How do I work with APIs

digitalization

Application Programming Interfaces (APIs) are the all-purpose glue of digitization. They connect all components for digital change - this includes business applications, apps of all kinds, cloud services, smart things and sensors from the Internet of Things, bots for addressing customers and automating processes, and of course data that is coming from more and more Sources flow into the IT systems of companies.

In addition to the increasingly heterogeneous composition of IT infrastructures, there are various platforms on which companies organize and control their business operations with partners and customers, for example the supplier industry for automobile manufacturers or purchasing platforms on which companies can sell their goods. In these ecosystems, too, the connection between the individual participants works via APIs.

One speaks already of an "API economy". The approach of viewing one's own business as a closed system is outdated. A well-known company that started its business as an open, API-supported platform from the start is Uber. The transport operator integrates itself into various ecosystems and develops its own APIs to make it easier for other service providers to connect. For example, users can transfer restaurant addresses they found in Tripadvisor to Uber at the push of a button.

Uber also relies on various plugins and services from other providers that are integrated into its own service via API for establishing contact between passengers and drivers as well as for payment processes. Uber's own interfaces allow drivers to work for other services as well. For example, they can also take care of delivery trips for food.

APIs - there are more and more

How important programming interfaces are can also be seen from their number. The API directory "Programmable Web" listed almost 21,000 publicly available APIs at the beginning of February this year. Around ten years ago there were only around 1,000 such public APIs. Their number has roughly doubled over the past five years. Then there are the company's internal APIs, the number of which, according to the experts at Crisp Research, should be three to four times higher.

Basically, the topic of APIs is not new. For as long as there has been software, interfaces have been needed to connect programs with one another. In times of large monolithic software blocks, however, their number was limited. In addition, APIs were usually used internally to interlink their own IT. With the break-up of these monoliths and the modularization of software in microservices and the increasing opening of companies to the outside world to partners and customers, the topic is taking on a completely new dynamic. The associated complexity demands a strategy for the management of these interfaces. After all, as the number of APIs grows, it quickly becomes cluttered and difficult to keep control.

Various providers offer solution packages for this. Most recently, Forrester Research's analysts took a close look at API management solutions. Analyst Randy Heffner describes six key elements:

  1. API design and documentation,

  2. API development and delivery,

  3. API testing

  4. API operation,

  5. API lifecycle management and

  6. API management.

Forrester IBM, Google, Software AG and WSO2 are among the leading providers of API management. The API management solution from IBM According to the analysts, it offers comprehensive functionality and can therefore serve as the foundation for a variety of API strategies. Particularly noteworthy are the functions for defining groups and teams, which made it easier to coordinate the API publication across specialist departments and B2B partners. IBM offers a number of deployment options. Users could start comparatively inexpensively.

At the same time, according to Forrester, IBM's API solution allows enough flexibility to adapt to the respective customer needs - whereby the costs would not explode even in large-scale implementations. For enterprise API governance scenarios, the package offers integrated lifecycle management and a hierarchical tagging function that helps users to group API portfolios. Overall, according to Forrester, IBM customers are very satisfied with both the provider and the product. Above all, the broad-based API platform and the price-performance ratio would be decisive for IBM. The users give Big Blue advice: The manufacturer should concentrate more on specific business applications than on the technology.

Google can, from the analysts' point of view, build on a strong market presence with its API management solution Apigee. The business vision and the functionality of the solution should be emphasized. For example, Google offers quite flexible functions to integrate different billing strategies for the use of APIs in its solution.

With the help of management functions for the life cycle of APIs, customers could implement sophisticated enterprise API governance scenarios. Google is working flat out to integrate Apigee more deeply into the Google Cloud Platform (GCP) ecosystem and, in particular, to couple it with the analysis and intelligence functions of GCP. From Forrester's point of view, Google customers are very satisfied with the solution and moderately to very satisfied with the provider.

Read more about application programming interfaces:

With its new architecture and a wide range of functions, the Software AG Forrester analysts praise the ability to use various API strategies. The solution has a mature lifecycle management system that can be easily integrated into API administration and user portals and provides a solid basis for various API programs. The German manufacturer is also expanding its API management so that it can connect to other solutions - for example, the API portal offers the possibility of publishing APIs that are hosted in the gateways of other companies.

The further development strategy is aimed at dynamic ecosystems, business-oriented API management and various options for B2B integration. According to Forrester, Software AG's customers are very satisfied with both the provider and the product. Above all, the integration platform was often decisive for the purchase. From the customer's point of view, the German API management solution is easy to use.

The open source solution from WSO2 According to the study, it also creates a solid basis for a variety of API strategies. The package offers a good functional range across all evaluation criteria. Lifecycle management and non-REST APIs are particular strengths. The WSO2 solution is also flexible enough to support a large number of different API approaches. The analysts cite hierarchical tagging, configurable portal navigation, separate API keys for sandbox and production use and API-specific discussion forums as examples. A label function in the micro gateway simplifies the administration of API groups.

