Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Enterprise API Management
Enterprise API Management

Enterprise API Management: Design and deliver valuable business APIs

eBook
$26.99 $38.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Enterprise API Management

The Business Value of APIs

This chapter focuses on the value that Application Programming Interfaces (APIs) bring to the business. It begins by describing how digital disruption is forcing organizations to change in order to innovate and therefore avoid being disrupted. To this end, I explain how APIs enable digital strategies and digital transformation by unlocking key enterprise information assets and functionality, which are typically locked in systems of record, many of which are legacy. The chapter continues by elaborating on the value chain of APIs and how each level of maturity delivers new capabilities to the business.

Change or die

The world has changed. Information technology has changed every aspect of our lives: from fundamental things, such as how we purchase goods, interact with brands, and even do our jobs, to how we communicate with each other. In fact, a study by British psychologists suggests that around two billion people use smartphones across the globe, with over half the population in developed countries relying on them on a daily basis. That's over half a billion people worldwide using their phones to do all sorts of things, 85 times on average each day, according to the same study.

Refer to the study Beyond Self-Report: Tools to Compare Estimated and Real-World Smartphone Use for further information on the research mentioned.
http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0139004#pone.0139004.ref001

However, the aforementioned study only focuses on smartphone usage. If you factor in interactions with other devices, such as tablets, personal computers, wearables, and even machines (that is, smart cars and voice assistants such as Alexa), the number of interactions is huge.

What does this hyperconnectivity tell us?

For a start, it is pushing the boundaries of what we thought was possible and making science fiction seem real. Most importantly, it has opened up new avenues for businesses to innovate and disrupt the market, which is exactly what the so-called "digital disruptors," such as Google, Apple, Facebook, Amazon, and Netflix, in fact did, and continue to do. Established businesses, such as Blockbuster and Kodak, couldn't cope with the (digital) innovation introduced by Netflix and Apple, and ended up filing for bankruptcy. Traditional industries, such as the taxi industry and hospitality, are also being severely disrupted by Uber and Airbnb.

Figure 1.1: Apple digitally disrupted Kodak

These companies are just the obvious examples that everyone talks about. With over 100 million new start up businesses launched every year, even if only 10% (as analysts predict) are successful, we are talking about 10 million new companies with the potential to become the new Netflix or Uber, but for different industries.

Now, because of this, it's no wonder that most organizations globally have embarked on digital transformation initiatives in order to avoid being (further) disrupted. As Harvard Business Review (HBR) nicely put it:

"Digital is no longer the shiny front end of the organization - it's integrated into every aspect of today's companies."

According to the same article by HBR, the most disrupted industries are those that relate to Business to Consumer (B2C), with media and telecom at the top of the list, closely followed by financial services and retail:

Figure 1.2: Disruption according to industry

However, these figures should not come as a surprise. A closer look shows that there is a direct correlation between the disrupted B2C organizations and the fact that 2 billion individuals are using their smartphones and other devices frequently. Put simply, B2C organizations that haven't been able to innovate and engage customers in different ways, and through digital channels, are more susceptible to being disrupted by newer and more agile businesses:

"The most disrupted industries typically suffer from a perfect storm of two forces. First, low barriers to entry into these sectors lead to more agile competition. Secondly, they have large legacy business models which often generate the majority of their revenue. These organizations, therefore, have embedded cultural and organizational challenges when it comes to changing at the pace required."
Further reading: The Industries That Are Being Disrupted the Most by Digital
https://hbr.org/2016/03/the-industries-that-are-being-disrupted-the-most-by-digital

The digital dilemma

These organizations that are more exposed to digital disruption are therefore faced with a dilemma. In order to remain relevant and stay in business, they must create a digital strategy that allows the business to innovate and be more agile. However, in order to do so, they can't simply get rid of old systems of record, most of which are legacy and contain critical information assets that support day-to day-operations.

Figure 1.3: The digital dilemma

Bearing in mind that most of these organizations can't afford to start from a white sheet of paper, the digital strategy must therefore cater to the transformation of hundreds (if not thousands) of existing systems, many of which are considered legacy.

Such an undertaking can be huge, not only in terms of costs to the business, but also in terms of the risks. This is exactly where the dilemma lies: do nothing and save costs/avoid risks, and most likely end up being disrupted, or become a disruptor by taking the business on a digital transformation journey, which could be risky and costly.

Access to enterprise information and functionality is king

Is it really that risky and costly to take the business on a digital transformation journey? Well, as with everything, it depends. Organizations that perceive digital transformation as merely an exercise to adopt omnichannel strategies, without first understanding "why" they are doing it, or "what" they are trying to accomplish, will most likely fail to realize any business benefits. For these organizations, such an undertaking will have plenty of unknowns and will therefore be perceived as risky and costly.

