Axway’s Amplify Enterprise Marketplace has been a great success in helping many of our customers overcome some “growth pains” in their API program. The stage of each customer on their API journey, however, is completely different.
While some already have an established, mature API program that has been running on a platform already, others are new to the API world and are just starting to see a growing number of APIs in their organization they now need to somehow govern and secure.
Amplify Marketplace is perfectly fit to support enterprises every step of the way, be it just by figuring out what APIs they have or by organizing, governing, or even publishing and potentially monetizing them.
A recent customer engagement illustrates the early stages of this journey perfectly; let’s take a look.
API sprawl obscures visibility and increases security risks
A large German energy provider engaged us describing the pain they were facing in their API program. What they were seeing was that many of their internal applications were using APIs to communicate with each other. However, external consumption of APIs by people outside their organization was also quickly gaining momentum.
Discover how other energy and utilities companies are succeeding with API management.
When we entered the discussion, our customer quickly described their pain as a loss of insight and overview. Asking high-level questions like “how many APIs do you guys have” lead to some reflection on the level of knowledge one really has over one’s APIs. Not being able to answer this question means having an open flank, as you cannot govern what you do not know you have.
Our customer quickly drew the conclusion that they are uncertain of how many APIs they have, but it was estimated to be somewhere around the mark of 100,000. Large ERP system integrations represented a few thousand of those.
Most of the APIs, as far as the customer knew, were managed by the numerous gateways from different vendors they use.
Something they were sure of, though, is that a large number of APIs were connecting system-to-system without any gateway to secure the communications. Additionally, enforcing unified security and governance guidelines across the various gateways and systems in place was simply impossible. This is a very common challenge with enterprise API sprawl.
Everything they did not have immediate control over was a security risk, the customer stated. The “unmanaged APIs” that are not secured by any gateway were an especially significant risk, as there was no way to make sure that a certain security standard is met, let alone know which APIs there even are.
Clearly, this API program was growing fast and had a high need for overview and governance.
An API marketplace improves governance and control
Let us look at this specific use case and further determine how Amplify Marketplace can aid in growing adoption for low-maturity API programs.
In a highly ungoverned and unmanaged environment, centralized policies and guidelines are impossible to enforce. This leads to large gaps between the security of different APIs across an organization and might leave vulnerable loopholes that malevolent outsiders could slip through.
Read also: The balancing act of API governance
Amplify Marketplace is a single governance plane for all APIs across one’s organization. It is meant to be the single source of truth regarding APIs and integration assets in general. To make sure one looks at the complete picture and not just parts of it, the Amplify Marketplace comes with two agents, the discovery and the traceability agent.
Those agents are rolled out across the IT landscape of an organization. They can be deployed directly on top of gateways or from central places within network segments that allow access to gateways or systems that communicate via APIs.
The discovery agent does not only discover APIs that are managed in a gateway. It also discovers so-called “unmanaged APIs” that are not managed by a gateway but are integrated with directly. All these managed and unmanaged APIs are cataloged in a central governance plane, Amplify Platform.
See also: API proxy vs. API gateway
From here, one can see all the APIs across the complete organization, has immediate insight into whether they are managed or unmanaged and on which gateway they have been detected. This allows full overview of possible duplications, deprecated integration assets or unsecured communications. From there on, one can make sure to onboard all unmanaged APIs onto gateways to enforce secure communication channels and close vulnerabilities.
Watch the full demo of Axway’s Amplify Marketplace here.
But the marketplace’s capabilities do not stop there. With the help of an API linting feature, a ruleset can be defined against which discovered APIs are checked. The cataloged APIs then immediately show a score e.g. for design or security.
This allows direct insights into vulnerabilities and weaknesses and allows for better decision-making by being able to immediately see which APIs are well-designed and secured and which are not. The scores are visualized by grades from A-F. These grades can be filtered so the work can start from the poorest scores to make sure to focus on the biggest weaknesses first.
Well-governed, secured, and designed APIs can then be grouped into assets, productized, and even monetized in higher-maturity API programs.
