API Economy API Economy from Systems to Business Services

API economy API economy From systems to business services

Application programming interfaces (APIs) have been elevated from a development technique to a business model driver and boardroom consideration. An organization’s core assets can be reused, shared, and monetized through APIs that can extend the reach of existing services or provide new revenue streams. APIs should be managed like a product—one built on top of a potentially complex technical footprint that includes legacy and third-party systems and data.

PPLICATIONS and their underlying data SOA,1 and web services were defined within Aare long-established cornerstones of the context of a project and designed based many organizations. All too often, however, on the know-how of small groups or even they have been the territory of internal R&D individual developers. As the business around and IT departments. From the earliest days them evolved, APIs and the rest of the legacy of computing, systems have had to talk to environment were left to accrue technical debt.2 each other in order to share information Cut to today’s reality of digital disruption across physical and logical boundaries and and diverse technology footprints. In many solve for the interdependencies inherent in industries, creating a thriving platform many business scenarios. The trend toward offering across an ecosystem lies at the heart integration has been steadily accelerating of a company’s business strategy. Meanwhile, over the years. It is driven by increasingly the adoption of agile delivery models has put sophisticated ecosystems and business an emphasis on rapid experimentation and processes that are supported by complex development. In addition, the application interactions across multiple endpoints of DevOps3 practices has helped accelerate in custom software, in-house packaged technology delivery and improve infrastructure applications, and third-party services (cloud or quality and robustness. But interfaces often otherwise). remain the biggest hurdles in a development The growth of APIs stems from an lifecycle and the source of much ongoing elementary need: a better way to encapsulate maintenance complexity. Leading companies and share information and enable transaction are answering both calls—making API processing between elements in the solution management and productization important stack. Unfortunately, APIs have often been components of not just their technology treated as tactical assets until relatively roadmaps, but also their business strategies. recently. APIs, their offspring of EDI and Data and services are the currency that will

23 Tech Trends 2015: The fusion of business and IT

fuel the new API economy. The question is: What we’re seeing is disruption and, in Is your organization ready to compete in this many cases, the democratization of industry. open, vibrant, and Darwinian free market? Entrenched players in financial services are exploring open banking platforms that Déjà vu or brave new world? unbundle payment, credit, investment, loyalty, and loan services to compete with new The API revolution is upon us. Public APIs entrants such as PayPal, Billtrust, Tilt, and have doubled in the past 18 months, and more Amazon that are riding API-driven services than 10,000 have been published to date.4 The into the payment industry. Netflix receives revolution is also pervasive: Outside of high more than 5 billion daily requests to its public tech, we have seen a spectrum of industries APIs.5 The volume is a factor in both the embrace APIs—from telecommunications rise in usage of the company’s services and and media to finance, travel and tourism, and its valuation.6 Many in the travel industry, real estate. And it’s not just in the commercial including British Airways, Expedia, TripIt, sector. States and nations are making and Yahoo Travel, have embraced APIs and budget, public works, crime, legal, and other are opening them up to outside developers.7 agency data and services available through As Spencer Rascoff, CEO of Zillow, points out: initiatives such as the US Food and Drug “When data is readily available and free in a Administration’s openFDA API program.

The evolution of APIs The idea behind APIs has existed since the beginning of computing; however in the last 10 years, they have grown signiﬁcantly not only in number, but also in sophistication. They are increasingly scalable, monetized, and ubiquitous, with more than 12,000 listed on ProgrammableWeb, which manages a global API directory.a

1960–1980 1980–1990 1990–2000 2000–today Basic interoperability Creation of interfaces New platforms enhance Businesses build APIs enables the ﬁrst with function and logic. exchanges through to enable and accelerate programmatic exchanges Information is shared in middleware. Interfaces new service development of information. Simple meaningful ways. Object begin to be deﬁned as and offerings. API layers interconnect between brokers, procedure calls, services. Tools manage manage the OSS/BSS of network protocols. and program calls allow the sophistication and integration. Sessions established to remote interaction across reliability of messaging. exchange information. a network. Integration as a service, Message-oriented RESTful services, API Point-to-point interfaces, middleware, enterprise management, and cloud ARPANET, ATTP, and screenscraping, RFCs, service bus, and service- orchestration. TCP sessions. and EDI. oriented architecture.

Source: a ProgrammableWeb, http://www.programmableweb.com, accessed January 7, 2015.

