© 2019 IBM Corporation

Creating an API Economy Business Strategy and Governance Model

(in 25 minutes)

Alan Glickenhouse glick@us.ibm.com @ARGlick API Business Strategist IBM

Profile:

© 2019 IBM Corporation

Alan Glickenhouse - Digital Transformation and API Business Strategist

• Assist businesses with their strategy for Digital Transformation and the API Economy - all industries, all geographies, and

of all sizes.

• Share insights and best practices through:

• 1:1 workshops

• Conferences

• Author:

• Digital Business / Digital Transformation - 12

• API Economy / API Management Basics - 16

• Business and Value - 19

• Strategy, Governance, and Best Practices - 32

• Architecture, Technology, and IBM API Connect - 21

• Industry Standards and Use cases - 39

Today we will cover several from this

category

What goes into creating a Business Strategy? (i.e. the Agenda)

3

• Establishing and prioritizing goals

• Creating methods and procedures

• Understanding organizational impact

• Establishing appropriate governance

• Understanding architecture and technical impact

• Communication

• Evaluating what is working and what is not / Vitality

• Attempt to predict the future

© 2019 IBM Corporation

Business Strategy

Why are you thinking of doing APIs?

What is/are the Business goal(s)?

Financial?

Partnering? Faster Mobile Development?

Market Share?

Time to Market? Competitive Pressure?

Innovation?

Other ideas?

From “Alice in Wonderland” by Lewis Carroll

Business Drivers

Speed Reach

Domains Innovation

Drives Adoptions of APIs

Typically low valued assets

Drive brand loyalty

Enter new channels

For Free

Facebook Login API provides free authentication for any Web / mobile app

Example:

Developer Pays Business Asset must be of

high value to the Developer

For example, marketing analytics, news,

Capabilities such as credit checks

Example:

Developer Gets Paid Provides incentive for

developer to leverage web API

Ad placements

Percentage of revenue sold product or services

Google AdSense APIs pay developers who include advertising content into apps

Example:

Indirect Use of API achieves some

goal that drives business model.

E.g. Increase awareness of specific content, or offerings

eBay Trading APIs offer developers access to trading services extending the reach of listings and transactions

Example:

The Business of APIs - Monetization

API Monetization Understanding Business Model Options

IBM Cloud – No cost trials, pay per use, scale up and down

How can the API Economy help you? – Defining Use Cases

•Internal Mobile / UI – •What data/transactions would your own mobile apps need?

•Is there data that is generic (e.g. business locations, rates, etc.)?

•Is there data that is specific to individual customers that should be on your app?

•What features of the mobile device (e.g. GPS, camera) might be useful in conjunction with your APIs?

•Internal Social – •Can you react to positive or negative comments about your business?

•Can you spot trends or opportunities in social media and raise alerts or take action?

•Can you gain insight on your brand and your competition via social media?

•Can you do real time analytics combining current customer status/behavior and history?

•Internal Data – •What data do you collect on your clients?

•Would additional audiences inside your company benefit from accessing this data?

•Can your data identify market segments that would be of interest to a non-related industry? (e.g. expensive cars

are purchased in this neighborhood, lots of child related purchases occurring in this neighborhood).

•Internal Other – •What data do you need to share across Lines of Business?

•Do you need to meet Regulatory Requirements, Industry Standards, Auditing?

•Do you need to provide data access to Marketing, Sales, or other parts of the company?

How can the API Economy help you? – Defining Use Cases

•Ecosystems / Partnering – •What data/transactions do you share between yourself and your partners?

•Is partner on boarding a long difficult process? Would self registration of partners be of value (e.g. more partners,

wider geographic coverage)?

•Public Apps – •What apps might others write that could use your data/transactions to drive more revenue?

•What data would be needed by a comparison App vs. your competitors?

•What other industries might drive use of your products (e.g. car purchase needs bank loan)?

•Mash-ups – what other APIs might make sense with yours? Mapping? Weather?

•Device integration / IoT – •How are you positioned to integrate the next UI technology (after Mobile/Tablets)?

•Does your company deal with devices (e.g. cars, appliances, sensors/meters)? What scenarios can apply to the

device (e.g. needs repair/supplies, needs to send status info, interaction between device and xxx)?

