13. “API management is the process of
publishing, promoting and overseeing
application programming interfaces (APIs) in a
secure, scalable environment. It also includes
the creation of end user support resources
that define and document the API.”
This talk is not about how to design the perfect REST API, the goal is to talk about the concept of API management and the value it delivers. Google is your best friend, some examples are…
The rise of mobile devices forces organizations to reassess their strategy around opening up their services to customers, partners and employees. People expect to have access to their information anytime, anywhere and on any device. It’s not only about having access, it’s also about modifying their information and services.
Modern Enterprise Architecture should include public endpoints (API) for organizations to become a connected company. Not only for customers! Also partners (networked organization) and employees (het nieuwe werken).
API management is
publishing, promoting and overseeing (APIs)
secure, scalable
end user support resources
define and document the API.
A good API-M implementation offers out of the box building blocks and allows to create building blocks that are environment specific.
Alleviate the burden of building all patterns and company specific implementations yourself, reuse what ever is available and even don’t bother with mandatory elements at all.
The ability to define and manage global policies centrally and have them apply to all APIs automatically. Create optional policies that can be chained together by an API developer.
Hypothetical example of a chained set of policies for a specific API call that goes are in effect for incoming and outgoing requests.
Developer portal!
Documentation documentation documentation!
API sandboxing
A personal favorite in enabling the developer community: offer (automatically created) SDKs for the published APIs.
Goal is to get control over all entities that utilize a APIs, one should focus on getting insight in: developers who create applications that users consume. These three entities are very interested to track and trace for several reasons.
Within an (enterprise) implementation of an API 1st strategy, combining this with a solid approach to Identity and Access Management is a match made in heaven.
- Utility company: Big greenfield project, invested in public API. IT Freeze, Business wanted to introduce mobile app. Done with small team, informal CIO approval, biggest success that year. 7 days, 2 apps live. Truly agile!
Implementation of white-label, 100% reuse of existing API, implement new host-name, use that that host-name to enrich internal messages to identify the brand. < 80h incl testing.
European governmental agency: API-M is the new integration strategy, all API 1st and no ESB patterns.