I’ve previously written about how modern application architectures are shifting toward compositional, service-oriented architectures — “for real” this time. RESTful services using XML or JSON payloads proliferate because they’re easy for developers of omnichannel clients to use on virtually any device they need to support. It doesn’t matter if they’re building native apps in Objective C or hybrid apps with Cordova — if they can get an open web API call, it’s good enough to move forward.
This shift to web APIs and modern applications means that companies have to shift their API management strategy as well. They need to 1) create the web APIs and 2) create a life cycle to manage them. It’s this life-cycle element that’s conceptually distinct from traditional SOA governance solutions. For one thing, the services live on the open bus of the Internet and carrier networks. Another difference is that web APIs are increasingly made availabe to third-party developers. They may be part of a newly formed developer community, or they may support the growing number of digital agencies and mobile specialist firms that your company uses to supplement development projects. Security and access models are different (e.g., OAuth 2), provisioning access to APIs needs to support light-touch approval workflows, sandboxes where developers can test their calls are important, and analytics that detail call volume and how developers are using APIs are must-have capabilities. Above all, a developer portal that provides good documentation, example code, and quick time-to-value are important if you want to attract and keep developers.