Figure 1.4: An accidental multichannel strategy

Organizations that start off with the creation of a digital strategy to articulate the targeted business goals, and also identify what business and technical capabilities are required in order to achieve this, will most likely perceive the digital journey as a key enabler for the business strategy, rather than just another expensive IT project. For such organizations, digital transformation represents a justifiable and calculated risk.

It's no wonder that Forbes listed digital transformation as the #1 priority for Chief Information Officer's (CIO) in 2017:

"Either companies figure out how to outsmart, outpace, and outmaneuver their competitors with the clever, customer-focused deployment of digital technologies, or they will be marginalized-sooner rather than later."

However, in order to achieve this, the devil is in the detail. The "how" question should not be forgotten and must be thoroughly addressed while defining the strategy. For example, one of the biggest challenges faced by organizations undertaking digital transformation is around how to get access to core enterprise information assets, most of which are typically locked in hundreds of systems of record. Therefore, without unrestricted, secured, and reliable access to such systems, introducing any sort of innovation will be nothing more than a prototyping exercise.

A system of record (SOR) is a data management term for an information storage system (commonly implemented on a computer system running a database management system) that is the authoritative data source for a given data element or piece of information. Source: https://en.wikipedia.org/wiki/System_of_record

What are APIs and why should a business care?

APIs are like doors that provide access to information and functionality to other systems and/or applications. APIs share many of the same characteristics as doors:

  • Most of them have locks and, without the key, they can't be opened.
  • They come in different types (size, color, material, type of lock, and so on).
  • They can serve different purposes. For example, they can be public-facing or just internally accessed.
  • They are located in a specific location: an address.
  • They can be as secure and closely monitored as required.
  • If they don't work, it will affect the experience of their users.

APIs, however, are not new. In fact, the concept goes back a long time and has been present since the early days of distributed computing (some argue even before then). However, the term as we know it today refers to a much more modern type of API, known as REST or Web APIs.

The term REST APIs was first introduced in the year 2000 by Roy Fielding in his PhD dissertation Architectural Styles and the Design of Network-based Software Architectures. In his dissertation, Roy presented Representational State Transfer (REST) as a way for computer systems to interoperate over the internet, by making correct use of the already available Hypertext Transfer Protocol (HTTP).
For further information, refer to the following link: https://en.wikipedia.org/wiki/Representational_state_transfer#History

Modern APIs started to gain real popularity when, in the same year of their inception, eBay launched its first public API as part of its eBay Developers Program. eBay's view was that by making the most of its website functionality and information also accessible via a public API, it would not only attract, but also encourage communities of developers worldwide to innovate, by creating solutions using the API. From a business perspective, this meant that eBay became a platform for developers to innovate on and, in turn, eBay would benefit from having new users that perhaps it couldn't have reached before.

eBay was not wrong. In the years that followed, thousands of organizations worldwide, including known brands, such as Salesforce.com, Google, Twitter, Facebook, Amazon, Netflix, and many others, adopted similar strategies. In fact, according to programmableweb.com (a well-known public API catalogue), the number of publicly available APIs has been growing exponentially, reaching over 20k as of August 2018:

Figure 1.5: Public APIs as listed in programmableweb.com in August 2018

It may not sound like much, but considering that each of the listed APIs represents a door to an organization's digital offerings, then we're talking about thousands of organizations worldwide that have already opened their doors to new digital ecosystems, where APIs have become the products these organizations sell and developers have become the buyers of them.

Figure 1.6: Digital ecosystems enabled by APIs

In such digital ecosystems, communities of internal, partner, or external developers can rapidly innovate by simply consuming these APIs to do all sorts of things: from offering hotel/flight booking services by using the Expedia API, to providing educational solutions that make sense of the space data available through the NASA API.

There are ecosystems where business partners can easily engage in business-to-business transactions, either to resell goods or purchase them, electronically and without having to spend on Electronic Data Interchange (EDI) infrastructure. Ecosystems where an organization's internal digital teams can easily innovate as key enterprise information assets are already accessible.

So, why should businesses care about all this? There is, in fact, not one answer, but multiple answers, as described in the subsequent sections.

APIs as an enabler for innovation and bimodal IT

What is innovation? According to a common definition, innovation is the process of translating an idea or invention into a good or service that creates value, or for which customers will pay. In the context of businesses, according to an article by HBR, innovation manifests itself in two ways:

  • Disruptive innovation: Described as the process whereby a smaller company with fewer resources is able to successfully challenge established incumbent businesses.
  • Sustaining innovation: When established businesses (incumbents) improve their goods and services in the eyes of existing customers. These improvements can be incremental advances or major breakthroughs, but they all enable firms to sell more products to their most profitable customers.

