© 2019 IBM Corporation
Creating an API Economy Business Strategy and Governance Model
(in 25 minutes)
Alan Glickenhouse [email protected] @ARGlick API Business Strategist IBM
Profile:
© 2019 IBM Corporation
Alan Glickenhouse - Digital Transformation and API Business Strategist
• Assist businesses with their strategy for Digital Transformation and the API Economy - all industries, all geographies, and
of all sizes.
• Share insights and best practices through:
• 1:1 workshops
• Conferences
• Author:
• Digital Business / Digital Transformation - 12
• API Economy / API Management Basics - 16
• Business and Value - 19
• Strategy, Governance, and Best Practices - 32
• Architecture, Technology, and IBM API Connect - 21
• Industry Standards and Use cases - 39
Today we will cover several from this
category
What goes into creating a Business Strategy? (i.e. the Agenda)
3
• Establishing and prioritizing goals
• Creating methods and procedures
• Understanding organizational impact
• Establishing appropriate governance
• Understanding architecture and technical impact
• Communication
• Evaluating what is working and what is not / Vitality
• Attempt to predict the future
© 2019 IBM Corporation
Business Strategy
Why are you thinking of doing APIs?
What is/are the Business goal(s)?
Financial?
Partnering? Faster Mobile Development?
Market Share?
Time to Market? Competitive Pressure?
Innovation?
Other ideas?
From “Alice in Wonderland” by Lewis Carroll
Business Drivers
Speed Reach
Domains Innovation
Drives Adoptions of APIs
Typically low valued assets
Drive brand loyalty
Enter new channels
For Free
Facebook Login API provides free authentication for any Web / mobile app
Example:
Developer Pays Business Asset must be of
high value to the Developer
For example, marketing analytics, news,
Capabilities such as credit checks
Example:
Developer Gets Paid Provides incentive for
developer to leverage web API
Ad placements
Percentage of revenue sold product or services
Google AdSense APIs pay developers who include advertising content into apps
Example:
Indirect Use of API achieves some
goal that drives business model.
E.g. Increase awareness of specific content, or offerings
eBay Trading APIs offer developers access to trading services extending the reach of listings and transactions
Example:
The Business of APIs - Monetization
API Monetization Understanding Business Model Options
IBM Cloud – No cost trials, pay per use, scale up and down
How can the API Economy help you? – Defining Use Cases
•Internal Mobile / UI – •What data/transactions would your own mobile apps need?
•Is there data that is generic (e.g. business locations, rates, etc.)?
•Is there data that is specific to individual customers that should be on your app?
•What features of the mobile device (e.g. GPS, camera) might be useful in conjunction with your APIs?
•Internal Social – •Can you react to positive or negative comments about your business?
•Can you spot trends or opportunities in social media and raise alerts or take action?
•Can you gain insight on your brand and your competition via social media?
•Can you do real time analytics combining current customer status/behavior and history?
•Internal Data – •What data do you collect on your clients?
•Would additional audiences inside your company benefit from accessing this data?
•Can your data identify market segments that would be of interest to a non-related industry? (e.g. expensive cars
are purchased in this neighborhood, lots of child related purchases occurring in this neighborhood).
•Internal Other – •What data do you need to share across Lines of Business?
•Do you need to meet Regulatory Requirements, Industry Standards, Auditing?
•Do you need to provide data access to Marketing, Sales, or other parts of the company?
How can the API Economy help you? – Defining Use Cases
•Ecosystems / Partnering – •What data/transactions do you share between yourself and your partners?
•Is partner on boarding a long difficult process? Would self registration of partners be of value (e.g. more partners,
wider geographic coverage)?
•Public Apps – •What apps might others write that could use your data/transactions to drive more revenue?
•What data would be needed by a comparison App vs. your competitors?
•What other industries might drive use of your products (e.g. car purchase needs bank loan)?
•Mash-ups – what other APIs might make sense with yours? Mapping? Weather?
•Device integration / IoT – •How are you positioned to integrate the next UI technology (after Mobile/Tablets)?
