Application programming interfaces (APIs) are widely used to connect systems and applications, and they have become an integral part of many mission-critical business capabilities. In fact, a recent Gartner survey found that 70% of organizations are using API management and mediation to build their digital platforms. However, many software leaders overlook the business potential of APIs as digital products, focusing instead on technical use cases. It is important for software engineering leaders to balance the technical and business goals of their API programs, incorporating business perspectives into their API strategy to capitalize its potential to support digital acceleration, while also ensuring business stakeholder support. The strategy should closely align with business goals and should cover API security, governance, life cycle management, developer enablement and potential for monetization.
Here are the top five considerations for software engineering leaders to develop an effective API strategy and practice.
1. Don’t let API governance create bottlenecks. To develop, manage and govern APIs without creating bureaucratic hurdles, software engineering leaders can implement an “adaptive governance” model. The idea is to create a federated API platform team, which could include product managers from different business groups such as digital, commerce and logistic API teams, to manage the locally built APIs without undermining the overall API strategy.
To support localized standards, tools and processes, ensure that API product teams do not create disjointed or overlapping standards and actively participate in federated API governance.
2. Treat APIs as products. APIs are now essential in advancing digital business strategies and should be treated as products without prioritizing monetization.
Regardless of whether you plan to monetize API development, organization and management should be driven by a consumer-centric mindset. This will require product managers to prepare API roadmaps and measure business outcomes, and to understand and cater to the needs of API consumers (i.e., developers) to promote API products and improve developer relations (DevRel).
3. Discover your APIs before hackers do. As APIs are the gateways to systems, applications and services, they are always vulnerable to security threats. This may result in the loss of private and sensitive information about millions of users.
The security strategy for APIs should focus on threat protection, well-refined access control and data privacy. Software engineering leaders often protect published APIs, but there can be shadow or unpublished APIs. API discovery is the key to ensuring that there are no blind spots and to track any malicious usage of APIs.
4. Manage the API life cycle. An API’s life cycle involves four stages: (1) planning and initial design, (2) implementation and testing, (3) deploy and run, and (4) versioning and retirement.
Software engineering leaders should build a consistent process around the four life cycle stages to develop a comprehensive API strategy and practice. For example, the “planning and initial design” stage should focus on an iterative process, consisting of a design approach, methodology and governance. Likewise, the “deploy and run” stage should focus on advanced security analytics to measure API business value. Leverage automation to sustain API quality, track issues and optimize the API’s life cycle based on actual performance.
5. Choose best-fit API technologies. There are a variety of vendor solutions for developing and managing APIs available in the market today. However, the API market is evolving, with some vendors focusing on specific aspects of APIs like design, testing, monitoring, security, portals and ecosystem management.
With so many different solutions to select from, software engineering leaders should have clarity regarding the needs of their organization and engineering groups. To make the selection more credible and collaborative, involve API product managers, API platform teams and security teams.
It may be difficult to identify what differentiates vendor solutions when it comes to potential, viability and maturity. Review critical capabilities for API life cycle management to understand the respective strengths and weaknesses of each solution and select the best possible fit.