A Playbook for Enterprise API Adoption – Part 1

(Editor’s Note: What follows is Part 1. Part 2 will appear on Friday.)

By Dr. Gopala Krishna Behara

An Application Programming Interface (API) is a Service that fulfils business capability delivered over the internet to internal/ external consumers. It is classified as,

  • Network accessible function
  • Available using standard web protocols
  • Well defined Interface
  • Designed for access by third parties

API (Application Programming Interface) empowers platform or mobile application to share the data. It is a set of instructions, standards, or requirements that enables a software or application to utilize features/services of another application, platform, or device for better services.

Some of the social media APIs that we leverage are,

  • Google Gmail API
  • Google Map API
  • Google Calendar API
  • Facebook Graph API
  • Google Maps API
  • Google YouTube Data API
  • Yahoo API
  • Twitter API
  • Pinterest API

According to Precedence Research, the Asia Pacific region will lead the global API management market during the forecast period 2022 to 2030. The global API management market expected to reach around USD 46.74 billion by 2030.

As per ICT – API Management market, the global API management market size  is expected to be worth around USD 46.74 billion by 2030.

According to Markets and Markets, the API management market is projected to be worth $5.1 billion by 2023, at a CAGR of 32.9%.

This Playbook covers the characteristics and drivers of API Platforms, API principles, reference architecture, stakeholders of API, types of API, Enterprise API adoption by an Enterprise.

Enterprise Readiness on API Adoption

The following are the basic questions that the stakeholders of an enterprise to be ready to define the API adoption.

CIO needs to understand,

  • How are the applications interconnected?
  • What prevents from phasing out applications?
  • Are certain applications a point of failure due to their high number of interfaces?

Enterprise Business Teams seek clarity on the following,

  • How critical are the applications in data flow
  • Which applications handle critical/personal data?
  • How does the current interface landscape compare to future state?

The Enterprise Architect team needs to understand,

  • Who has the right to use it?
  • What rights exactly do they have?
  • How do they get access?
  • What service levels can be expected?
  • How is the API secured?
  • How is it versioned?
  • How are service issues, changes, and issues detected and communicated?
  • Are there business restrictions to usage?
  • Are there usage charges?
  • Are there SLAs?

The focus of Enterprise IT delivery is,

  • How are applications interacting with each other and how often?
  • Is the data flow compromised by outdated applications or technologies?
  • How reliable are integrations?

Drivers for API Management

An API management platform is a tool used to access, distribute, control, and analyze APIs used by developers in an Enterprise.  The API management platform is secure, user-friendly, scalable, testable, and reliable. It manages API integrations centrally and provides high performance and better security integration standards.

The Key Business drivers of API Management are,

  • Application interconnection and the data flow between these applications
  • Increased complexity in integrating and managing the landscape
  • Phasing out of the applications
  • Point of failure due to a higher number of interfaces
  • Current interface landscape compared to future state
  • Security of the application landscape

API Management Platform selection depends on the following design principles,

  • Simple: Designed with the least complexity and ease of delivering a functionality
  • Flexible: Designed to be flexible to be used in various contexts providing optional controls to improve the usability
  • Usable: Developed across system, process, and experience layers for better usability.
  • Secure: Security adhere to confidentiality, data integrity, encryption, and regulatory and compliance principles. Designed to supports authentication, authorization, and fail-safe mechanism.
  • Transformable: Capable of transforming and delivering the results in ex. JSON, XML, and other data formats.
  • Reusable: Designed for maximum reusability. This helps in avoiding reinventing the APIs, reducing the development time, and adapting faster to the changing market requirements.

Stakeholders of API

The various categories of the stakeholders of API are,

  • Publishers: Publishers publish the APIs, documents related to the APIs, and other sources needed to consume the APIs through Publisher Portal. Publisher Portal is the place where the API-specific security configurations, accesses, and other restrictions are defined and controlled.
  • Developers: Developers explore the APIs and register for API access through Developer Portal. Developer Portal provides access to the APIs and the operations supported and the instructions to consume the APIs like request and response samples and the details regarding throttling.
  • Consumers: Consumers are mobile applications, desktop, and tablet applications that consume the APIs to perform a certain function. Most of the Online transactions will be using APIs to perform the operations.

Fig 1 Enterprise API Adoption Model                                               

Fig 1:  Enterprise API Adoption Model

a). As-Is API Eco-system Review

 

Review of Existing API Strategy: An assessment of current API adoption and maturity is done during this step. This helps to understand the business needs and current technology landscape. It enables enterprises to develop and refine API strategy on objectives and desired outcomes, key business capabilities, and typical APIs to be needed.