•Does your company deal with devices (e.g. cars, appliances, sensors/meters)? What scenarios can apply to the
device (e.g. needs repair/supplies, needs to send status info, interaction between device and xxx)?
API Economy - 4 Business Drivers and 7 Use Case Categories - Series Overview
Domain Ownership
Do we need to focus on supporting multiple Lines of Business separately?
Results may lead to decisions in:
•Information and transaction access
•API Ownership
•Target Audience
Consider Provider and Consumer Organization Structure
or
API Developer
• How do I assemble APIs?
• How do I manage security?
• Will the infrastructure scale?
• How do I measure performance?
App Developer
• Where do I access APIs?
• How do I understand the
APIs?
• How do I measure success?
API Product Manager
• What APIs should our business create?
• How can I rapidly release & update my APIs?
• How do I publicize my API?
• How do I measure success?
Operations Lead
•How do I manage all the API
Environments that are being
requested?
•How can I scale each environment?
•How can I easily find and fix issues?
API Success Requires Addressing Needs of Multiple Stakeholders
Organization Structure
Need a strong Core Team and Business leader to
own the success of the API initiative
Governance
“Governance” should make it easy to do things the right
way and hard to do things the wrong way!
If you are slowing everything down, that is called
“Bureaucracy”, not Governance
API Initiative Governance – Business Considerations
• API Identification – Creating compelling consumable APIs goes a long way to driving
success. Understanding the API portfolio and some attempt to drive reuse are also
helpful.
• Versioning – creating backward compatible APIs (as much as possible) and having a
strategy for how to handle non-backward compatible APIs.
• API Access (security) – establishing who can access each API (business asset).
• Entitlement and Enforcement – are the APIs going to be rate limited and if so is the
enforcement of the rate limit going to be hard or soft?
• Monetization – what is the business model?
• Privacy – ensuring Consumer privacy and also Organization privacy - Organizations that
consume the same API may be competing with one another.
• Legal – ensuring proper usage of corporate assets, especially when assets are being
used by other businesses.
“Just Enough” Governance
For APIs, focus is on speed and time to market. A light weight Governance model is
required.
Governance model will vary based on the control of the API consumer audience with
increased governance the less the API consumer is controlled.
Always required:
• Communication
• Measurements
Internal:
•Lighter concern on API
identification, versioning,
security (use internal)
•Monetization =
Chargeback
•Entitlement enforcement
usually soft
Partner:
•API identification,
•Versioning plan,
•Security,
•Privacy
•Monetization – maybe?
•Entitlement enforcement
soft or hard
Public:
•API identification,
•Versioning plan,
•Security,
•Privacy
•Legal
•Monetization
•Entitlement enforcement
more often hard
API Initiative Governance – Technical Considerations
• API Standards / Best Practices / Naming conventions.
• Set up best practices around granularity and simplicity
• Lifecycle – few stages should be required to ensure speed of delivery.
• Deployment / Publishing – early environments are usually handled synchronously. However,
Production is usually isolated and requires a disconnected deployment approach (usually scripted).
• Security -
• App security handled via App keys and secrets. Users of the App may be identified using OAuth.
• Strong gateway in DMZ for outside API traffic to protect trusted zone from unauthenticated /
unauthorized access
• Scale –
• API entitlement levels are established, the gateway enforces these entitlements and shields the
systems of record.
• Granular scalability is important, typically through a microservice architecture. As API traffic or users or
any part of the infrastructure is stressed, it needs to scale without requiring the entire infrastructure to
scale with it.
• Flexibility – Plan for hybrid API deployment across a multi-cloud environment. The ability to manage and
secure APIs consistently across on premise and multiple different cloud providers.
Architecture and Technical Implications
Understand the differences between APIs, Services, and Microservices!
Some resources to help:
• What is an API? and What is the API Economy?
• Positioning APIs and Services – Let’s End the Confusion
• Clearing Up Misconceptions About APIs and Microservices
Communication
APIs need to be marketed to the target audiences.
Do lunch and learns for internals
Use your partner channel communications
Publicize external APIs on common sites (e.g. Programmable web).
