Marc Andreessen famously said, “Software is eating the world”, but what does this mean? In short, software is a digital means to drive marginal costs of transactions of any kind – human-to-human, human-to-machine, business-to-human, and machine to machine, et al. – to zero. And as companies become digital enterprises, they are transferring the value created by costly human-intensive, process-bound organizations to efficient digital platforms; platforms of applications that are increasingly accessible both inside and outside the corporate boundaries via application programming interfaces (APIs).
Many cloud-native companies have taken this notion of a digital platform to the next level. They have become API-first companies. An API-first company’s entire end-to-end value proposition is delivered within the lifespan of an HTTP request and response. Need to process a payment? Just make a request to Stripe, and by the time they respond—a few hundred milliseconds later—they have handled a ton of complexity under the hood to issue the charge. Send a text to your customer? Make a request to Twilio and it’s done – no need to struggle with the telecom universe.
Today’s digital enterprises are deploying API Gateways as a way to create that API-first experience through integrating their own applications (regardless of where they are running) with a growing network of third-party, API-driven services that provide key functions such as payments, communications, shipping, identity verification, background checking, monitoring, alerting, and analytics. The gateway orchestrates the value creation by piecing together the various services in the correct order to get the job done. And the consumer of the API is shielded from the dynamics and complexity of the underlying services. They simply make the request and get the result.
But deploying gateways are only the first step. To deliver that API-first experience quickly and consistently in response to new market opportunities, enterprises need to invest in an API management.
API management is the process of creating and publishing web APIs, enforcing their usage of policies, controlling access, supporting the subscriber (consumer) community, collecting and analyzing usage statistics, and reporting on performance. API management components provide mechanisms and tools to support developer and subscriber communities. It consists of the following capabilities:
- API Discovery – If an API is easy to find, easy to understand, and easy to get access to, developers and partners can build valuable apps and integrations much faster and easier.
- API Exploring / Testing (i.e., Developer Portal) – Being able to interact with an API and explore its functionality provides a deeper understanding of how that API works and saves tons of coding and testing time. Providing tools for testing a live API is also very valuable for diagnosing any issues you are having with the API or with how you’re building their app.
- APP Registration – Accepting the terms and conditions of consuming those APIs and setting up parameters for authorization, authentication, performance, and usage limits.
- APP API Consumption Management and Monitoring – Understanding APP/API performance, error conditions, API use patterns, and monetization.
Implementing API management allows the enterprise to quickly assemble the services necessary to create that API-first experience. By deploying the Cloudentity Authorization Control Plane (ACP) as part of your API management platform you can easily standardize resource access and data protection policy decisions across the assembled APIs. To learn more about how Cloudentity ACP supports API management, see part 2 of this post.