Sunday Dec 15, 2024
Friday, 5 May 2017 00:00 - - {{hitsCtrl.values.hits}}
In this digital age an organisation can no longer operate in isolation as an independent entity. Be it a supermarket, a hotel chain, or an airline, the organisation needs to be able to link to other entities in its value chain to deliver superior value to its consumers. This requires the need to expose certain capabilities of your internal systems to your partners, suppliers, and even customers who would be able to use information from and publish information to your internal systems.
This level of business integration is seen in most developed markets and is slowly creeping into developing markets like Sri Lanka as well. Organisations are always on the lookout for ways to improve their operational efficiency and to provide a superior service to their customers by streamlining its value chain. And the ability to improve operational efficiency and deliver superior value to consumers would definitely give organisations a competitive advantage.
APIs are an integral part of this story; APIs provide the capability to offer a standard way in which your partners, suppliers, and consumers can integrate with your system to consume and publish information. More importantly, can APIs hide the internal complexities of the system and provide an access point through which certain operations can be performed. APIs basically act as a gate through which external parties can enter a fortified castle. Without APIs, you will not have a standard way in which external users can communicate with your internal systems.
Let’s take the example of a supermarket – a supermarket would provide an API through which the stock level of a given product can be measured. This would allow a supplier of fruit juice to know how fast its stocks are moving and plan its internal manufacturing process so that it would be ready with its new batch when the stock quantity reaches the reorder level. Another example can be a hotel chain that would want to tie up with an airline to allow passengers to reserve a hotel room when booking a flight. In such a case, the hotel would expose an API that would allow the airline to access the hotel’s reservation system to check room availability and make reservations.
API exposure and usage are not limited to external entities of an organisation. APIs can be used as a way an organisation can streamline its internal operations. APIs can be shared between departments or business units of an organisation to smoothen operations and to encourage reusability. For example, a hotel chain would require a currency conversion capability with its online reservation system, the front desk system, and finance system.
Therefore, rather than writing a currency converter for each of these systems, a single currency converter can be written, which would expose a currency conversion API that can be consumed by each of the three systems. This would cut down duplication effort by each department and ensure consistency is maintained in the operations of these systems.
Exposing APIs alone is not the complete story. As we described with our analogy, the API is a gate to a fortified castle. Hence, there should be a way in which access to this gate is controlled and monitored. Similarly, there’s a need to manage and control APIs that are exposed to external parties. The following factors need to be taken into account when exposing your APIs to users:
APIs should be secured so only authorised users would be able to access these APIs. Security is extremely important to ensure that APIs are used by the right user and there’s no harm or imminent threat to the internal systems and to the data that reside in these systems.
Access to APIs should be controlled based on how much each user can access. Most internal systems have a limit to how many users can access the system at a given time. Failure to address this would mean that the system would be unavailable to all users. Therefore, it’s important that the usage is throttled to ensure that all consumers can fairly access the API without impacting the activities of other users.
API discovery is required to ensure that APIs can be discovered through an API Store. Users should be able to search for the APIs from an API catalog and choose the API they require. The API discovery point should also have the capability to store any documentation required by the users. This is similar to a mobile app store that you would use to download the required applications to your mobile device.
Exposed APIs should be versioned and its lifecycle should be managed to ensure that any changes made to an API would not impact users who are already using the API. Moreover, any changes made to the API should be exposed as a new version to any new user to subscribe.
It is important to monitor the usage of the API to get an understanding on how users are using the APIs exposed. This would help an organisation to streamline bottlenecks and provide a better quality service for its APIs. Similarly, it is possible to monetise the usage of the API where the organisation would be able to charge users based on their usage of the APIs.
APIs are an essential component in digitally transforming your business. They are required to link your business internally as well as to connect your business operations with other entities that are a key part of your value chain. APIs would open up new avenues to serve your customers, and provide a better service to customers through channels that are already in place. For example if we consider the same supermarket example, an API can be provided to link up with your stock management system, which in turn would allow a customer to check the availability of a product from the convenience of their home. To extend this use case further, the same API can be offered to a third-party service provider for a fee to integrate with their own mobile or web application, which they would offer to a customer as part of their own service offering.
In conclusion, APIs are an integral component that organisations need to consider to digitally transform its business operations. Yet, these APIs need to be managed to ensure they are exposed in a secure and a meaningful manner to bring maximum benefits to an organisation.
(The writer is Lead Solutions Engineer at WSO2. He is a part of WSO2’s Solutions Architecture team that works closely with customers to find the best solutions for their IT projects. In his role, he has worked with numerous customers around the world in providing solutions and guidance to customers to digitally transform their businesses. He has nine years of experience in the IT industry. Prior to WSO2, he was involved in building IT systems for telecommunication and biotechnology industries. Linkedin: https://www.linkedin.com/in/nadeesha-gamage-91a2261b/).