API Economy - 4 Business Drivers and 7 Use Case Categories - Series Overview

Domain Ownership

Do we need to focus on supporting multiple Lines of Business separately?

Results may lead to decisions in:

•Information and transaction access

•API Ownership

•Target Audience

Consider Provider and Consumer Organization Structure

or

API Developer

• How do I assemble APIs?

• How do I manage security?

• Will the infrastructure scale?

• How do I measure performance?

App Developer

• Where do I access APIs?

• How do I understand the

APIs?

• How do I measure success?

API Product Manager

• What APIs should our business create?

• How can I rapidly release & update my APIs?

• How do I publicize my API?

• How do I measure success?

Operations Lead

•How do I manage all the API

Environments that are being

requested?

•How can I scale each environment?

•How can I easily find and fix issues?

API Success Requires Addressing Needs of Multiple Stakeholders

Organization Structure

Need a strong Core Team and Business leader to

own the success of the API initiative

Governance

“Governance” should make it easy to do things the right

way and hard to do things the wrong way!

If you are slowing everything down, that is called

“Bureaucracy”, not Governance

API Initiative Governance – Business Considerations

• API Identification – Creating compelling consumable APIs goes a long way to driving

success. Understanding the API portfolio and some attempt to drive reuse are also

helpful.

• Versioning – creating backward compatible APIs (as much as possible) and having a

strategy for how to handle non-backward compatible APIs.

• API Access (security) – establishing who can access each API (business asset).

• Entitlement and Enforcement – are the APIs going to be rate limited and if so is the

enforcement of the rate limit going to be hard or soft?

• Monetization – what is the business model?

• Privacy – ensuring Consumer privacy and also Organization privacy - Organizations that

consume the same API may be competing with one another.

• Legal – ensuring proper usage of corporate assets, especially when assets are being

used by other businesses.

“Just Enough” Governance

For APIs, focus is on speed and time to market. A light weight Governance model is

required.

Governance model will vary based on the control of the API consumer audience with

increased governance the less the API consumer is controlled.

Always required:

• Communication

• Measurements

Internal:

•Lighter concern on API

identification, versioning,

security (use internal)

•Monetization =

Chargeback

•Entitlement enforcement

usually soft

Partner:

•API identification,

•Versioning plan,

•Security,

•Privacy

•Monetization – maybe?

•Entitlement enforcement

soft or hard

Public:

•API identification,

•Versioning plan,

•Security,

•Privacy

•Legal

•Monetization

•Entitlement enforcement

more often hard

API Initiative Governance – Technical Considerations

• API Standards / Best Practices / Naming conventions.

• Set up best practices around granularity and simplicity

• Lifecycle – few stages should be required to ensure speed of delivery.

• Deployment / Publishing – early environments are usually handled synchronously. However,

Production is usually isolated and requires a disconnected deployment approach (usually scripted).

• Security -

• App security handled via App keys and secrets. Users of the App may be identified using OAuth.

• Strong gateway in DMZ for outside API traffic to protect trusted zone from unauthenticated /

unauthorized access

• Scale –

• API entitlement levels are established, the gateway enforces these entitlements and shields the

systems of record.

• Granular scalability is important, typically through a microservice architecture. As API traffic or users or

any part of the infrastructure is stressed, it needs to scale without requiring the entire infrastructure to

scale with it.

• Flexibility – Plan for hybrid API deployment across a multi-cloud environment. The ability to manage and

secure APIs consistently across on premise and multiple different cloud providers.

Architecture and Technical Implications

Understand the differences between APIs, Services, and Microservices!

Some resources to help:

• What is an API? and What is the API Economy?

• Positioning APIs and Services – Let’s End the Confusion

• Clearing Up Misconceptions About APIs and Microservices

Communication

APIs need to be marketed to the target audiences.

Do lunch and learns for internals

Use your partner channel communications

Publicize external APIs on common sites (e.g. Programmable web).

Run Hackathons, attend/run events

Communicate internally to executives the status of the initiative and the achievement toward

the initiative goals.

Tailor the message to what the audience needs to know.