24 API economy

particular market, whether it is real estate or assets, goods, and services previously untapped stocks, good things happen for consumers.”8 by new business models. And new tools and Platforms and standards that orchestrate disciplines for API management have evolved connected and/or intelligent devices—from to help realize the potential. raw materials to shop-room machinery, from HVACs to transportation fleets—are the early Managing the transformation battlegrounds in the Internet of Things (IoT).9 Openness, agility, flexibility, and scalability APIs are the backbone of the opportunity. are moving from good hygiene to life- Whoever manages—and monetizes—the and-death priorities. Tenets of modern underlying services of the IoT could be poised APIs are becoming enterprise mandates: to reshape industries. Raine Bergstrom, general Write loosely coupled, stateless, cacheable, manager of Intel Services, whose purview uniform interfaces and expect them to be includes IoT services and API management, reused, potentially by players outside of believes businesses will either adopt IoT or the organization. likely get left behind. “APIs are one of the Technology teams striving for speed fundamental building blocks on which the and quality are finally investing in an API Internet of Things will succeed,” he says. “We management backbone—that is, a platform to: see our customers gaining efficiencies and cost savings with the Internet of Things by applying • Create, govern, and deploy APIs: APIs.” versioning, discoverability, and clarity of Future-looking scenarios involving scope and purpose smartphones, tablets, social outlets, wearables, embedded sensors, and connected devices • Secure, monitor, and optimize usage: will have inherent internal and external access control, security policy enforcement, dependencies in underlying data and services. routing, caching, throttling (rate limits and APIs can add features, reach, and context quotas), instrumentation, and analytics to new products and services, or become products and services themselves. • Market, support, and monetize assets: Amid the fervor, a reality remains: APIs manage sales, pricing, metering, billing, and are far from new developments. In fact, they key or token provisioning have been around since the beginning of Many incumbent technology companies structured programming. So what’s different have recognized that API management now, and why is there so much industry energy has “crossed the chasm” and acquired the and investor excitement around APIs? The capabilities to remain competitive in the new conversation has expanded from a technical world: Intel acquired Mashery and Aepona; need to a business priority. Jyoti Bansal, CA Technologies acquired Layer 7; and SAP founder and CEO of AppDynamics, believes is partnering with Apigee, which has also that APIs can help companies innovate faster received funding from Accenture. and lead to new products and new customers. But the value of tools and disciplines is Bansal says, “APIs started as enablers for things limited to the extent that the APIs they help companies wanted to do, but their thinking is build and manage deliver business value. now evolving to the next level. APIs themselves IT organizations should have their own are becoming the product or the service priorities—improving interfaces or data companies deliver.” The innovation agenda encapsulations that are frequently used today within and across many sectors is rich with or that could be reused tomorrow. Technology API opportunities. Think of them as indirect leaders should avoid “gold-plated plumbing” digital channels that provide access to IP, exercises isolated within IT to avoid flashbacks

25 Tech Trends 2015: The fusion of business and IT

to well-intentioned but unsuccessful SOA poorly designed code that was not built for initiatives from the last decade. reuse or scale. Second, security holes may The shift to “product management” may emerge that were previously lying dormant in pose the biggest hurdle. Tools to manage legacy technical debt. Systems were built for pricing, provisioning, metering, and billing the players on the field; no one expected the are backbone elements—essential, but only fans to rush the field and start playing as well— as good as the strategy being deployed on the or for the folks watching at home to suddenly foundation. Developing disciplines for product be involved. Finally, additional use cases marketing and product engineering are likely should be well thought out. API designs and uncharted territories. Pricing, positioning, decisions about whether to refactor or to start conversion, and monetization plans are again, which are potentially tough choices, important elements. Will offerings be à la carte should be made based on a firm understanding or sold as a bundle? Charged per use, per of the facts in play. subscription window, or on enterprise terms? Mitigating potential legal liabilities is Does a freemium model make sense? What is another reason to control scope. Open the roadmap for upgrades and new features, source and API usage are the subject of services, and offerings? These decisions ongoing litigation in the United States and others may seem like overkill for early and other countries. Legal and regulatory experimentation, but be prepared to mature rulings concerning IP protection, copyright capabilities as your thinking on the API enforcement, and fair use will likely have economy evolves. a lasting impact on the API economy. Understanding what you have used to create Mind the gap APIs, what you are exposing, and how your data and services will be consumed are Culture and institutional inertia may also important factors. be hurdles to the API economy. Pushing to One of the most important rationales share IP and assets could meet resistance for focus is to enable a company to follow unless a company has clearly articulated the the mantra of Daniel Jacobson, vice business value of APIs. Treating them like president of Edge Engineering at Netflix products can help short-circuit the resistance. (API and Playback): “Act fast, react fast.”10 By targeting a particular audience with specific And enable those around you to do the needs, companies can build a business case same—both external partners and internal and set priorities for and limits to the exercise. development teams. Investing in the mindset Moreover, this “outside-in” perspective can and foundational elements of APIs can give help keep the focus on the customer’s or a company a competitive edge. However, consumer’s point of view, rather than on there is no inherent value in the underlying internal complexities and organizational or platform or individual services if they’re not technology silos. being used. Companies should commit to Scope should be controlled for far more building a marketplace to trade and settle than the typical reasons. First, whether meant discrete, understandable, and valuable APIs for internal or external consumption, APIs may and to accelerate their reaping the API have the unintended consequence of exposing economy’s dividends.

