In this post I will highlight why APIs and API Management are essential to succeed in today’s business environment and why it is inevitable that businesses invest in a good API Management solution to accelerate innovation in today’s rapidly changing marketplace.
We are living in a world of digital disruption. We have all used products and services that have been replaced by newer, innovative products and services. For example, Yelp has replaced old Yellow pages, smart phones have replaced cameras, Google Maps has replaced old paper maps, and streaming services such as Netflix are replacing cable television. And we all know about AirBnB and Uber which have disrupted entire industries such as hotel and transportation.
Why are these disruptions taking place? And why is it so easy today for unexpected vendors to come up with services that are innovative and disruptive? It is because the barriers to entry are low. Everyone has access to the new “Digital Building Blocks” such as mobile, IOT, social technologies, cloud computing which allow for rapid innovation. Also, the new Microservices driven development approach is allowing for faster development, higher agility and faster time to market.
Developers building these new, innovative services have a variety of modern application development patterns to choose from. They are building light weight, polyglot apps based on Microservices, or Serverless architectures. They are building web apps, mobile apps and bots using newer visual, low code environments. They can choose from a variety of cloud infrastructures and data stores. They can choose from a number of app development infrastructures, DevOps tools and deployment options such as VMs or Docker containers. Legacy architectures, large monolithic applications are now transitioning into Microservices and distributed computing architectures.
While developers have the liberty to choose from all of the development, infrastructure, tooling options, we need to ensure that all these apps and Microservices are able to work together. API-led integration is the glue to hold these building blocks together and allows them to communicate smoothly. APIs are at the heart of a modern IT architecture that allows businesses to survive and thrive in this new digital economy by accelerating their innovation and meeting customer demands faster.
Now that we have an understanding about the type of environment we are living in, let us take a look at APIs and API-led modern architecture.
API stands for Application Programming Interface and is one of the most common ways of communicating digital information today. Most apps today use APIs in the backend even though it may be invisible to the end user. Whether it is commoditized apps such as Facebook or Twitter, or other apps provided by your banking or health institutions, they are all exchanging information with another using APIs.
APIs help businesses to address two main use cases. The first is where an enterprise wants to expose a set of services or data internally for all its employees to consume. They can encapsulate commonly used services as APIs, or expose data available in back end systems to promote re-use and governance within the enterprise. The second use case is where the enterprise would like to expose these APIs to the external world for branding, building developer mind share, marketing, customer engagement, or monetization. Some examples of APIs exposed to the external world include the Google Maps API, the Uber API, the Spotify API, or the Facebook or Twitter Login APIs. There are hundreds of other examples where developers are consuming publicly available APIs (some paid and some unpaid) to build new products and services. Is it any wonder then that APIs are called the Doors to Digital Transformation?
Broadly speaking, APIs provide four main benefits to businesses:
Having understood why APIs are important we must also try to understand why API Management is critical. API Management is the layer between the APIs and the end consumers (internal or external consumers). Having the APIs is not sufficient, organizations must be able to maximize the value out of the APIs. Businesses must make the APIs well documented and discoverable by consumers so they can maximize adoption. Organizations must also make sure to secure their digital assets with API-specific policies since exposing APIs brings significant risks to the IT infrastructure and this risk must be managed. They must also define service level agreements (SLAs) to specify constraints such as application rate limits, quotas and plans. Finally, organizations must also have visibility and metrics which provide information on who is using the APIs, successes and failures, request and response times, etc. This insight helps them to understand how to use existing digital assets to meet their business goals. In short, companies must manage their APIs and an API Management solution allows them to do that and keep pace in digital economy.
The API Lifecycle consists of different stages as shown below:
Design – this stage is about designing the API. The design stage should promote API-First development which means that APIs should be designed before they are implemented. Often times we have already implemented back end services which we expose as APIs. Although these may be fine for some cases, an API-First approach ensures that the consumers of the APIs participate during the design of the APIs before they are implemented. Consumers can collaborate with API Designers to ensure that APIs are being designed the way they want it. This will maximize the API adoption.
Personas in this stage: API Designer / API Product Manager
Implement – this is the stage where the API is implemented by the API service developer. This stage also includes implementing the API in the API Management layer. Creating the API backend implementation is different from creating the API in the management layer. The latter creates the API, connects it to the backend API implementation and allows API Managers to add security policies, documentation and publish it in the consumer portal where consumers can consume it.
