API Management

API Management Implementation – What Works

Part 2 of a 3 part series

In Part 1 of this series, we discussed the lessons learned from a large insurance company during their implementation of an API Management Program. In this post Simon discusses what they found to work well during that journey. 

Decisions and steps we have taken that have proven to be effective in implementation of an API Management program:

1. Define security models upfront

Security policies should not be invented on the fly by each API designer. In our case we identified a limited set of security policies which we wanted to support, and the API designer selected from that list. This has resulted in a consistent and reliable security implementation.

2. Automate publication to the Dev Portal

The design platform, as the system of record for API data, is the logical point from which information can be published to the Developer Portal. We elected to do this once the API reached a specific lifecycle state. This allowed us to automate the creation of entries in the Developer Portal with API descriptions expressed in Markdown, and with request and response examples presented in the portal along with the OpenAPI specification. By mapping the API in the design platform to various taxonomies we were able to control the layout out of the API in the portal.

3. Adopt standards for completeness

Our initial experience with the design platform led us to realize that the API designer was unlikely to fully define the API, especially to the degree necessary to support automation of policies and API portal integration. We successfully introduced a self-enforced governance checklist which let the API designer validate their work, and which resulted in higher quality products.

4. Business traceability

Once several hundred APIs have been created it becomes difficult to understand what has been created.  To address that we represented a business capability model within the design platform and mapped each API to a part of capability hierarchy. This gives us the ability to look at a part of the business and see which APIs are supporting that function.  We similarly implemented a Journey taxonomy, for the same purpose.

Successful implementation of an API Management program requires business traceability of new APIs
Successful implementation of an API Management program requires business traceability of new APIs
Read on for the final part of the series where Simon discusses the opportunities that a successful API Management Strategy as well as a Holistic Abstracted Catalog unlocks for large enterprises.

Simon Hoare

Simon is an IT professional and customer of ignite at a large insurance company. His career spans over 26 years and throughout it has held a number of senior positions, primarily in architecture. In his most recent role, he’s demonstrated proven success in launching, building, and growing a successful API best practice program – moving the organization from a SOA strategy to one in which they’re leveraging micro-services and API management best practices, working with everyone from API analysts to the business. He’s been able to demonstrate not only an impact on the bottom line but also directly tying together business innovation and ideas with existing IT capabilities.

Related Articles