In the future, the manufacturer wants to concentrate primarily on digital ecosystems and changing solution architectures - the keywords are microservices and low-code. The customers said they were very satisfied with the solution and the provider. The open source basis of WSO2 makes the solution affordable. This is easy to use, even if the documentation could be better.

The followers

Companies like Axway, CA Technologies, Mulesoft and can be found in the chasing group Tibco. According to Forrester, the latter provider scores with tight integration between its cloud integration platform and API management. By and large, Tibco offers a solid but average range of functions. With the configurable portal, tools for user interaction and analysis functions, the solution is ideal for open web API user scenarios. In the future, Tibco intends to increasingly incorporate AI features into its API management. The customers are very satisfied with the solution and the provider. They highlight the developer portal and the integration platform. However, Tibco still has to work on the security features.

Axway will soon be offering its "Amplify API Management" solution as a complete SaaS implementation. The analysts point to a good architecture for integration with microservice frameworks. The strengths also included the API design and a wide range of options for defining API guidelines. Overall, the solution offers a good basis for a large number of API ecosystems. The portal is based on Joomla. Users have access to many extensions via the ecosystem. The customers are very satisfied with the provider and the solution. The solution is robust and reliable. In addition, Axway reacts very flexibly to customer needs, it said. However, the implementation support is rated only mediocre.

CA Technologies is in the process of updating the architecture base for its API portal. Customers could currently purchase the new or the "classic" version. According to Forrester, the latter has more functions for portal customization, the involvement of API users and the definition of API plans and groups. However, those responsible for CA have already assured that the new architecture will also be functionally expanded. The "CA Live API Creator" offers users a low-code concept for creating APIs.

From the analyst's point of view, the gateway is a key strength of the solution. Customers say they are very satisfied with the provider and the product. The gateway core is robust and mature, and the solution is good value for money. However, CA's portal strategy is a bit confusing and creating guidelines can sometimes be complicated.

Mulesoft builds its API management solution on the foundation of its Enterprise Service Bus (ESB). According to Forrester, the package has powerful design tools, flexible API documentation, and a fully ESB-based integration engine for creating APIs. A visualization tool shows dependencies between APIs. The analysts also rate the versioning features as strong.

On the other hand, the security guidelines and the API product and API user engagement features did not match the competition. Nevertheless, customers are very satisfied with the provider and the product. The API user portal could be more flexible to adapt to different scenarios. Some security guidelines were missing for more security. However, the implementation is easy.

Just under a year ago, Salesforce took over Mulesoft for around $ 6.5 billion. So far, Mulesoft seems to be able to act largely independently in the market. Salesforce itself wants to use the Mulesoft solution to better link the various parts of its cloud platform. On Trailhead, Salesforce's training platform, it says, "The world of Salesforce APIs is as huge as the ocean is blue." This is due to the "API-first" approach in developing functions for the Salesforce platform.

Straggler Oracle

The Forrester analysts group Microsoft, Red Hat and - already with some distance - Oracle into the other provider field. Microsoft With Azure API Management, I offer its cloud customers a basic solution for building and documenting interfaces. However, the package is primarily suitable for users of Microsoft's Azure cloud. Red hat has taken over 3Scale for the expansion of its API management. The solution basically has a solid range of functions. The analysts emphasize the flexibility as well as the functions for billing the API usage.

Red Hat has grouped other integration tools around 3Scale. Forrester criticizes that these are not yet networked particularly well. Oracle took the time to set up an API management system, but made good progress with the acquisition of Apiary, according to the study. The focus of the Oracle solution lies in the API design. There is clear room for improvement in terms of management and security functions.

In addition to the larger players, Forrester lists a number of smaller providers, including Rogue Wave Software, Sensedia, Torry Harris Business Solutions and Tyk Technologies. These can keep up functionally, but are niche players in terms of their market presence.

API security is becoming increasingly important

One aspect that is likely to play an increasingly important role in the future is security. As the number of APIs increases, so does the number of predetermined breaking points in the company's IT infrastructures - especially when old code that was never designed for an Internet connection suddenly becomes accessible via API. In the past two years in particular, a number of security incidents caused headlines that were caused by incorrect or negligent API protection.

You can find a lot of useful information about security in our online special

For example, Salesforce had to admit that a bug in an API in its marketing cloud ensured that customers could see the data of other Salesforce users. T-Mobile USA attributed the fact that hackers were able to access data from 76 million cell phone customers to a faulty interface. And the security breach that Facebook had to admit in September last year could also be explained by an API vulnerability. Hackers would have had access to data from more than 50 million Facebook users.

Insecure APIs are constantly moving up the lists of the most dangerous attack vectors. Gartner assumes that in 2022 the misuse of faulty APIs will be the most common reason for unauthorized data extraction from enterprise web applications. A study by the security expert Imperva last year showed that more than two thirds of all companies worldwide already provide public APIs to give partners and customers access to their own platform.

More than three quarters of these companies admitted that they were neglecting safety aspects. While the topic of application security has high priority, those responsible are applying a lax security standard to APIs. But the more important interfaces become, the more hackers would target them, warn the security specialists.