Why is this relevant? It is well known that established businesses struggle with disruptive innovation. The Netflix versus Blockbuster example reminds us of this fact. By the time disruptors are able to catch up with an incumbent's portfolio of goods and services, they are able to do so with lower prices, better business models, lower operating costs, and far more agility and speed to introduce new or enhanced features. At this point, sustaining innovation is not good enough to respond to the challenge.

With all the recent advances in technology and the internet, the rate at which disruptive innovation is challenging incumbents has only grown exponentially. Therefore, in order for established businesses to endure the challenge put upon them, they most somehow also become disruptors. The same HBR article describes a point of view on how to achieve this from a business standpoint. From a technology standpoint, however, unless the several systems that underpin a business are "enabled" to deliver such disruption, no matter what is done from a business standpoint, this exercise will likely fail.

Perhaps by mere coincidence, or by true acknowledgment of the aforesaid, Gartner introduced the concept of bimodal IT in December 2013, and this concept is now mainstream.

Gartner defined bimodal IT as the following:

"The practice of managing two separate, coherent modes of IT delivery, one focused on stability and the other on agility. Mode 1 is traditional and sequential, emphasizing safety and accuracy. Mode 2 is exploratory and nonlinear, emphasizing agility and speed."
Figure 1.7: Gartner's bimodal IT

According to Gartner, Mode 1 (or slow) IT organizations focus on delivering core IT services on top of more traditional and hard-to-change systems of record, which, in principle, are changed and improved in longer cycles, and are usually managed with long-term waterfall project mechanisms. Whereas, for Mode 2 (or fast) IT organizations, the main focus is to deliver agility and speed, and therefore they act more like a start-up (or digital disruptor in HBR terms) inside the same enterprise.

Further reading: Bimodal IT: Business-IT alignment in the age of digital transformation
https://www.researchgate.net/publication/287642679_Bimodal_IT_Business-IT_alignment_in_the_age_of_digital_transformation

However, what is often misunderstood is how fast IT organizations can disruptively innovate, when most of the information assets, which are critical to bringing context to any innovation, reside in backend systems, and any sort of access has to be delivered by the slowest IT sibling. This dilemma means that the speed of innovation is constrained to the speed by which the relevant access to core information assets can be delivered.

Figure 1.8: Bimodal IT - is it really?

As the saying goes, "Where there's a will, there's a way." APIs could be implemented as a means for the fast IT to access core information assets and functionality, without the intervention of the slow IT. By using APIs to decouple the fast IT from the slow IT, innovation can occur more easily.

However, as with everything, it is easier said than done. In order to achieve such organizational decoupling using APIs, organizations should first build an understanding about what information assets and business capabilities are to be exposed as APIs, so the fast IT can consume them as required.

This understanding must also articulate the priorities of when different assets are required and by whom, so the creation of APIs can be properly planned for and delivered.

Luckily, for those organizations that already have mature service-oriented architectures (SOA), some of this work will probably already be in place. For organizations without such luck, this activity should be planned for and should be a fundamental component of the digital strategy.

Then, the remaining question would be: which team is responsible for defining and implementing such APIs; the fast IT or the slow IT? Although the long answer to this question is addressed throughout the different chapters of this book, the short answer is neither and both. It requires a multi-disciplinary team of people, with the right technology capabilities available to them, so they can incrementally API-enable the existing technology landscape, based on business-driven priorities.

APIs to monetize on information assets

Many experts in the industry concur that an organization's most important asset is its information. In fact, a recent study by Massachusetts Institute of Technology (MIT) suggests that data is the single most important asset for organizations:

"Data is now a form of capital, on the same level as financial capital in terms of generating new digital products and services. This development has implications for every company's competitive strategy, as well as for the computing architecture that supports it."

If APIs act as doors to such assets, then APIs also provide businesses with an opportunity to monetize them. In fact, some organizations are already doing so. According to another article by HBR, 50% of the revenue that Salesforce.com generates comes from APIs, while eBay generates about 60% of its revenue through its API. This is perhaps not such a huge surprise, given that both of these organizations were pioneers of the API economy.

Figure 1.9: The API economy in numbers

What's even more surprising is the case of Expedia. According to the same article, 90% of Expedia's revenue is generated via APIs. This is really interesting, as it basically means that Expedia's main business is to indirectly sell electronic travel services via its public API.

Further reading: The Strategic Value of APIs
https://hbr.org/2015/01/the-strategic-value-of-apis

However, it's not all that easy. According to the previous study by MIT, most of the CEOs for Fortune 500 companies don't yet fully acknowledge the value of APIs. An intrinsic reason for this could be the lack of understanding and visibility over how data is currently being (or not being) used. Assets that sit hidden on systems of record, only being accessed via traditional integration platforms, will not, in most cases, give insight to the business on how information is being used, and the business value it adds. APIs, on the other hand, are better suited to providing insight about how/by who/when/why information is being accessed, therefore giving the business the ability to make better use of information to, for example, determine which assets have better capital potential.

