Why All APIs Need API Management

Posted 6/30/2016 10:02:17 AM by GREG BRAIL, Chief Architect at Apigee

Why All APIs Need API Management
The recent outage at Slack – the fast-growing collaboration tool – reminded us all of a few things. For one , it reminded us just how popular Slack has become and how important Slack is to our daily work. The outage seemed to shut down workplace production entirely based on the hysterics posted by some Slack-enthusiasts on social media.

But Slack’s problems also reminded us how important APIs are to our modern digital world.

Modern applications that run on the Internet depend on APIs. Major apps from Facebook to Uber to the Roomba vacuum cleaner communicate constantly with APIs hosted somewhere on the Internet to accomplish their goals. Some of these APIs, like Facebook’s, are open, which means that any developer in the world can learn to use them and make them the basis of new apps. Other APIs, like Roomba’s, are not open -- although they are still APIs.

Slack’s own apps are not only powered by its own API -- Slack also offers open APIs. Users of Slack love to use those APIs to set up integrations between all kinds of other services. Slack usage has grown like a virus in part because users love that they can quickly “mash up” Slack’s APIs with other products, often using those products’ own APIs.

When a company like Slack offers third party APIs to developers, it creates a huge business opportunity, because those developers have used the platform in ways that Slack never imagined. But it also creates risk, because Slack does not have full control over what those developers do.

What if a developer builds an application that makes a huge number of API calls, flooding Slack’s network and servers with traffic? What if a developer signs up for the API simply for the purpose of writing a “bot” that will vacuum data from the service in order to gain competitive advantage? Or what if a developer just makes a big mistake, making hundreds of API calls per second when certain error conditions occur?

For any API to succeed without letting a single runaway application take the whole platform down with it, we need some way to control which applications are built and what they can do. That’s where API management comes in.

Managing the relationships between developers, applications, and the API is the primary role of API management. An API management tool comes with a user interface that a developer can use to learn what APIs are available, what they do, and how to use them. It also comes with controls that the API team can use to determine what each application can do, and how much it can do it.

Why might this be important? Imagine that a well-meaning but short-sighted developer wants to integrate Slack with some sort of bug tracking system so it sends bug notifications automatically to Slack. But instead of a straightforward integration, the developer accidentally creates an application that hammers Slack over and over again, without stopping, with every bug in the system. What developer hasn’t managed to do something like that at least once in a career?

An API configured with effective API management will protect against these kinds of mistakes, and it will also protect against malicious attacks. It does this by authenticating each API call to ensure that it comes not only from a legitimate end user, but from a legitimate application. API management will also control the amount of traffic that a single application can generate, so that the impact of such a buggy app is contained before it can cause the entire service to go offline due to the flood of traffic.

With API management in place, the team that runs the API also has deep visibility into how the API is being used. Good API management tools are especially effective at providing visibility at the application level. That means that the API team can understand exactly how much traffic each application is generating, and can even distinguish different application versions and platforms. 

If a particular application is causing a problem, the API team can change its configuration and reduce the traffic that it is allowed to send. Or, if the application is a runaway success, the API team can be part of it, by congratulating the successful developer and helping promote the app.

Of course, API management has other benefits, like transforming data from legacy systems so that it can be more easily consumed, scanning incoming content to ensure that it does not cause the back end systems to crash, and customizing API responses for different platforms to optimize response time.

In short, today’s applications are built on a layer of APIs, and those APIs are used by a large and growing population of developers. This approach leads to incredible outside innovation from third party developers, integration with other products and some of the coolest tech features we all love to use. 

But to ensure effective security and to keep an API running smoothly, it is essential to have a platform to manage those applications, and that’s why API management plays a major role in today’s digital world.

Read More http://apigee.com/about/...


About the author: GREG BRAIL, Chief Architect at Apigee

Greg Brail has enjoyed more than 20 years in the technology industry. He currently serves as Chief Architect at Apigee, developer of a leading API platform. In this role, Greg helped drive Apigee through its transformation from a provider of hardware and software for XML-based web services optimization into a company that enables companies of all sizes to become digital businesses. He has recently led the architecture of the latest-generation of the Apigee Edge API platform, developed open-source software that helps Apigee support Node.js, and is a co-author of the O’Reilly book, “APIs: A Strategy Guide.”

Subscribe to App Developer Daily

Latest headlines delivered to you daily.