As API use has exploded across IT departments large and small, the need to manage APIs as independent entitiesāboth APIs themselves and calls to themārapidly became apparent. We have been through this cycle several times beforeāORBs, DCOM, object repositories ā¦ the list goes on.
There are several competing goals when introducing some management structure into formerly as-needed remote calls occurs. We want to publish and advertise connections in the hopes we can avoid (or at least minimize) reinventing the wheel, while we also want to make access easier for app developers that are trying to use our APIs. Meanwhile, we want a centralized location where ops can monitor API usage, security can review APIs for compliance and āapprovedā APIs can be advertised or even hosted. Finally, we want to give internal developers access to approved external APIs that have been deemed appropriate and safe for the organization to use.
As with previous iterations of this process, these goals, taken together, prove to be huge. There is a lot there to try and cover in an ever-changing API landscape. It is worse in this iteration, simply because of the proliferation of external APIs. Prior to REST, each iteration had more APIs, both internal and external, than the one before, and REST is keeping with that pattern, though now that we can look back, the external bit is a hyperbolic curve, not a line.
So, it is interesting and cool to see the market fragmenting a bit. The entire package is a huge order that a few companies have taken on; Iāll leave it to you to decide if theyāve handled it well enough for your org. Others have taken one of two approachesācentralizing API access to external services that have been vetted and interfaced with by the vendor or enabling internal API developers and users.
Now, we have a couple of manageable chunks to look into. I would even go so far as to say most vendors come from one or the other of these worldviews, and you should compare their ātiltā to your organizationās needs before purchasing an API management product. I would much prefer if we separated these markets into āAPI managementāāthose doing (or trying to do) it all, āAPI integrationāāthose simplifying and enabling access to approved APIs like Salesforce or ADP and āAPI enablementāthose making writing, publishing, securing and advertising internal APIs easier. But I donāt get to make these calls, so weāll have to watch it unfold.
If your need is to streamline and protect your organizationās access to external platforms, and you use many popular services, start with API integration. If you need to get a handle on APIs that you are creating and using internally, start with API enablement. If you need both, and a centralized store of approved APIs regardless of source, look to API management. APIs have become central to our development efforts, and there will only be more of them in the future, so it is worth deciding where your org could use help and set out to research your options.
Of course, youāre rocking it. DevOPs isnāt letting DEVops poke too many holes in the firewall; DEVops is cranking out solutions and devOPs is keeping them alive. This is just another tool to keep things on an even keel as more and more of the organizationās development is API-based.
