APIs: the building blocks of modern business applications

Brian Otten at Axway shares insights on how to manage APIs

Across today’s digitally-centric organisations, the development of products, services, and solutions increasingly depends on the implementation of Application Programming Interfaces (APIs). In layman’s terms, these act as a bridge between different software platforms, allowing them to ’talk’ to one another. In this key role, APIs have become the building blocks of modern business applications.

Any organisation reliant on APIs will also be familiar with the challenges associated with API lifecycle management. This is the process whereby APIs are built, published, and maintained in a secure environment, as well as monitoring how well they perform. Carried out effectively, this can ensure that digital businesses and their crucial software assets operate much more effectively.

The critical question here is ‘how’? Where should organisations and their API specialists focus their efforts to ensure their APIs are implemented and managed correctly?

Laying the foundations

An effective approach begins with putting the right foundations in place. For instance, to ensure that API implementation projects effectively achieve their intended business objectives, organisations should prioritise key issues such as usability, performance, and security (among others).

This API-centric approach can often depend on an organisation’s willingness – and ability – to build processes and digital platforms that enhance the accessibility and user-friendliness of its products and services. This can be achieved by moving away from traditional software development methodologies to a strategy guided by strong collaboration and understanding what good design looks like for each specific business use case where APIs play a role.

In many organisations, API lifecycle management is increasingly about their ability to adopt and optimise APIs at scale. Success here depends on building leadership and support networks committed to ensuring their API strategy is coherent and focused on achieving both technical and business objectives.

Additionally, focus needs to be placed in API discoverability and having a unified consumption and subscription point to enable self-service for developers requiring APIs, no matter where they are deployed.

In practical terms, establishing what is increasingly known as an ’API Guild’ delivers the structure teams need. Backed by the engagement and support of relevant leaders, this approach can ensure API lifecycle management is given the momentum, ownership, and accountability it needs to move forwards. This can play an essential role in operationalising API management (also known as APIOps), from the earliest stages of API ideas generation to adoption and management.

The role of collaboration and API guilds

Using these ideas as a foundation, the most successful digital services and products are typically the result of collaboration between developers and business owners who work together iteratively and take shared responsibility for the product’s entire lifecycle.

Indeed, some organisations arrive at the point where a business-focused approach to API product management makes it easier to address critical business priorities, such as increasing revenue and improving customer satisfaction.

And circling back to the role of API Guilds, this approach can also help to streamline management and communication processes across functional areas of the business, and ensure that all team members have a shared understanding and effective governance of the products they are developing. In addition, API product managers are empowered to take full responsibility for end-to-end API delivery and strive to reuse key building blocks wherever possible.

Maximising security and resilience

In common with any modern digital technology ecosystem, APIs are subject to security risks. To safeguard them, organisations should implement a defence-in-depth strategy regardless of their development or deployment, using a layered approach to maximise end-to-end protection.

For example, one crucial early step is user authentication. This identifies the end user through a token or process flow, validates the API key/secret to confirm the application, and registers the user-app-device combination.

Next, users should be authorised at the point of accessing API operations and data, which, when applied at multiple levels of granularity, verifies user and application access rights to specific APIs, operations, and HTTP methods.

Managing transaction/traffic volume and rate is also important to protect against denial-of-service attacks that can potentially impact server performance and availability, with a negative knock-on effect on user experience.

Implementing an effective API security model isn’t just about keeping bad actors out, it’s also fundamental to ensuring that the desired transaction structure, content, and volume standards are maintained. By stopping anything that doesn’t comply with these rules and by leveraging schema validation, network whitelists, and other positive security methods, organisations can deliver a comprehensive API security and resilience strategy.

Collectively, this proven approach helps ensure that business and technology strategies align harmoniously, allowing stakeholders to concentrate more effectively on fulfilling the needs of their end users and customers.

As a result, organisations can approach API lifecycle management with the confidence that it’s delivering a win-win of technology and business-focused excellence.

Brian Otten is VP of Digital Transformation Catalysts at Axway

Main image courtesy of iStockPhoto.com