APIs for regulatory compliance

Another challenge that is increasingly being faced by organizations concerns compliance and regulation. Let's take, for example, the introduction of the General Data Protection Regulation (GDPR), which, as of May 2018, regulates how organizations worldwide are expected to handle the customer data of European Union (EU) citizens, with the risk of being exposed to eye-watering fines. Similarly, the second payment service directive by the EU, otherwise known as PSD, has introduced important regulations to open up core banking transactions and information.

GDPR

Superseding the EU Data Protection Directive, GDPR has the objective to give individuals (EU citizens) more control, protection, and privacy over how their personal information is used and by whom.

The regulation is quite extensive and, for many organizations, achieving GDPR compliance will be (or has been) an expensive and long process. The full GDPR regulation is available at
https://www.itgovernance.eu/en-ie/eu-general-data-protection-regulation-gdpr-ie

With personal data being at the heart of GDPR, how can APIs help with complying with the GDPR regulation? Although APIs may not be the only answer, a good API management solution will introduce strong access control over who can access what information via APIs, therefore ensuring that personal data is not misused or accessed without prior consent. In addition to these controls, the solution should also provide full visibility and auditability over data access, meaning that any data breach can be notified to customers and authorities as soon as possible, or within the 72-hour period, as indicated in the regulation.

PSD2

PSD2 aims to stop financial institutions' monopoly over the use of customer data and payment services.

By the end of 2018 (when the directive first came into effect), financials institutions in the EU should have opened the doors of their customers' data and payment services to third-party providers.

In practical terms, what this means is that in the near future, you might be using Facebook, for example, to check bank account balances, do bank transfers, and pay bills.

Another example, in the same industry, is the Open Banking initiative being introduced in the United Kingdom as a result of the Retail Banking Market Investigation report produced by the Competition and Markets Authority (CMA). In a nutshell, the initiative aims to promote increased competition and consumer choices in the banking industry by forcing banks to securely share their data via an Open Banking API.

For further reading on the Open Banking initiative, refer to the following link:
https://www.gov.uk/government/news/open-banking-revolution-moves-closer

However, this is easier said than done. According to research, over 75% of financial institutions in Europe still run on outdated systems. Worldwide, the figure is similar, if not more.

Bearing in mind that making changes to these systems won't be a trivial task, the expectation is that software vendors and system integrators alike will come up with pre-built solutions, which will make the process of creating APIs on top of systems and complying with regulations, such as PSD2 and CMA Open Banking, a lot easier.

Fast Healthcare Interoperability Resources (FHIR)

It is not just the financial industry that's embracing the use of APIs. In healthcare, for example, a newer version of the widely adopted health-level 7 (HL7) international standard, known as the Fast Healthcare Interoperability Resources, or FHIR (pronounced "fire"), defines, in fact, a REST API.

Further information on FHIR is available at
https://www.hl7.org/fhir/http.html

In the USA, for example, the healthcare industry is this a step further and introducing a rule to promote the use of standard APIs to access patient records.

Recommend reading: A Brief Summary of the CMS Meaningful Use Final Rule
http://geekdoctor.blogspot.co.uk/2015/10/a-brief-summary-of-cms-meaningful-use.html

Although it is still very early days, the expectation is that this trend will continue, and that more regulation will be introduced that promotes the use of APIs as the means to provide open access to information and enable interoperability.

APIs for the reuse of business capabilities

Just as is the case in traditional SOA, whereby one of the key principles is to build reusable web services and not just to avoid duplication of functionality, but also to reduce development costs, in the case of web APIs, the same principle can apply.

It is possible, and, in fact, recommended, that business APIs are created internally, so business functionality that needs to be commonly accessed is then made available as an API. This will not only allow such functionality to be accessed in real time and in a standard, controlled, and secure way, but it is also a much better alternative to data replication techniques that risk losing visibility and control over who by/why/when/how information is being accessed.

By creating a common business API layer, not only does innovation and bimodal IT become possible (as described previously), but other business benefits can be realized, such as lower development costs by reusing already available APIs, reduced duplication of system functionality, and increased visibility and analytics around the usage of data, which can provide the business with meaningful business insights.

Avoiding a hyperconnectivity mess

With an increased number of public and internally developed APIs offering a wide range of functionality (that is, access to Software as a Service (SaaS applications), bank transactions, artificial intelligence, and address services, to name a few), it can be quite tempting for developers to quickly incorporate the use of all sorts of APIs within their applications.

