Just like any software-as-a-service (SaaS) resource, APIs too have their very own lifecycles. This lifecycle basically summarizes the entire lifespan of an application program interface, right from initial conception, to deprecation and final retirement. The precise nature of individual API lifecycle varies with its core functionality and the nature of software/business it is meant to be a part of. The recent emphasis on agile software and app development methods (e.g., Scrum) has made it all the more important for developers to understand and follow the lifecycle of interfaces. Let us here analyse in detail the four stages that make up the API lifecycle:
1. API Planning, Design, Analysis
This stage can also be referred to as the ‘API Requirement Definition’ stage. At this point, providers need to determine a definite reason for creating a new API, the objectives that it will achieve, and the overall business strategy it will be implemented within. It has to be critically analysed whether creating an API would indeed solve the existing requirement(s) – and once that is established, whether the purposes of the API are in sync with the overall organizational objectives. All of this contribute towards laying down the API strategy blueprint. In particular, these points have to be carefully deliberated on during this stage:
a) API growth model,
b) Projections/Predictions of usage,
c) Mission statement(s),
d) Expected returns from the API, and
e) API marketing and promotional methods to be adopted.
Once these have been decided, developers need to turn their attentions on API designing. Referring to well-illustrated use cases and contextual deployment instances comes in handy in this regard. In addition, the data format for the API – JSON or XML – has to be chosen, and a stand has to be taken on whether a REST or a SOAP API should be built. To expose the assets in a secure, systematic and effective way, adopting the dynamic API-first approach is important. Swagger 2.0 and API Blueprint are two commonly used tools for designing APIs.
(Note: To know more about RESTful API development, click here)
Yet another basic, and extremely important element of the API Planning stage is finalizing the type of API to create. Broadly, API providers need to take their pick from the following three options:
i) Public APIs, which facilitate public access of services and create entirely new ecosystems.
ii) Private APIs, the main purpose of which is making internal IT operations more systematic and cost-effective.
iii) Partner APIs, which enhance the reach of services by collaborating with select partner businesses.
The API Planning and Analysis stage is more of a ‘preparation’ stage for the actual development to begin. Once the groundwork is complete, it’s time to move on to the next stage.
-
API Development and Integration
This is the stage where actual coding is involved, to create a new API and, if required, integrate it within existing systems. Provided that the planning has been done properly and a proper API strategy is in place, the stage should not take up too much of time – particularly since there are plenty of resources already available for the creation and management of RESTful APIs. Some popular tools for building new interfaces are Postman, Runscope and APItools.
An API can either give direction to the content distribution system of a firm, or expose the internal data structure, or both. Hence, API providers must simply grasp the exact technical requirements and capabilities of the program interface. In addition to the API hosting tools and management methodology, an understanding of the protocols to be used is important. Developers need to be aware of all the operations as well, the security features and access control options, and obviously, the quality of end user-experience the API will provide. The scalability and the size of APIs are also key factors to be considered.
There are quite a large number of API development frameworks, depending on the programming language used by developers. Here are some of these frameworks:
a) Sinatra and Grape (for Ruby),
b) REST.li and JAX-RS (for Java),
c) Slim (for PHP),
d) Restify and Express.js (for Node.js),
e) Django and Flask Web (for Python).
Note: AppNow is also an often-used tool for API prototyping, data model specification and deployment, and demonstrations. Deployment with AppNow (with CRUD RESTful API and AngularJS) can be tested with the Swagger tool.
Versioning is one of the most important starting points of API development. This should ideally be implemented during this stage (versioning is important to keep things systematic, as and when future versions of the API are released). Ideally, the second phase in the API lifecycle should place importance on each of the following:
i) API designing (ensuring both human-usability as well as machine-readability),
ii) API construction,
iii) API security (through access control tools), and
iv) API testing.
Including rate limits is a common security strategy for APIs. These put an upper limit on the total number of network requests within a time-period (thereby reducing the risks of ‘flooding’). A robust real-time analytics and monitoring system also needs to be included in the API.
Since the API lifecycle is iterative (and not ‘top-down’), it is easy to go back to the Analysis stage at any time and make changes, as and when required.
