DZone Research: API Management Additional Considerations

To gather insights on the current and future state of API management, we talked to 17 executives who are using APIs in their own organization, as well as helping clients use APIs to accelerate their digital transformation and the development of quality applications. We asked them "What have I failed to ask you that you think we need to consider with regards to API management?"

Here's what they told us:

• Other specific areas like IoT or B2B. Need to deliver great UX and CX. Other APIs beyond RESTful, OData not RESTful getting more traction offering OData APIs can be effective and efficient. GraphQL another emerging standard. The world of API management will have to span all of those. REST is not the answer to every question. You must identify the right tool for the right job.
• APIs and API driven consumption of software upends IP and publishing license using open source software without contributing back. Think of the world where only machines are communicating with one another. When humans are developing the APIs how will autonomous systems how does it all work together. APIs are being developed for humans to interact with machines, machines will be interacting with machines via ML.
• People, developers, and architects have to think about what’s the purpose of the API. Is it for an enclosed ecosystem or for the wider consumer used by wider enterprise? Who’s your target audience?
• For developers, a big challenge is team development. Developers can write an API, but teams are writing APIs together. Team collaboration is very important. There is a need for API governance. How to govern creation starts with the design itself with an API blueprint for developers working on the team. Consistent APIs that comply with the rules of engagement. All four addressed in Apiary product with roles and security we create and govern. The API catalog brings together APIs, as an IS. One catalog to find ERP, CX, blockchain all documented and available for consumption.
• How much security needs to be considered. See more articles on how people are dealing with security with APIs. Every company has their own guideline. Al does their own thing. There should be an ISO.
• Start thinking about security as a feature of an API gateway. I wish we could pull our security as an API gateway function and make it a true-blue portion of API development. How do we pull out security from a component of an API management solution in general?
• Web and API security overlap in filter input/escape output, securing the actual systems these APIs are running on. None of those layers have disappeared with added potential threat vectors on top. When you broadcast data in your API make sure you need for it to be in the API. Panera was leaking last for of credit card and street address unnecessarily.
• APIs are becoming related to containers and microservices and integration technologies in general glue data from two APIs to create a third API.
• Seeing rich tools that do a lot of best practices. Look at these tools and leverage them. Peer review concept. Everyone doing integrations working in the same environment. See each other’s work not duplicating effort. Start using tools they’re valuable and time-saving. You’ll get more leverage than one-off integrations.
• We don’t think about API as a standalone product. From our perspective, it’s about building solutions, and we’re aiming to help our customers understand and solve business challenges to help them transform their business. API management is often a part of that. We’re are always looking at new API use cases that have the potential to disrupt and effect change.
• The reason we’re able to talk about APIs as an enabler for such broad categories as mobile, IoT, application integration and partner integration is because they provide the foundation for the future. Instead of being built to sit static for 30 years, applications are now being built to change, and that means they’ll be ready for the technology trend or customer demand that comes next. Whatever the next big thing is — voice assistants or augmented reality or blockchain — APIs will provide a point of integration and value realization.
• Open source is the reason why a lot of these tools become mature. How are companies monetizing their APIs?
  
• There is still a lot of innovation happening in the API industry, including via groups like the OpenAPI Initiative, part of the Linux Foundation, and I encourage all vendors and developers to contribute and consider joining. There are also many API conferences such as APIdays, API Strategy & Practice or REST Fest happening every year and countless meetups that offer great ways to engage with other developers and share hard-learned experiences, learn best practices and discover emerging trends.

Here's who we talked to:

• Maxime Prades, Vice President of Product, Algolia
• Jaime Ryan, Senior Director, Product Management & Strategy API Management, CA Technologies
• Ross Garrett, VP Marketing, Cloud Elements
• OJ Ngo, CTO, DH2i
• Reid Tatoris, Vice President Product Outreach and Marketing, Distil Networks
• Oren Novotny, Chief Architect, DevOps and Modern Software, Digital Innovation, Insight
• Raj Sabhlok, CEO, ManageEngine
• Keith Casey, API Problem Solver, Okta
• Vikas Anand, Vice President Product Development, Oracle
• Mike LaFleur, Global Director Solution Architecture, Provenir
• Steve Willmott, Senior Director and Head of API Infrastructure, Red Hat
• Keshav Vasudevan, Product Marketing Manager, SmartBear
• Chris McFadden, V.P. of Operations, SparkPost
• Jerome Louvel, VP of Product Management, Talend
• Derek Birdsong, Product Marketing Manager, Connected Intelligence Cloud, TIBCO
• Setu Kulkarni, Vice-President of Product and Corporate Strategy, WhiteHat Security
• Roman Shaposhnik, Co-founder VP Product Strategy, and Vijay Tapaskar, Co-founder VP Engineering and Ops, Zededa