Analyze Existing Portfolio: Understand and assess the current state of applications & pain points of an Enterprise. Deep dive into current technology stack covering standardized/composable services, traditional/industry frameworks, communication protocols (WS/SOAP/Lightweight, Storage being used), etc.

As part of the as-is study, the review of the existing API Framework, analyzing the development Methodology, and API Governance are done. Understand the various tools and Processes used across the enterprise.

API Maturity baseline: API Maturity assessment needs to be performed as part of the As-Is assessment of API adoption. A Maturity Model is a structured collection of parameters that describe certain aspects of Maturity in an enterprise.

The API Maturity Model and its levels are depicted below. Each level contains statements that are indicative of an API adoption Program at that level.

Below is a sample API maturity model that is leveraged for assessing the enterprise API adoption maturity. It has four levels covering Ad hoc, Consistent, Mature, and Optimized.

Level Description
Ad hoc
  • Vision defined. Basic API ecosystem. Fragmented API Usage. API governed by Individual teams
  • Early-stage technical insight
  • Silo’s culture aligned to technologies/instruction-based culture
  • Manual process for API communication, static portal
  • Few API operation metrics defined
Consistent

 

  • API strategy defined, key business KPIs, Key use cases, API Governance, and API life cycle established
  • API reference architecture defined, API Platform selected and configured, API IAM is established
  • Standardized documents and sample code, a self-service portal, contract process for APIs, discoverable APIs
  • Standard API reporting established, operation-level dashboards
Mature
  • API ecosystem is well defined, APIs run as products and monetized, hybrid deployment models
  • Metering and Monetization are established, as elastic back-end architecture, SLA modeling, and management
  • Automated gateway testing, industrialized QA & release process, automated security, performance, and backend compatibility testing
  • Automated documents and sample code generation, collaboration community management portal, assigned community manager
  • Business-level dashboards, advanced operation-level instrumentation, and reporting
Optimized

 

  • Highly configurable API products run in different customer-centric bundles
  • Personalized SLAs for API products, API bundles
  • Highly automated end-to-end development. Model-driven development, innovation, and culture with a fail-fast attitude to new ideas
  • Automated community management
  • Predictive, continuous optimization

 

b). API Strategy & Planning

During this phase define the goals and outcomes to achieve with API.  As part of the API strategy and planning, need to identify which domains need to be addressed, the resources available and the timeframe to achieve the goals.

Derive the desired purpose and expected benefits from the usage of API. The activities to be performed as part of the API planning are,

  • Always plan for API to be external, even if it’s internal, to begin with
  • Customer Support for problems
  • Tools usage
  • Problems faced by the API client develops
  • End users to understand the common use cases

Identify API Audience: Define stakeholder, user, and partner community structure and roles and responsibilities. Typical API stakeholders of an enterprise are,

  • Business owners
  • API Provider
  • API Consumer
  • Partner users of APIs

Explore Existing APIs: Duplicate services lead to inconsistencies and wasted time. Look for existing APIs in the enterprise API catalog that solve for a similar use case. Reuse the parts and only build what’s unique and required.

Find Reusable Models: Find models that can be reused or repurposed for use cases.

c). API Architecture Standardization

The main characteristics of API architecture are,

  • Interface
    • The classes, methods, parameters, names
  • Resource Management
    • How is memory, and other resources dealt with
  • Error Handling
    • What errors are caught and what is done
  • Information Hiding
    • How much detail is exposed
    • Impacts all three of the above

Design API with a focus on business goals. The steps that need to be considered for the design are,

  • Create quality API prototypes faster
  • Visual Designer
  • Style Guide
  • Reusable Assets and Design Libraries
  • Automated Linting
  • Real-Time Collaboration for early feedback

API Reference architecture:

Enterprise API Management needs to ensure that the APIs are secure, user-friendly, scalable, testable, and reliable. Below are the different components/blocks of the API Management Platform,

  • API Portal
  • API Gateway
  • API Service
  • API Security                        

Fig 2 Enterprise API Reference Architecture

Fig 2:  Enterprise API Reference Architecture

 

The following sections briefly describe the API architecture building blocks.

API Portal: Place where the API consumers will come to search, select, test, and use the APIs. It should have consistent branding with enterprise .ie websites and be appealing and easy to use for the API consumers.

API developers publish API and documentation at portal. It enables developers to navigate interactive docs, tutorials, code snippets, and examples. The API Portal provides a best-practices framework for rapidly delivering the tools to successfully use API.

