APIs are doors to information and functionality. Without such doors it would be impossible for an organisation to offer consistent and omni-channel customer experiences. However, just like doors, APIs can come on different forms, shapes and sizes. Therefore, making sure that a door is the right one for the access it’s gate-keeping becomes as important as the door itself.
API management as a discipline establishes an approach, tools and roles/skills required to support the full API lifecycle. From inception/discovery (e.g. what APIs are needed on the first place to solve a given business problem), design and mocking (to ensure that UX designers and API designers can both collaboratively iterate through a design and get it right BEFORE and actual code is written) to implementation (writing the actual code and unit testing), testing (e.g. functionality regression testing), deployment and operations, it’s a combination of tools, methodologies and roles / responsibilities that ultimately will determine the success and failure of an API initiative.
Should businesses bank on APIs to solve the legacy conundrum?
It is imperative for banks and other financial services businesses to ‘go digital’, in response to legislation (i.e., PSD2) and to increasing pressure from smaller, more nimble fintechs. Read here
In terms of preference, I strongly recommend an API-design first approach using a tool such as Apiary.io. Such tools enable to iterate through an API design get and valuable feedback from API users. This feedback ensures that the actual product that is then built, is fit for purpose and won’t have to undergo several changes. But once the design happens, additional tools are also required like for example:
- API Management console: a centralise web application that enables the creation, policy implementation, deployment and monitoring of APIs (some vendors also include the API-design capability within the management console)
- API Developer portal: a facility for developers to discover and subscribe to APIs. This is critical as if developer can’t find existing APIs, there is a chance that wheels will be re-invented. This also ensures that it is possible to track who the consumers of our APIs are.
Setting the vision, strategy and direction — the CTO’s role
CTOs need to have a holistic, aerial view of their organisation — according to Luis Weir, CTO for the Oracle DU in Capgemini UK. Read here
- API Gateway: the main runtime components of APIs as it’s where APIs are published and also accessed from. A modern API gateway should be lightweight and hybrid, meaning that multiple gateways could run in multiple clouds and even on-premise and in modern stacks such as Kubernetes clusters.
- API Testing: the more applications depend on APIs, the more important it is to regression (technical and functional) testing is needed. Tools like Dredd, Postman, API Fortress to name a few are excellent for this.
- Identity and access: although not necessarily a component of API management, a robust API management platform should be able to enforce authentication and authorisation policies such as only authorised users can access the different facilities and/or call APIs.