Personas in this stage: API Manager/Implementer
Deploy – this is the stage where the API is deployed to a “gateway” where it is ready to service runtime requests. The gateway manager will deploy the APIs which will be approved by Gateway managers. In some organizations the same person will play the role of both API manager and Gateway manager. In other organizations, the Gateway manager will be an operations role.
Personas in this stage: API Manager/Gateway Manager
Manage – this is the stage where you may need to manage the API. Perhaps you want to add more security policies, or add rate limiting SLAs, or undeploy or redeploy an API to a different gateway.
Personas in this stage: API Manager/Gateway Manager
Discover – in this stage the consumers discover APIs that are available for consumption. Typically the API manager will publish APIs that are ready for consumption into a consumer portal. The consumers (typically developers) will come to a Developer Portal and browse APIs available. They will read the documentation and test the API to ensure that it meets their needs and register to use these APIs.
Personas in this stage: API Consumer
Monitor – this stage is where the API is monitored by the API Developer, API Manager and the API Consumer to gain visibility and metrics. The API Developer and Manager will be monitoring to see who is invoking the APIs, which APIs are most popular, what are the common security violations, what are the average request and response times, etc. The API Consumer will also monitor the API to monitor how many requests have been successful, how many invocations have been made, average request and response times, etc. Metrics are particularly important for business to make sure that they are using their digital assets in the most efficient way possible. Accurate analytics is also important to measure metrics related to performance, SLAs, monetization, rate plans, quotas, etc. Monitoring an API may reveal information that may require APIs to be re-designed, or new APIs to be designed and deployed and thus the API lifecycle continues.
Personas in this stage: API Consumer / API Manager / API Developer
Now that we understand the need for an API management solution, we will talk about the brand new API Management offering from Oracle, the Oracle API Platform Cloud Service.
Oracle API Platform Cloud Service provides a foundation for Digital Transformation through the first API Management offering that comprises the full API Lifecycle. Encompassing the complete API continuum from API Design & Standardization via Apiary’s trusted API Design & Documentation Platform through to API Security, Discovery & Consumption, Monetization, and Analysis, the API Platform Cloud Service provides a completely new, simplified API management user experience on top of a proven API gateway.
Some of the key features of the Oracle API Platform Cloud Service include:
Oracle API Platform is built using a modern Microservices driven architecture. Each component is built as a small micro service accessible through a REST API. For example, creating metadata, or deploying an API, or collecting analytics can all be done using REST APIs. The following diagram shows the product architecture at a high level.
Management Portal: The management portal runs in the Oracle Public Cloud and is the heart of the Oracle API Platform Cloud Service. The management portal, along with Apiary (also running in the cloud) enables API First design and development of APIs. The gateway managers can create, manage, secure and publish APIs using the management portal. The APIs are deployed on to runtime gateways which enforce policies at runtime.
Gateways: API Gateways are the runtime components that enforce all policies specified through the management portal. Gateways also help in collecting data for analytics. The gateways can be deployed anywhere – on premise, on Oracle Cloud or to any third party cloud providers. This allows the gateways to be closest to your backend services. Some organizations may not want to expose their data at runtime through the cloud, so it is possible for them to deploy the gateway on premise. Their data is never published back to the cloud. For analytics also, only the aggregated information is passed back periodically to the management service running on the cloud.
Developer Portal: After an API is published, API Consumers (application developers typically) use the Developer Portal to discover, register, and consume APIs. The Developer Portal can be completely customized to an enterprise’ needs so that they can publish it as their own portal to their customers. Developer Portal can also run either on the Oracle Cloud or directly in the customer environment on premises.
The API Platform Cloud Service provides complete support for API Lifecycle from API Design & Standardization to API Security, Discovery & Consumption, Monetization, and Analysis on top of a proven API gateway.
Some of the key differentiators include:
Today’s fast changing business environment makes it mandatory for companies to invest in a comprehensive API Management solution to keep pace with rapid innovation in our digital economy. Companies that do not do this will stumble and fall behind. Oracle API Platform Cloud Service provides complete support for API Lifecycle from API Design to Discovery & Consumption, Monetization, and Analysis. Using Oracle API Platform Cloud Service, companies can take advantage of their existing digital assets, be agile and accelerate innovation, consequently increasing customer satisfaction and engagement, lowering cost and increasing revenue.