Run Hackathons, attend/run events
Communicate internally to executives the status of the initiative and the achievement toward
the initiative goals.
Tailor the message to what the audience needs to know.
Communication drives the value and helps keep the funding and
expansion of the initiative.
Does NOT Work!
Measuring Success - Analytics
Establish meaningful measurable goals for “success” – typically related
back to your business goals - and gain executive agreement:
•Revenue Generated
•Time to Market measurements
•APP developer sign ups
•API usage rates / rate of growth
•Number of APPs driving usage of over xx transactions per time interval
•What data is being requested? What data is not being requested?
•Are there usage patterns – dates, locations?
•Are APP developers using multiple APIs?
Look at technical metrics too to see where improvement is required:
•Are developers coming to site and not signing up?
•Are API calls coming back with errors?
•Is performance acceptable?
Publish reports or make dashboards available to the appropriate
audience for easy access to metrics
Vitality
1. Most businesses start by targeting internal
developers
• Allows for some mistakes and corrections
• Lighter governance model
• Stage 1B – add additional internal
organizations as API suppliers and/or
consumers
2. Stage 2 – bring on known partners
• Introduces more governance
• Tighten up security, privacy, and scaling
• Plan for change
• Stage 2B – Partner on-boarding
3. Stage 3 – Go Public
Don’t wait until you know all the answers and have everything in place to get started. The market is
moving too fast. Plan stages for the roll out that build on what you learn.
5 stages of maturity with 2 perspectives
Across several dimensions Business approach
Management
Architecture
Information & content
Process & methods
Infrastructure
Learning Using an Unstructured Approach
Discovering & Experimenting to Gain Market Understanding
Implementing Targeted Market Solutions
Expanding to Full Digital Market Solutions
Innovating with Predictive Transformation
Technology Business
And several factors for each dimension Business drivers, perspective, industry integration, monetization
Organization, audience, communication, measurements
Style, application architecture, configurability, variability
Scope, exposure, content management, Taxonomy
Lifecycle, API Identification, dependency management, Devops
QoS, deployment, security, availability, performance, scalability
API Economy Journey Map Charting the evolution of Digital Transformation
Getting Started
1. Executive and Business Backing • APIs are a product to be delivered, not a technology for IT to improve efficiency
• Lack of executive or business buy-in will result in a technology implementation with no/little impact on the business.
• Leadership absolutely must participate and back the initiative.
2. Establish a strategy and goals • Understand why you are executing an API strategy
• Set Goals for the initiative with time frames and reporting metrics
3. Commitment to Roles, Responsibilities, and Resources • There will need to be resources dedicated to the API initiative.
• Enable enough key resources to make governance effective.
4. Get the Message Out • Involve some folks skilled in formal communication and education
campaigns.
• Do some API evangelist work
• The core team’s role(s) must be understood and propagated
• Collect and Publish Metrics
Critical Success Factors for API Management
1. Security • Security checks and business logic should not be mixed Having the capability to run
business logic where security is being checked is a security exposure.
• Security should be handled as soon as possible, and certainly before outside traffic reaches the trusted zone.
• General purpose application execution environments must not be imbedded in your API Gateway
2. Granular Scalability • Plan for growth and spikes in API calls, consumers accessing your developer portal, more APIs needing to be
managed, more visibility into the analytics, or any combination. And, each may spike independently.
• Microservice architectures support the automated scaling of resources as requirements increase and reduction as
usage lessens.
3. Multi-cloud Capability • Need to consider - What is your cloud strategy? Which cloud provider(s) will you use? How can you maintain
portability between on-premise and any cloud provider so that you can be prepared no matter what cloud choice is made or if cloud providers are changed or added?
• Need multi-cloud support to provide flexibility for cloud unknowns that are coming.
developer.ibm.com/apiconnect
API developer community site
on APIs, API economy, API Connect
Includes API community forum API events Best practices blog Videos
Additional Resources
Alan’s Articles, Blogs, Papers, and Videos…
• https://developer.ibm.com/apiconnect/author/glick/
• Guide to 100 API Economy and API Management
Resources
API Economy and API Management Basics:
•. What is an API? and What is the API Economy?