26 API economy

Insurance Industry Perspective David Schmitz

Public application programming interfaces development teams, share APIs created by (APIs) are proving to be successful in multiple their clients among their entire client base, and industries, and these models can inform the encourage business partners to develop APIs insurance industry’s attempts. Any correlation that can be used by their clients to integrate between insurance and other industries should into their core systems platforms. take into account the nature of consumer This strategy has proven to be effective, and business interactions. If we look at the particularly with regard to common insurance attributes of current market uses, we see functions (e.g., address verification, standard thriving public APIs for frequent-touch industry transactions, geocoding) that need consumer models in near-monopolistic to be used by every customer. For example, markets (e.g., Twitter, Facebook), utilities leading policy administration vendor Duck with universal consumer appeal (e.g., Creek teamed with Pitney Bowes to develop an Google, MapQuest), and where government API to validate address information and enrich regulations drive conformance (e.g., The address-related data for policy administration Affordable Care Act). Evolving market quote and issuance.i This simple, yet effective opportunities such as payments similarly carry approach highlights how fully leveraging reuse significant common attributes to these models. and increasing the quality of data is a common While, at first glance, insurance may not goal of both software vendors and insurers. appear to align with many of these models, taking a closer look at the interactions between Common services accelerated insurers and distributors, business partners, Common insurance service providers use consumers, and regulatory bodies highlights public and private APIs to provide insurers where opportunities for APIs exist, and—in access to data impacting their underwriting fact—are succeeding. Looking though this lens, and claims adjudication decisions. Typically, we see both public and private APIs providing these common insurance services have value in four distinct ways: through core significant market share or provide a utility insurance systems, in developing common service attractive to the broad market. insurance services, through government For example, R.L. Polk & Co., a leading regulatory agencies, and via intermediaries. provider of marketing information and services to the auto industry, developed the Maximizing reuse in private API VINtelligenceTM ii which provides core systems vehicle specifications (e.g., vehicle make, Insurance core system software vendors model, engine detail) for nearly 300 million can leverage APIs as a means to accelerate active vehicles in North America. Similarly, implementation timeframes for their Deloitte’s D-rive mobile based telematics customers. APIs maximize common data platform captures, scores, and reports driving elements and fuel reuse, reduced effort, and behaviors while engaging drivers through a increased speed to implementation. mobile app and online portal. Insurers use These vendors have a variety of paths to the D-rive API to gain access to driver data, enable APIs that can simplify integrations which can be used to determine the risk profile and speed up implementations. For example, of an insured or premiums for usage based vendors can create APIs in their product insurance policies.

