Deploying Enterprise APIs for an Interconnected World: 10 Best Practices

1 - Deploying Enterprise APIs for an Interconnected World: 10 Best Practices
2 - Have a Clear API Strategy
3 - Know Your APIs: Consumer vs. Enterprise
4 - Strategy Depends on Where APIs Originate
5 - API Life Cycle: The 5 Phases of API Management
6 - Phase 1: Planning
7 - Phase 2: Building
8 - Phase 3: Distribution
9 - Phase 4: Runtime
10 - Phase 5: Monitoring and Billing
11 - Using an API Management Platform
1 of 11

Deploying Enterprise APIs for an Interconnected World: 10 Best Practices

by Chris Preimesberger

2 of 11

Have a Clear API Strategy

The enterprise should have a clear idea and plan about what it wants to achieve with its API program and build it out into defined steps. Enterprises can use APIs in myriad ways, and not just for retail applications. In fact, a well-executed API strategy can help any enterprise create more selling channels, better engage with customers and prospects, and offer greater value to partners. Conversely, a poor strategy delivers no value and wastes both time and money.

3 of 11

Know Your APIs: Consumer vs. Enterprise

To build the most effective API management strategy and technology road map for your organization, you must start by asking what types of APIs will be delivered on your API management platform. There are two types of APIs that fundamentally drive API management requirements: consumer APIs and enterprise APIs. Here, we'll be talking solely about enterprise APIs, which transmit sensitive information or execute business transactions that can only be made available to approved and authenticated counterparties.

4 of 11

Strategy Depends on Where APIs Originate

Most organizations that have invested in B2B integration or service-oriented architecture (SOA) have an abundance of Web services and APIs already in use for both internal and external point-to-point integrations. These services are usually based on standards such as Simple Object Access Protocol (SOAP), XML, electronic data exchange (EDI) or Java Message Service (JMS). To become compatible with the new Web and mobile API design patterns and standards mentioned above, these services will require a rewrite or transformation. Because existing services and APIs are used for internal or trusted B2B integrations, they will likely require extensive operational support from an API management platform to add security, control and monitoring.

5 of 11

API Life Cycle: The 5 Phases of API Management

API management is the next evolution of service-oriented architecture, but it extends beyond the enterprise with Web-centric architecture. Thus it should be no surprise that the API life cycle is similar to the SOA life cycle. While consumer and enterprise APIs share the same API management life cycle phases, they require that different emphasis be placed on the use of technology at each phase of the life cycle. The following slides outline the five phases to successfully manage enterprise APIs.

6 of 11

Phase 1: Planning

This process ensures that the right APIs are built the right way. It involves portfolio planning, API modeling, business justification, how to monetize the API and other aspects common to traditional SOA governance practice. Enterprise APIs require more planning than consumer APIs because they are tied to back-end transaction systems that are highly protected or secured. These APIs carry financial and business liabilities. So must be carefully designed and deployed to remain as functionally stable as possible over long periods of time. Much of the traditional SOA planning disciplines and technologies apply directly to enterprise APIs with minimal changes.

7 of 11

Phase 2: Building

The build phase involves the coding and/or reconfiguration of APIs. This can include developing new APIs from scratch using integrated development environments (IDE) or any variety of development tools and framework. It can also include creating new APIs by transforming existing APIs using tools and technologies such as an API Gateway, business process management or Enterprise Service Bus. Enterprise APIs are more complicated than consumer APIs, which are mostly used with newer technology platforms where the build phase is already done as part of back-end application development. This can involve complete rebuilding of new REST- or SOAP-style APIs, or utilizing a mediation technology such as a gateway to transform old interfaces.

8 of 11

Phase 3: Distribution

The distribution phase involves making APIs available and driving adoption via targeted API consumer base. Enterprise APIs are very different from consumer APIs when it comes to distribution. Typically, these are only available to trusted business partners, and the developer portal is often closed to public access. For example, companies such as American Express or HSBC cannot allow public access to their enterprise APIs that transmit sensitive financial data and execute financial transactions. If enterprise APIs will be exposed to the general public to generate partnership interest, API traffic from unapproved applications must be routed and confined to a sandbox environment for isolation, with demonstration data only.

9 of 11

Phase 4: Runtime

The runtime phase involves the operational delivery of the APIs, including servicing API calls, delivering content and executing transactions. Enterprise APIs are usually consumed by business partners, and those partners and users are usually managed by an existing partner management system. The API runtime environment needs to integrate with these partner management databases to make runtime decisions using partner profiles, user roles and service contracts. It is important to note that the management of partner and user information is handled by sales or support organizations and the user on-boarding tools they deploy, not by developers via a developer portal.

10 of 11

Phase 5: Monitoring and Billing

The monitoring and billing phase is about measuring the usage of APIs and execution of the revenue cycle. Enterprise APIs usually have much more stringent monitoring and auditing requirements than consumer APIs. In addition to usage statistics for business analysis, enterprise APIs require rigorous and accurate transaction logging to meet compliance requirements and to provide evidential audit trails. Real-time monitoring and alerting on service levels are often implemented to uphold SLAs and avoid any penalties. Finally, detailed usage logging and service-level measurements need to be delivered to billing systems to complete the revenue recognition cycle.

11 of 11

Using an API Management Platform

Fundamentally, your API management platform architecture will be driven by a) the types you need to deliver, b) the readiness of your source APIs and c) integration requirements. With cloud, mobile and social media now mainstream computing concepts, consumer and business users all demand access to applications and data from multiple devices, inside and outside the enterprise, around the clock, 365 days a year. This means users will interact with your enterprise through many different interfaces, and those interfaces all converge at the API layer. A flexible API management platform can create differentiation and help your enterprise compete in the "API economy."

Top White Papers and Webcasts