To review our previous API Economy blog, we suggest that your API and platform strategy needs to clearly answer the following questions.
- How do we group and productise our services into business friendly APIs?
- How do we protect our backed services with effective security?
- How do advertise our API’s to interested developers for discovery and usage?
- How do we separate test endpoints allowing external teams to build their integrations?
- How do we control access and provide banded usage?
- How do we measure success by analysing usage?
- How do we manage API versioning and lifecycle?
The answer to these questions is found within enterprise API management platforms, such as Microsoft Azure API Manager, which provides the following core capabilities:
The API Gateway function serves as a proxied interface to your backend services that aims to implement the non-functional aspects required to securely publish API’s to external or internal parties. It provides the following:
- Routes API calls to backend services on-premises or in an isolated cloud environment
- Applies security, typically using API Keys, JSON web tokens or certificates
- Acts as a policy enforcement point that applies defined API policies for Access Restrictions (e.g. Rate Limits), Authentication, Caching and control of flow.
- Transforms inbound messages between protocols (e.g. JSON to SOAP)
- Provides Logging, Auditing and Tracing
API Management Portal
- Provides the ability to define APIs as “Products” import definitions from standard definitions such as OpenAPI. Often this combining several backend microservices into one Business API definition.
- Provides interfaces to apply default or custom API policies enforced on API products
- Manages API access requests, approvals and API Key Provision
- Provides Access to analytics and usage information as part a digital feedback loop
- Integrates with DevOps tooling and manages API versioning, deployment and release
- Provides an interface where developers can discover and explore business APIs
- Manages sign-up, subscription and Key provisioning
- Provides analytics on usage
- Provides API usage documentation, samples and test endpoints
Selecting a Platform to participate in the API economy has become a da facto’ step in many Digital Transformation initiatives, however, care should be taken to also develop a suitable strategy and approach.
API abuse in the digital age
The explosion of API’s (the Programmable Web notes a 1000% increase in API’s this decade alone) has attracted the attention of egregious players in our digital age. Abuse of poorly considered or unsecure API’s creates significant practical and reputational risks. Securing not only the backend Systems but the API’s themselves is paramount. As important is careful planning around the intended usage of the API’s as a fundamental facet of design.
The very public example of Cambridge Analytica’s use of the Facebook APIs highlighted the risk. In this case, there was poor consideration in an API strategy where the business risk and intended usage was not well considered.
This, however, is balanced with the plethora of positive results that many enterprise and midmarket businesses experience today, when API’s are implemented within a well-defined strategy and managed by suitable platform.
MOQdigital specialised in Azure API Manager (APIM). This component coupled with the rest of the Azure Integration Platform Services (iPaaS) allows our teams to build out the necessary API surfaces enabling our clients to take advantage of the API economy as part of their Digital Transformation journeys. Our approach centres around helping clients define what their API’s should provide, how and to who. Once defined, we work with client product teams to build out the capability. If you would like to explore the opportunity to build and manage APIs contact our team.