27 Tech Trends 2015: The fusion of business and IT

Enabling consistency partners, their agents can complement their for governments own products with white-labeled offerings that provide a more comprehensive solution and From a regulatory perspective, multiple create greater stickiness among their insureds. states require real time or near real time Players in the intermediary market, such verification or communication of insurance as SelectQuoteiv, a leader in L&A products data. Government entities can leverage APIs to directly servicing the end consumer, and simplify their access to insurance information, Insurance Noodle, which services independent typically resulting in faster, higher quality data agents as part of the P&C industry, use APIs to at lower costs. aggregate product information from a number States such as Florida, Oklahoma, and of insurance providers and offer real-time Wyoming require online verification of a comparative quotes. Developing an API is driver’s automobile insurance coverage to only part of the answer, as the intermediaries validate compulsory vehicle liability insurance also must have a client base sufficiently iii for any auto registered in the state. To enable significant to convince insurers to participate these capabilities, the states publish an API in their market. To that end, longevity matters. for insurance companies to provide this Longtime comparative rate provider EZLynx information real time. Without these APIs, has been servicing the intermediary market the states would have to capture and retain since 2003, and as a result of this longevity massive amounts of information from each now services more than 19,000 agencies in 48 insurer and attempt to maintain accuracy states.v In order to develop and distribute a with a very dynamic set of data—an almost truly successful API, the scale and breadth is impossible task. necessary to achieve a critical mass.

Aggregation driving A wave of APIs intermediary APIs The insurance sector is still an emerging The intermediary market for insurance space with regard to the use of APIs. The products continues to expand, and insurers insurance ecosystem is increasingly being looking to participate in these markets should augmented with the application of APIs to align to the public APIs enabling these markets. streamline business processes and introduce This is true for consumer marketplaces as well greater speed, agility, and cost effectiveness. as comparative rating services that are used by Insurers typically consume these APIs rather a variety of business partners. Some insurers than create or own them. As the wave of insure only specific lines of business or within APIs continues to evolve in the industry, the limited states, yet want to offer a broader, question is when will the insurance companies one-stop shop for their clients. By developing themselves enter the game and develop their relationships with other insurers and an API own standard-setting APIs? that can aggregate quotes from multiple

Footnotes i Pitney Bowes, Business Insight and Duck Creek Technologies Form Partnership to Deliver Enhanced Policy Administration Solution, May 24, 2010, http://news.pb.com/press-releases/pitney-bowes-business-insight-and-duck-creek-technologies-partnership-to- deliver-enhanced-policy-administration-solution.htm, accessed May 12, 2015. ii R.L. Polk, “VINtelligence Web Service”, https://vintelligence.polk.com/vintel/resources/vintelligenceWebService.html, accessed May 12, 2015. iii Oklahoma Department of Public Safety, “Oklahoma Compulsory Insurance Verification System: Web Service & Database Manual”, http://digitalprairie.ok.gov/cdm/singleitem/collection/stgovpub/id/6521/rec/1, accessed May 12, 2015. iv Select Quote Insurance Services, “How we help”, http://www.selectquote.com/how_we_help.aspx, accessed May 12, 2015. v EZLynx, “About”, https://www.ezlynx.com/about.html, accessed May 12, 2015.

28 API economy

Lessons from the front lines

Fueling the second Web boom API-based services, spawning new services, acquisitions, and ideas. As some organizations APIs have played an integral role in some matured, they revised their API policies to of the biggest cloud and Web success stories of meet evolving business demands. Twitter, for the past two decades. For example, Salesforce. example, shifted its focus from acquiring users com, which launched in 2000, was a pioneer in to curating and monetizing user experiences. the software-as-a-service space, using Web- This shift ultimately led to the shuttering of based APIs to help customers tailor Salesforce some of its public APIs, as the company aimed services to their businesses, integrate into their to more directly control its content. core systems, and jump-start efforts to develop new solutions and offerings.11 Moreover, Salesforce has consistently used platforms APIs on demand and APIs to fuel innovation and broaden In 2008, Netflix, a media streaming service its portfolio of service offerings, which now with more than 50 million subscribers,15 includes, among others, iForce.com, Heroku, introduced its first public API. At the time Chatter, Analytics, and Salesforce1. public, supported APIs were still relatively In 2005, Google introduced the Google rare—developers were still repurposing RSS Maps API,12 a free service that made it possible feeds and using more rudimentary methods for developers to embed Google Maps and for custom development. The Netflix release create mashups with other data streams. In provided the company a prime opportunity to 2013, the company reported that more than a see what public developers would and could million active sites and applications were using do with a new development tool. Netflix the Maps API.13 Such success not only made vice president of Edge Engineering, Daniel APIs standard for other mapping services, Jacobson, has described the API launch as but helped other Web-based companies a more formal way to “broker data between understand how offering an API could internal services and public developers.”16 The translate into widespread adoption. approach worked: External developers went In 2007, Facebook introduced the Facebook on to use the API for many different purposes, Platform, which featured an API at its core creating applications and services that let that allowed developers to build third-party subscribers organize, watch, and review Netflix apps. Importantly, it also provided widespread offerings in new ways. access to social data.14 The APIs also extended In the years since, Netflix has gone from Facebook’s reach by giving rise to thousands offering streaming services on a small number of third-party applications and strategic of devices to supporting its growing subscriber integrations with other companies. base on more than 1,000 different devices.17 As By the late 2000s, streamlined API the company evolved to meet market demands, development processes made it possible for the API became the mechanism by which Web-based start-ups like Flickr, Foursquare, it supported growing and varied developer Instagram, and Twitter to introduce APIs requests. Though Netflix initially used the API within six months of their sites’ launches. exclusively for public requests, by mid-2014, Likewise, as development became increasingly the tool was processing five billion private, standardized, public developers were able to internal requests daily (via devices used to rapidly create innovative ways to use these stream content) versus two million daily public

