Why Coupa?Watch Now
Coupa is a company of talkers, passionate about sharing tips, tricks and advice for improving finance and procurement and saving companies of all sizes time and money. But we’re not the only people with opinions and ideas. We’d love to hear from you so join the conversation!
- May 10, 2017
- Rajiv Ramachandran
- ERP & Integrations
Gone are the days when APIs were purely technical application programming interfaces. Today APIs are the cornerstones of a digital business. Today we are living in the “API economy.” Business and IT leaders are coming together to build new revenue models for companies based on a robust API strategy.
When APIs are mission critical to the organization, it also means that the damage that can happen if these assets are not managed properly is huge. The unavailability of an application is not just an inconvenience. It can lead to unhappy customers, loss of revenue and even the destruction of a brand. Given the strategic importance of APIs today, it’s essential that companies have a robust API Management platform
What is an API Management Platform?
Most discussions of APIs focus on the functional capability that the API provides, the data format (JSON vs. XML) and the protocol (REST vs. SOAP). While these are important, what gets missed are questions around managing an API. These are equally if not more critical given their strategic nature. These include:
- How do you share information about the API to the developer community to gain adoption?
- How do you manage the lifecycle of an API to bring new capabilities in and deprecate old ones?
- How do you secure access to your APIs?
- How do you control and limit access to your APIs?
- How can you gain visibility and analytics from your API usage?
These are all extremely important topics that need to be addressed. What an API management platform does is provide the capabilities to address these issues in an easy to use and structured way across all APIs that you create. Having this foundation brings consistency to your API strategy and ensures that your priceless assets are secured and can scale
Five Key Capabilities of API Management Platforms
There are five key capabilities that you should ensure are part of any API Platform that you choose:
- Mediation Integration and & Orchestration
One of the important capabilities that an API Platform offers is the ability to expose legacy assets as well structured APIs. To do so, it needs to have the ability to connect to multiple backend systems using different protocols. It should also be able to orchestrate across these systems and help build composite services. The ability to support different protocols and translate between different data formats should be central. The most common scenario for companies building an API strategy revolves around enabling legacy applications, so this capability of API platforms is of utmost importance.
A single security incident is all that is needed to kill your successful API strategy. Just one instance of unauthorized access of your data, or denial of service of the API that you provide, and you are no longer trusted by your consumers. Built in support for two way encryption, key validation and distribution, authentication models (OAuth, SAML etc.), address filtering, JSON and XML schema validations, bot detection etc. should be available and easily enabled using policy-based models. There should be strong capabilities to log and audit every invocation of the API, and any security incident, along with the ability to take action. Enabling such a secure architecture will impact performance and therefore the architecture of the API management platform, whether deployed as a hardware appliance or on a scalable cloud should allow for supporting security and performance needs at the same time.
- Traffic Management
As you publish your APIs and make them available to customers, you will soon realize that there is a need to provide different levels of access and service to different customers. The amount of throughput, bandwidth and concurrency you provide to customers will depend on the commercial terms that you have established with them. You need a policy-based model to make this happen in a consistent manner for all your APIs. Also in certain scenarios, this throttling capability can also be a control point to prevent attacks that might be perpetuated knowingly or unknowingly by your API consumers. The ability to cache data for APIs is also a critical feature.
There are 2 kinds of analytics that you want to make sure your platform choice provides:
- Deep dive diagnostics on performance metrics. This includes the ability to trace the end to end flow of the API request, and drill down into a payload to debug any issues.
- Usage diagnostics. These tell you which APIs are being used, how often, by what kind of customers and for what purposes. This level of analytics will be very strategic, as you can use them to help shape new offerings and new capabilities to offer your customers.
- Developer Portal
Adoption depends heavily on how well an API is structured, designed and documented. The ability to search and find this API is critical. Also you need to have access controls to make different levels of API information available for internal, partner and customer users. A robust portal provides these capabilities, and becomes like a social media platform for your APIs where developers can register interest, take a trial, and provide feedback and recommendations.
API Management Platform - Vendor Landscape
While probably lot of these capabilities can be built, I would recommend you buy, not build. There are several mature platforms on the market that can provide these core capabilities. It is more important for integrations and operations teams within organizations to really enable this platform for developers rather than spend resources building these core capabilities. The Forrester Wave™: API Management Solutions, Q4 2016 and the Gartner Magic Quadrant for Full Life Cycle API Management have analyzed the top vendors in this space. Solutions from IBM, Apigee and CA Technologies show up as leaders in both reports with strong performances from MuleSoft, TIBCO and Software AG. Review these reports to determine the right fit for your organization.
In today’s API economy, the question is not whether you need an API management platform or not, or whether to build or buy one. The real need is to put a strategy around your APIs, decide on the right platform for your organization and execute on making APIs the core of your company’s business model.