API Management – how to tame APIs?

Flexibility, agility, innovation. With such traits, successful companies are moving forward. The most stimulating factor in the world economy is now the constant change. Companies need to learn to adapt quickly. Obviously, if they only want to maintain their competitiveness and place in the market. The change is driven by growing expectations and customer needs, regulatory challenges (such as the EU PSD2 directive) and increasingly ingenious competition. Business must constantly evolve. This can be done today, with the help of APIs.

World according to API

APIs (stands for Application Programming Interfaces) is not a new phenomenon. Their definition was created back in 2000. They have long been used within corporate and web applications. Actually, we can call it a popular and known technology. APIs allow the interoperability of systems and databases with each other, using universal protocols and data-storage media. Data can be then processed by external partners, developers and their applications – often in surprising ways. This environment create new quality, ingenious and useful products, creative services – in response to the ever increasing expectations of the digital society.

According to the CA Technologies report, 88% of large organizations globally already use APIs. Most of those, who have not yet implemented this solution – are planning to do so. You can say, that we are already living in an API-based economy.

The example of API’s success can be Google Maps, open-source web map service, popularized by easy plug-in for web pages. Thanks to open API of the service, Google Maps today include a huge volume of enhanced data, provided by the users community. Growing over time layer of information is the rankings, reviews, photos, location tips, local guides forum. This can be achieved be the opening of the data. Google, which has a strong influence over the shape of today’s web, has been instrumental in promoting the benefits of the open Web API.

Parallel to business growth, with APIs like Google Analytics and Google AdWords, other big social networks have opened their data. By embedding video sites (Vimeo, YouTube), music players (Soundcloud), photos or universal avatar (grawatar.org). The world’s largest web development platform, WordPress, offers open APIs.

Interesting use of the APIs can be quick login to users account, using given elsewhere login credentials, working as a social login plugin for web pages. Quick login comes from sites such as Facebook, Google+ and LinkedIn. Publishers can avoid the need and hussle of maintaining own users database, so it can be a convenient solution. Today’s users are having too many passwords, so they appreciate such universal key to at least some of the services they use.

Technology companies, media and information services are the biggest API users. But APIs can be useful in any industry, from education through banking, manufacturing to medical services. Soon, there will be more and more of them, as the “digitizing of everything” progresses. The APIs are powered by mobile applications, and they are extremely active around the services available in the cloud.

Some business leaders, which never thought about offering software-based products or services, they are now able to use API mechanisms to expand their offerings, increase value, and improve service. And that stimulates overall growth of the market.

 Read More:  GDPR: 5 most important law changes and their consequences for banks.

API as the universal connector of everything

Within internal environments of the enterprises, APIs are effectively used for system integration. Combined with external APIs, they become the product innovation vehicle, giving a new dimension and the use of previously inaccessible sets of information. Importantly, data and its collection can be made available for a fee, thus opening a new revenue channel for businesses.

As Internet shoppers, we appreciate the API, which recognizes our data, locates us, tailors product suggestions based on our preferences, knows our shipping addresses. As Internet users, we realize that much of what is available on the Internet, we see through the API data, mainly in cloud-based services. The API is already a technology well established in the network environment, as a logical consequence of the need for its integration on a large scale. Automating the consumption of data from APIs is bringing us closer to the Internet of Things – according to Gartner, in 2017 the number of connected devices exceeds 8.4 billion.

When they came out, APIs seemed to be the awaited response to the growing problem of communication between applications and systems, technologies, programming languages, databases, and users. They are the solution of today’s digital economy. Almost every company is in the process or is facing a transformation. Managers and owners of these different businesses already understand, that in the battle for the customer, they not only have to use the technology they have, but use with with collaborating network of partners, suppliers and recipients. List information with benefits and target customers, including themselves. The API simply makes it possible.

How can an API be used in business advantage?

  • As a link between internal databases and systems with a network of developers, partners, internal and external service providers, such as CRM for deliverer, customer relationship management with account and PayU account data, as an integrator of pre-paid payment module modules, or as an open product catalog.
  • As a final product, where API fees are levied on direct charges. That can be set for particularly valuable data or services offered by the API, using “Pay as you go” payments. The fee may be also charged from developers or end users when it is part of the service they’ve paid for access to. APIs may be shared (partially or not) without charge, which occurs as more resources are consumed (like in Dropbox) or after some time (model free trial).
  • To integrate internal enterprise systems, especially in organizations with extensive IT infrastructure, built for years. They are hundreds of thousands of APIs there. The key to business growth will be to enable efficient communication between (all) available information resources: the data opening up, the simplification of processes, the elimination of double operations, the development of transparent user interfaces.

