Roberto Medrano

Editor’s note: this is the first in a series of blogs that provides insight into our new eBook, “Building Successful APIs“. As the leader in enterprise API management solutions, we want our customers, partners and other stakeholders to be informed and knowledgeable about the options available to them.

We always talk about the simplicity and ease of creating and delivering an API. And while it’s true that APIs have introduced a radically new and easier way to transact business online, it’s crucial that before you embark on your API strategy that you first create an API platform. This means that you need to give serious consideration to your user needs so that you’re delivering something that users will gain some value out of. This involves more than just how the users interact with your API. It also includes understanding how your partners and stakeholders will utilize your API to engage with their own users. You don’t conduct billions of transactions per year without having the right framework to make it all happen.

For starters, we think that at this critical step in your API journey, you should create a platform with the following capabilities:

1. Developer portal
2. Sandbox
3. API Framework and Server Platform
4. API Security and Management
5. API Lifecycle Management

Your API Ecosystem

Developer Portal

You won’t get much mileage out of your API if you don’t provide the developer community with a destination where they can get smart about it, get support for it, and get pumped up about it. Keep in mind, the developer effort is not an easy one, even with how easy API development is. This is a group that’s being pushed on from all directions, and projects rarely go about as planned for them. So if you support developers and feed them with proper documentation, advice, answers, and a community in which to showcase their goods, their affinity for you will be unwavering.

The more loyal the developers are to your API, the more Apps they’ll produce with it. The more Apps produced means a greater likelihood of more customers transacting through your API, and it also means a greater return on investment for the API.

Sandbox

This is where app developers have the opportunity to see their stuff in action. We recommend an environment, set up by you (and as part of your developer platform and community), that  allows app developers to make API calls and check the results. You could have a variety of different types of test services, or you could set up what’s called a “virtual test service” (there are vendors who provide these).

With a sandbox, the developer benefits (results optimal, requirements met, goal achieved – ready now for production), and so do the other participants in the API ecosystem. They will be on the receiving end of a stable, working API that can deliver what it promises. A lot of time and effort will ultimately be conserved if the sandbox is used correctly and for the benefit of your developers.

API Framework and Server Platform

Developers will come to your API from a variety of different programming frameworks. It’s best for you to choose the right platform for your stakeholders based on both the development resources at your disposal, and consideration for the complexity of backend services with which you’ll want your API to be able to integrate with.

If your organization has a team of developers and a lightweight backend (or green field environment) then the obvious choice would be to pick up a REST framework for the platform of choice and simply develop your API.

However, if you compose an API from a variety of backend systems, then you’ll need something more robust, like a mashup engine. Either way, your platform should have inherent flexibility built into it and allow for parallel development.

API Security and Management

With all the time and energy you’re putting into your API development, it’s really important to ensure that it is secure and manageable. Your API, after all, will be most successful if it’s exposed as much as possible and given the ability to be used by a ton of apps. So it needs to be secure and immune to threats (or, as immune as it can possibly be). Enterprises, especially, have been at times reluctant to move forward because of perceived security issues. What we know, however, is that with a platform that supports a declarative, policy-based mechanism to an API, the likelihood of security issues is dramatically reduced.

Policies need to describe a particular, unique authentication mechanism, authorization rule, logging level and correct fail-over process that needs to be followed. We’re seeing that with attention paid to these issues, even risk-averse IT organizations are getting it right by creating an effective platform.

API Lifecycle Management

So now you have the technical and methodological elements taken care of. You need to also apply some rules for API lifecycle management, and doing so will help to ensure that the definition, creation and ongoing management of your API is always consistent and correct. Take a look at what we consider to be an optimal API platform for complete lifecycle management:

We’re showing a model that displays an on-premise framework, but if you adhere to a flexible API platform model, then you’ll be able to also have these components work in other ways, such as:

1. Bound together on premises
2. Bound together off premises as Platform-as-a-Service (PaaS) offering
3. A hybrid, where some components (such as the Developer Portal) may be off premises, and the remainder on premises.

You may choose to host your entire API platform in-house, or do so as a service offering (platform-as-a-service, or PaaS). Our customers and partners do both, and of course, we’d be happy to chat with you about the positives and negatives of either situation. But for those who aren’t sure, or who have concerns, you can also create a hybrid solution where the developer portal is provided as a service, but the remaining components are kept internal. This keeps costs and management overhead down for the most naturally externally facing component, while securing and optimizing API performance by retaining the remainder on-premises.

There are a lot of decisions you must consider as you embark on discovery about your API journey. Establishing a solid platform that serves your needs, as well as the needs of your users (and potential users) is critical. We hope this overview provides some insight, but we encourage you to learn more by reading our new, free eBook, “Building Successful APIs“.

Share Button

Add a comment