Mobile and cloud computing have fundamentally changed the way we interact with the companies we do business with. Today’s consumer and business interactions span different applications, devices and network channels. Customers, partners and employees demand access to business services and data anytime, anywhere, on any device and from any source.
APIs are the key to agile and consistent delivery of business services. Instead of building large monolithic applications; enterprises are taking an “API First” approach. All enterprises need a unified platform for the delivery, management and security of APIs. This piece will outline some ways an enterprise API platform can help organisations deliver business services in the new API Economy.
Open APIs and enterprise APIs
Today, Web APIs are now widely used for integration, especially to enable mobile applications. APIs divide broadly into two categories: Open APIs and Enterprise APIs. “Open APIs” are APIs which are available to any client, often hosted in the cloud. “Enterprise APIs” run inside the enterprise and are not publicly available.
With Enterprise APIs there is usually a greater emphasis placed on controlling identity and security. As a result, an organisation using Enterprise APIs will want to leverage its identity stores. For example, it will want to leverage employee directories, as well as leveraging how their employees already sign into systems to ensure they can also sign into APIs.
For Open APIs there are still requirements for security. The security requirement does now go away. However, when it comes to questions of identity, there is more focus on allowing people to sign up easily – self-service. For example, if an organisation deploys an Open API it typically wants to make it as easy as possible for developers to use the API.
An organisation ideally wants a developer to self-register, get up and running with its API, and build Apps as quickly as possible. This is often referred to as a “Hello World” concept – it’s basically how long it takes a developer to access an API and get a “Hello World” App up and running. This should be a speedy process; otherwise the developer may move elsewhere.
If an organisation is encouraging users to leverage its API it needs to ensure it stacks up. In particular, Enterprise APIs enabling a “Hello World” moment need to deliver maximum efficiencies as its brand needs to be maintained. However, there is a little more forgiveness with an Open API. However, with both Open and Enterprise APIs it is important to have an API management layer in place to deliver security and ease of use while ensuring the user can get up and running with the API without making human contact for support.
Along with the ease-of-use and self-service criteria, an organisation has to balance security and governance requirements – for example setting in place policies that dictate which user can access the API, at what time and from what device. This is the crux of any discussion around delivering, managing and securing APIs.
APIs and pharmaceutical firms
Consider an example of a global pharmaceutical firm with global research and development offices challenged with managing multiple security silos and requiring single sign-on capabilities across several vendors, cloud-based services and mobile devices. By leveraging an API management platform the research scientists would be able to seamlessly use single sign-on from Oracle Access Manager to a large population of Microsoft SharePoint sites and applications across the globe.
Additionally, the platform would provide an integrated policy enforcement point for all Oracle Access Management Suite products. By using an API management platform the firm was able to effectively handle over 5 million secured web and API transactions across the Intranet on a daily basis.
As the enterprise edge extends to both Open APIs and Enterprise APIs, it is clear that APIs have become a way to connect to the outside world rather than a way to keep it out. To get the most out of APIs, I recommend you think of an API platform as the engine enabling your organisation to manage, deliver, secure and track all APIs from a single technology platform.
To conclude, here is a list of the ways an organisation can accelerate its API delivery:
1. Modernise old application interfaces
2. Create mash-up APIs/applications
3. Broker third-party APIs
4.Prevent attacks and threats
5. Provide the right level of access
6. Simplify access across business systems
7. Protect data and safeguard privacy
8. Simplify OAuth implementation
9. Create targeted service offerings
10. Monitor, track, and debug transactions
11. Ensure quality of service
12. Enforce contract and service level agreement terms
13. Audit, measure usage and compliance
14. Manage API lifecycle
15. Simplify API adoption
16. Enable community developer self-service
17. Supercharge internal development
18. Scale vendor partner network
19. Manage API client lifecycle
20. Automate partner/application promotion.