building an enterprise api program · 2019-10-28 · about me & rapidapi founder & ceo @...
TRANSCRIPT
Building an Enterprise API Program
Iddo Gino – CEO & Founder, RapidAPI
Agenda
Proliferation of APIs 1
2 API Stages: Private, Partner, Public, External
5 5 Components of an API Strategy
4 API Strategy & API Hub
3 Challenges with APIs
About Me & RapidAPI
● Founder & CEO @ RapidAPI
● Building APIs and Applications for over 10 years
● Thiel Fellow
● Forbes 30 under 30
● Reach out! [email protected]
● World’s Largest API Marketplace
○ 1 Million Developers
○ 10,000 APIs
○ Billions of API Calls
● Founded in 2015
● Based in San Francisco & Tel Aviv
● Backed by:
○ Andreessen Horwitz
○ Microsoft
○ Grove
Iddo Gino
The Need for a Strategy
APIs are Proliferating
They Have Huge
Potential…
…But also Challenges
We Need an API Strategy
Has to encompass full cycle – from private to public APIs
Proliferation of APIs
● Developers are increasingly utilizing APIs to develop new applications and software
● API Economy is predicted to grow to $2.2 Trillion dollars
● Already yielded multiple unicorns:
Ovum, “Realizing the Business Value of APIs,” October 2014 Google Searches for “Rest API”, 2004-2019
Acquired - $3B Public - $15B Private - $35B
Acquired - $800M Public - $18B Private - $1.1B
Where are APIs Used in the Enterprise?
Billing API
Users API
SSO API
Orders
API
Shipping API
Tracking API
Catalog API
Products API
Partners
Developers
3rd Party APIs
API Components
• Internal services created by
development team
• Used to build applications
and services
• Not exposed externally
Private APIs
• Powering integrations with
select partners and
customers
• Exposed on a per-need
basis
• Requires direct business
agreement / relationship
Partner APIs
• Powering community-built
applications and
integrations
• Exposed broadly on a self-
service basis
• Opens innovation
Public APIs
• Used by developers to
speed up development
• May be integrated on an ad-
hoc basis by developers
• Used for basic
infrastructure and
functionality
3rd Party APIs
Continuous Process
Private APIs Entering Mainstream
68% of organizations are using or
investigating microservices
29%
15%
24%
30%
68%
Using microservices in production
Using microservices in development
Investigating microservices
Other (2%)
Not using microservices
Ngnix Survey, 2015
3.2%
5.6%
8.8% 8.8%
10.4%
8.0%
10.8%
12.4%
8.0% 8.0%
7.2%
8.8%
How many APIs in your organization?
Imperva API Survey, 2018
Private APIs Growing Creation of APIs
50% of organizations have more than 300
APIs
Private APIs Creating Data & Development Silos
FICO Score API
Loan Offer API
Mortgage Rate API
Loans Team
Accounts API Users API Registration
API
User Data Team
FICO Score API
Loan Offer API
Analytics API
Mobile Team Web Team
Loan Offer API
Users API Analytics API
Private APIs Varied Deployment Environment
APIs are running across many
environments.
Siloing is aggravated by having multiple
environments
2014 2015 2016 2017 2018 2019 2020 2021
Infrastructure Spend in Enterprise
Data Center Private Cloud Public Cloud
IDC, Gartner, Based on Value 2019
API Partnerships Drive Businesses
Companies are creating new channels
through partner APIs.
Creating platform businesses by opening
up APIs.
Working with partners to create unique
solutions.
90%
60%
50%
Percentage of Revenue Generated Through APIs
Harvard Business Review, The Strategic Value of APIs, 2015
Companies Exposing More Public APIs
More and more companies are opening
public APIs
0
5000
10000
15000
20000
25000
30000
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Publicly Available APIs
APIs Programable Web, 2019
Using 3rd Party APIs Accelerates Development…
Faster Development
Better Service Cost Effectiveness New Possibilities
Quickly integrate existing functionality rather than building it
from scratch
API providers accumulate years of
expertise to offer higher quality services
API companies enjoy economies of scale, and thus can offer
services at lower cost
Benefit from services like artificial
intelligence, machine learning and image
recognition
… But Integrating APIs is Hard
The “plumbing” of API integration hurts developer
productivity.
