If you’re somewhat familiar with the term full lifecycle API management but still wonder precisely what stages encompass the lifecycle of API Management and what happens at each stage, read on.
Full lifecycle API management is a term illustrating the need to manage all steps in the lifespan of an API, from creation to retirement. It provides the platform for digital strategy, building ecosystems, and running an effective API program.
APIs are proliferating, as they are the lynchpin for digital business. The major challenge for companies is to cope with the increasing demand for new APIs by:
- Creating APIs rapidly
- Controlling them by managing a catalog and enforcing a powerful security level
- Consuming them directly or via third-party developers
The Full Lifecycle API Management approach provides a holistic view of how to manage the different stages in the life of an API, from creation to retirement. Developing a well thought out API is a critical piece of digital transformation and helps provide a positive outcome for businesses. From ideation to monetization, having a well-defined plan will make the entire process run smoother and help identify and potential roadblocks.
The API Lifecycle Management diagram below represents a detailed view of the steps in the life of an API, which we will talk more about below.
API lifecycle stages
There are three key components of an API lifecycle (Create, Control, Consume) with Analytics at the center of it. Each component of the lifecycle can be broken down into several stages.
API Creation stage
- MODEL– Visually or programmatically specify the data needed for your API endpoints.
- Let’s assume you have an existing database that contains data you want to expose with APIs. Thanks to connectors, you can easily expose the data model and define your own API format.
- The same applies to SaaS applications which APIs you can connect to with connectors to turn them into your own API format.
- ORCHESTRATE– Combine and normalize data from multiple sources.
- You might want to expose an API that combines information from different underlying APIs. With the orchestration ability, you can do this easily, both in a synchronous or asynchronous way.
- Once it’s time to build your API, Amplify API Builder helps build and assemble APIs with ease.
- TRANSFORM– Convert legacy formats (e.g. XML) to modern consumable formats (e.g. JSON).
- When it comes to connecting to the internal systems, such as the ESB, there are still many internal SOAP Web Services (XML) that need to be exposed to REST APIs (JSON) for easier consumption by digital apps. A Visual Mapper allowing easy and graphical conversion between those two formats is an important tool to have.
- DOCUMENT– Auto-generate docs and code-snippets for models and API operations.
- API Documentation is key for developers to manipulate them easily. But this is also a very tedious, boring, and error-prone task. Having a tool that generates API documentation automatically is a big pain reliever.
- TEST – Before publishing, it’s important to complete API testing to ensure they meet performance, functionality and security expectations.
API Control stage
- DEPLOY – Once tested, it’s time to publish your APIs to become available to developers. Instantly deploy APIs to the target environment with zero setup effort.
- In a digital world, the time between code delivery and deployment needs to be as short as possible. DevOps tools speed up this with Continuous Integration and Continuous Delivery. To manage your APIs, you need a solution that integrates very well into your DevOps strategy. For smaller projects, you even need a solution that comes with an elastic runtime you can deploy to with just a single click.
- MANAGE – Manage access to the API and protect the quality of service via rate-limiting and SLAs. Your developers need to be able to make sure APIs are up to date and the integrity of your APIs isn’t compromised.
- The more APIs you have, the more unmanageable they get. You will feel very quickly the need for an API Catalog you can browse easily and where you can manage the publication state of your APIs (unpublished/published/deprecated/retired) and their versioning.
- The API Catalog should also contain rate-limiting settings (to protect your internal systems against high traffic peaks coming from API usage) and SLA enforcement.
- SECURE – Establish and enforce enterprise policies for security and firewalling APIs.
- As APIs are a door to the world, securing them is paramount. Security risks and concerns are a common problem today. You need an API Management solution that offers top-notch API security. We’ve also compiled the top 10 API security risks to consider in designing and managing your APIs.
- As Axway Catalyst Erik Wilde points out in that article, security begins very early in the lifecycle and must be part of the general mindset in the API design and development process.
- Security certification such as Common Criteria is also strongly recommended.
- SCALE – Auto-scale infrastructure up or down to run your server-side apps.
- Web traffic is unpredictable and extremely variable. You need an infrastructure that adjusts automatically with the traffic, with no manual intervention needed.
API Consumption stage
- PUBLISH– Market to internal groups, partners, or the public via a central API Catalog.
- APIs from the API Catalog are published into an API Developer Portal to be easily consumed by developers.
- There are three types of APIs, requiring different settings for your API Portal:
- Private APIs– for internal use only
- Partner APIs– for a specific set of partners only
- Public APIs (often called Open APIs) – available to anyone.
- Those API types need to be managed differently, for example, partner APIs must require you to have a partner onboarding process in the solution.
- The marketing aspect shouldn’t be neglected. An Open API Portal will need attractive branding and should also be promoted through the different marketing channels, for example listing it in an API Marketplace.
- When you offer your APIs for public or private consumption, onboarding is an important component so developers understand the key capabilities.
11. DISCOVER – Offer self-service access for developers to browse APIs, their attributes, and documentation.
- The API Portal is designed for self-service. Developers should be able to connect 24/7 and experience smooth navigation with documentation, Q&A, and support widgets if help is needed.
- Before using an API, developers prefer to test it first, so your API Portal should offer an easy try-it feature.
12. INVOKE – Execute API operations or out-of-the-box MBaaS services from a client app.
- To use APIs, developers get an automatically generated API from the API developer portal and can then integrate those APIs into their code with the help of an API SDK for their favorite development language.
- To accelerate your mobile app development, out-of-the-box MBaaS servicesare great to have available in your API Portal.
13. MONETIZE – Track use, reuse, and adoption and apply rate plan policy to generate API revenue.
- API monetization is a complex topic. Most of the time, APIs are offered for free because they represent a new way of making business and the business value doesn’t reside in the API itself, but in what it represents in terms of larger outreach and new market share.
- But sometimes, companies might want to monetize their APIs because their underlying data are part of their business. A good example is the Data as a Service Dun & Bradstreet project using our Amplify API Management solution.
14. RETIRE – Retiring APIs is the last stage of an API lifecycle and happens for a variety of reasons, including technology changes and security concerns.
Your APIs are live, but how are they performing? You can see on the API Lifecycle Management diagram above a circle in the middle named “Analyze.” This position in the middle means that API Analytics is paramount across the full API Lifecycle Management.
Why? Simply because you can’t control nor improve what you can’t measure.
API Analytics help you understand your digital business and catch abnormalities before they impact your operations. Embedded analytics for API management is a must-have when you want to manage your growing number of APIs.
Full lifecycle API management tools
One tool used is a developer portal, which is the interface between APIs and their stakeholders. It’s used to target, market, and govern communities of developers who use the API. It also offers other useful features like runtime management, API analytics, and gives the estimation of an API’s value.
An API gateway is another tool used, which is programming that sits in front of an API and acts as a point of entry for a defined group of microservices. Some benefits to using an API gateway is providing the optimal API for each client, reduces the number of requests, and it enforces security policies.
API Management has been evolving over the years, with enterprises pushing the technology envelope by enhancing efficiency and changing how people use technology. For a more step-by-step guide to mastering full lifecycle API management with Amplify, watch Vince Stammegna’s video series.
Discover how the right API Management Platform gives visibility and control over the full API lifecycle.