Machine to Machine communication has come a long way. I remember building special purpose RPCs back in the 90s, running CORBA servers in 2000s and we are now onto the ubiquitous #programmableweb. Thanks to REST, APIs are here to stay.
According to a recent study by CA Technologies, 54% of business executives believe that their use of APIs helps differentiate their business from competitors. APIs are now a billion-dollar business.
But the challenge is to build High-Value APIs that make significant business sense and generate revenue on par with a SaaS vendor. So, how do you go about engineering such APIs?
Unique Solution to a complex problem: This could be true with most software products. However, it’s somewhat hard to get it into a granularity of an API. Traditionally, REST APIs are built for resources supporting CRUD. These are good for internal architectures in order to separate UI from the backend. Sellable APIs are functional blocks of complex code that does something substantial. Eg: Google maps API, Microsoft Speech API, etc. Such APIs are very hard to build, scale and perform by an SMB or midmarket firm. I think that would be a sweet spot to sell the high value APIs.
Standards based Security: In the API economy, coexistence is mandatory. A typical API consumer will probably consume APIs from at least 5 vendors. So, building a standards based security protocols such as SAML, OAuth or JWT as the API access protocol will just enable them to be integrated seamlessly into client’s infrastructures. From the sales side, this just lowers the resistance for purchasing decisions.
Site Reliability Engineering (SRE): Can you run the API a million times, with an SLA of at least five 9’s? Can you deliver the API responses under 300ms? This makes SRE the most important part the API company. Clients could be building mission critical applications in their own vertical markets. So, you need to treat an API with the seriousness of a mission critical component, no matter what the underlying business problem it solves. It’s purely an operational objective. No API is non-mission critical. Period. Your sellers will be proud to talk about lot of commas and 9s.
Compliance: Compliance is important if you are building APIs for regulated industries such as Finance or Pharma. This also means a thorough documentation of APIs, input payloads, output payloads, etc. Adding a compliance text to the output payload should be mandatory. API Audit trail, record keeping with complete network trace should be mandatory. In short, being paranoid about what your APIs is delivering and covering all the bases with details will become a good selling factor as well in an otherwise risk averse and regulated industry.
Encryption: Last but not least, all data in motion and at rest should be encrypted to the highest possible scheme. Examples include databases, log files, audit trails, or anything that would divulge the API input payload should be taken with at most care for encryption so that you are not liable for the data theft of your clients data. Secure coding practices should be mandatory. In short, respect data privacy. It pays off with your customer retention.