The first is API Management for web, cloud and mobile enablement where the APIs are exposed, but behind the firewall and made available only for internal app developers and business partners. This actually encompasses a 3rd use case, which is partner enablement. The main purposes are typically to expose reusable services leading to faster application development and easier integration, to power web, cloud and mobile applications, and to enable business partners for self-service. Let’s look at a couple of examples of how this is used.
With the objective of serving its customers and partners, a large utility company of Software AG’s exposed their APIs internally and created two mobile apps. Their Customer app allows users to self-manage their accounts, receive energy saving tips and manage their energy bill using mobile devices 24x7. Their Partner app provides services for a diverse mix of organizations, such as providing an average energy bill for a given house for rental companies, or general customer information for value added services and products.
Another example is from a multinational company who exposes their APIs to retailers that sell their gift cards so that the retailers can authorize and check the balance on these cards.
The second main use case is for API Management for Open API Programs where the APIs are exposed and promoted externally for any 3rd party developer’s use. This scenario supports a number of purposes, including obtaining new sources of revenue (monetization), reaching new markets and customers, and for fostering innovation (i.e. creating new apps with uses you never imagined. Let’s face it – you can’t think of every possible use case). Exposing the APIs externally is accomplished through an API Developer Portal where the APIs are clearly documented with descriptions, sample code, test capabilities, and usually some type of forum or collaboration capability where users and potential users of the APIs can communicate.
Regardless of the use case, it is imperative that the APIs provide good business value, that their purpose is well thought out ahead of time, and that they are provisioned properly to support 24x7x365 secure accessibility. The API runtime environment, of course, provides the mediation, back-end services and data to the consuming apps, as well as security from the consumers against denial-of service attacks and other threats. It is important to have a solid platform with lifecycle management and overall governance to support your API Management implementation.