29 Tech Trends 2015: The fusion of business and IT

requests.18 During this same period, revenues The Hub acts as a single common entry from the company’s streaming services point into federal, state, and third-party data eclipsed those of its DVD-by-mail channel, a sources without actually storing any data. As shift driven in large part by Netflix’s presence an example of how the Hub works, under the across the wide spectrum of devices, from set- ACA, states are required to verify enrollee top boxes to gaming consoles to smartphones eligibility for insurance affordability programs. and tablets.19 The Hub connects the state-based insurance Today, roughly 99.97 percent of Netflix exchanges to federal systems across almost a API traffic is between services and devices. dozen different agencies to provide near-real- What was once seen as a tool for reaching new time verification services, including Social audiences and doing new things is now being Security number validation, income and tax used tactically to “enable the overall business filing checks, and confirmation of immigration strategy to be better.”20 status, among others. State exchanges also use In June 2014, the company announced that the Hub as a single entry point for submitting in order to satisfy a growing global member enrollment reports to multiple federal agencies. base and a growing number of devices, it The intent of the Hub’s technical planned to discontinue its public API program. architecture is to include scalable and secure Critics have pointed to this decision as another Web services that external systems invoke example of large technology companies via APIs. This system is designed to provide derailing the trend toward increased access near-real-time exchange of information, which by rebuilding walls and declining external enables states to make benefits eligibility developer input.21 However, as early as 2012, determinations in minutes instead of in days Jacobson had stated, “The more I talk to people and weeks with the previous batch-based about APIs, the clearer it is that public APIs are process and point-to-point connections. waning in popularity and business opportunity Moreover, with a growing repository of data and that the internal use case is the wave of and transactional services, the Hub can the future.”22 Like any other market, the API accelerate the development of new products, economy will continue to evolve with leading solutions, and offerings. And with common companies taking dynamic, but deliberate APIs, states are able to share and reuse assets, approaches to managing, propagating, and reducing implementation overhead and monetizing their intellectual property. solution cost. The FDSH can also help agencies pay down technical debt by standardizing and Empowering the simplifying integration, which has historically Beltway—and beyond been one of the most complex factors in both project execution and ongoing maintenance. On March 23, 2010, President Barack Obama signed into law the Affordable Care Act (ACA), which reforms both the US health care and health insurance industries. To facilitate ACA implementation, the government created the Federal Data Services Hub, a platform that provides a secure way for IT systems from multiple federal and state agencies and issuers to exchange verification, reporting, and enrollment data.

30 API economy

Our take

Ross Mason, founder and vice president, product strategy Uri Sarid, chief technology officer MuleSoft