Setting up the API Portal consists of the following steps,

  • Configuring the color, look and feel, and content of the portal to match the enterprise group websites
  • Decide on the engagement with API Consumers, such as allowing blogs, Forum discussions
  • Decide on Security aspects such as API Key exchange and RBAC (Role-based access control)

API Gateway: The core component of API Management is an API Gateway. This acts as a proxy so that APIs do not have to directly interact with client applications. The Gateway represents a central point where all the abstracted API functionality is located and managed via a set of governance policies.

The following are the high-level features of the API Gateway,

  • Provides a lightweight API gateway for securing and managing APIs
  • Connects mobile devices to existing Enterprise systems
  • Significantly lowers integration costs, decreases total cost of ownership
  • Offers rich integration with Identity and Access Management platforms
  • Streamline regulatory compliance through authentication, authorization, and audit capabilities

API Publisher: An enterprise that uses APIs to expose its backend systems to internal, partner, or third-party developers of client applications.

API Security: Provides secured access across all the layers. It provides Authentication, Authorization and auditing, Threat Protection, Message Checking/Validation, SSL, and Logging/non-repudiation. Capability to integrate with industry-defined security frameworks like OAuth Identity Provider.

API  security covers both at design time and run time.

  • Design time – The security of the API itself would be defined by the OAuth standards, which would use LDAP for user authentication in the backend. The authorization policies would probably be in the realm of microservice rather than the API level.
  • Run time – The security guideline would need to include which roles can access and operate the API gateway, dev portal, and management platform. For debugging purposes, it is possible to sniff the request and response bodies and hence the customer information might be seen by the ops in the middle.

Generate API Documentation Automatically: Show developers how to move from documentation to code. All endpoints and models are documented here.

Write Quick Start Guides and Tutorials: Guides on popular use cases to help developers get started quickly

Choose a Version Control Strategy

    • Design Repo: A dedicated repo for design and documentation artifacts.
    • Mono-Repo: One project with a directory for each API which contains the source code and API description.
    • Multi-Repo: One project for each API which contains the source code and API description.

d). API Implementation

In this phase, the definition of the API contract and URL guidelines will be done. Coarse-grained APIs and Fine-grained API guidelines will be addressed during this phase. Decision on API documentation is done during this phase. API data exchange guidelines are defined.

Define API product development lifecycle includes:

  • Prioritization and design of business capabilities (APIs). Build, test, and versioning APIs
  • Identify, Define, and Design customer journeys for Business Moments and map them to APIs
  • API development using Spring boot
  • Release, adoption, and operational support of APIs
  • DevOps environment set up for the mutually agreed environment
  • Create a playbook of API product lifecycle for development team training and support model onboarding for the operations team.

API Testing: Validate that the APIs developed will work as expected. API tests can run automatically, such as part of a test suite on a continuous integration server, a development environment, or even in production.  As part of the API testing, examine for quick performance, accurate data output, good error objects, and security gaps.

To improve the productivity of delivering API, incorporate API test automation across the testing lifecycle. It covers API Test Suite Creation, Execution & Reporting, and Integration with other tools.

e). API Optimization & Innovation

It covers API KPIs, API Monetization, and API Monitoring.

API KPI:  Typical KPIs to be measured as part of the API journey of an enterprise are listed below,

Group KPI Measurements
Business Revenue # of Paid APIs
Business Usage # of API Calls
Business Unique Users # of API Calls Dissected by Users
Digital Transformation Agility Rate of Improvement in terms of launching a Feature X without or with an API
Digital Transformation Innovation # of New Products and Services Enabled

# of New Apps developed

Digital Transformation Ecosystem Density # of Partners Onboarded

# of Developers Engaged

Channels Channel Adoption # of API Calls Dissected by Channels (Mobile App/Web Site/Social)
Channels Transaction Affinity # of API calls done for information/shopping/reporting
Partners and Developers Engagement # On boarded Vs Time Scale Overall/Per API/
Partners and Developers Time to Success App development time
Partners and Developers Rate of Success # of Apps Developed/ # of Hackathons participated/ Revenue Generated by them
Outreach and Perception

 

API Releases and Roadmap # of Public Announcements—Business/Technology/Developer Forums/News and Media Channels
Outreach and Perception Social Media and Developer Community Perception Dedicated API Evangelists per forum

Alerts and Response to Comments/Queries/Compliments/Complaints etc.

Time to Respond and actual clarification/correction

# of Developer Hackathons

# of Partner Meets

Technical KPIs–QoS Uptime % Availability
Technical KPIs–QoS Performance API Response Time
Technical KPIs–QoS Scalability Transactions Per Second
Technical KPIs–QoS Errors # of Complaints/Incidents reported per API