Designing a Successful API Strategy
Join the DZone community and get the full member experience.Join For Free
Companies today realize that smart data strategy is fundamental for business success. They invest and spend resources to make sure data is protected, stored, and backed up. But, it’s just as important to manage the communication of data and ensure its seamless flow not only internally, but also with external sources, such as partners and clients. This is where APIs (application programming interfaces) come in. APIs enable applications and services to communicate. In a data-driven and multi-cloud world, APIs are essential to your business, and it’s important to develop a strategy around APIs. This is the first in a series of blog posts on API management.
A successful API strategy needs to include two essential concepts:
- An API-first approach
- An API Hub
Taking an API-First Approach
APIs enable application and services integration. Be it via HTTP/S REST/SOAP or any other protocol, APIs are the contract between the parties. Since APIs are critical for business process orchestration, it’s a good strategy for companies to take an “API first” approach. This blog post, “Understanding API First Design,” goes into detail on what that looks like.
The fundamental idea is to have the API contract well-defined, long before the app or service is in place. This drives focused thinking, where the “what” comes before the “how.” In other words, let’s define what this service is required to provide, before we think of how it is to be implemented. In most cases the “what” is more critical. Once the API is defined, it enables the freedom to replace or recreate the underlying implementation as needed.
Establishing an API Hub
Beyond just the strategic approach to API-first, you also need technology that supports good API management. As your business increases the number of its APIs, you need a repository to hold all those contracts in a central location — within the organization or as a service in the cloud. This repository serves as a hub, where APIs are published, searched for, and consumed. At its foundation, good API management is comprised of three major building blocks, which you need for a successful API hub: an API manager, API gateway, and API portal. Let’s review each of these briefly.
- The API manager: This tool enables the publishing and controlling of the API lifecycle (activation, deletion, version, etc.). Policies, such as rate-limit, IP filtering, and caching as well as authentication and authorization methods can be defined. Your API manager should have monitoring and analytics views, where admins can get insight into API usage and track errors or access violations.
- The API gateway: Essentially, the API gateway is a smart and powerful proxy. It is the runtime that carries out and enforces the rules and policies that are pre-defined in the API manager. The gateway also tracks and collects execution information.
- The API portal: The portal provides API consumers with secure access to managed APIs. API consumers can subscribe to APIs, see descriptions and details such as status, authentication type, and applicable access control policy, and drill down to further details with tools like Swagger or WSDL. From the portal, developers can generate SDKs and test the APIs.
Defining APIs: Lightweight APIs and Data APIs
Earlier, I discussed the “API first” approach and API hub as essential ingredients for a successful data management strategy. As “API first” approach suggests that we define the API first, it makes us think about its purpose. This gives rise to some fundamental questions. What need is it intended to address? Who is the consumer? Do we expect it to be mass-consumed? What data does it require and provide? And so on. Once these questions are answered, you’d probably be able to classify your API to a lightweight API or data API. Let’s discuss those in this blog post.
These are typically RESTful APIs that are swift and usually work with small data sets’ payloads. These APIs may need to face load/mass consumption (note: it’s a good idea to use caching here). APIs for fetching images, geolocation, translation, and stocks information are just a few examples of lightweight APIs. Where the response needs to be near real-time quick and light, the footprint on the provider side is usually minimal. Can you think of a typical use case where lightweight APIs are critical? That’s right – Mobile (but not exclusively). At times, lightweight APIs are commercialized, so API providers monetize, meter and bill the consumption of their APIs.
Data APIs are a different story. These are APIs that serve a business purpose. They need to be secured, managed and monitored. While speed and performance are critical in lightweight APIs, data APIs have the following traits:
Data APIs trigger business transactions of some sort. Data APIs are based on underlying business processes that are initiated, including a series of services interactions and backend calls often referred to as “orchestration.” Some examples for data APIs include: order-to-bill, procure-to-pay, onboarding new employees, quote-to-cache, and more. It is reasonable to conclude that data APIs have some impact on the business. In more technical terms, these APIs are not for ‘read-only’, but also have ‘write’ actions.
Data APIs are SSL/HTTPS based, usually encrypted and certified. While lightweight APIs are often open to the public, data APIs require governance, with authentication and authorization mechanisms in place. Simple ones include username-password (Basic) or JWT token based, but also Oauth2/OpenID Connect, which sometimes require –party providers.
Data APIs have business orientation and it would be best to have the APIs managed. As mentioned in my previous blog post, it usually means that you will want to have an API hub, or an API management tool in place either locally or as a service. By managed it means that the API has a lifecycle, for example versioning. It has policies, such as IP filtering and rate limit that can be defined and enforced. With API management tools, APIs are easily searched and discovered for better and efficient consumption. Once the APIs are consumed, the usage of the APIs is controlled and constantly monitored. The monitoring sheds light on the usage, errors, access-violations as well as trends.
While the characteristics of data APIs that have been mentioned above are a must, cloud-based data APIs is a growing and evolving integration pattern. Nowadays, companies are seeking ways to better integrate and exchange data with partners and customers while exposing data APIs in the cloud. By using an API hub in the cloud, with tight governance and security mentioned above, data APIs can be easily consumed. When the API hub is integrated into an iPaaS some of the integration and transformation can be done in the cloud while connecting to backend and external resources when needed.
Published at DZone with permission of Mickey Hoter. See the original article here.
Opinions expressed by DZone contributors are their own.