Software engineering leaders around the world see application programming interfaces (APIs) as the best option to connect systems and applications to build impactful and composable software architectures. However, they overlook the business potential of APIs as digital products and focus largely on technical use cases.
To deliver meaningful business outcomes and gain the trust of stakeholders, organizations need a modern API strategy that is closely aligned to business goals, and which covers API security, governance, life cycle management, developer enablement, and potential for monetization.
Software engineering leaders responsible for API strategies shouldn’t focus only on the technical benefits of APIs. They must incorporate the business perspectives to avoid risking the support of business stakeholders.
Here are the top five considerations for software engineering leaders to develop an effective API strategy and practice.
No. 1. Don’t let API governance create bottlenecks
For developing, managing, and governing APIs without creating bureaucratic hurdles, software engineering leaders can implement an “adaptive governance” model. The idea is to create a federated API platform team (for example, having product managers from different business groups such as digital, commerce, and logistic API teams) and manage the locally built APIs without undermining the overall API strategy.
To support localized standards, tools and processes, ensure that API product teams do not create disjointed or overlapping standards and actively participate in federated API governance. The platform teams and product managers should have consistent communication to be aware of shared assets, policies, and practices.
No. 2. Treat APIs as products, even if you don’t plan to monetize them
Looking at APIs as a way to achieve technical purposes isn’t enough in the post-pandemic world. They are now essential in advancing digital business strategies and should be treated as products without prioritizing monetization. Although many organizations monetize APIs, the majority don’t. Many organizations use API products for internal consumption only.
Regardless, the development, organization, and management of APIs should be driven by a consumer-centric mindset that requires product managers to:
No. 3. Discover your APIs before hackers do
As APIs are the gateways to systems, applications, and services, they are always vulnerable to security threats. This may result in the loss of private and sensitive information about millions of users.
The security strategy for APIs should focus on threat protection, well-refined access control, and data privacy. Software engineering leaders often protect the published APIs, but there can be a shadow or unpublished APIs. API discovery is the key to ensuring that there are no blind spots and tracking any malicious usage of APIs.
Software engineering leaders should adopt a DevSecOps strategy and institute a security governance policy across the organization. They should assess and enhance the capabilities of API security and management solutions to discover APIs and potential threats from hackers.
No. 4. Manage the life cycle of APIs
An API’s life cycle involves four stages:
Software engineering leaders should build a consistent process around the four life cycle stages to develop a comprehensive API strategy and practice. For example, the “planning and initial design” stage should focus on an iterative process, consisting of a design approach, methodology, and governance. Likewise, the “deploy and run” stage should focus on advanced security analytics to measure API business value.
Leverage automation to sustain API quality, track issues, and optimize the API’s life cycle based on actual performance.
Align the development of APIs with the organization’s DevOps process for continuous integration and delivery. This way, software engineering leaders learn about other considerations when building, deploying, testing, and implementing APIs in various environments. For example, as per API testing guidelines, certain functional, performance, and security testing requirements can be mandatory.
No. 5. Choose best-fit API technologies
There are a variety of vendor solutions for developing and managing APIs available in the market today. However, the API market is evolving, with some vendors focusing on specific aspects of APIs like design, testing, monitoring, security, portals, and ecosystem management.
With so many different solutions to select from, software engineering leaders should have clarity regarding the needs of their organization and engineering groups. To make the selection more credible and collaborative, involve API product managers, API platform teams, and security teams in the process.
It may be difficult to identify what differentiates different vendor solutions when it comes to potential, viability, and maturity. Review critical capabilities for API life cycle management to understand the respective strengths and weaknesses of each solution and select the best possible fit.
The original article by Shameen Pillai, senior director analyst at Gartner, is here.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/Chainarong Prasertthai