operate in parallel, where different development teams can work on different features at the same time.
Figure 4-4.
Eliminating API development constraints to enable parallel work streams
×
Taking a Strategic Approach
To fully embrace the APIs opportunity, organizations will need more than just tools, they will need a strategy that will help engender an understanding that APIs are more than just a technology; they are a digital enabler.
Program managers (or API owners) need to be responsible for creating this strategy, communicating it to executive-level decision makers as well as the architects and developers on the front line.
The first step should involve establishing a clear business objective and a vision statement, which needs to be aligned with the company’s overall mission and goals. Making this link is often quite easy.
For example, a retailer’s vision might be, “Give our customers a compelling shopping experience while offering the best possible quality, service, and value”. While the API vision might be, “Leverage APIs to build a high-quality and engaging shopping experience that seamlessly crosses all of customer engagement channels.”
The next step should be to build a business model around the API vision, outlining the details of:
Costs, resources, and efficiencies—The systems, relationships, activities, and other resources the program will leverage and how the program will empower the enterprise to deliver on its strategic goals.
Value, revenue, and innovation—The customers, markets, and channels the program will target and how technical innovation will make it possible to generate new revenue.
Operational processes—The tools and approaches needed to effectively control, measure, optimize, and deploy a large number of APIs throughout the development and operations lifecycle.
At the core of this business model, there should be a value proposition that clearly outlines the real, measureable outcomes that the API program will deliver to the business.
API owners or product managers should also engage the business when defining the API vision and delivery model. This will ensure:
Alignment with core business processes
Business value realization
Effective measurement criteria.
Taking a strategic approach to APIs will enable organizations to overcome existing challenges around application integration, data silos, and fragmented omni-channel experiences.
Building an API Future, Faster
Digital disruptors have already recognized the value that APIs and effective management can deliver in terms of customer engagement, satisfaction, and retention. They’re already using APIs both internally and externally: more than 65 percent of digital disruptors use APIs internally for building their web applications, mobile apps, and back office systems and externally for integrating third-party services or enabling external developer access to their systems.4
Having the right management strategy and tooling can help organizations advance their API business goals by increasing maturity levels (see Figure 4-5).
Digital services—Organizations develop ad-hoc APIs that digitize simple transactions and make them available and secure for third-party use. These APIs bring traditional services to the Web and mobile devices.
Partner integrations—Organizations expand their business model by developing a top-tier API with numerous capabilities, and integrate it with select and trusted partners. While the API itself enables the connection, the requisite SLAs, agreements, documentation, and support have to be managed “offline”.
Partner Infrastructure—After success with some integrations, organizations look to roll them out to a larger community of partners via an API portal or marketplace. They offer base capabilities for anyone who wants to consume them or create entirely new use cases. Here they not only provide the back-end for existing user experiences, but infrastructure for new ones as well, with standardized processes around SLAs and support.
API ecosystem—As organizations continue to monetize APIs and learn, they make deeper investments into building innovative, new capabilities that create competitive advantage. Here, APIs push the limits into a broad ecosystem, creating entirely new sources of revenue and enabling the adoption of entirely new technologies.
Figure 4-5.
API maturity Levels
×
Summary
Effectively managing APIs is a critical business differentiator. As Mohan Subramanian, associate professor of strategy at Boston College’s Carroll School of Management, confirmed: “APIs provide the key to unlock new growth opportunities at an unprecedented scale in our digitally connected economy. The capability to manage APIs will soon become a primary driver of competitive advantage.”5
Having the right API management tools and processes in place, organizations will be able to build the connections, digital services, and user experiences they need to succeed.
As discussed in this chapter, this requires taking managing the entire API lifecycle so that organizations can consistently deploy, measure, and optimize the growing volume and variety of APIs needed to support digital transformation initiatives.
In the next chapter, we’ll continue our exploration of the DevOps-enabled software factory by examining all the testing constraints facing practitioners today. We’ll also describe some essential automated testing strategies needed to ensure that optimal quality and compliance is consistently achieved in the most cost-effective way possible.
This chapter is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (http://creativecommons.org/licenses/by-nc-nd/4.0/), which permits any noncommercial use, duplication, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if you modified the licensed material. You do not have permission under this license to share adapted material derived from this book or parts of it.
The images or other third party material in this book are included in the work's Creative Commons license, unless indicated otherwise in the credit line; if such material is not included in the work's Creative Commons license and the respective action is not permitted by statutory regulation, users will need to obtain permission from the license holder to duplicate, adapt or reproduce the material.