Over many years, companies have built up masses of CIO has a critical role to play in all this, potentially valuable data about their customers, products, supply as the evangelist for the new thinking, and certainly chains, operations, and more, but they’re not always as the caretaker of the architecture, platform, and good at making it available in useful ways. That’s a governance that should surround APIs. missed opportunity at best, and a fatal error at worst. Within today’s digital ecosystems, business is driven The first step for CIOs to take toward designing that by getting information to the right people at the right next-generation connected ecosystem is to prepare time. Staying competitive is not so much about how their talent to think about it in the appropriate way. many applications you own or how many developers Set up a developer program and educate staff about you employ. It’s about how effectively you trade on APIs. Switch the mindset so that IT thinks not just the insights and services across your balance sheet. about building and testing and runtimes, but about delivering the data—the assets of value. Consider Until recently, and for some CIOs still today, a new role: the cross-functional project manager integration was seen as a necessary headache. But who can weave together various systems into a by using APIs to drive innovation from the inside compelling new business offering. out, CIOs are turning integration into a competitive advantage. It all comes down to leverage: taking the We typically see organizations take two things you already do well and bringing them to the approaches to implementing APIs. broadest possible audience. Think: Which of your The first is to build a new product assets could be reused, repurposed, or revalued— offering and imagine it from the inside your organization or outside? As traditional ground up, with an API serving business models decline, APIs can be a vehicle to spur data, media, and assets. The growth, and even create new paths to revenue. second is to build an internal discipline for creating APIs Viewing APIs in this way requires a shift in thinking. strategically rather than on a The new integration mindset focuses less on just project-by-project basis. Put a connecting applications than on exposing information team together to build the initial within and beyond your organizational boundaries. It’s APIs, create definitions for what concerned less with how IT runs, and more with how APIs mean to your organization, the business runs. and define common traits so you’re not reinventing the wheel each time. The commercial potential of the API economy really This method typically requires some emerges when the CEO champions it and the board adjustment, since teams are used to gets involved. Customer experience, global expansion, building tactically. But ultimately, it forces an omnichannel engagement, and regulatory compliance organization to look at what assets really matter are heart-of-the-business issues, and businesses and creates value by opening up data sets, giving IT an can do all of them more effectively by exposing, opportunity to help create new products and services. orchestrating, and monetizing services through APIs. In this way, APIs become the essential catalyst for IT innovation in a digital economy. In the past, technical interfaces dominated discussions about integration and service-oriented architecture (SOA). But services, treated as products, are what really open up a business’s cross-disciplinary, cross- enterprise, cross-functional capabilities. Obviously, the

31 Tech Trends 2015: The fusion of business and IT

Cyber implications

PIs expose data, services, and transactions—creating assets to be shared and reused. The upside is Athe ability to harness internal and external constituents’ creative energy to build new products and offerings. The downside is the expansion of critical channels that need to be protected—channels that may provide direct access to sensitive IP that may not otherwise be at risk. Cyber risk considerations should be at the heart of integration and API strategies. An API built with security in mind can be a more solid cornerstone of every application it enables; done poorly, it can multiply application risks. Scope of control—who is allowed to access an API, what they are allowed to do with it, and how they are allowed to do it—is a leading concern. At the highest level, managing this concern translates into API-level authentication and access management—controlling who can see, manage, and call underlying services. More tactical concerns focus on the protocol, message structure, and underlying payload— protecting against seemingly valid requests from injected malicious code into underlying core systems. Routing, throttling, and load balancing have cyber considerations as well—denials of service (where a server is flooded with empty requests to cripple its capability to conduct normal operations) can be directed at APIs as easily as they can target websites. Just like infrastructure and network traffic can be monitored to understand normal operations, API management tools can be used to baseline typical service calls. System event monitoring should be extended to the API layer, allowing unexpected interface calls to be flagged for investigation. Depending on the nature of the underlying business data and transactions, responses may need to be prepared in case the underlying APIs are compromised—for example, moving a retailer’s online order processing to local backup systems. Another implication of the API economy is that undiscovered vulnerabilities might be exposed through the services layer. Some organizations have tiered security protocols that require different levels of certification depending on the system’s usage patterns. An application developed for internal, offline, back-office operations may not have passed the same rigorous inspections that public-facing e-commerce solutions are put through. If those back-office systems are exposed via APIs to the front end, back doors and exploitable design patterns may be inadvertently exposed. Similarly, private customer, product, or market data could be unintentionally shared, potentially breaching country or industry regulations. It raises significant questions: Can you protect what is being opened up? Can you trust what’s coming in? Can you control what is going out? Integration points can become a company’s crown jewels, especially as the API economy takes off and digital becomes central to more business models. Sharing assets will likely strain cyber responses built around the expectation of a bounded, constrained world. New controls and tools will likely be needed to protect unbounded potential use cases while providing end-to-end effectiveness—according to what may be formal commitments in contractual service-level agreements. The technical problems are complex but solvable—as long as cyber risk is a foundational consideration when API efforts are launched.

32 API economy

Where do you start?

