Enterprise APIs -- particularly open, web APIs -- are proliferating everywhere, and have become essential to operating within today's digital and mobile economy. However, they need to be brought out of the shadows, and the way to do this is manage them just as thoroughly as any other enterprise IT asset.
That's the word from Julie Craig, analyst with Enterprise Management Associates and Reza Shafii, director at MuleSoft. In a recent BrightTalk webcast, they make the case that well-governed, well-run APIs help both publishers and consumers.
"Most companies start out as API consumers, accessing APIs provided by other organizations," says Craig. Ultimately, however, organizations are both consumers and producers of APIs, and therefore need to see the challenge from both sides.
APIs can provide a wide variety of business benefits, Craig points out, but they need to be treated just as any other enterprise software project. With good governance and management practices, APIs "can enable a company to become more efficient to deliver products and a services," as well as "provide a simpler way to integrate, compared to the custom integrations and complicated middleware in the past."
Craig and Shafii describe the six characteristics that make enterprise APIs ready for the enterprise:
Well designed: This is the first thing that consumers see and experience, and things need to flow seamlessly. "The design of the surface area of the API, which the consumers of the API will actually interact with it, is going to be critical," says Shafii. "Because the better designed the API is, the more easily it makes the data behind that interface accessible to the consumers."
Consistent: An enterprise may have hundreds of APIs under its roof, and all should support the same standards and protocols. Shafii illustrated what happens when APIs don't have consistent standards. "We see often that the particular security scheme has been implemented five different ways, or sometimes many more different ways, across APIs within an enterprise," he says. "That makes the lives of the consumers very difficult, and also API providers, because they have to go and reinvent the wheel every single time around implementing a security scheme. And on the API consumer side of course, imagine you want to create an application that consumes three different APIs, each of them has the same OS security scheme, but defined in three different ways. Then you have to create three different slight variations of how to actually interact that API in order to implement your application, that quickly becomes unmanageable."
Easy to discover: A central type of registry or service catalog is essential for gaining adoption. "For application developers or API consumers, to go in and be able to easily find what APIs within the enterprise are available is key," Shafii says. "Oftentimes we find that various spreadsheets or various wiki pages of documents are spread around that documenting different APIs. What you really want is a central place where all APIs are exposed and can be easily searched and used."
Easy to consume: There should be lines of communication between API providers and consumers, to ensure that the API is delivering a superior experience. "If you are an API consumer, things like infrastructure applications and version-levek changes are important," Craig says. "One day, you're using a company's APIs and everything is fine. The next day, the integrations suddenly stop working. Has comething changed on your side, is there a problem with your application your network or your data center? or has the API provider updated the API or the systems it connects to? And without the right tools, I can tell you, answering these questions can take a very long time."
Well implemented: Most companies, particularly larger ones, "already have a large number of APIs, whether they know it or not," Shafii points out. Often, however, these are what he calls "screen-scraping APIs" that extract data from wikis, which tend to be brittle. "As the content of that wiki changes, all the clients break." Even web services-based or REST-based APIs tend to be brittle, because they are subject to behind-the-scenes change or may not scale to meet consumer demand, he adds.
Well managed: As with any good application, APIs need to be well governed, versioned, secure, and supportive of service-level agreements. Metrics are also important, Shafii adds -- API teams need to be "able to collect both usage and operational metrics which can then be fed back into improving the API in future versions."