 Read more:  Robots in the bank. Financial industry 3 key areas to be streamlined by Robotic Process Automation

What are REST APIs?

The network is constantly changing as it grows. APIs are now more commonly based on REST (Representational State Transfer) standards than traditional SOAP (Simple Object Access Protocol). That means, they are HTTP-based interfaces – their architecture reflects the architecture of the Internet.

The SOAP standard will continue to be used, but more often in enterprise resources than in networks and clouds. REST became popular when most of the Internet users became active in social media, and when large organizations (such as Google, Facebook, YouTube or Yahoo) began to make their APIs available on a massive scale. In practice, REST is lightweight, very scalable, independent of programming language and as a platform. It works just like lego blocks – it allows you to place any item.

API Management for total API control

In the new economy we live in, overall API management is gaining new significance. Business must have access to tools that enable planning, analysis, sharing, and control of all API lifecycle phases. Especially when the number of APIs present in the ecosystem is increasing rapidly. Entering a new product on the market reduces from a few months to a few weeks or even days, quickly catching bugs in the application and measuring the amount of data flowing through the API, allowing for better performance and better business decisions. Advanced API Management tools must enable the creation, protection, management, and optimization of APIs. And not only during their lifecycle, but at the enterprise level, too.

Companies use APIs to capture data from partners and add value to their products and applications without writing new code. This can be a map, or payment feature. At the same time businesses, regardless of their size, share data from internal systems through APIs, making them available to millions of devices connected to the network – the Internet of Things. Performance optimization and safety are mandatory there.

Successful organizations are the ones that make it easier for developers to build applications based on their data. Relationships with the developers community are a priority in these companies. Developers get a lot of encouragement and benefit from creative work on data. They are connected to well-arranged test environments, take part in creative hackathons or dedicated development programs. Information about the API and its assets is actively distributed among them. API detection is extremely facilitated.

 Read more:  Biometric authentication, FIDO standards and our money security

Stay up-to-date with API economy

Subsribe to APILOGIC newsletter and get the latest news on innovations in the financial sector.

[FM_form id=”3″]

API Management and lifecycle measures the maturity of a digital enterprise

Businesses that are fully API-focused and exploit the potential of this technology, must include multiple factors in their strategy. The sophistication and usability of APIs can today be seen as a measure of digital maturity. Factors that need to be taken into account, are expressed in the tools of the complex API Management systems used by organizations today. We can include elements such as:

Strategy and planning

Use of API must be permanently incorporated into the enterprise strategy. Business shall provide monitoring tools and processes and prioritize API investments. The key to such an organization will be consistency, and cultivated relationship with the developer community, including an active encouragement to use the API.

Construction and integration

The company has its own technology portal that provides an overview of the APIs from the outside and gives access control to developers. There are various communication channels for the development community such as forums or bug reporting tools. Developers have access to multiple data sources – they can quickly connect, create and publish applications, give feedback to the forum.

Testing, deploying and monitoring

Available and friendly test environment for new APIs before they are published outdoors, API gateways for improved performance and security. API deployment should be supported for public and private clouds. This toolbox shall include quick respond to events during the API lifecycle.

Measurement and analysis

API call metrics and user engagement. Applications that enrich API usage, code creation, new applications and Software development kits. It is important to keep track of the behavior and use of the API and respond appropriately to changes in this behavior.


As the API issues data that can be classified as sensitive, businesses should equip the platform with advanced security systems to protect their APIs against attacks through sensitive applications. Especially dangerous are: script attacks, attacks during authentication, malware infections – the most important ones have been listed by OWASP.

What is the API connection with PSD2 directive?

While the directive itself does not explicitly require APIs from banks as a way of adapting to regulation, it is an obvious technology when it comes to opening account data and allowing for the flow of information between a bank and a network of partners. API is a popular technology that works well and is used by developers all over the world, so implementing it with the guidelines of the directive can be much faster and more cost-effective in the long term, than any other solutions.