So, what is an API, anyway?
API stands for Application Programming Interfaces. They help developers integrate third-party features, exchange data between apps, and connect enterprise systems.
In other words, an API is an interface which allows various pieces of software to communicate with each other.
These interfaces come in two types:
Internal APIs are only available to developers within your organization and select partners. This is the most common type of APIs that operate behind the majority of digital products.
External APIs are available to everyone on the web (as long as they have the API key). This is often the first thing that comes to mind when we think about APIs. They allow us to log in with Facebook, check Google maps inside a geolocation app, or embed YouTube videos on our sites.
Although the main consumers of APIs are software engineers, API development is driven by business needs. If implemented correctly, they can make your organization more efficient and generate value via cost-saving or direct monetization.
Amazon transformed itself from an Internet bookstore to a multi-billion cloud giant by forcing all teams to exchange data and communicate via APIs. As everything is built using APIs, the company can react to market changes faster than its competitors.
Following Amazon’s success, many companies started to view their APIs as standalone products.
Exchanging data between businesses became known as the API economy.
- Expedia Travel makes about 90% of its revenue via an API that allows other apps to book flights, hotel rooms, and rental cars.
- eBay makes about 60% of sales via an API that lets people buy goods without visiting the marketplace.
- 50% of Salesforce revenue comes from an API that empowers custom CRM systems.
According to Markets and Marketers report, API management market is expected to grow from $1.2 billion in 2018 to $5.1 billion by 2023.
At MindK, we build internal APIs for almost all of our projects
There are a number of reasons why a business like yours should consider API development:
- Better security. APIs control access to valuable data. Authorized users can only perform specific actions. A well-designed API can protect your system against all kinds of attacks and traffic spikes.
- Streamlined architecture. With APIs, you can develop your backend independently from UI. This allows you to implement business logic once and make it available on iOS, Android, and Web, or even rewrite your UI using a newer framework without affecting the backend. Multi-platform mobile development is simply too slow and expensive without APIs.
- Easier testing. With API tests, you can check the app’s business logic before your UI is ready and uncover security issues much earlier. As fixing bugs gets more and more expensive later in development, automated API testing can save you a ton of money.
- Higher development speed. APIs free you from having to build everything from scratch as your developers can integrate features and data provided by other apps. Many successful apps like Zapier or Hootsuite are based on creative usage of third-party APIs.
- Easier integrations. Most companies rely on a diverse set of software in their daily lives. Integrating them into a single system provides a huge value for an organization. And while larger vendors make their APIs available for public, it’s rarely the case with custom and niche software. A well-designed API can give your product a competitive advantage or help you transform internal business processes.
- Better scalability. Instead of creating huge monolithic applications, you can build complex systems from independent components that communicate via APIs (i.e. microservice architecture). Each service can be developed by a separate team using a set of technologies that is the most appropriate for the task. What’s more, each service can be scaled independently (i.e. allocate more resources if it experiences high traffic).
- Easier compliance with GDPR and other regulations, etc.
Now that you know what is API, lets see
How a business like yours should approach API development
APIs that have the most value for a company are more like a product than just a piece of code. Like any project, they go through a requirement analysis, design, implementation, and testing phases. After releasing the first version of your API, you’ll need to measure its KPIs, gather feedback, and iterate on your design.
- Are there any existing projects that can profit from APIs?
- How an API can help you reach your business goals?
- What gains can you create?
- What pains can you eliminate?
- How top companies in your industry utilize APIs?
- What are the industry gaps you can fill with your API?
- What business model will your API support?
Most of successful APIs augment existing business models and processes rather than inventing new ones. Take, for example, eBay that used APIs to improve its mobile experience and establish new distribution channels.
In your case, benefits might come in the form of new partnerships, distribution channels, and markets (Expedia Travel); faster innovation and reduced time-to-market (Amazon) or even direct monetization (Salesforce). With API-friendly products, you can serve your customers better resulting in higher revenue for your business.
As companies develop their API programs, they often discover new sources of value that weren’t obvious initially.
A check-in app Foursquare, for example, struggled to become profitable until it transformed itself into a business intelligence platform. By providing valuable location data via an API, the company managed an impressive 50% revenue growth for three consecutive years.
To gauge the success of your API program, you’ll need to come up with a set of business-centric metrics. Depending on your goals and API type, you might track:
- API uptime;
- Requests per month;
- Customers acquired via referrals;
- Monthly unique users;
- Number of partners;
- Traffic growth;
- Response times;
- Cost reductions;
- Time saved on development;
- Monthly revenue; or
- Customer lifetime value increase, etc.
Now, to ensure the usefulness of your API,
Focus on developer experience
After determining how an API can bring value to your company, it’s time to think about the intended users. If you’re building a private API, they would be your own employees. With public APIs, you’ll need more information about your target audience:
- Who are the developers that could benefit from your API (their location, domain, goals, needs, relations to your company, etc.)?
- How can you incorporate their needs into your API design?
- How can you improve the developer experience?
- What tools you need to provide along with your API (developer programs, SDKs, documentation, educational resources, etc.).
- How can you draw attention to your API?
Once you’ve answered these questions, you can write an elevator pitch that would explain the value of your API to developers. This value proposition can become the main driver behind the adoption of your API. Even with internal APIs, you’ll need to pitch it to stakeholders and other teams.
“Time to first Hello World” is a great metric to track as it includes all steps from signing up for your program to making something useful with your API. A great initial experience can convince developers that your API is well-designed and will function as expected.
So think about all the steps developers have to make before they can benefit from your API (e.g. sign-up, receive API keys, make the first call, get a 200 OK response, etc.).
