Anyone in technology knows that API’s make the digital business world go round. Without a doubt, they are the enabling mesh for digital access, communication, and transactions. From the early 2000s when pioneers like eBay, Salesforce, and Amazon launched, through growth driven by social networks and mobile; and now IoT—APIs have evolved to expand business for any enterprise, ISV, SaaS, iPaaS, and iSaaS consuming or providing them. Yes, we have a thriving API Economy just like the industry analysts predicted.
From Simple Web Services to Sophisticated API Mediation
Over the years, API provisioning has continued to mature from simple web services to a more sophisticated design pattern known as Mediated APIs. Today, Mediated APIs help manage, monitor and govern APIs so users consuming them have the right experience, and companies exposing them can continue to protect and innovate their core application.
“A mediated API is a design pattern in which an API is virtualized, managed, protected and enriched by a mediation layer. This layer can enforce policy and add capabilities to the API interaction to increase agility, usability, performance, security and control. API mediation applies to both incoming (e.g., to enterprise APIs) and outbound (e.g., to cloud/SaaS services) API interactions.” -Gartner
Services Underpinning Advanced API Management
As the concept of digital business grows, Mediated APIs address the need for more advanced API management functionality including analytics, performance, security and control, as well as meeting business requirements around monetization, support, customer experience and understanding/optimizing usage patterns. This holistic framework actually creates greater flexibility to grow as a digital business without compromising current traction or value. In other words, as you innovate your core application, you don’t disrupt what your current APIs deliver and you can expose enhanced new services when it makes sense for the business. Let’s walk through a couple of key concepts about why Mediated APIs really are a critical success factor to any company’s digital strategy:
- Security — Never underestimate the potential for security threats. Using APIs expands your application’s exposed “footprint” which increases security risks from malicious hackers and from illegal or fraudulent activity. Using a Mediated API, you can prevent/defend from malicious and fraudulent use of your APIs by maintaining strong governance, identity, authentication management and monitoring.
- Preserve User Experience — As you continue to develop your application and add new functionality that supports innovation, a Mediated API will protect your existing external and internal users and partners by ensuring consistent performance and functionality even while you modify the core application underpinning the Mediated API layer.
- Performance Monitoring — The value of performance monitoring can be enormous when you consider how creatively third party developers can be and the risk that can pose to load balancing. For example, with a Mediated API layer, “throttling” or other methods exist to shield systems from unforeseen loads. When detected the Mediated API can slow responses for a short period and prioritize traffic based on business value, instead of threatening overall system stability or risking an outage. The key is to maintain continuity for the API user while protecting the overall system performance.
- Analytics — A Mediated API layer lets you take advantage of analytics so you can track and understand who your users are, and what they are doing. This is valuable information for product management, providing good visibility of new usage patterns and which parts of your existing apps and services are in most demand. Analyzing high demand usages can prioritize how you plan and break out specific pieces of functionality in order to optimize monetization potential and customer experience as well as implement dynamic scaling and redundancy models required to meet demand.
Sources for Building Mediated APIs
When we talk about implementing a Mediated API layer, there are a couple of approaches. First, you could create an API Mediation layer from scratch when there are very specific requirements, but this could be a very complex, time consuming path. Second, use one of the API Management tools available in the market—a few examples include, CA Technologies, IBM, TIBCO, Axway, Apigee, and Akana, among others. (For a more complete list, let me suggest checking out Gartner’s Magic Quadrant report.) To sort out which vendor may be most suitable for your needs, start by identifying which functionality (security, monitoring, performance, versioning etc.) your mediation layer should add and check vendors that provide those functionalities.
If you would like to read more on the subject, check out our latest whitepaper where we talk at length about Mediated APIs (and Microservices): Renovate to Innovate: How Mediated APIs and Microservices are Enabling Technology Companies to Expose IP and Deliver Faster Innovation Cycles.