Why API Management keeps nightmares away from your C-Level

Can you believe it? There are still key decision makers who ask why API management is required – ignoring that it secures and protects their organizations’ assets as well as making API initiatives more successful!

Talking to customers makes my day – especially when I am convinced that we have found a solution to make their life easier.

Last week I had a very good conversation with the Head of Application Integration of one of our customers. She told me that they had finalized an internal project to investigate the APIs that are in use for different use cases: they consume different types of APIs provided by business partners, integrated three cloud applications via APIs supporting different processes, integrated several machines and mobile devices (industrial IoT scenarios).

For the last couple of years, they also used REST APIs more and more to modernize their internal IT infrastructure to become web service-oriented. The objective is to integrate systems and applications faster, easier and more efficiently than with a SOAP approach.

Their project roadmap contains first projects where they would like to provide APIs to their business partners – an initiative driven by their sales and logistics departments. In addition, she plans to connect two banks via APIs to accelerate their financial transactions and to get real time information about their account status in their backend systems.

Why API Management?

During this assessment, they concluded that their usage scenarios have come to (and probably exceeded) a critical level: she named it the ‘dark side of API spaghetti’ and described related inefficiencies, threats and risks to their complete organization.

We agreed that unmanaged APIs are not secure and not efficiently reusable. Their adoption rate is poor. If not managed properly, they put a service-based infrastructure including systems and applications on risk because protection of these assets is not given. In summary, if APIs are not managed, they will become the root cause of putting an organization on risk and raise inevitably high costs.

A nightmare for every CEO, CIO, CFO and CISO

Therefore, we discussed why an API management solution would address all negative impacts of ‘the dark side of API spaghetti’:

• Protect their IT assets as data sources, applications and systems that are endangered by the unmanaged usage and implementation of APIs. The implementation of a centralized traffic and policy management as well as the control of their enforcement at one single point are key contributors to reach these goals.
• Secure their IT infrastructure via authentication and authorization mechanisms when accessing and using APIs and apply security features that target especially the threats of accessing and providing web-based APIs.
• Govern and manage their community of developers, their access, the provisioning of credentials and its governed usage of APIs by proper identity and rights management.
• Assure efficiency to get the jobs of all stakeholders of an API done, i.e. API providers, API managers, API developers, and even members of business departments – by providing transparency about the status of an API during the API lifecycle including versioning. Provide a communication infrastructure between internal API managers and internal as well as external API developers plus proactive notifications on any change of APIs in their lifecycle to all developers who have subscribed to it.
• Assure a high adoption rate, reusability and proper usage of provided services via an API by supporting the community of developers with an efficient onboarding process, subscription process, centralized documentation, test environments and features as mocking of APIs.
• Monitor and report the grade of adoption, traffic and usage of provided APIs to evaluate the success of a related API initiative – and potentially monetize this in a later state when the provided service via the API turns out to be of value for a significant number of developers.

We agreed that these measures would perfectly support future tasks and topics of their targeted API governance process.

By the way: after our talk, the Head of Application Integration was laughing and she admitted that she will sleep better as soon as an API management solution will be in place.