Simply having APIs is not enough
APIs alone are good. But without coordinated API management, bad things tend to happen.
For several years now, the conventional wisdom among both business and DevOps professionals has been that well-designed APIs are a key contributor to the delivery of successful digital projects.
In fact, our study from 2015 showed that almost all “digital disrupters” – companies at the leading edge of innovation – had leveraged APIs to achieve twice the revenue growth of their mainstream counterparts. Digging deeper, the research also showed that the best predictor of success is not just having APIs, but having them in the context of a properly managed and coordinated API program.
APIs accelerate innovation, which in turn leads to the great digital experiences that make consumers and shareholders take notice.
Mobile apps that give us a constant link to our vehicles, finances, and families; smart devices that monitor our homes and bodies; connected sensors that allow us to track anything in physical space – these are the emerging use cases that are catapulting businesses into the realm of exponential growth.
While APIs provide the connectivity that brings these experiences to life, recent events make it painfully clear that in the absence of proper governance and management, they also become a gateway to nightmare scenarios.
What happens without API management?
One of the more vivid examples occurred just last month, when security researchers revealed that APIs used to connect the Nissan mobile app to Leaf electric vehicles were implemented without encryption or authentication.
Anyone with the server address and a vehicle identification number (VIN) could not only intercept personal data including trip logs, but also activate cabin features, anonymously and from anywhere in the world. Primary functions such as throttle, brakes, and steering were not affected this time around, but as cars become ever more autonomous, it’s easy to imagine the safety implications of future vehicle API hacks.
API management helps to restore control
As the “last mile” between mobile apps, IoT endpoints, and their backend services, APIs have rapidly become the new perimeter for today’s digital businesses. In turn, API governance and management have risen from being minor considerations to critical factors in both the design and delivery of digital experiences.
Properly implemented, API management restores perimeter awareness, security, and control to enterprises, even as they are increasingly exposed to connected “things” outside the firewall – whether those things are phones, tablets, cars, baby monitors, webcams, GPS trackers, fitness monitors, or just about any other modern product.
Of all the businesses in the world, digital disrupters from our survey have had the most experience with this kind of exposure, and it’s telling that they have concluded that proper management of APIs is critical for reducing its risks. Be one of those digital disrupters. Avoid being that Nissan guy.
For more information about the 13 essential capabilities that API management can bring to your digital initiatives, download the free API Management Playbook.