T first glance, entering the API economy platform, S3 storage cloud, warehouse Amay seem like an abstract, daunting management and fulfillment services, endeavor. But there are some concrete steps Mechanical Turk, and other initiatives.23 that companies can take based on the lessons learned by early adopters. • Embrace the bare necessities. Organizations should consider what • What’s in a name? APIs should have the governance model they should establish clarity of a well-positioned product—a based on the intended consumers (internal, clear intention, a clean definition of the partners, public at large) and whether value, and perhaps more important, a the program is being driven by IT or the clearly defined audience. Is it a small set of business. Tools such as API management known developers, a large set of unknown platforms can provide a dashboard-like developers, or both? What is the trust zone? view into the inner workings of a solution Public, semi-private, or private? How do landscape. The visibility provides a better these essential facts inform the scope and handle on dependencies and performance orientation of the service? of the core services across legacy systems and data. • Who’s on first? Top-down or bottom-up? Or more to the point: What will drive the • Avoid technology holy wars. There API charge…business model innovation or are many decision points, and they can technical services? The latter may be easier become distracting. REST or SOAP for the for an IT executive to champion, especially service protocol? JSON or XML for the if the API is launched as part of a broader data formatting? Resource or experience- IT delivery transformation, technical debt based design philosophy? Versioning via reversal, or DevOps program. Placing path segment, query string, or header the effort under an IT executive can (or none of the above)? Oauth2.0 or also simplify the path forward and the OpenID Connect security? What API expected outcomes by focusing on service management platform vendor should be calls, performance, standard adherence, used? These are all good questions that shrinking development timelines, and lower lack a single good answer. One size likely maintenance costs. won’t fit all, and further consolidation and Planting the seed of how business services change in the vendor landscape is likely and APIs could unlock new business to continue. Companies should make models may be trickier. But the faster appropriate decisions to guide shorter-term the initiative is linked to growth and needs with a focus on pragmatism, not innovation, the better. In the early days doctrinaire purity. of Amazon, Jeff Bezos reportedly issued a company-wide mandate requiring all • Easy does it. Opportunities leveraging technical staff, without exception, to cross-industry cooperation may be embrace APIs. The mandate served as the tempting right out of the gate. However, foundation for the EC2 cloud computing businesses should decide if the payoff

33 Tech Trends 2015: The fusion of business and IT

trumps the extra complexity. Companies ready yourself for a sustained campaign should plan big, but start small. Ideally, they to drive awareness, subscriptions, and should use open, well-documented services support. Beyond readying the core to accelerate time to prototype. Expecting APIs and surrounding management constant change and speedy execution services, companies shouldn’t forget is part of the shift to the API economy. about the required ancillary components: Enterprises can use their first endeavors to documentation, code samples, testing anchor the new “business as usual.” and certification tools, support models, monitoring, maintenance, and upkeep. • Build it so they will come. If you are Incentives and attempts to influence trying to launch external-facing APIs or stakeholders should be tied to the target platforms for the first time, you should audiences and framed accordingly.

34 API economy

Bottom line

E’RE on the cusp of the API economy—coming from the controlled collision of revamped IT Wdelivery and organizational models, renewed investment around technical debt (to not just understand it, but actively remedy it), and disruptive technologies such as cognitive computing,24 multidimensional marketing,25 and the Internet of Things. Enterprises can make some concrete investments to be at the ready. But as important as an API management layer may be, the bigger opportunity is to help educate, provoke, and harvest how business services and their underlying APIs may reshape how work gets done and how organizations compete. This opportunity represents the micro and macro versions of the same vision: moving from systems through data to the new reality of the API economy.

Authors

George Collins, principal, Deloitte Consulting LLP

Collins is a principal in Deloitte Consulting LLP and Chief Technology Officer of Deloitte Digital US. He has over 15 years of experience helping executives shape technology-centric strategies, optimize business processes, and define product and platform architectures. Collins has delivered a variety of technology implementations from eCommerce, CRM, and ERP, to content management and custom development. With global experience, he has a broad outlook on the evolving needs of a variety of markets.

David Sisk, director, Deloitte Consulting LLP

Sisk is a director with Deloitte Consulting LLP in the Systems Integration practice. He has extensive experience in the architecture, design, development, and deployment of enterprise applications, focusing on the custom development area.

