In 2017 Q1, the total number of APIs listed in ProgrammableWeb went past the 17000 mark for the first time (the count currently stands at 17174). The unprecedented increase in the usage of mobile devices over the last few years, coupled with escalating app-usage levels, have taken up the demand for secure, reliable backend-as-a-service (BaaS) tools manifold. The volume and types of data being exposed on the cloud through APIs (either internally or to third-party developers) are increasing at exponential rates – and unless the entire process is efficiently managed, confusions and problems are very likely to crop up. In such a scenario, the importance of smart API management is immense.
Before we get into the essential elements of an API management platform, let us reiterate its meaning and scope once more. API management, or APIM, includes the monitoring, tracking and management of practically everything related to APIs – right from development and publication, to data integration, monetization, analytics tracking and security parameters. The overall performance of application programming interfaces can also be bolstered with APIM tools. Typically, API management is essential in highly scalable environments.
Let us now turn our attentions to some interesting tips and pointers for creating advanced, end-to-end API management platforms:
Make things intuitive for developers
Who are the final users of APIs? That’s right – third-party app developers. If an interface has a complicated, long-drawn onboarding process, chances are high that most developers won’t bother using it (and find an alternative). Ideally, the developers should be able to check out some features of an API even before they have registered on it. Providing multiple identity providers (Twitter, Microsoft, Google) also helps developers in being able to quickly get an idea about the key functionalities of an API. An intuitive, user-friendly API is a ‘good’ API.
API documentation is vital
Not only does proper documentation enhance the accessibility and usability of APIs – it also ensures smooth management of the applications built with those interfaces. The documentations are a key part of API management tools – and they should be framed as communication tools with the end-users/developers. API providers should always try to involve the developers in their thought processes – after all, unless the latter like it, an API won’t be successful. Detailed, inclusive and regularly updated documentations add considerable value to the API ecosystem.
Components of API management
Broadly speaking, there are 3 key parts in an API management tool. The first is the ‘API Gateway’ – through which third-party apps can access the backend for important features, data and operational logic. Next up is the ‘Developer Portal’, on which static and dynamic communications with app developers/API consumers take place. Many API developer portals have social publishing features (e.g., Apigee). Finally, APIM solutions also include a dedicated ‘Management Portal’, through which APIs are analysed, gauged and monitored on a real-time basis.
Note: Although often overlooked, ‘API Governance’ also forms a part (and a very important part at that!) of API management.
Clearly understandable value proposition
The main features of an API (i.e., the value it has on offer) should be clearly listed on the developer portal of the API management platform. In addition, coders should also be able to easily find out the type of applications that can be created with a particular API. Including a proper content management system (CMS) in the dev portal – to communicate all the important information – is a good idea. In addition, the management solutions should also offer enhanced customization features. It is important to deliver completely personalized app-using experiences to people, and APIs have to contribute to that.
Ensure accessibility to different groups
Before API management platforms became popular, service-oriented architecture (SOA) used to be in practice. These SOA strategies were primarily addressed to coders and IT professionals – and did not have much for business analysts (who also operate as API marketers). In that sense, APIM can be viewed as an improvement over the SOA system, since it facilitates two-way collaboration between techies and business managers/analysts. The operations, use policies and data access rules should address all relevant user groups – from API developers and marketers, to security architects, marketing professionals and IT personnel (in essence, all the stakeholders of APIs). In an enterprise setup, tech professionals have to work with non-tech business executives – and the APIM needs to be able to address the separate ‘user-constituencies’ adequately.
Focus on user-authentication and authorization
API security is a crucial element of the management solutions. An end-to-end APIM platform must have a designated section for handling all types of authorization and authentication issues in a RESTful scenario. The authentication/authorization models (for identifying the end-users) have to be clearly explained, along with the mechanism for getting the ‘access codes’. Basic security certificates, tokens, OpenID Connect and OAuth2 are some common examples of security and authentication tools that are explained within API management solutions.
Import Swagger in API management
As a holistic API framework, there are many merits of the Swagger tool. As such, Swagger needs to be imported in an API management platforms – to bring in all the relevant API definitions, and providing the programmers (as well as the app-makers later on) with customized, uniform endpoints. On high-quality API gateways like Microsoft Azure, importing Swagger 1.2 documents is an absolute breeze – while importing Swagger 2.0 docs is also possible (there can be a probable issue with the swagger.json file). Once Swagger is imported within API management, keeping track of API performance becomes that much easier.
Code samples and SDKs should be present
The focus of the API developer portal is simple enough – it should make it as easy as possible for developers to start using a particular backend service. To ensure this, updated software development kits (SDKs) and code samples should be present in the API management platform. These can serve as valuable points of reference for app developers, particularly when working with complicated binaries and advanced data structures. What’s more – it is advisable make the SDKs and the associated libraries available in different languages, to ensure wider usability. API providers generally publish their SDKs on the Github repository, for easy access. There should be accompanying use cases as well.
Note: For creating and sharing the SDKs for public APIs, the required investments can be relatively high.
For an APIM to be to be of any practical use, it needs to be ‘up-and-running’ practically all the time (the maintenance downtimes have to be minimal and at times when there is no chance of heavy use). In case there is an outage in the backend (or an error in the enterprise backend), the API management practices should be smart enough to address such problems swiftly and satisfactorily. Also, due emphasis has to be placed on the scalability and the extensibility of the management tool. Having redundancy tracking embedded in the platform is beneficial too – at times of traffic spikes and high API calls.
Discussions, feature requests and feedback
The importance of including third-party developers in the API roadmap has already been highlighted in an earlier point. A dedicated blog section should feature in a custom API management solution, precisely for this purpose – encouraging idea-exchange and facilitating seamless communication with developers. The changelog (an important part of API documentation) can be posted in this blog as well. To automate the data syndication process from the blog, all that API providers have to do is activate its RSS feed. Through the blog, developers will find it easy to share ideas, provide in-depth feedback, and generally discuss an API.
Compatibility with different architectures
Enterprise APIs can operate on the basis of different standards and underlying architecture. They can work on both the ‘private cloud’ or the ‘public cloud’ – while architectures with a combination of these two are also fairly common. A good API management solution should offer streamlined and complete support to all such different forms of data architecture. In case an API follows an ‘on-premise’ architecture, the APIM has to be compatible with that too.
There are huge volumes of statistics related to the manner in which a particular API is used. The API management tool is responsible for sorting and analysing these stats, identifying important trends in them, and boosting the ones that are contributing towards the final business objectives of the interface. On the other hand, if any ‘unfavourable’ usage-data is detected, it has to be countered immediately. The multi-vendor SDN platform by Apigee serves as a classic example for efficient handling of network traffic analytics.
A dedicated ‘Support’ section should also be included in an API management solution – enabling developers to get in touch as and when required (via online ticketing, voice calls, live chat, etc.). HTTP status codes for REST APIs, along with ‘request’ (from client) and ‘response’ (from server) documentation should also be present. Since the number of HTTP headers used in an API is likely to be high, a separate section on these headers would also come in handy – particularly for the API consumers. Last year, the total volume of data stored in enterprises grew by almost 70%. The demand for APIs is increasing rapidly – and that is putting the importance of well-rounded API management tools and solutions firmly in the spotlight.