How To Transform Enterprise Customers' Business Through APIs


It's one thing to have a Web site, but quite another to have a platform. In today's social media world, it's critical for IT solution providers to develop applications for their clients that interact with potential customers -- and don't hog space on mobile devices, truly answer a need and are easy to use. By developing applications that their customers end users will find indispensible, VARs can help their clients not only boost visibility but also revenue. Here, Layer 7 Technologies' co-founder discusses the keys to API success -- Jennifer Bosavage, editor

Best practices for building and marketing a Web site have changed quite a bit since Marc Andreessen first helped launch Mosaic back in 1993. Rotating gifs and rainbow colored separation bars are no longer state of the art. Today the Web is dynamic, interactive and social. It is also open to developers.

Microsoft learned early how to cater to developers and make their OS easy to build upon. All those value-added applications in turn made its operating system indispensible. Apple, much later transformed its touch phone into a whole new category of platform by similarly catering to developers. The Web is no different. Salesforce has transformed from a closed point CRM solution to a business platform by opening itself up.

VARs can help transform customers from enterprises with Web sites into having something far bigger: a platform.

VARs add value to enterprise IT initiatives in countless ways, from securing information assets or helping integrate one application with another, to helping businesses port, extend and evolve its IT. The goal for all those initiatives is to support business objectives that will increase customer revenue, reach and retention. By showing enterprises how to open up information assets in a secure, manageable and repeatable way, VARs can help businesses create a platform that drives revenue, reach and retention.

The following outlines key tips and solution sets VARs should be sure to have in their portfolios for maximizing this vibrant new market opportunity.

The Secret Is in the API

Application programming interfaces (APIs) open applications to other applications and also to developers. REST, a Web-like, XML based API protocol, has emerged in the last couple of years as an almost universally accepted way of exposing Web data and functionality in a programmatic way to developers. Countless Web sites now provide REST APIs that allow any developer to pull select information or processes from one or more Web applications and deliver a new composite application or mash-up inside a browser or mobile app.

Opening its short messaging service remade Twitter from a simple SMS Gateway into a communications platform with global reach. Likewise, Facebook became unassailable when they went from a closed social network to an open platform that countless developers can build on. The lesson is that platforms don’t happen by chance.

Tip #1: Make APIs Safe and Reliable

Clearly articulate the potential risks that opening APIs to outside developers introduces and how to combat them. Problems can and will arise when companies publish APIs without considering the following:
• Developers can misuse the APIs by sending corrupted requests or reduce availability by excessive calls.
• Developers can try to access information without authorization.
• Developers can break Web sites by attacking the underlying application.

VARs should enhance their portfolios with API proxies that serve as an intermediation layer between outside developers and the Web APIs they are trying to consume. An API proxy, also sometimes referred to as an XML Gateway, can provide a secure control point for managing access, privacy, integrity and availability to API end points. Some can also be configured to guard against XML and protocol attacks that can bring down Web sites.

Tip #2: Enhance API Usability

Once secured, it’s crucial to have a plan for making APIs more useable to a developer. Enterprises need to manage how the API gets discovered, life cycled, metered and tracked.

An API publisher will need a way to manage versions, track usage statistics across all developers, define rate plans and invoice based on usage (assuming their API’s are pay for use). That is accomplished from an API operations dashboard. Most API proxy vendors can supply this component or it can be assembled from various management piece-parts with some engineering.

Tip #3: Manage the API Lifecycle

Organizations publishing APIs will need to provide developers with a way to discover information about the APIs, register to access different APIs and manage their own usage.

The latter capability is often delivered as a self-service developer-centric portal. Some enterprises custom-build this around a Web CMS product. Others leverage an off-the-shelf Web portal that many API proxy vendors offer. However it is delivered, the publisher dashboard and the developer portal are critical for making the publication and consumption of Web APIs both manageable and repeatable.

The VAR Prerogative

VARs have a unique perspective on the problems their customers face. As trusted technology advisors, they also have a privileged perspective on how technology can make their customers more successful. In this day and age, every organization has a Web presence of some sort but few leverage that presence to its full potential. The increased use of APIs online creates new possibilities for enterprises to broaden the reach of their organizations by tapping the energy and industry of countless mobile and Web developers.

By helping clients open up their Web and information assets in a secure, manageable and repeatable way, VARs can play a vital role in transforming those businesses and putting them at the center of an ecosystem of value-added app developers. In remaking their clients’ information assets into platforms, VARs can play the ultimate value-added role.

Dimitri Sirota, co-founder and vice president of marketing and alliances at Layer 7 Technologies, is an accomplished entrepreneur and a pioneer in the security field. Follow him at @l7sirota