There has been a flurry of recent acquisitions in the API Management space, beginning with Axway’s acquisition of Vordel, at the end of 2012. More recently, Computer Associates acquired Layer 7, Intel acquired Mashery, and Mulesoft acquired ProgrammableWeb.
Additionally, another API vendor, 3scale received significant funding. As CTO and Co-Founder of Vordel, now part of Axway, I believe this activity is indicative of a maturing market where APIs are now seen as critical for the Enterprise and no longer the preserve of consumer oriented services such as Facebook and Twitter.
Let’s take a look at what Web APIs are and why they’re important? Web APIs are the glue linking apps together. In fact, APIs are such an important technology trend, that new business models are developing on top of them. This is often referred to as “the API economy”. The API Economy includes mobile apps developed on top of APIs, as well as new businesses enabled by APIs.
This growing API Economy has resulted in a philosophical switch within many organisations that are now making access to internal data readily available to third parties, enabling partners and customers to develop value-added applications on top of this data. As a result, the API economy is thriving and is made up of API developers, the businesses providing the APIs, the businesses hosting APIs, and app developers themselves.
While the recent acquisitions in the market have highlighted API management, some confusion remains within organisations about what API management actually offers. A security person may understand that API management means blocking threats, network operations may think it involves monitoring, and CIOs and CEOs may see it in terms of mobile enablement. In fact, API management provides all of the above. In this piece, I will explore the drivers influencing the API management market and discuss why enterprises need an API management strategy.
API Management Strategy
To ensure effective management of APIs, all organisations require an API management strategy. A broad API management solution offers organisations security, governance, policy, monitoring and visibility into how its APIs are being used, as well as providing the ability to generate relevant reports to business executives who want to view the linkage between APIs and the business services they are enabling.
However, some organisations are choosing to not have an API strategy in place and to build it as required. This approach can be risky as an organisation building part of its strategy for managing APIs, as required, can leave out critical elements.
Organisations who implement a more formal API management strategy, via an API management solution, are often surprised to see previously unavailable information regarding how their APIs are being used. For example, a comprehensive API management strategy allows them to see trends over time, and view which clients are using their APIs (e.g. iPhone apps vs. Android apps).
When choosing an API management strategy, it’s clear that security is paramount. However, while the security of APIs is vital, some API strategies view API management solely through the prism of security without understanding that security is just one element of the mix. Other important elements include visibility, analytics, governance, monitoring, custom reporting, developer enablement and policy management.
Additionally, it is important for an organisation to understand how a vendor’s API management products are deployed and ensure they work with both cloud based offerings such as Amazon, as well as on premise solutions with the ability to link to internal systems. It is also critical to fully enable the developers using the APIs. In the SOA strategy of the past, a heavyweight UDDI registry was unsuccessfully used for this purpose. A lightweight API catalog has now replaced it.
To conclude, given the rapid pace of API adoption, it’s clear that any organisation without a solid API management strategy is leaving itself open to security and compliance breaches, as well as potential loss of business.