In a previous blog article, we discussed how platform companies leverage application programming interfaces (APIs) and are increasingly “API-driven” to enable digital transformation. By shifting the digital storefront from websites to APIs, these “API-driven” companies are accelerating digital business. As a result of moving their product development to APIs, digital businesses are essentially positioning their business interfaces across multiple clouds and PaaS environments in all industries. However, coordinating a company’s digital brand and end-to-end service levels using externally-facing APIs can be challenging. You need a managed clearing house for the APIs that you are producing, publishing and consuming—one that is placed in an intersection point at the digital edge.
The advent of APIs
In the digital economy, products and services are delivered within an ecosystem of partners, suppliers and customers. The true value of these digital business ecosystems is that they’re able to cross-integrate functionalities among counterparties. For example, APIs leverage geo-mapping services to help consumers find the nearest retail outlet to check out products and prices, and possibly add an item of interest to their online wish list or immediately make an instore purchase.
Some of the forces driving the adoption of APIs include:
- Products with rich APIs provide a better partner/consumer experience, making it easy to do business with your company.
- Today, APIs are managed like any other business product, with high user expectations around business operations, product management and customer service.
- DevOps is all about developing new functional products, with built-in operational management and service instrumentation and practices that can be better controlled via APIs, shortening development and market release time, while increasing reliability.
- Business performance will increasingly be dependent on overall and end-to-end API execution and customer service.
Many commercial websites are e-commerce façades to a disparate set of backend systems that leverage a single common external interface to the world. API-centric products require an entirely different architecture, bypassing these websites to enable direct and secure access to their capabilities. Multiple cloud providers are providing tools to help develop APIs for business products, which is good for kick-starting development of internal-facing APIs, however, a corporate strategy needs to be formed first.
Questions to ask include, where will external interfaces be located? What contractual service requirements will companies need to maintain for consumers accessing APIs? Will partners require reseller tools? Will developers be responsible for all cross-API operational aspects? And, will APIs be globally coordinated into a single story for customers?
These are some of the issues that companies must address when they establish an external API product platform.
An application API management solution
What’s needed is an efficient and effective external API product platform that makes business APIs accessible at the digital edge, for lowest latency and most efficient bandwidth use. Begin by deploying API management functions within an inspection zone (see networking and security design patterns) in digital edge node(s) or “interconnection hubs.” You can do this at strategic intersection points to enable direct and secure access to the APIs and optimize consumer experience.
The inspection zone is optimally placed at the intersection point for all segmented traffic flows that is closest to consumers, partners and clouds. API requests may come from some or all of those segmented flows or even from inter-metro WAN links, as you regionally load-balance requests for better performance. This configuration flexibility allows you to decide which external product APIs will be available/consumable by whom on each segmented network, with policy enforcement and SLA management across the end-to-end customer experience. While some additional components are still needed, you can leverage boundary and inspection zone services already in place or look to converged options. Next, you’ll want to tailor the availability of API products across other edge nodes and regions (see diagram below) closer to users to deliver the greatest customer quality of service/experience.
Application API Management Design Pattern
Here are the steps as outlined in the Application API Management design pattern:
- Augment the boundary and inspection zones with API capabilities—either with more SaaS services or dedicated appliances. Then, place an external API reverse-proxy in boundary control to manage authentication, authorization, users, regions, encryption, filtering, etc., for all APIs, with event processing and an application firewall.
- Inspect authorized API calls, enforce policies and apply event processing to detect unusual attack behavior. Build statistical profile of calling behaviors to ascertain threat patterns.
- Drive “inspected” API calls to an internal API gateway to manage calling downstream internal APIs or publish messages. This layer manages internal versioning, rate limiting, load balancing, etc. Event processing of API calls can also be applied.
- Build all business or fulfillment services behind this API proxy/gateway service with internal APIs.
By implementing API management first and preparing for the world of digital services, you can create and productize APIs, manage partner APIs, choreograph traffic, apply usage analytics, and establish greater controls.
At Equinix, we have adopted an API strategy to lead our and our customers’ digital transformation. External APIs enable seamless on-demand access to multiple clouds in strategic locations around the world. This lowers the barrier to building sophisticated multicloud solutions and gives our partners and customers an optimal connected experience.
APIs will be the building blocks of application assembly and lifecycle management, providing your business and API users with the following benefits:
- Provide the shortest path to business product APIs with the lowest localized latency and the most efficient bandwidth — maximizing throughput.
- Observe business communications via intersection points at multiple levels in the stack, providing end-to-end SLAs.
- Develop versioned, internal APIs that are registered with an API proxy. External APIs in a secure boundary control are more stable and less likely to be changed.
- Efficiently migrate from monolithic applications to more manageable micro services behind the scenes.
- Integrate cloud services without performance impact.
- Replicate API management designs across other edge nodes for a global business platform.
In the next blog article, we’ll discuss how to apply distributed coordination across your applications.
In the meantime, visit the IOA Knowledge Base for vendor-neutral blueprints that take you step-by-step through the right patterns for your architecture, or if you’re ready to begin architecting for the digital edge now, contact an Equinix Global Solutions Architect.
You may also be interested in reading the Platform Equinix Vision.