APIs connect partners, systems and internal teams easily and securely. The question of regulated management – API management – becomes more important the more they are deployed and used. This blog we answer the question: What is API management?
When a company starts using APIs, they are often created ad hoc, and on demand by different teams or with the help of external service providers and based on various technologies. The result: high complexity, inflexible systems and proliferation.
Security standards and access rights often develop uncontrollably, the quality of the necessary interface documentation for external developers varies depending on the author, and there is a general lack of knowledge of existing APIs and their status. This not only increases the internal administration effort, but also leaves potential in the company untapped. Essential indicators of the success of an implemented API are its adoption rate and use. In the case of unregulated and unmanaged point-to-point connections however, this cannot be measured and recorded centrally.
What is API-Management?
API management enables you to govern, regulate, secure and monitor the increasing number of internal and external APIs used or provided by an organization. API management addresses the needs of all API stakeholders – the API publisher, API developer, APP developer and API consumer.
The Roles of API Stakeholders
The API publisher is the company (or department) that offers APIs to others. For example, Google publishes APIs on their websites and explains to companies how to use the APIs. Among other things, it explains how the API allows you to upload and download files. The API publisher is also responsible for monitoring and managing daily API usage and other administrative tasks related to APIs.
An API developer is responsible for developing one or more APIs.
An APP developer can create a web application that, for example, allows you to save files directly in Google Drive. To do this correctly, the APP Developer follows the documentation provided in the link above. It therefore uses the API provided and maintained by the API publisher and developed by the API developer.
API consumers are parties that use an API without integrating it into an APP developed for it. This means, for example, that a marketing department uses a Facebook API to analyze social media responses to specific actions. It does this with individual, irregular requests to the API provided, as needed.
If an API publisher wants to make changes to its API, this will affect the stakeholders of the API:
- API publishers may decide that the API will be more widely used after the change because it will be more attractive to developers. On the other hand, the publisher also determines when an API has reached the end of its lifecycle and needs to be discontinued.
- API developers need to be notified of the planned change for the API so they know what technical changes are required for the interface.
- APP developers need to know how to extend their web application if the updated API, for example, offers additional features or services.
- API consumers need to know if the shape of their initial API request is changing and if they can extend it with the new API.
This simple example shows how API management is the central point of knowledge for all stakeholders – and that APIs need to be managed and monitored for this reason.
The central tasks of API management:
- You need a central and consolidated tool to control and monitor the use of each API, otherwise you lack the essential component to manage the traffic passing through the APIs.
When there are mass requests to an application or system via an API, for example, negative results can occur because this places a heavy load on and can endanger the infrastructure. A component is required to protect the infrastructure from this.
- The developer community using your APIs must be managed. Those who have received credentials can use them without further control. A centralized toolset is required to enable user and rights management. This ensures that the community is managed in a transparent and verifiable manner and that API abuse is avoided.
- When an enterprise modernizes its infrastructure, APIs that drive the service-oriented, service-based architecture must be centrally documented. The developer community should provide all the information in a single location. A catalog must be created that is linked to a notification system to alert changes or indicate that the API is discarded and for what reason. The community also needs to know what specific authentication and authorization mechanisms apply to an API as they vary from one API to another.
- The success of an API is based on its acceptance rate and frequency of use from the developer’s point of view. It is necessary to monitor these to decide whether the API should be considered obsolete or improved in further iterations.
- If a developer intends to consume an API and has access privileges, any kind of supporting test environment is helpful to assist him in performing his work efficiently and independently. This is how a good acceptance rate is achieved. Mocking APIs are a valuable feature that helps the developer test the integration of the API for his purposes. It also protects backend systems and applications from involvement in testing and the associated unpredictable negative side effects.
- In addition, API management allows you to check the success of an API deployment. For example, if a new sales channel has been opened via an API, it is important to measure its impact on revenue (i.e. business value reporting).
Unmanaged APIs are not secure and cannot be efficiently reused. Their adoption rate is lower than managed APIs. If APIs are not properly managed, a service-based infrastructure with systems and applications can be at risk because they are not protected. In summary, unmanaged APIs are the root cause of enterprise vulnerability and ultimately lead to high costs for the business.
- API Management is the process of publishing, documenting and monitoring APIs in a secure and protected environment.
- API Management addresses the requirements of all stakeholders of an API – the API publisher, the API developer, the API consumer and the API administrator.
- API management enables API integration to be managed, regulated, traceable, and most importantly, secure.
Get in contact with us.
We are looking forward to your message.
Written by: Thomas KamperThomas Kamper, SVP Strategic Product Management, is responsible for strategic product initiatives related to all SEEBURGER’s business integration technology and solutions. The focus is currently on API solutions and Big Data. In addition, he is responsible for solutions that enable organizations to master challenges of visibility and to control the proper execution of digitalized business processes. Thomas rejoined SEEBURGER December 2017. Before, he worked for many years as a hands-on interim manager and business advisor supporting C-level executives within software and cloud service providers to make their strategic product initiatives successful.