API Management Implementation - What Works

API Strategy

API Management Implementation – What Works

·  2 Min Read

Decisions and steps we have taken that have proven to be effective in implementation of an API Management program: 1. Define security models upfront. Security policies should not be invented on the fly by each API designer. In our case we identified a limited set of security policies which we wanted to support, and the API designer selected from that list. This has resulted in a consistent and reliable security implementation.
In Part 1 of this series, we discussed the lessons learned from a large insurance company during their implementation of an API Management Program. In this post Simon discusses what they found to work well during that journey. 

 

Decisions and steps we have taken that have proven to be effective in implementation of an API Management program:

1. Define security models upfront

Security policies should not be invented on the fly by each API designer. In our case we identified a limited set of security policies which we wanted to support, and the API designer selected from that list. This has resulted in a consistent and reliable security implementation.

2. Automate publication to the Dev Portal

The design platform, as the system of record for API data, is the logical point from which information can be published to the Developer Portal. We elected to do this once the API reached a specific lifecycle state. This allowed us to automate the creation of entries in the Developer Portal with API descriptions expressed in Markdown, and with request and response examples presented in the portal along with the OpenAPI specification. By mapping the API in the design platform to various taxonomies we were able to control the layout out of the API in the portal.

3. Adopt standards for completeness

Our initial experience with the design platform led us to realize that the API designer was unlikely to fully define the API, especially to the degree necessary to support automation of policies and API portal integration. We successfully introduced a self-enforced governance checklist which let the API designer validate their work, and which resulted in higher quality products.

4. Business traceability

Once several hundred APIs have been created it becomes difficult to understand what has been created.  To address that we represented a business capability model within the design platform and mapped each API to a part of capability hierarchy. This gives us the ability to look at a part of the business and see which APIs are supporting that function.  We similarly implemented a Journey taxonomy, for the same purpose.

business traceability of new APIs in API Management program
Successful implementation of an API Management program requires business traceability of new APIs
Read on for the final part of the series where Simon discusses the opportunities that a successful API Management Strategy as well as a Holistic Abstracted Catalog unlocks for large enterprises.

About the Author

Learn the Best API Practices and Get the Latest ignite Updates

What can we help you find?

Use of cookies

We use cookies to make the website optimal and to continuously improve it. By continuing to use the site, you consent to the use of cookies. Please refer to the privacy policy for more information.