July 23, 2021
July 23, 2021
Contributor: Ashutosh Gupta
It is important for software engineering leaders to balance the technical and business goals of their API strategy and practice by considering these top 5 aspects.
Software engineering leaders around the world see application programming interfaces (APIs) as the best option to connect systems and applications to build impactful and composable software architectures. However, they overlook the business potential of APIs as digital products and focus largely on technical use cases.
To deliver meaningful business outcomes and gain the trust of stakeholders, organizations need a modern API strategy that is closely aligned to business goals, and which covers API security, governance, life cycle management, developer enablement and potential for monetization.
Download now: Top 10 Aspects Software Engineering Leaders Need to Know About APIs
“Software engineering leaders responsible for API strategies shouldn’t focus only on the technical benefits of APIs. They must incorporate the business perspectives to avoid risking the support of business stakeholders,” says Shameen Pillai, Sr Director Analyst at Gartner.
Here are the top five considerations for software engineering leaders to develop an effective API strategy and practice.
For developing, managing and governing APIs without creating bureaucratic hurdles, software engineering leaders can implement an “adaptive governance” model. The idea is to create a federated API platform team (for example, having product managers from different business groups such as digital, commerce and logistic API teams) and manage the locally built APIs without undermining the overall API strategy.
To support localized standards, tools and processes, ensure that API product teams do not create disjointed or overlapping standards and actively participate in federated API governance. The platform teams and product managers should have consistent communication to be aware of shared assets, policies and practices.
Looking at APIs as a way to achieve technical purposes isn’t enough in the postpandemic world. They are now essential in advancing digital business strategies and should be treated as products without prioritizing monetization. Although many organizations monetize APIs, the majority don’t. Many organizations use API products for internal consumption only.
Regardless, the development, organization and management of APIs should be driven by a consumer-centric mindset that requires product managers to:
As APIs are the gateways to systems, applications and services, they are always vulnerable to security threats. This may result in the loss of private and sensitive information about millions of users.
The security strategy for APIs should focus on threat protection, well-refined access control and data privacy. Software engineering leaders often protect the published APIs, but there can be shadow or unpublished APIs. API discovery is the key to ensuring that there are no blind spots and to track any malicious usage of APIs.
Software engineering leaders should adopt a DevSecOps strategy and institute a security governance policy across the organization. They should assess and enhance the capabilities of API security and management solutions to discover APIs and potential threats from hackers.
An API’s life cycle involves four stages:
Software engineering leaders should build a consistent process around the four life cycle stages to develop a comprehensive API strategy and practice. For example, the “planning and initial design” stage should focus on an iterative process, consisting of a design approach, methodology and governance. Likewise, the “deploy and run” stage should focus on advanced security analytics to measure API business value.
Leverage automation to sustain API quality, track issues and optimize the API’s life cycle based on actual performance.
Align the development of APIs with the organization’s DevOps process for continuous integration and delivery. This way, software engineering leaders learn about other considerations when building, deploying, testing and implementing APIs in various environments. For example, as per API testing guidelines, certain functional, performance and security testing requirements can be mandatory.
There are a variety of vendor solutions for developing and managing APIs available in the market today. However, the API market is evolving, with some vendors focusing on specific aspects of APIs like design, testing, monitoring, security, portals and ecosystem management.
Related webinar: How to Benefit From API Startups and New API Trends
With so many different solutions to select from, software engineering leaders should have clarity regarding the needs of their organization and engineering groups. To make the selection more credible and collaborative, involve API product managers, API platform teams and security teams in the process.
It may be difficult to identify what differentiates different vendor solutions when it comes to potential, viability and maturity. Review critical capabilities for API life cycle management to understand the respective strengths and weaknesses of each solution and select the best possible fit.
Join your peers for the unveiling of the latest insights at Gartner conferences.
Recommended resources for Gartner clients*:
Top 10 Things Software Engineering Leaders Need to Know About APIs
The Evolving Role of the API Product Manager in Digital Product Management
API Security: What You Need to Do to Protect Your APIs
How to Implement API Discovery and Detection to Improve API Management and Security
*Note that some documents may not be available to all Gartner clients.