However, doing so in an uncontrolled manner can, and will most likely, result in what some call a hyperconnectivity mess. This is when IT systems are interconnected and dependent on APIs, but no one within the enterprise really has visibility and/or understanding of this. Not only can this result in a serious gap in accountability when issues occur, but, in an even more complex IT landscape, systems can have real exposure to issues outside of the control of enterprise IT.

Figure 1.10: Hyperconnectivity can also create an ad hoc mess
A hyperconnectivity mess occurs as a result of APIs being used in an ad hoc manner and without proper governance. At this point, the business benefits that APIs have to offer can be countered by the risks they can introduce to core enterprise systems, and thus business operations themselves.

This is the reason that the management of APIs has become so critical, and this does not just apply to the APIs being internally developed within enterprise IT, but also to the use of public APIs within enterprise systems.

Figure 1.11: API management

API management, therefore, is born as a discipline to manage APIs (both internal and external), meaning establishing the processes, roles, and responsibilities, and the tools required to govern APIs throughout their full life cycle.

API management differs from related disciplines, most notably SOA governance, in that it is much more lightweight and a lot more focused on making the lives of the API consumers (developers) easier, by providing the right tools for the design and run aspects of APIs, and making processes simple to follow. SOA governance, on the other hand, is fine-grained, with detailed processes and complex tools. Chapter 2, The Evolution of API Platforms, covers this in more detail.

Any API management initiative should focus on at least the following aspects of the life cycle:

  1. Planning: Provides the required facilities (tools) to plan in advance for the creation and/or modification of APIs. Regardless of the methodology used to deliver the APIs or whether there is one or multiple teams implementing it, there should be a common approach, and ideally tooling to capture which APIs are the priority, and who is responsible for delivering them. This is important as it will provide visibility to any relevant party of the capabilities being delivered, and therefore encourage coordination/collaboration over the duplication of work. The tools used to ensure tracking/status of the teams implementing APIs should also be addressed.
  2. Design: Design-first thinking is fundamental in any API management initiative. Tools and processes that enable API-first design (covered in detail in subsequent chapters), and that encourage API designers and API consumers to interact during the design of an API, will shorten the development life cycle and therefore reduce costs, as the actual product produced will most likely meet the requirements from the get-go, without having to iterate several times through the entire implementation process to get it right.
  • An important consideration during the design phase is around what level of security controls are to be adopted in the API. Authentication and authorization, for example, should not be an afterthought, as they will have considerable impact on API usability. Therefore, rather than doing this later in the life cycle, security should also be part of the API design.
  1. Implementation: The actual implementation of the APIs requires adequate processes and tools to be in place, such that developers can focus their efforts on producing actual code and not on sorting out life cycle concerns, such as code coverage, continuous integration, regression testing, and deployment. For this reason, automating and streamlining the implementation cycle of the API, by creating development pipelines that make it very easy for developers to move code from development all the way to production, will deliver considerable results for the business.

  • It's worth highlighting that development pipelines do not mean bypassing quality gates. It is still possible, in fact recommended, to also introduce quality gates. However, if the same can be automated (that is, verifying that the results of code coverage and regression testing are adequate), quality assurance can still be introduced, but without the burden and costs of manually testing the API.
  1. Publication: Making APIs discoverable is fundamental in API management. Providing the facilities to easily deploy and version APIs, but most importantly to publish them along their relevant (consumer-oriented) documentation in a developer portal, ensures that developers can reuse APIs, rather than reinventing wheels, and ultimately reduces development and operations costs.
  2. Operation: Runtime operations is as much about "keeping the lights on" as it is about providing meaningful analytical insight to both the business and IT, so they, too, can make the most out of the operational data being generated. From simple capabilities, such as central operations, API statistics, gateway stats, user management, and system management, to more sophisticated ones, such as application performance monitoring (APM), SLA management, rule-based alerting, predictive analytics, self-healing, and API metering, operations is, without a doubt, a first-class citizen in API management.
  3. Consumption: API management is not just about designing and building APIs, but also about consuming them. With the number of public APIs growing exponentially, the expectation is that some organizations will be consuming more public APIs than they will end up building them. The problem is that without proper controls and visibility over who by/why/which/when public APIs are being used and the associated costs, organizations can easily end up in the hyperconnectivity mess described previously. To prevent this pitfall, API management must equally focus on providing the means and facilities for public APIs to be consumed in a controlled and governed manner. In other words, developer portals should not only allow for internally developed APIs to be published, but also external ones.
  4. Maintenance: In API management, the life cycle doesn't end when an API goes live. In fact, it only gets started. As it will be better described in the next section, APIs should be treated as products and, as such, the product must be continuously evolved by taking into account evolving consumer needs and expectations. For an API to become a good product, it must undertake a series of iterations and changes. API management should therefore make it easier to do so.

