When companies want to complement their products with digital services, so-called “public APIs” can be helpful. However, using them in the company has to be controlled which means managing them in a clean way!
Integration of public APIs into a company’s own IT solutions offer many advantages. For example, complementary digital services for a company’s own products can be made available to customers faster. This allows your company to make headway with the necessary digital transformation! In order to avoid uncontrolled growth and a lack of transparency, the use of public APIs in the company must be properly controlled though.
Who can use which public API? Who has the corresponding password (if one is required)? Who controls who uses which public API and what cost is produced (if it is a paid service)? Who sends what outside on which API? Which path does an API call actually take from internal to outside to the public API? On what ports? Via which security mechanisms? …
The solution is API Management:
The public APIs are wrapped by an API Channel, which connects the public API and provides it internally to all internal users. The internal users of a public API do not call up the public API directly on the Internet (and request a firewall opening from IT with all the questions that entails). Instead, they call up the public API indirectly via an internal API that provides API management solution.
To do this, SEEBURGER customers can easily use the API management solution in the Business Integration Suite. They have to identify themselves to BIS as API users, and BIS can control via its API user and rights management who can and cannot make the API call. BIS also implements user authentication, that is, while an internal user calls the API in the BIS under their name, BIS itself calls up the public API, e.g. with a company account. In this way the records in the BIS Logs keep track of which internal users called which Public API.
Only public APIs deployed in BIS API Management in this way are usable in the company. Prior to using an API, an approval process may be used in which the harmlessness of the role in the company is tested by the Chief-Compliance-Officer – for e.g. data protection, disclosure of personal data, but also cost associated with the API, or adherence with compliance rules (location of the service called up in a country with trade restrictions, …). As these few examples already show, API management is necessary in every company and the SEEBURGER Business Integration Suite is the solution.
If you would like to learn more, please contact us or use our API management brochure to get an overview of the benefits, application areas and specific applications.