Every API speaks a different “language”:
● Format:
○ REST
○ SOAP
○ GraphQL
○ RPC
○ gRPC
○ Random
● Data:
○ XML
○ JSON
○ Binary
○ YAML
19%
38%
19%
16%
8%
>5 30 60 90 >180
Average Number of Days to Build Net New API Integrations
State of API Integration, 2018 Report
● Authorization:
○ OAuth 1.0
○ OAuth 2.0
○ OAuth Random
○ Basic Auth
○ Custom
● Signing Request
● Client SSL
● Dashboards
● Billing
● Provisioning
And 3rd Party APIs Create Risk
Every API is a Run Time dependency of your application, so
If an API goes down
Your App is Down
If an API is breached
Your Data is Leaked
If an API is slow
Your App is Slow
If an API is not compliant
Your App is not Compliant
And 3rd Party APIs Create Risk
Need for API Strategy - Challenges
For Internal Development External Facing
Private APIs & Microservices
How to make APIs shared and used across the organization
Partner Facing APIs
How to easily expose services to partners and make integrations seamless
Public APIs
How to create a public API ecosystem that fuels innovation
External 3rd Party APIs
How to visualize and govern the consumption of 3rd party APIs
Sharing APIs Governing APIs Discovering APIs
Strategy Goals
• Make it easier for
developers to
collaborate, share
and reuse APIs
Private APIs
•Enable business
partnerships through
seamless
technological
integrations
Partner APIs
•Unlock innovation by
leveraging the
developer community
with an open API
Public APIs
•Govern and monitor
the consumption of
3rd party APIs
3rd Party APIs
API Strategy Components
Executive commitment to cultural shift
Organization Structure
API Platforming
Education & Awareness
Executive Support
Peripheral Tooling
Team structure and talent to support
API transformation
Create programs to educate developers
on APIs and drive adoption through
awareness
Enhance API strategy with full
toolset for run and design time
Create a platform for managing and coalescing APIs
API Strategy Components
API Platforming
Executive Support
Developer Adoption
Executive Support
Developer Adoption is Critical BUT
Executive Support is the Catalyst
Executive Support is Detrimental to:
Team • Dedicating headcount & budget to own API management
Tooling • Appropriating budget for API tooling
• Standardizing on central components to drive unity
Time • Allowing time for engineering teams to make the transition (long term investment)
Incentive • Rewarding teams that share APIs and contribute
• Flag teams that are staying behind
Culture • Breaking cultural silos – operating as one company
This is critical
Executive Support – Microsoft
Satya Nadella CEO, Microsoft
“Right now we are API-ing every layer, celebrating any use anywhere and knowing we’ll have more opportunities in the future.”
05.06.2019
Executive Support - Amazon
Jeff Bezos CEO, Amazon
Amazon Inc., 2002
1) All teams will henceforth expose their data and functionality through service interfaces.
2) Teams must communicate with each other through these interfaces.
3) There will be no other form of interprocess communication allowed: no direct linking, no direct reads of another team's data store, no shared-memory model, no back-doors whatsoever. The only communication allowed is via service interface calls over the network.
4) It doesn't matter what technology they use. HTTP, Corba, Pubsub, custom protocols -- doesn't matter. Bezos doesn't care.
5) All service interfaces, without exception, must be designed from the ground up to be externalizable. That is to say, the team must plan and design to be able to expose the interface to developers in the outside world. No exceptions.
6) Anyone who doesn't do this will be fired.
Executive Support - Amazon
Executive Support – JP Morgan
Stephen Markwell Product Strategy, JP Morgan
APIs and How They Work | TechTrends | J.P. Morgan
Organization Structure
API Strategy Components
Team Ownership of Their Services VS
Standardization Across the Company
API Platforming
“Vertical” Ownership
“Horizontal” Standards
What questions do we need to answer?
● Who approves APIs to be used?
● Who approves APIs to be published?
● Who defines the standards that APIs conform to?
● Who decides & buys APIs tools? API Tooling
Governing APIs
API Standards
Team Ownership VS Horizontal Standards
Why Team Ownership?
● Optimization - Allow teams to define their own tools,
cadence and stack based on:
○ Specific product / tech needs
○ Team knowledge
○ Available resources
● Experimentation - Allow for more experimentation in
the stack
● Culture - Feeling of ownership by different teams
Why Horizontal Standards?
