API Management: Why Ecosystem-Specific Strategies Beat the Shotgun Approach
Table of Contents
What do tomatoes and blueberries have in common with API Management? After working on many API management projects since 2015, I’ve noticed that many organizations struggle to focus on the real value of API management.
The key to effective API management is understanding that every API ecosystem is different. The most important first step is to classify your APIs and their contexts—only then can you optimize for what matters in each case. This article explores why starting with classification leads to better business outcomes than any one-size-fits-all approach.
The general purpose of API management and some misinterpretations
The main goal of API management is not to become a gatekeeper or the only person with insight into the complex world of APIs in your IT department. The real goal is to solve complex challenges for others—API provider teams and API consumer teams—who need to deliver a constant stream of value for internal or external ecosystems.
If your motivation is simply to meet regulatory requirements and provide an easy-to-use self-service for value-stream-aligned IT delivery teams, that’s fine—especially if it helps teams quickly address high-security or regulatory challenges (think “Bowser” from Mario games) within their CI/CD pipelines. Sometimes, regulation is so demanding that some impact on your delivery process is unavoidable.
However, never use a shotgun approach by imposing a highly regulated, complex toolchain on internal development or other areas where agility is needed and such requirements don’t exist. This will kill your teams’ speed and agility.
The pattern behind misguided API management initiatives
Why am I sharing these thoughts?
I’ve seen many organizations struggle with API management. One common antipattern is when a marketing or e-commerce department buys an API management platform for B2B APIs. Exposing APIs to partners securely and having a mature API portal is important to them, of course.
A few months later, the IT department starts talking about API management as a solution to address the challenges of exponential service growth. Often, crosscutting roles like enterprise architects join the conversation, trying to prevent wild growth and redundancy and encourage (or even enforce) the reuse of existing solutions.
But months later, the IT department may still refuse to adopt API management as a discipline, and ends up facing technical debt and stagnating growth of valuable services—because they’re working around technical debt instead of focusing on innovation.
Why API ecosystem classification is so important
Every API platform activity I start usually begins with an ecosystem classification to identify the different “interpretations” of API management. When you look at classes like “edge APIs”, “private unmanaged APIs”, “internal managed APIs”, “microservice APIs”, “web APIs”, “mobile APIs”, “B2C APIs”, and “B2B APIs”, you’ll find that their requirements for API management have little in common. The effort required to secure and govern these APIs changes dramatically depending on how exposed and business-critical they are.
B2C APIs and B2B APIs, for example, might have similar requirements for onboarding, monetization, security, compliance, stability, and design governance. If that’s the case, you can evangelize a common solution across your IT department—your delivery teams will thank you for solving these complex challenges for them.
My favorite metaphor – Tomatoes and Blueberries
I love using metaphors to help people understand basic concepts that are often hidden behind complex challenges. What is the purpose of API management? It should help your service economy grow! That’s why I compare it to my hobby of gardening vegetables and fruits.
Shotgun approaches can save time and money. In the gardening metaphor, that means buying one big pack of fertilizer for the whole garden. It saves time because you don’t have to think long about the right solution, and it saves money because you can buy in bulk.
But what happens if you use tomato fertilizer for blueberries? Your tomatoes (B2B economy) will still grow fast, but your strawberries (internal service economy) will suffer from the wrong nutrition. And your lawn will look terrible. All my visitors—who I love sharing my produce with—will notice the effort I put into caring for my garden. Your API consumers (internal and external) will notice the same. Think about it!
Shotgun approach vs. individualized “build your own”
Consider a lightweight, individualized “build your own” approach for your internal API ecosystems or wherever it fits. You might be surprised by the large ecosystem of open source and free-to-use components that can be integrated quickly to create your ideal, developer-friendly toolstack.
But if you have to solve a lot of complex regulatory challenges at once, it’s better to look at well-adopted third-party, vendor-based API management solutions and outsource these activities. You want your best technical experts in IT to focus on what needs to be individualized to maximize your organization’s value.
Many vendor-based solutions I’ve worked with have already solved these challenges for you. But, just like with the “build your own” approach, you’ll still need to figure out how to run and integrate these solutions into your environment. Even cloud-based managed services need attention—especially in highly regulated industries like finance, where you may need to consider requirements like Germany’s BaFin expectations on exit strategies.
Why Classification Enables Ecosystem-Specific Optimization
In some cases, a shotgun approach isn’t so bad and can save a lot of money. But don’t be blinded by “consolidation” and “money-saving” ideas. The “low-hanging fruit” of reusing your existing API management stack in other domains might become a real problem for agility. At the same time, bringing highly individualized solutions built for speed into highly regulated and secure environments can also cause problems you don’t want to deal with.
Ecosystem classification is the foundation for all API management decisions. Only by understanding the unique needs of each API group can you optimize for agility, compliance, and business value—sometimes with a common solution, sometimes with a custom approach. Start with classification, then optimize accordingly.