-
API Operations and Management
Arguably the most involved of all the API lifecycle stages. By the end of Stage 2, a two-way connection between the API backend (backend-as-a-service, or BaaS) and the corresponding website or mobile app has been established. In this stage, an intermediate layer – API management – is created and inserted between the two, to boost API intelligence and performance levels, as well as for optimizing the API strategy. Systematic API management helps in:
a)Making the use-behaviour more predictable,
b) Monitoring key API analytics to gauge performance,
c) Establishing API monetization scheme,
d) Securing the API endpoints.
One of the biggest inclusions in the third stage of the lifecycle is API testing and bug-fixing. With quality being the biggest bone of concern among API developers worldwide, it is only natural that many small changes and switches are done at this stage – to make the interfaces smoother and glitch-free. Initial user-opinions and feedback also need to be collected and analyzed (via suitable inbound methods).
Note: API documentation, initiated in the previous stage, has to be regularly updated and maintained during the Operations stage. All the changes made in the structure of the API should be recorded in the documentation/changelog/release notes.
With the establishment of the API Management layer, developers have to work with 2 separate URLs:
i) the first URL exists between the application/website (final product) and the management tab. It is published and is viewable to everyone who has authorized access to the interface, and
ii) the second URL exists between the management tab and the API This one remains private and is not accessible to any third-party entity.
There are certain features and solutions that any standard API management platform should offer. These include the API contracts, the security and access controls, the documentation, developer portal access, analytics and usage, and of course, all billing-related information. Sandboxing can be done for test integration, before the actual thing.
For Public APIs, this is the stage where most of the marketing and promotional activities take place. The focus of API providers is to generate as much awareness as possible, through hackathons, online campaigns, detailed documentation (shareable) and other methods to enhance API discoverability.
The value of the iterative nature of API development once again becomes prominent at this stage. Developers can move backwards to Stage 1 (Analysis) to expand the scope of interfaces, to Stage 2 (Development) to tweak the technical features of APIs or change the API versioning, or move directly to Stage 4 – in case it is confirmed that deprecation has indeed set in for a particular API.
-
API Engagement, Adoption and Retirement
Provided that developers have reason to believe that the value proposition(s) of an API has not been exhausted – the marketing endeavours (started in the previous stage) have to be taken up a notch. The prime focus is always on creating a favourable buzz among mobile app developers (i.e., final users of APIs), through constant enhancements in both quality and quantity. There are 2 major components in any campaign to drive up the engagement/adoption rates of an API:
- Boosting its discoverability and the usability. Users should be able to find the API easily, and not run into any problem(s) while working with the software.
- Creating interesting use-cases to highlight the utility of the API to app/web developers. Delivering top-notch developer-experience (DX) is always of essence.
Many experts from the field of API development advise the creation of a Developer Program to streamline the API marketing efforts. A well-thought-out API developer program typically has the following:
i) Developer portal (the main point of entrance within the API),
ii) API Evangelists (for online and offline promotion of APIs),
iii) Pilot partners (for collecting feedback and suggestions),
iv) Outreach acceleration with partners (for increasing the reach of API-related messages, with the help of partner organizations),
v) Community development (for selecting the right web and social media channels to promote APIs).
Note: Creating a scheme to monitor the effectiveness of marketing campaigns should also be a part of an exhaustive API Developer Program. All partners should be leveraged properly, to maximize the outreach of the API in existing markets.
None of these promotional activities would be of any value though, in case an API has reached the end of its journey – a stage when it no longer delivers value, and its purpose is no more in tune with the overall business objectives. In such cases, the concerned API is ‘retired’.
Retiring an API is pretty much like discontinuing any piece of software. It happens when the usage metrics start to go down steadily, there is little or no innovation on the part of app developers, and/or a mismatch of revenue-related objectives. Decrease in community support and paucity of compatible plugins are also common reasons for API retirement. Fresh security threats is yet another factor leading up to APIs being withdrawn.
Thorough knowledge of the entire API lifecycle goes a long way in helping developers maintain high-end agility standards. Managing APIs is key for optimizing the initial plans and strategies, and getting the most out of the interfaces. What’s more, chances of compliance breaches and security attacks also take a backseat, when APIs are closely monitored and managed. With proper coordination of the API lifecycle (API governance), businesses can evolve with changing requirements and possibilities. And as we all know, a systematic approach always works!