35 Tech Trends 2015: The fusion of business and IT

Endnotes

1. Electronic data interchange (EDI); 12. Google, The world is your JavaScript- service-oriented architecture (SOA). enabled oyster, June 29, 2005, http:// 2. Deloitte University Press, Tech Trends 2014: googleblog.blogspot.com/2005/06/ Inspiring disruption, February 6, 2014, world-is-your-javascript-enabled_29. http://dupress.com/periodical/trends/tech- html, accessed October 6, 2014. trends-2014/, accessed November 10, 2014. 13. Google, A fresh new look for the Maps 3. Ibid. API, for all one million sites, May 15, 2013, http://googlegeodevelopers.blogspot. 4. See ProgrammableWeb, http://www. com/2013/05/a-fresh-new-look-for-maps- programmableweb.com/category/ api-for-all.html, accessed October 6, 2014. all/apis?order=field_popularity. 14. Facebook, Facebook Platform launches, 5. Daniel Jacobson and Sangeeta Naray- May 27, 2007, http://web.archive.org/ anan, Netflix API: Top 10 lessons learned (so web/20110522075406/http:/developers. far), July 24, 2014, Slideshare, http:// facebook.com/blog/post/21, October 6, 2014. www.slideshare.net/danieljacobson/ top-10-lessons-learned-from-the-netflix-api- 15. Netflix, “Q2 14 letter to shareholders,” July 21, oscon-2014?utm_content=buffer90883&utm_ 2014, http://files.shareholder.com/downloads/ medium=social&utm_source=twitter. NFLX/3530109523x0x769749/8bc987c9- com&utm_campaign=buffer, ac- 70a3-48af-9339-bdad1393e322/ cessed November 10, 2014. July2014EarningsLetter_7.21.14_final. pdf, accessed October 8, 2014. 6. Thomas H. Davenport and Bala Iyer, “Move beyond enterprise IT to an API strategy,” 16. Daniel Jacobson, Top 10 lessons learned from Harvard Business Review, August 6, 2013, the Neflix API—OSCON 2014, July 24, 2014, https://hbr.org/2013/08/move-beyond-enter- Slideshare, http://www.slideshare.net/danielja- prise-it-to-a/, accessed November 10, 2014. cobson/top-10-lessons-learned-from-the-netflix-api-oscon-2014, accessed October 8, 2014. 7. See ProgrammableWeb, http://www. programmableweb.com/category/ 17. Ibid. travel/apis?category=19965. 18. Ibid. 8. Alex Howard, “Welcome to data transpar- 19. Netflix, “Form 10-K annual report,” Febru- ency in real estate, where possibilities and ary 3, 2014, http://ir.netflix.com/secfiling. challenges await,” TechRepublic, April 30, cfm?filingID=1065280-14-6&CIK=1065280, 2014, http://www.techrepublic.com/article/ accessed December 17, 2014. welcome-to-data-transparency-in-real- 20. Daniel Jacobson, “The evolution of estate-where-possibilities-and-challenges- your API and its value,” October 18, await/, accessed November 10, 2014. 2013, YouTube, https://www.youtube. 9. Deloitte University Press, Tech Trends 2015: com/watch?v=oseed51WcFE, ac- The fusion of business and IT, February 3, 2015. cessed October 8, 2014. 10. Daniel Jacobson and Sangeeta Narayanan, 21. Megan Garber, “Even non-nerds should Netflix API: Top 10 lessons learned (so far). care that Netflix broke up with develop- 11. Kin Lane, History of APIs, June ers,” Atlantic, June 17, 2014, http://www. 2013, https://s3.amazonaws.com/ theatlantic.com/technology/archive/2014/06/ kinlane-productions/whitepapers/ even-non-nerds-should-care-that-netflix- API+Evangelist+-+History+of+APis. just-broke-up-with-developers/372926/, pdf, accessed October 6, 2014. accessed December 17, 2014.

36 API economy

22. Daniel Jacobson, Why REST keeps me up at night, ProgrammableWeb, May 5, 2012, http://www.programmableweb.com/news/ why-rest-keeps-me-night/2012/05/15, accessed October 8, 2014. 23. The API Economist, “Jeff Barr’s head is in the cloud,” April 30, 2013, http://apieconomist. com/blog/2013/4/29/jeff-barrs-head-is- in-the-cloud, accessed January 8, 2015. 24. Deloitte University Press, Tech Trends 2014: Inspiring disruption, February 6, 2014, http://dupress.com/periodical/trends/tech- trends-2014/, accessed November 10, 2014. 25. Deloitte University Press, Tech Trends 2015: The fusion of business and IT, February 3, 2015.