How did Amplify Marketplace solve this customer’s pains?
With the help of the agents and CLI integrations on the CI/CD pipeline level, the majority of APIs were discovered in a short period of time. The service overview immediately helped gain insights into what was out there in the customer’s environment.
The onboarding of unmanaged APIs and the enforcement of security guidelines through the insights gained from the linting feature helped assess where to focus future development. The more gateways, network segments, and applications are onboarded, the larger the insights, the more complete the picture, and the fewer the possible vulnerabilities.
Through assigning tags and categories to the discovered services, the organization ensures a full picture for a catalog that holds 100,000 items. With the help of key-value pairs, searches can be optimized, team access can be restricted, and a more collaborative, targeted way of working can be ensured.
Not everybody should have access to the full-blown catalog, it should rather be spread across various teams, maintaining the solutions for which the APIs have been discovered, so only admins of the marketplace have the overview over everything out there. This way, decision-making can be delegated to the experts and development can be more focused.
The next step: API productization and monetization
Remaining with the given use case, the discovery of APIs and their collection in a single governance plane is just the start of the journey. Once unified governance is enforced, all vulnerabilities are closed, and the APIs are well-designed, one department at a time can start leveraging the power of the marketplace to publish their APIs to an internal marketplace and directly link documentation, instructions, support contacts, and meaningful information to ease the integration with their APIs for other people within their organization.
This can happen team by team or for several departments at the same time, and allows not only for a single point of truth for all integration assets, but also for a single point of integration where everyone within an organization who wants to interconnect two or more systems can subscribe to a product and easily integrate – without having to look for who is responsible, where to find documentation on how to use the APIs, etc.
Of course, internal publication is only one more step on the road of API program maturity. Further down this road, a separate, branded marketplace can be launched to external partners or even the broad public to ease the integration of external stakeholders with internal resources.
Again, this central point of integration allows central governance over who is allowed to use which resource and even which product is visible to whom. It eases the integration for partners and consumers by allowing easy access to relevant information. With the help of reviews, the adoption can be grown even further and valuable experiences gained by API consumers are not lost but can instead be leveraged for better decision-making.
This decision-making can be further enhanced by using Amplify Marketplace’s business insights feature. From information on who is using which API, how many calls they make, which documentation they access, etc. to creating custom dashboards that grant an overview of relevant KPIs for the integration, the information that is gained from having a unified platform for all integration assets can be easily accessed and used to better understand what is meaningful for one’s audience and where a focus on future development might be beneficial.
Once the API products start really creating value for consumers, it might be time to think about getting a slice of the cake and starting to monetize the APIs. With the aid of Amplify Marketplace, this can easily be done for certain products or APIs within a product.
The API can either be monetized from the get-go or a plan can be used that allows for free usage up to a certain number of calls within a freely defined time frame. This opens a whole new revenue stream for high-maturity API programs and makes it possible to easily see the value of the APIs in the unit of dollars flowing in.
Gain visibility and bring digital products to market faster with Amplify Enterprise Marketplace
Amplify Marketplace is clearly a powerful tool. It is not just a cherry on top of an already-great API program, but it also helps organizations who are just starting their API journey to start it right, gain momentum, and avoid troubles others have been facing.
This allows an API program to grow organically but in a fast, pain-free, and organized way rather than having no control over the rapid growth organizations are experiencing in their API-based integrations.
Whatever stage you are at, it might be worth thinking about questions like
- “Do I know how many APIs we have?”
- “Do I know which systems are consuming my APIs?” or
- “Can I be sure that all communication channels into my organization are governed and secured?”
If you feel the answer to those questions is not certain, rest assured that, in our experience, this is what most organizations feel. But a tool like Amplify Marketplace might be what can aid you in answering these questions and securing your organization, as well as steering the growth of your API program.
Whatever stage you are at on your API journey, an API marketplace is a tool worth having.
For more, download our checklist, “What is an API marketplace and why do you need one?”
Follow us on social