Communication drives the value and helps keep the funding and

expansion of the initiative.

Does NOT Work!

Measuring Success - Analytics

Establish meaningful measurable goals for “success” – typically related

back to your business goals - and gain executive agreement:

•Revenue Generated

•Time to Market measurements

•APP developer sign ups

•API usage rates / rate of growth

•Number of APPs driving usage of over xx transactions per time interval

•What data is being requested? What data is not being requested?

•Are there usage patterns – dates, locations?

•Are APP developers using multiple APIs?

Look at technical metrics too to see where improvement is required:

•Are developers coming to site and not signing up?

•Are API calls coming back with errors?

•Is performance acceptable?

Publish reports or make dashboards available to the appropriate

audience for easy access to metrics

Vitality

1. Most businesses start by targeting internal

developers

• Allows for some mistakes and corrections

• Lighter governance model

• Stage 1B – add additional internal

organizations as API suppliers and/or

consumers

2. Stage 2 – bring on known partners

• Introduces more governance

• Tighten up security, privacy, and scaling

• Plan for change

• Stage 2B – Partner on-boarding

3. Stage 3 – Go Public

Don’t wait until you know all the answers and have everything in place to get started. The market is

moving too fast. Plan stages for the roll out that build on what you learn.

5 stages of maturity with 2 perspectives

Across several dimensions Business approach

Management

Architecture

Information & content

Process & methods

Infrastructure

Learning Using an Unstructured Approach

Discovering & Experimenting to Gain Market Understanding

Implementing Targeted Market Solutions

Expanding to Full Digital Market Solutions

Innovating with Predictive Transformation

Technology Business

And several factors for each dimension Business drivers, perspective, industry integration, monetization

Organization, audience, communication, measurements

Style, application architecture, configurability, variability

Scope, exposure, content management, Taxonomy

Lifecycle, API Identification, dependency management, Devops

QoS, deployment, security, availability, performance, scalability

API Economy Journey Map Charting the evolution of Digital Transformation

Getting Started

1. Executive and Business Backing • APIs are a product to be delivered, not a technology for IT to improve efficiency

• Lack of executive or business buy-in will result in a technology implementation with no/little impact on the business.

• Leadership absolutely must participate and back the initiative.

2. Establish a strategy and goals • Understand why you are executing an API strategy

• Set Goals for the initiative with time frames and reporting metrics

3. Commitment to Roles, Responsibilities, and Resources • There will need to be resources dedicated to the API initiative.

• Enable enough key resources to make governance effective.

4. Get the Message Out • Involve some folks skilled in formal communication and education

campaigns.

• Do some API evangelist work

• The core team’s role(s) must be understood and propagated

• Collect and Publish Metrics

Critical Success Factors for API Management

1. Security • Security checks and business logic should not be mixed Having the capability to run

business logic where security is being checked is a security exposure.

• Security should be handled as soon as possible, and certainly before outside traffic reaches the trusted zone.

• General purpose application execution environments must not be imbedded in your API Gateway

2. Granular Scalability • Plan for growth and spikes in API calls, consumers accessing your developer portal, more APIs needing to be

managed, more visibility into the analytics, or any combination. And, each may spike independently.

• Microservice architectures support the automated scaling of resources as requirements increase and reduction as

usage lessens.

3. Multi-cloud Capability • Need to consider - What is your cloud strategy? Which cloud provider(s) will you use? How can you maintain

portability between on-premise and any cloud provider so that you can be prepared no matter what cloud choice is made or if cloud providers are changed or added?

• Need multi-cloud support to provide flexibility for cloud unknowns that are coming.

developer.ibm.com/apiconnect

API developer community site

on APIs, API economy, API Connect

Includes API community forum API events Best practices blog Videos

Additional Resources

Alan’s Articles, Blogs, Papers, and Videos…

• https://developer.ibm.com/apiconnect/author/glick/

• Guide to 100 API Economy and API Management

Resources

API Economy and API Management Basics:

•. What is an API? and What is the API Economy?

• What is API Management?

• Alan Tells All About APIs (video)

• IT Uncensored – What is API Management? (video)

• What are businesses doing with APIs and why are they doing it? (video)

• API Economy Drivers

• Happy API Year! (from 2017)

• I Already Have Partners Accessing My Services. Why Should I Use APIs?