Try to make them as quick and straightforward as possible. You can streamline the sign-up process or allow developers to make API calls and check its behavior without a registration.
Most APIs (both public and internal) will benefit from a portal where developers can sign up for your program and access all the necessary resources (e.g. documentation, getting started guides, testing tools, SDKs, etc.)
When you define the value of your API program and its intended users, you have a product/market fit.
With the goals at hand and clear success metrics, you can work out a list of API requirements (try to keep it short – 1 page is ideal for the first version) and proceed to API design.
Assemble an all-star team of API developers
Key skills for web and mobile API developers include:
- REST/SOAP principles;
- API-first design (i.e. designing an API based on the needs of target developers);
- Backend development (e.g. Node.Js, PHP, Python);
- Knowledge of different databases and architecture design;
- API frameworks (e.g. Laravell, AdonisJS, Express.js);
- JSON/XML data formats (you can use both with REST-ful APIs, although JSON is preferable in most cases);
- HTTP/HTTPS, the main transport protocol used by REST-ful APIs;
API security measures like OAuth2 and OpenID;
- API traffic control methods.
In addition to being technically competent, the members of your team should also have adequate soft skills. If your API is more like a product than just a piece of code, you’ll also need product/project managers to lead your developers and QA engineers.
Design your API
Although SOAP is less common these days, it still has a place in legacy and enterprise systems. Its built-in security measures and extensibility makes SOAP great for payment gateways, ERP systems, CRM software and other apps with high security requirements.
However, for most web and mobile apps, REST is a better approach. As it uses a popular HTTP protocol, REST is far more accessible to developers. A lightweight JSON data format is another point in favor of REST API development.
Whatever approach you choose to design your API, it should satisfy 5 key requirements.
1. Usability. Developers should pick up and use your API with minimum effort. Simplicity is the primary concern here as faster time-to-market is a huge benefit, especially for mobile developers.
While it’s a great idea to make your API as simple as possible for its main use case, the design should also be flexible enough to incorporate other, less obvious use cases.
2. Reliability. Your API should have high availability and minimum downtime. It should also be able to handle sudden traffic spikes that can disrupt the functionality of your API (which is often used in Denial of Service attacks)
There are several methods you can use against traffic spikes:
- Traffic quotas – set a limit on the number of requests a user can make per hour/week/month. Once they exceed the quota, users will get an error message when trying to access the API.
- Spike arrests – set a rate at which users can make requests to your API per minute/second and slow down the excess traffic (throttling); or
- Concurrent rate limits – limit the number of parallel connections a user can make to your API.
3. Scalability. Your API should be able to grow together with your business scaling up or down as your requirements change.
4. Testability. QA engineers should be able to easily identify defects in your API. In fact, if your business logic is implemented exclusively via APIs, you can start testing before UI is ready. This allows you to find bugs in logic much faster and fix them for less.
5. Security. APIs can be a major source of vulnerabilities. After all, you don’t want some random persons to access valuable enterprise data. And you definitely don’t want them to steal sensitive user data (like when T-Mobile “lost” personal data of 2 million users via a leaky API).
To avoid such incidents, you should think about protecting your API long before developers write its first line of code.
Security starts with knowing exactly what kind of data you’re exposing and who will be able to access it. Additionally, most APIs need 4 security layers:
- Identification – who is accessing your API? You can use randomized identifiers called API keys to identify users accessing your system and monitor their behavior for threats. As API keys aren’t encrypted, you’ll need other security measures to protect your API.
- Authentication – can API users prove their identity? There is a number of authentication methods like passwords+logins, API keys, or OpenID that redirects developers to an authorization server.
- Authorization – what actions are they allowed to perform with your API? Each user will need a list of permissions that match their access level. For example, regular users will only be able to read entries in your database while admins would also be able to add/edit/remove them. OAuth2 is our preferred authorization method. As it removes the need for usernames and passwords, it’s faster than other mechanisms.
- Encryption – can malicious users decipher stolen data? SSL/TLS encryption turns your API traffic into an unintelligible string of characters. Even if attackers bypass all other security measures, they won’t be able to understand the stolen data without cryptographic keys. That’s why it’s recommended to encrypt API traffic even if you don’t make it public (as well as encrypting sensitive information like passwords, payment details, or medical records).
Note: API security needs to be balanced against usability. High-security APIs need formal agreements which can make them less accessible to developers.
Once an API is designed, developers can create endpoints (web addresses that will return different responses depending on the method used in a request) and develop the business logic.
You can learn what is a REST API and get a more technical view on design and development in our REST-ful guide to API development.
What to do once your API is deployed?
When your API is up and running, it’s time to search for early adopters.
When your API is up and running, it’s time to search for early adopters.
With private APIs, they will be your colleagues.
With public APIs, you’ll have to engage users from outside of your organization. You can use existing partnerships or search for developers in their natural habitat (niche forums, Facebook groups, Reddit, Discord channels, etc.).
Marketing can be crucial for API adoption. List your API on various directories like ProgrammableWeb, APIs.guru, and RapidAPI, or make a launch announcement on ProductHunt. Clearly communicate its value, competitive advantages, and the ease of use.
In addition to digital channels (landing pages, blogs, social media, Q&A sites), you can host and attend various events to promote your API.
Once you have enough users, you can incorporate their feedback into next iterations of your API. To make sure everything’s going according to the plan, you’ll need to track chosen KPIs. Tools like Postman Monitoring, Uptrends or Amazon CloudWatch (AWS-only) allow us to monitor response time, performance, uptime and other API metrics in real time.
And that’s pretty much it for API development.
If you want more information on how to build APIs that deliver value, check our REST-ful development guide or message us directly. And if you need expert API developers, you can always rely on MindK as your digital partner.