The proliferation of public APIs is an incredible accelerator when it comes to building a new product or service. However, this abundant resource doesn't come without some concerns. Is an organization too reliant on a particular API? Could success push past usage limits? And what about published APIs? Are current infrastructures robust enough for adoptees?
This article is the first in a series that explores products and services related to API management. This will include tracking third-party API usage and monitoring how APIs are used by others.
The value of public APIs
In the past, it was enough for an IT department to focus on product delivery. It didn't matter if that product was for a firm's internal use or was part of a solution for external customers. The end product was always some type of black box, and the user interacted with it only via a predetermined interface.
That first mashup uncorked a pent-up desire by developers to disassemble anything they thought was useful in a quest to leverage both broad swaths and small subsections of the functionality of existing Web applications. The owners of these applications soon realized that offering public APIs was an incredible opportunity to increase their market share -- even if the path to monetizing those APIs was not immediately clear.
It's best to publish an API when making a product or service available on the Web. A public API accomplishes three goals:
- Shows versatility. A public API shows that an organization doesn't believe in vendor lock-in or suffer from the delusion that all customers will want to interact with the service.
- Demonstrates commitment. A good API begins by exposing the core services of a product. It shows that the architecture built isn't designed just for today, but for the future.
- Allows the product to be used in new ways. Customers aren't just consumers -- they become partners in helping the business grow.
While it's easy to understand why a public API is a good idea, it's not always as easy to justify the time and resources necessary to create one. Committing to adding an API is like adding an entirely new product. After all, it's a completely different interface, with unique design and testing requirements. The clients of this product are completely different, too.
While users may easily adapt to changes in an application's user interface, developers have little tolerance for changes and bugs in an API. Public APIs also require extra scrutiny to make sure they aren't providing back-doors that circumvent existing application security.
Addressing API management
There are a variety of ways to address API management, including outsourcing API management. Why outsource an API? Largely for the same reasons any development effort would be outsourced:
- In-house expertise isn't available. Should SOAP or REST be used? XML or JSON? Remember, users of an API are developers, making them a special class of customer with their own special requirements. It's not just technical expertise that's important either. When it comes to monetizing and marketing an API, it helps to have someone with experience.
- The infrastructure to scale to the API isn't there. For example, there is a hosted application with 10,000 users. After publishing an API that becomes 10 times as successful, suddenly the system’s overloaded. An API management service can help plan for scalability issues and may offer its own solutions.
Mashery was one of the original --and arguably most successful --API management outsourcing services. Before being acquired by Intel last year, it had already racked up an impressive list of clients, including The New York Times, Forbes, ESPN and CISCO. Such firms have impressive IT budgets, but clearly understood they needed help providing APIs. The business case certainly is simple enough.
If completely outsourcing API isn't a good fit, there are numerous hybrid solutions available. These services allow for monitoring and securing APIs (and perhaps even add some type of billing capability) via a cloud-based service, while retaining full control and hosting of the underlying API. 3Scale and Mashape offer solutions in this space.
Outsourced API solutions not a good fit? In the next installment, I'll look at on-premises solutions, followed by API marketing and discovery, and conclude with a cookbook for figuring out which API management solution is the right fit.
About the author:
Michael Ogrinz (@mogrinz) is the author of Mashup Patterns: Designs and Examples for the Modern Enterprise. He is also principal architect for global markets at one of the world's largest financial institutions.
Guide to managing APIs and app integration
CEO finds enterprise API investment pays off
Learn which container registries are popular