As organizations struggle to integrate all of the technologies they use, more of them are turning to APIs for help. This reliance on APIs has driven the emergence of full-lifecycle API management platforms.
The arrival of these new tools isn't simply a matter of vendors adding features that'll make them more money, said Carl Lehmann, a principal analyst at 451 Research. It's a response to organizations' need to manage APIs as critical business assets. In fact, Lehmann sees APIs as deserving of the same lifecycle diligence that application lifecycle management (ALM) provides for applications.
A full-lifecycle API management platform manages and automates API processes from creation to retirement. Paolo Malinverno, a vice president at Gartner, said traditional API management platforms tend to focus on managing basic policies -- like traffic management, basic security or data transformation -- during the deploy and run phases only.
A full-lifecycle offering would include capabilities to plan, design, implement and retire APIs. The latter typically includes API gateways for filtering traffic and an API portal that gives developers a means of identifying, assisting and governing developers who embed the APIs.
Capabilities vary from one lifecycle-based API management platform to another, and it can be a challenge to select the right level of product features that will most readily relieve particular pains.
When does lifecycle control matter in API strategies?
A standard API management platform will simplify access to and the use of APIs by providing a back end for analytics, security and other functions. Still, it might not do everything you'd want it to do, said Randy Heffner, a vice president at Forrester Research. "Most don't have formal lifecycle management features, in which you can control the API workflow or how APIs go from one stage to another and get from here to there," he said.
In a lifecycle-focused API management platform, Heffner said, specific types of software manage each stage of the API's lifecycle. For example, one tool set prevents an asset from moving downstream in the process without appropriate approvals upstream.
A CIO, CTO or API architect can control the progression an API makes through all its phases. In planning, use cases and requirements are identified. Next, APIs are designed, built, deployed into and used in production, possibly changed to new versions or reused elsewhere, deprecated and retired.
City Council Service Manager Adrian Dawson recently led a project to create an open data API program in Christchurch, New Zealand. In the early stages, he realized that a formal API management platform was required to securely launch the program.
Lifecycle management capabilities, for example, helped Dawson's team apply security and architectural governance policies at runtime to the council's property data API. This API unlocks historically siloed property data warehouses and makes it easy for real estate agencies, researchers, application developers and other government departments to access property information, including sales and pricing data, said Dawson, who now uses MuleSoft's AnyPoint offering.
To determine the required level of API lifecycle management, an organization needs to examine criteria that'll be familiar to those involved with ALM, Heffner said. These include size, culture, speed of delivery and response necessary for customer satisfaction and business competitiveness, as well as business goals for profitability, customer retention and acquisition.
Randy Heffnervice president and principal analyst, Forrester Research
Choosing the right capabilities also depends upon the maturity of the company's API strategy.
A first step, Lehmann said, is defining and charting the organization's current API lifecycle. Next, prioritize what's important for the APIs that you're using. For example, quality assurance is a top priority for businesses setting APIs or exposing third parties to your developer resources. In that case, the business probably needs a powerful API design, development, deployment and versioning platform.
Likewise, Heffner added, a company with a strong DevOps focus and a need for speedy and continuous development needs rigorous tools for API lifecycle management.
While some companies can gain maturity and discipline within the framework of a full-lifecycle API management platform, others choose different approaches. For example, Chris Moyer, technology vice president at ACI Information Group, uses API management tools, but not a management platform. He uses an API gateway with custom domains and basepath mapping to provide and manage the lifecycle of APIs for ACI's Newstex blog index.
The foundation of his approach is an exacting version management methodology, which provides clear indications when specific endpoints are undergoing changes or being deprecated. "The biggest issue is communicating with clients and monitoring who is still using legacy, outdated APIs that are going to be terminated," he said.
Soothing API pains
Formal lifecycle management can bring rigor to enterprise API strategies, just as ALM does in application strategies. "Lifecycle management shows how mature and disciplined an organization must be in order to deliver, at speed, needed results to customers," Heffner said.
Rigor is often absent from API processes, both Heffner and Lehmann said, largely because most APIs tend to be hastily developed and poorly documented. As API strategies mature, however, quality matters. APIs, after all, control so many essential processes.
"When an API isn't managed as an asset, it becomes uncontrolled," Lehmann said. Then, staff turnover and changes in customer needs and technologies cause problems with integration, and business processes fail. "As the world of multi-clouds has accelerated, APIs are critical in getting those clouds to talk to each other and execute a business process," he said.
Heffner has seen businesses managing individual API workflows independently and not cohesively. "The API workflow may be haphazard, varied, uncontrolled, unreliable and delivering variable results," Heffner said. At the other extreme, some organizations' overly rigid and restrictive API workflow management slows innovation.