  1. Retirement: When an API has served its purpose and there is a need to decommission it, it should not be the case that doing so is complex and cumbersome. API management should also take care of the process and capabilities needed to retire an API and handle (minimize) the impact that this may cause to any existing consumers.
  2. Community management: As previously described, APIs also open the door to new digital ecosystems. In such ecosystems, the main actor is the developer. With thousands of developers worldwide, managing communities of internal (known) developers, partner developers, and external (unknown) developers is another fundamental aspect of API management. Self-service facilities for development onboarding and developer portals, whereby developers can search for APIs, subscribe to them, read their documentation and even comment and rate them, are some of the capabilities that API management should offer.

The API value chain

Realizing the benefits that APIs have to offer to a business can't be completed in a day, and organizations that think that monetizing their information assets will be a simple and straightforward exercise are going to be in for a surprise. Rome wasn't built in a day, or so it goes.

Like most things, there is always a journey and a path that, when followed, will guide us toward getting to an end goal or a target. It will not necessarily be quick, as that pretty much depends on the pace an organization can deliver, but at least there will be the certainty of avoiding common pitfalls. That is not to say that some organizations might not opt for a different (and perhaps shorter) path.

That said, the following API value chain illustrates both a path and a maturity model to help organizations of all sizes to embark on the journey of API management maturity:

Figure 1.12: The API value chain

The value chain classifies APIs into five main groups. Each group is determined based on the business value it adds, which, in turn, also dictates maturity according to this business-led model:

API group

Description

API maturity

Business value

APIs for system connectivity

The most basic group of APIs, as their aim is to provide access to core enterprise information assets, such as systems of record. Could be an on-premise system or SaaS applications.

Level 1 – tactical

Access to core information assets is the main business value. The benefit that can be realized from such access pretty much depends on the solutions built on top.

APIs for enterprise mobility

APIs created in support of mobility solutions, meaning that they are not just about access to information, but rather they provide access to business processes and other business capabilities.

Level 1 – tactical

This group of APIs has a more direct and measurable impact on the business, which can result in optimization of business processes and effectiveness gained by allowing employees to interact with systems in different ways and digital channels.

APIs for enterprise mobility and productivity

APIs that enable a business to offer goods and services to customers via multiple digital channels. In other words, B2C. APIs in support of Internet of Things (IoT) solutions also fall within this group.

Level 2 – strategic

This group of APIs is fundamental for any B2C digital initiative as it enables omnichannel strategies by making information and functionality accessible through multiple channels, for example, web, mobile apps, bots, kiosks, and social media, to name a few. Now, because of this, their business value is evident and easier to quantify or measure.

APIs that enable the IoT also fall within this group. These APIs provide IoT devices with access to enterprise information assets and functionality, though it is worth nothing that IoT is a much broader topic and these APIs only represent one element of it.

APIs for partner collaboration

APIs that enable partner collaboration and Business to Business (B2B) by optimizing and simplifying business transactions. In other words, an API (and much cheaper) alternative to traditional EDI-style integrations.

Level 2 – strategic

B2B transactions is a complex topic for many reasons, with integrations and the infrastructures required to do so being a major one. APIs for B2B and partner collaboration can hugely simplify the cost of integration but will also open the door for new ways to engage businesses of all sizes. The business value is considerable, especially for organizations that don't deal with direct sales, but rather indirect ones, and therefore rely on third parties to sell their products and/or services.

APIs for monetization

APIs offered as commercial products in their own right. As such, their usage also entails a form of fee.

The fee does not necessarily have to be a monetary one. As Mark O'Neill, a key integration and API consultant from Gartner, said:

"API monetization doesn't just mean charging for API calls."

Level 3 – differentiation

By APIs becoming a saleable product, they also become a new source of direct revenue for the business, where the actual product offered in the form of an API is access to either information and/or business functionality.

Therefore, the business value delivered by these products will be directly proportional to the success of the product itself, which also means that other business functions, such as marketing, sales, and finance, should play a role in making a success of the product.

According to Mark, organizations seeking to monetize APIs should first identify their monetization strategy and, from that, derive a charging or pricing model.

Further details on how to monetize APIs are provided in Chapter 3, Business-Led API Strategy.

For this reason, although this group of APIs has the highest potential business value, realizing its full potential also requires more maturity, discipline, and alignment with the rest of the business.

It must be a business-driven initiative.

Businesses that want to realize the full business benefits that APIs have to offer, for example, as part of their digital transformation initiatives, should first consider what would be their entry point and, based on that, determine a roadmap to get to the next levels. Details on how to define such a roadmap are described in Chapter 3, Business-Led API Strategy.

