You might have heard the term 'API-first strategy'. Any idea what it is? It actually depends on who you talk to, as there are as many definitions as there are vendors using that term. Like often is the case in IT. In this blog, I will give you my opinion what an API- first strategy is and how to realize it.
API-first according to Swagger
Smartbear, the original designers of Swagger, defines API-first strategy as: “An API-first approach means that for any given development project, your APIs are treated as “first-class citizens.” That everything about a project revolves around the idea that the end product will be consumed by mobile devices, and that APIs will be consumed by client applications. An API-first approach involves developing APIs that are consistent and reusable, which can be accomplished by using an API description language to establish a contract for how the API is supposed to behave”
Of course, the API description language is Swagger. Other online resources like ProgrammableWeb put it even more boldly: “The API-first approach is also something of a clean-room approach whereby the API is designed with little consideration for the existing IT estate.” In other words, we will define a great API and it is up to the IT guys to make sure that it actually is able to do what was envisioned. I do not believe that is the way to go. If there are gaps in what we want to do and what we can do with current IT, we should plan how to bridge that gap. It is not realistic and fair to ‘twist the IT estate into submission’. Creating the ‘shiny frontend’ is easy, making it work in the ‘dirty backend’ is much harder.
There is however another aspect that is missing in the definition and that concerns the operation, security and analysis of the APIs. Because an API is easy to use by almost anyone, it does not mean it actually should be! In many cases you want to know who is using your APIs. Why do they use it? How many resources do they need? If someone, e.g. a student, wants to use the API for testing purposes, do they need an unlimited amount of calls to the API? In most cases, the answer is "No". Because the API is just the entry point to IT systems there is a whole world behind it that needs to stay up and running and giving one person unlimited access could impact the other users. Typically, knowing what users want to do using your API gives you a possibility to engage with them and discuss their use case. This could lead to an improved version of the API, therefor increasing the use of your API’s. This ‘relationship’ with your API users starts with the signup to an API store where users can discover and test the API’s. When users subscribe to an API they will typically get a client key / secret that is used for authorization. The token generated will allow them to use the API, pretty much like a plastic hotel keycard gives access to your room (as long as you pay).
In some cases, you want to monetize your API, enabling a new business model or, for instance when it concerns intra company use, recover cost of creating and maintaining the API and/or infrastructure. You can charge your consumers based on the number of invocations, the amount of data they consumed, or any other parameter. So, with a little twist, you can turn services or data into money.
Your API Management solution should allow you to monitor the use of API’s from a broad perspective. From how many times API’s are invoked, to the number of users and of course, a lot in between. Take for instance traffic suddenly coming in with IP addresses you have never seen before. It could be that you suddenly have users in a different geolocation or that something fishier is going on. Analytics are a key element of any API-first strategy.
How to implement your API-first strategy?
We believe that the WSO2 API Manager is the only solution in the world that combines all the features we’ve just discussed. Plus, this solution perfectly matches our vision on digital transformation. The WSO2 API Manager gathers a laundry list of powerful features that give you all you need to speed up and develop beyond your limitations. We, in turn, use the WSO2 API Manager to implement your most successful API-first strategy.
Want to know more about the match between the WSO2 API Manager and your company? Read our API selection guide!