• What is API Management?
• Alan Tells All About APIs (video)
• IT Uncensored – What is API Management? (video)
• What are businesses doing with APIs and why are they doing it? (video)
• API Economy Drivers
• Happy API Year! (from 2017)
• I Already Have Partners Accessing My Services. Why Should I Use APIs?
• Should Business APIs Replace EDI?
• Providing APIs or Managing APIs – There is a Big Difference
• Don’t be Afraid of Public APIs
• Does size matter? (for your business to participate in the API Economy)
• API Connect Video Series: API Economy – What’s happening and where
is this going? (Part 1) and (Part 2) (video)
•APIs and Events – Recognizing Opportunities Instead of Reacting to
Problems
•The Biggest Impediment to API Economy Growth is…?
• Is Two-Speed (Bimodal) IT a Good Thing or a Bad Thing?
Digital Business / Digital Transformation:
• Becoming a Digital Business – Is API Management Enough?
• Digital Transformation – Becoming a Digital Business
• Digital Business and APIs – Need to See the Forest and the Trees
(article)
• Digital Business Value when Combining API Management and Istio
• Digital Transformation Requires Integration Modernization
• Integration Modernization Requires Good Parenting
• Why Become a Digital Business?
• How Systemized Innovation Enables Digital Transformation (article)
• History of IT Constraints – What Might Constrain Digital
Transformation?
• Creating A Digital Ecosystem – Past, Present, and Future
• Business APIs – The Secret Sauce in Successful Digital Marketing
(article)
• Overcoming the 3 Largest Obstacles to Digital Transformation
(article)
Alan’s Articles, Blogs, Papers, and Videos… Business and Value
• Why Your Business Needs APIs (and Why Your APIs Need IBM API Connect)
(white paper) + Blog
• Why Choose IBM API Connect?
• API Monetization – What Does It Really Mean?
• API Connect Video Series: API Monetization (video)
• API Monetization Understanding Business Model Options (white paper) + Blog
• IBM’s API Management Undisputed #1 in Market Share – Again (2019)
• IBM’s API Management Undisputed #1 in Market Share (2018)
• Analyst Firm Lists IBM API Connect as an API Management Leader (new)
• Analysts Cite IBM as a Leader (old – 2016)
• What is the ROI for API Connect? – Forrester TEI Study Demonstrates
Economic Benefits
• Forrester TEI Study Results Show 674% ROI
• RFP Template – Assistance in Choosing an API Solution Partner
• IBM API Connect: Powering the New Channel
• Do APIs Cause Channel Issues and Loss of Direct Customer Interaction?
•State of the API Economy – January 2019
• How to Get the Business to Participate in an API Initiative
• How IBM API Connect Helps Royal Mail Group Deliver
• The Business of API Marketplaces (article)
• Now Trending: API Platform Economy (article)
Strategy, Governance, and Best Practices
• Creating an API Economy Strategy
• Creating an API Economy Strategy – short version (video)
• Implementing Governance of an API Initiative
• Organization and Governance of API Initiatives
• What are the Recommended Roles for an API Initiative?
• What is the Recommended Organizational Structure for an API Initiative?
• Real World Experiences with API Centers of Excellence (CoE)
• API Economy Best Practices (white paper) + Blog
• API Connect Video Series: API Economy Best Practices (video)
• Identifying Good Candidates for APIs
• The 7 Biggest Mistakes Companies Make on their API Initiatives
• GDPR Considerations for Integration and the API Economy
• API Management Across Multiple Lines of Business (LoBs)
• API Versioning – Best Practices (and not so great practices)
• API Connect Video Series: API Use Cases (video)
• API Economy – 4 Business Drivers and 7 Use Case Categories – Series
Overview
• API Economy Business Drivers: #1 – Speed
• API Economy Business Drivers: #2 – Reach
• API Economy Business Drivers: #3 – Innovation
• API Economy Business Drivers: #4 – Domains
• API Economy Use Case Identification: #1 – Mobile
• API Economy Use Case Identification: #2 – Social
• API Economy Use Case Identification: #3 – Data
• API Economy Use Case Identification: #4 – Other
• API Economy Use Case Identification: #5 – Partner
• API Economy Use Case Identification: #6 – Public
• API Economy Use Case Identification: #7 – IoT
• Beating (or Catching Up with) the Competition through APIs
• The API Economy Journey Map: How Are You Doing?
