While APIs are the building blocks of digital transformation, a recent survey found that API management solutions are not part of everyone’s digital strategies. SmartBear’s 2020 State of API Report found 24% of respondents aren’t using an API management tool. 

This is worrisome because in order for APIs to drive businesses forward, they need to be properly maintained and managed, according to Randy Heffner, an analyst at the research firm Forrester. “By opening access to digital business capabilities, APIs drive agility to optimize customer experiences, create dynamic digital ecosystems, achieve operational excellence, and build platform business models,” he wrote in the Forrester Wave: API Management Solutions, Q3 2020.

RELATED CONTENT: 
APIs are turbo-charging ‘snail mail’ for businesses
A guide to API management solutions

But businesses need a formal way to create, secure, manage, and optimize APIs at scale, in addition to making sure all stakeholders have access to the tools and information necessary to do their jobs. 

What is stopping organizations from adopting an API management solution is a misunderstanding of what it can do for the business. According to Heffner, organizations sometimes look at API management solutions as something that can help people sign up or adopt their APIs as well as just something that provides security for their APIs. “It isn’t less than that, but it is much more than that,” he said. “The first way to think about an API management solution is as a business application for managing relationships between API users and API providers. It’s much more than just this technical thing to help people subscribe to APIs.”

He explained that an API management solution is crucial when your API users are organizations. An organization can be doing 12 different things with your API with 12 different teams, so there needs to be a way to manage identities and access, and a way to let users leverage documentation and testing processes. 

“APIs can be used in so many different ways. You have to put context around them before you can say how they add value,” said Heffner. “What’s the ROI of APIs? That’s like asking what’s the ROI of nuts and bolts.” 

As organizations start to realize the important of API management solutions and as vendors start to invest in more features to meet the needs of cloud-native, modern architectures, Heffner sees a few trends taking the space to the next level.

Beyond REST
API management solutions are starting to move beyond REST. According to Heffner, REST was and still is a popular API format because it is supported across the entire web/Internet landscape, but at the root of REST it is just a “request-reply type of message exchange pattern,” and today’s solutions are event-based, data-oriented and include exchange patterns. Forrester refers to this as digital bonding, which encompasses a broader array of interaction models. For instance, webhooks, SOAP and GraphQL are becoming top architectural style choices. “We are seeing more openness to a broader way of thinking about what the scope of an API management solution should be just from a technology point of view,” said Heffner. 

Vendors are starting to put more investment into the way their developer portals are provided with better ability to manage APIs, have different teams use APIs and provide life cycle management. Heffner sometimes sees users having to go off and build their own portals or solutions because tool providers aren’t providing enough. In the State of API report, it found that 16% were using an API management tool built in-house. Vendors are now trying to figure out how to provide a portal that includes configurability options and let users go a good distance with it. 

And lastly, there is a bigger push to understand how microservices and APIs work together. Heffner noted that organizations usually define and treat microservices and APIs as the same thing, but microservices are a deployment approach while APIs are an access approach. The two go together, but they are different things. The State of API Report found that 65% of respondents believe microservices will drive the most API growth over the next couple of years. As service meshes become more popular and advanced, vendors will need to figure out how to include microservices, containers, and service mesh environments as different options and architectures. 

What to look for in an API management tool
According to Heffner, users should align their API management solution with their API strategy. For instance, do they need richer features and more coverage, or a simple strategy with a high level of customization?

The higher-end solutions will provide a breadth of capabilities and features, but organizations might find that a lower-end solution works better because it gives them basic capabilities they need and don’t have to build from the ground up, but also allows them to add in their own custom features. 

Other considerations when looking at an API management solution include how it supports governance and API user engagement needs, and if it supports a cohesive API design process. 

“The central role of an API management solution is to manage relationships between API providers and API users, whether inside or across enterprise boundaries. APIs have widely varying use cases, governance styles, business models, and delivery processes, resulting in a wide array of breadth and depth in API management solution feature-function,” Heffner wrote in the Forrester Wave on API Management solutions. 

The most popular features offered by API management vendors include:

A developer portal: which allows developers to discover, explore, purchase and test APIs as well as supports developer onboarding and collaboration 

API gateways: to secure and manage the traffic between clients and back ends or between APIs and developers, customers, partners or employees

API catalog: that gives users a full view of their API landscape including which assets are available and ready for reuse. An API catalog also can help users view dependencies and analyze changes.

API life cycle management: where developers can design, develop, publish, deploy and version APIs

API policy and security: such as encryption, schema validation, signatures, threat protection, and PII protection

Monetization: capabilities that allow users to package, price and publish APIs for others to access

Analytics: that allow all stakeholders in an organization to view and manage all aspects of their APIs and API programs

How organizations are using APIs to take their business to the next level
After seeing success with its global API partners, the local, national and global weather forecast provider AccuWeather decided it wanted to branch out to new customers — individual developers. In order to do this, the organization needed to tailor its offering to meet the range of needs from developers and monetize those needs. According to the company, an API management solution was able to offer different levels of API offerings; provide flexible billing for API usage; provide a self-service portal for developers to develop; purchase or build APIs; and gain analytics that helped its team understand traffic patterns and how users view weather data. 

“A single developer always has the potential to be working on the next big thing and become our next big enterprise partner. We needed a way to reach them,” said Mark Iannelli, senior technical account manager at AccuWeather.

Within two months of launching its developer portal, the company says it saw more than 6,500 new users sign up; about 2,500 users that created API keys; and 60 users that purchased one of its API packages. 

Beachbody is a home exercise and dietary supplement provider that needed new ways to increase its speed and agility as well as manage its over 400 enterprise APIs. 

“The digital transformation initiative at Beachbody is about consolidating and creating one common platform that can meet the needs of our direct response business, supplement line, our digital customers as well as our coaches,” said Michael Lee, vice president of engineering at Beachbody. “We see thousands of API transactions per day either from the ecommerce pieces, from our content API to our ecommerce API to registration and identity validation.”

After rearchitecting its platform, the company realized that it couldn’t handle its API traffic alone and turned to API management solutions to help internal and external developers create APIs and secure development. Through API gateways, Lee said they were able to address developer concerns and move them into a more central location. Additionally, the API management solution’s portal was able to provide the security, documentation and presentation layer necessary to be successful. “All of these things help us build a lively, evergreen API ecosystem that is going to be easy to consume for both external and internal developers at Beachbody,” said Lee.

PermataBank, a leading Indonesia bank, began a digital and IT modernization transformation three years ago in order to catch up to competitors in the digital banking space and meet the demands of its customers who expected faster and better technology solutions. Previously, PermataBank was made up of legacy systems in dire need of an overhaul. To modernize and re-architect its platform, the bank focused on digital self-service channels and was able to expose products and services to partners outside the bank through the use of APIs. 

According to the bank, with the help of APIs, it was able to increase its account acquisition by 375%, and saw a 275% CAGR growth in transaction volume.

With the use of APIs, the bank also has been able to implement mobile banking, roll out digital capabilities, and use APIs to power new products and services. As a result, it has entered new markets, extended its customer based and increased the size of its transactions. 

“APIs are becoming a core part of our business now because the digital economy is progressing well in Indonesia. We have more than 1,000 partners using our services already, and have 150 APIs published that anyone can use, but we are just getting started,” said Abdy Salimin, CIO and director of technology and operations for PermataBank.  “There are a lot more services in the area of supply chain, payments, transfer, loans origination, account opening, and wealth management we can offer, and next we will be moving into a lot more corporate account services and more back-office APIs that will complement our internet banking services. Everyone across the bank now sees the potential and understands the change to our business models. We can move faster with this different perspective.”