There is another well-known and publicly available API maturity model, known as the Richardson Maturity Model. However, this model focuses more on the technical aspects of APIs, rather than the business and organizational aspects of an API management initiative. Therefore, both models can be complementary and can be used in conjunction to evaluate business, organizational, and technical aspects of APIs and their management.
Further information on the Richardson Maturity Model is available at https://martinfowler.com/articles/richardsonMaturityModel.html

APIs as a driving force for many large acquisitions in the software industry

The value and potential that APIs bring to a business haven't gone unnoticed. Many of the largest software vendors worldwide have made considerable investments to strengthen their API management portfolios in a relatively short period of time. In less than three years, six major acquisitions have taken place:

  1. TIBCO acquired Mashery from Intel, which was perhaps expected, as TIBCO, a well-known player in the integration space, did not really have a strong (or at least popular) API pure-play capability.
  2. Red Hat acquired 3scale, which was expected to an extent, as the move was perceived as complementary to Red Hat's Fuse and OpenShift offering, the latter also a recent acquisition.
  3. Next was the very surprising acquisition of Apigee by Google, which was considered by many as a sound and strategic move by Google to more rapidly penetrate the enterprise cloud software market.
  4. More recent acquisitions started with Oracle acquiring the API-design pure-play Apiary, a move also considered interesting and strategic, as Oracle had been investing, and continues to invest, heavily in strengthening its Platform as a Service (PaaS) offering.
  5. The Salesforce.com acquisition of MuleSoft was also broadly expected, as both companies had enjoyed a strong partnership for a few years and the MuleSoft Anypoint offering is also seen as complementary to the Force.com platform.
  6. Most recently (at least at the time this chapter was written), there was the highly unexpected acquisition of CA Technologies (also a leader in the API space) by Broadcom, which is traditionally a semi-conductor manufacturer.
Figure 1.13: Recent acquisitions in the API market

So, what can be deduced from all of these acquisitions? First of all, of the six acquirers mentioned, three are actually major players in the enterprise cloud space. Therefore, their investment in the API space can be seen as a move to strengthen their PaaS portfolios, which is a multi-billion dollar market on its own. Furthermore, when it comes to cloud, APIs are considered the main means to get access to information and functionality electronically, so offering strong API management capability as part of an SaaS, PaaS, or even Infrastructure as a Service (IaaS) offering is a clear value add.

Secondly, the acquisitions made by TIBCO, Red Hat, and perhaps even Oracle, can be seen as an indication that the integration market is shifting and that more traditional integration capabilities (traditionally based on large-footprint integration middleware backboxes) are being superseded by API-led architectures, where the integration middleware is either very thin or non-existent (as is the case in Microservices Architectures, where event-driven interoperability is favored).

Lastly, although the acquisition by Broadcom was highly unexpected, the market is no stranger to such moves. The purchase is, in fact, comparable to the one made by Intel in 2013, when Mashery was acquired, in theory to strengthen Intel's play in the IoT. However, it's questionable whether the move paid off, as Intel soon after sold Mashery to TIBCO.

However, this last acquisition raises an important point: APIs being an enabler for the IoT. As devices and machines of all sorts, from wearables, to home appliances, vehicles and industrial machines, to name a few, all become smarter and more capable of storing and processing data, the need and demand to access information in real time can only increase. This means that APIs will also (if not already) be implemented to enable IoT. For companies such as Broadcom, and/or many others in the manufacturing/industrial space, this represents a huge opportunity, as they'll be able to expand their existing offerings to also offer digital services (for example, real-time monitoring and alerting, remote and real-time management of infrastructure, predictive maintenance and analytics, to name a few).

Summary

This chapter delivered a comprehensive and business-oriented explanation on the value of APIs, and the reasons why they are a must in any digital strategy.

The chapter started by describing why and how digital disruptors are taking the industry by surprise, and the impact this is having on more established and traditional organizations, many of which are struggling to cope with the pace of change, and the level of innovations being introduced.

To this end, the chapter explained the true meaning of disruption and why understanding it is extremely important for successfully creating a digital strategy, and then embarking on a digital transformation journey.

In this same context, it was highlighted that gaining real-time access to an organization's enterprise information assets (many of which are locked in legacy systems) holds the key to success and, without this, a digital strategy's chances of success will be minimal.

The chapter continued by describing and positioning APIs as the means to deliver such access, and thus act as an enabler to digital strategies. It was described in great detail how APIs can add value to a business, for example, by allowing the business to monetize information assets, comply with new regulations, and also enable innovation by simply providing access to business capabilities previously locked in old systems.

Subsequently, an API value chain was introduced, illustrating a business-centric API maturity model suitable for use as reference when embarking on an API implementation initiative.

The chapter concluded by describing how the software industry is reacting as some of the largest software vendors in the world make major acquisitions in the API space.