• API Economy Journey Map FAQs
• Discussing Your API Initiative With the Legal Department
• Why Isn’t My API Achieving the Desired Results?
Alan’s Articles, Blogs, Papers, and Videos…
Industry • API use cases for every industry
• APIs for Aerospace and Defense Blast Off
• What’s driving APIs in Automotive?
• Identifying API Use Cases: Automotive (white paper) + Blog
• Banking on APIs
• Banking on APIs – part 1 and part 2 (podcast)
• PSD2: Banking and the API Economy (video panel discussion)
• Q&A with the Head of Technology at Open Banking Ltd.
• Identifying API Use Cases: Banking (white paper) + Blog
• Drilling into API usage in Chemical and Petroleum
• APIs for CPG – Managing Bathrooms to Supply Chains
• Learning your ABCs using APIs – APIs in Education
• No Shock the Electronics Industry is Charged Up about APIs
• Financial Services – Planning to Retire on APIs
• Identifying API Use Cases: Life Insurance / Financial (white paper) + Blog
• Government APIs – Do More with Less
• Identifying API Use Cases: Government (white paper) + Blog
• Healthcare APIs – A Cure to Accessing Healthcare Systems
• Healthcare Providers – A Prescription for APIs
• Identifying API Use Cases: Healthcare / Life Sciences (white paper) + Blog
• Healthcare and APIs (podcast)
• Sample API Use Cases for Insurance (article)
• Creating an Insurance API Platform (article)
• APIs for Insurance – Avoid the Risk of Falling Behind
• Identifying API Use Cases: P&C Insurance (white paper) + Blog
• Legal vs IT: Usage of APIs throughout the Business (article)
• APIs: A Prescription for Challenges in Life Sciences
• Building APIs for the Manufacturing Industry
• Media and Entertainment – Hooray for APIs!
• Unearthing API Use Cases in Metals and Mining
• Today’s Special: APIs for the Retail Industry
• Identifying API Use Cases: Retail (white paper) + Blog
• ReshAPIng Cities – Using APIs to Build Smarter Cities
• Software Industry API Use Cases – Eating Our Own Cooking
• Telecom and APIs – Now We Are Talking
• Identifying API Use Cases: Telecommunications (white paper) + Blog
• APIs are Taking Off In Travel and Transportation
• APIs for Utilities – Let’s Do Something About the Weather!
• API Industry Standards and Regulatory Requirements
Architecture, Technology, and IBM API Connect
• Introducing API Connect (video)
• APIs and SOA – Better Together (video)
• API Connect Video Series: APIs and Services What’s the difference? (video)
• Positioning APIs and Services – Let’s End the Confusion!
• How To Get To Two Speed IT
• An ESB is Not API Management
• Is a Combined ESB and API Management a Good Idea?
• IBM Brings Multiple Integrations To a Single Platform; Focuses on Optimizing
Integration for the Multi-Cloud Enterprise (interview)
• Using APIs and Microservices as a Fast, Low-Cost and Low-Risk Innovation
Engine (article)
• API Connect Video Series: IOT – Focus on Security (video)
• Internet of Things APIs – Focus on Security
• Analytics: The Icing on Top of Your API Management Cake
•Clearing Up Misconceptions About APIs and Microservices
•Which Comes First, The API or The Service?
•Do Not Be Afraid of API Initiative SUCCESS
•Integration Architecture Decisions – APIs, Services, and Microservices
•Use API-First Design to Address Multi-Cloud Architectures (article)
•How Do You Ensure API Quality?
• API Connect V2018 Whitepaper Now Available
• Ping Identity and IBM Partner to Protect Against API Cyberattacks
• IBM API Connect Wins 2019 iF Design Award