API Lifecycle Management is a term illustrating the need to manage all steps in the life of an API, from creation to retirement.
APIs are proliferating, as they are the lynchpin for digital business. The major challenge for companies is to cope with the increasing demand for new APIs by:
- Creating APIs rapidly
- Controlling them by managing a catalog and enforcing a powerful security level
- Consuming them directly or via third-party developers
The API Lifecycle Management approach provides a holistic view on how to manage the different stages in the life of an API, from creation to retirement.
The API Lifecycle Management diagram below represents a detailed view of the steps in the life of an API, which we will talk more about below.
API Creation stage
- MODEL – Visually or programmatically specify the data needed for your API endpoints.
Let’s assume you have an existing database that contains data you want to expose with APIs. Thanks to connectors, you can easily expose the data model and define your own API format.
The same applies to SaaS applications which APIs you can connect to with connectors to turn them into your own API format.
- ORCHESTRATE – Combine and normalize data from multiple sources.
You might want to expose an API that combines information from different underlying APIs. With the orchestration ability, you can do this easily, both in a synchronous or asynchronous way.
- TRANSFORM – Convert legacy formats (e.g. XML) to modern consumable formats (e.g. JSON).
When it comes to connecting to the internal systems, such as the ESB, there are still many internal SOAP Web Services (XML) that need to be exposed to REST APIs (JSON) for easier consumption by digital apps. A Visual Mapper allowing easy and graphical conversion between those two formats is an important tool to have.
- DOCUMENT – auto-generate docs and code-snippets for models and API operations.
API Documentation is key for developers to manipulate them easily. But this is also a very tedious, boring, and error-prone task. Having a tool that generates API documentation automatically is a big pain reliever.
API Control stage
- DEPLOY – Instantly deploy APIs to the target environment with zero setup effort.
In a digital world, the time between code delivery and deployment needs to be as short as possible. DevOps tools speed up this with Continuous Integration and Continuous Delivery. To manage your APIs, you need a solution that integrates very well into your DevOps strategy. For smaller projects, you even need a solution that comes with an elastic runtime you can deploy to with just a single click.
- MANAGE – Manage access to the API and protect the quality of service via rate-limiting and SLAs.
The more APIs you have, the more unmanageable they get. You will feel very quickly the need for an API Catalog you can browse easily and where you can manage the publication state of your APIs (unpublished/published/deprecated/retired) and their versioning. The API Catalog should also contain rate-limiting settings (to protect your internal systems against high traffic peaks coming from API usage) and SLA enforcement.
- SECURE – Establish and enforce enterprise policies for security and firewalling APIs.
As APIs are a door to the world, securing them is paramount. You need an API Management solution that offers top-notch API security.
Security certification such as Common Criteria is also strongly recommended.
- SCALE – Auto-scale infrastructure up or down to run your server-side apps.
The Web traffic is unpredictable and very variable. You need an infrastructure that adjusts automatically with the traffic, with no manual intervention needed.
API Consumption stage
- PUBLISH – Market to internal groups, partners, or the public via a central API Catalog.
APIs from the API Catalog are published into an API Developer Portal to be easily consumed by developers.There are three types of APIs, requiring different settings for your API Portal:
Private APIs – the ones for internal use only
Partner APIs – the ones for a specific set of partners only
Public APIs (aka Open APIs) – the ones available to anyone.Those API types need to be managed differently, for example, partner APIs must require you to have a partner onboarding process in the solution.
The marketing aspect shouldn’t be neglected. An Open API Portal will need attractive branding and also promoted through the different marketing channels.
- DISCOVER – self-service access for developers to browse APIs, their attributes, and documentation.
The API Portal is aimed to be available in self-service. Developers should be able to connect 24/7 and experience smooth navigation with documentation, Q&A, and support widget if help is needed.
Before using an API, developers prefer to test it first, so your API Portal should offer an easy try-it feature.
- INVOKE – Execute API operations or out-of-the-box MBaaS services from a client app.
To use APIs, developers get an automatically generated from the API developer portal and can then integrate those APIs into their code with the help of an API SDK for their favorite development language.
To accelerate your mobile app development, out-of-the-box MBaaS services are great to have available in your API Portal.
- MONETIZE – Track utilization and apply rate plan policy to generate API revenue.
API monetization is a complex topic. Most of the time, APIs are offered for free because they represent a new way of making business and the business value doesn’t reside in the API itself, but in what it represents in terms of larger outreach and new market share.
But sometimes, companies might want to monetize their APIs because their underlying data are part of their business. A good example is the Data as a Service Dun & Bradstreet project using the Axway API Management solution.
- You can see on the API Lifecycle Management diagram above a circle in the middle named “Analyze.” This position in the middle means that API Analytics is paramount across the full API Lifecycle Management.
- Why? Simply because you can’t control nor improve what you can’t measure.
- Embedded Analytics for API Management is a must-have when you want to manage your growing number of APIs.