In the next chapter, a more technical point of view will be described, which explains how and why the technologies and platforms used to implement APIs have evolved from simple web proxies to third-generation API platforms.

Left arrow icon Right arrow icon

Key benefits

  • Comprehensive, end-to-end guide to business-driven enterprise APIs
  • Distills years of experience with API and microservice strategies
  • Provides detailed guidance on implementing API-led architectures in any business

Description

APIs are the cornerstone of modern, agile enterprise systems. They enable access to enterprise services from a wide variety of devices, act as a platform for innovation, and open completely new revenue streams. Enterprise API Management shows how to define the right architecture, implement the right patterns, and define the right organization model for business-driven APIs. Drawing on his experience of developing API and microservice strategies for some of the world's largest companies, Luis Weir explains how APIs deliver value across an enterprise. The book explores the architectural decisions, implementation patterns, and management practices for successful enterprise APIs, as well as providing clear, actionable advice on choosing and executing the right API strategy in your enterprise. With a relentless focus on creating business value, Luis Weir reveals an effective method for planning, building, and running business products and services with APIs.

Who is this book for?

Architects, developers, and technology executives who want to deliver successful API strategies that bring business value.

What you will learn

  • Create API strategies to deliver business value
  • Monetize APIs, promoting them through public marketplaces and directories
  • Develop API-led architectures, applying best practice architecture patterns
  • Choose between REST, GraphQL, and gRPC-style API architectures
  • Manage APIs and microservices through the complete life cycle
  • Deploy APIs and business products, as well as Target Operating Models
  • Lead product-based organizations to embrace DevOps and focus on delivering business capabilities

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 23, 2019
Length: 300 pages
Edition : 1st
Language : English
ISBN-13 : 9781787284432
Concepts :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jul 23, 2019
Length: 300 pages
Edition : 1st
Language : English
ISBN-13 : 9781787284432
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 142.97
Enterprise API Management
$54.99
Hands-On Microservices with Kubernetes
$43.99
Hands-On RESTful API Design Patterns and Best Practices
$43.99
Total $ 142.97 Stars icon
Banner background image

Table of Contents

8 Chapters
The Business Value of APIs Chevron down icon Chevron up icon
The Evolution of API Platforms Chevron down icon Chevron up icon
Business-Led API Strategy Chevron down icon Chevron up icon
API-Led Architectures Chevron down icon Chevron up icon
API-Led Architecture Patterns Chevron down icon Chevron up icon
Modern API Architectural Styles Chevron down icon Chevron up icon
API Life Cycle Chevron down icon Chevron up icon
API Products' Target Operating Model Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4
(7 Ratings)
5 star 85.7%
4 star 0%
3 star 0%
2 star 0%
1 star 14.3%
Filter icon Filter
Top Reviews

Filter reviews by




San Lorenzo Jan 04, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A must read for anyone in the APIs business at enterprise levelThe book is very interesting and very easy to go through. On thop of that it is quite an interesting reading that rise the boundaries in deliver business value and expand organisations thinking and views leverage data.If you work in the space, development, enterprise development or digital transformation and want to understand right from an expert in API strategy this is a great resource and a book you should clearly consider.Mr. Weir is going in deepth and covering all interesting aspects, strategy guidance to architecture and implementation recomendation with a lot of details.I started reading this book during the xmas break and was struck by the depth of the research that went into it. I really enjoyed reading it.Excellent work Mr. Weir. Keep it up!!
Amazon Verified review Amazon
alexsm86 Aug 02, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great book about enterprise API management. Definitely recommend for a reading.
Amazon Verified review Amazon
Kindle Customer Sep 18, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The book gives a good understanding on why APIs create customer value and how you should ensure to do it the right way and thus get the required and wanted value of the APIs
Amazon Verified review Amazon
Danlin Oct 31, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
For the modern digital Enterprise an API first strategy is an alluring and valuable option to adopt, but the path to success is fraught with countless hidden and often counterintuitive traps. Without causing alarm Luis guides the reader through the vast breadth of factors which could affect the success of their API Management effort. He conveys an easy summary on the history of API first architectures and to further develop your background understanding offers a simple comparison of legacy strategies with modern approaches. This book supplies a strong foundation of production hardened techniques, approaches, patterns, and tools to enable the reader to successfully build the right Enterprise API Management platform for their organization. If you want to know why or how to get started with an API Management strategy and platform, set yourself up for success and read Enterprise API Management by Luis Weir.
Amazon Verified review Amazon
Kindle User Mar 11, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It is a solid book, with a very interesting section of case studies. If you are looking for a book with detailed information on APIs such as REST, GraphQL and gRPC this should be your starting point. It was very helpful to find this book because it can be troublesome during the path of the implementation of the APIs as you can find many details that are out with the official reference of the providers.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.