● Interoperability – make it easier for teams to
collaborate and use other services by making them
familiar
● Support – align the tech stack to have expertise built
throughout the organization
● Economics – benefit from economics of scale when
buying tools in bulk
● Optimization – allow to hone and perfect a single stack
across the company
Hybrid Ownership Model
API Center of Excellence Engineering Teams
Internal APIs 3rd Party APIs Internal APIs 3rd Party APIs
Governance • Define requirements
for external facing APIs
• Approve external APIs
• Monitor external API
usage
• Self service consumption of internal & external APIs
from Hub
Tooling Buy central tool for API sharing and discovery • Define own tools for
runtime, API design,
API building
N/A
Standards • Educate on API best-practices
• Certificate “API Heroes”
• Help preparing APIs for Externalization
• Freedom to build APIs
in most suitable
standards
N/A
Tooling Decisions
● Central tools – but self service
● Others are distributed
Business Need
Build Phase Test & Deploy
Design API
Framework Language / Runtime
Mock Gateway Runtime Testing and Monitoring
Publish & Share
Document API
Publish API to Organization
API Ready
API Platforming
API Strategy Components
There Must be a Standard Place
to Discover and Connect to APIs
API Platforming
API Runtime – a Variety of Technologies
API API API API
APIgee Akana Ngnix
API API API API
Tyk AWS API Gateway
API API API
Data Center Cloud Kubernetes
Developers
?
Envoy
Variance is Increasing–More APIs, More Platforms
3.2%
5.6%
8.8% 8.8%
10.4%
8.0%
10.8%
12.4%
8.0% 8.0% 7.2%
8.8%
How many APIs in your organization?
2014 2015 2016 2017 2018 2019 2020 2021
Infrastructure Spend in Enterprise
Data Center Private Cloud Public Cloud
IDC, Gartner, Based on Value 2019
Imperva API Survey, 2018
API Hub
aka API Hub / API Catalog /
API Store / API Marketplace
API Hub
API Creators
• Publish APIs
• Control API Access
• Define Usage Limits
• Monitor and Analyze Usage
API Consumers
• Discover Available APIs
• View API Documentation
• Provision Access
• Test API Requests
Governance Team
• Control API Visibility
• Define API Readiness Requirements
• Ensure Used APIs’ Compliance
• Track API Usage
Publicly Used APIs
API Hub – a Single Consolidation Layer
API API API API
APIgee Akana Ngnix
API API API API
Tyk AWS API Gateway
API API API
Data Center Cloud Kubernetes
Developers
Envoy
API Hub
Key API Hub Capabilities
• Support for all standards (OAS, GraphQL, etc.…) API Publishing
• Be able to search through all available APIs Discovery
• Be able to view documentation and test APIs easily Testing / Evaluation
• Provision API Access Provisioning
• Get information about API users and their usage Analytics & Metrics
• Be able to get support for used APIs and discuss enchantments Discussions / Support
Peripheral Tooling
API Strategy Components
Additional Tooling Required for
a Successful API Strategy
API Platforming
Peripheral Tooling Around the API Lifecycle
API
Producer
Design
Mock
Develop
Test
Deploy
Secure
Publish
Monitor
Monetize
Discover
Evaluate / test
Integrate
API
Consumer
Pay/subscribe
Monitor /Optimize
Manage Engage
Acquire
Secure
API Design
● Creating the documentation for the API and testing it in design time
● Used by individual developers as they design the API
Testing and Monitoring
● Make synthetic requests to the API for live testing in the runtime
● Multiple Use Cases:
○ Monitoring API Uptime
○ Complex Functionality Testing (asserting request / response)
○ Performance Testing (multi-geo, multi-request)
Synthetic Data
● Some data-sets are more sensitive, and thus can’t be shared across the company
● Synthetic Data -> “fake” data set that carries the same statistical properties as the original data, so it can be used for
AI/ML
Original Data
SQL
HDFS
API
Synthetic Data Generator API
Middleware for Older Services
● Convert older API types to more modern APIs (REST, GraphQL etc.…)
● Combine data from multiple sources into a single user-facing APIs
● Create APIs on top of existing systems / datasets (RPA, Middleware)
Education & Awareness
API Strategy Components
Create Awareness to API Program to
Drive API Publishing & Consumption
Educate on New Technologies & Best
Practices
Education and Awareness
Awareness
● API Newsletter – highlight new services and data available and new
tooling. Reward API publishers
● Celebrate Wins – create awareness of wins, incentivizing both API
publishers and users
● Events – internal hackathons and meetups are great starting points
for API awareness
Make API publishers heroes– They will be the internal champions.
Everyone want their API to be popular!
Education
● API Standards– maintain up-to-date documentation and guides on
API standards and tooling
● Seminars – perform workshops / seminars on API development and
tooling
● Online Courses – there are great online courses available. Buy and
make available throughout the company
API development is a basic skill – just like writing safe code or managing
agile development
API Strategy Components
Executive commitment to cultural shift
Organization Structure
API Platforming
Education & Awareness
Executive Support
Peripheral Tooling
Team structure and talent to support
API transformation
Create programs to educate developers
on APIs and drive adoption through
awareness
Enhance API strategy with full
toolset for run and design time
Create a platform for managing and coalescing APIs