• Should Business APIs Replace EDI?

• Providing APIs or Managing APIs – There is a Big Difference

• Don’t be Afraid of Public APIs

• Does size matter? (for your business to participate in the API Economy)

• API Connect Video Series: API Economy – What’s happening and where

is this going? (Part 1) and (Part 2) (video)

•APIs and Events – Recognizing Opportunities Instead of Reacting to

Problems

•The Biggest Impediment to API Economy Growth is…?

• Is Two-Speed (Bimodal) IT a Good Thing or a Bad Thing?

Digital Business / Digital Transformation:

• Becoming a Digital Business – Is API Management Enough?

• Digital Transformation – Becoming a Digital Business

• Digital Business and APIs – Need to See the Forest and the Trees

(article)

• Digital Business Value when Combining API Management and Istio

• Digital Transformation Requires Integration Modernization

• Integration Modernization Requires Good Parenting

• Why Become a Digital Business?

• How Systemized Innovation Enables Digital Transformation (article)

• History of IT Constraints – What Might Constrain Digital

Transformation?

• Creating A Digital Ecosystem – Past, Present, and Future

• Business APIs – The Secret Sauce in Successful Digital Marketing

(article)

• Overcoming the 3 Largest Obstacles to Digital Transformation

(article)

Alan’s Articles, Blogs, Papers, and Videos… Business and Value

• Why Your Business Needs APIs (and Why Your APIs Need IBM API Connect)

(white paper) + Blog

• Why Choose IBM API Connect?

• API Monetization – What Does It Really Mean?

• API Connect Video Series: API Monetization (video)

• API Monetization Understanding Business Model Options (white paper) + Blog

• IBM’s API Management Undisputed #1 in Market Share – Again (2019)

• IBM’s API Management Undisputed #1 in Market Share (2018)

• Analyst Firm Lists IBM API Connect as an API Management Leader (new)

• Analysts Cite IBM as a Leader (old – 2016)

• What is the ROI for API Connect? – Forrester TEI Study Demonstrates

Economic Benefits

• Forrester TEI Study Results Show 674% ROI

• RFP Template – Assistance in Choosing an API Solution Partner

• IBM API Connect: Powering the New Channel

• Do APIs Cause Channel Issues and Loss of Direct Customer Interaction?

•State of the API Economy – January 2019

• How to Get the Business to Participate in an API Initiative

• How IBM API Connect Helps Royal Mail Group Deliver

• The Business of API Marketplaces (article)

• Now Trending: API Platform Economy (article)

Strategy, Governance, and Best Practices

• Creating an API Economy Strategy

• Creating an API Economy Strategy – short version (video)

• Implementing Governance of an API Initiative

• Organization and Governance of API Initiatives

• What are the Recommended Roles for an API Initiative?

• What is the Recommended Organizational Structure for an API Initiative?

• Real World Experiences with API Centers of Excellence (CoE)

• API Economy Best Practices (white paper) + Blog

• API Connect Video Series: API Economy Best Practices (video)

• Identifying Good Candidates for APIs

• The 7 Biggest Mistakes Companies Make on their API Initiatives

• GDPR Considerations for Integration and the API Economy

• API Management Across Multiple Lines of Business (LoBs)

• API Versioning – Best Practices (and not so great practices)

• API Connect Video Series: API Use Cases (video)

• API Economy – 4 Business Drivers and 7 Use Case Categories – Series

Overview

• API Economy Business Drivers: #1 – Speed

• API Economy Business Drivers: #2 – Reach

• API Economy Business Drivers: #3 – Innovation

• API Economy Business Drivers: #4 – Domains

• API Economy Use Case Identification: #1 – Mobile

• API Economy Use Case Identification: #2 – Social

• API Economy Use Case Identification: #3 – Data

• API Economy Use Case Identification: #4 – Other

• API Economy Use Case Identification: #5 – Partner

• API Economy Use Case Identification: #6 – Public

• API Economy Use Case Identification: #7 – IoT

• Beating (or Catching Up with) the Competition through APIs

• The API Economy Journey Map: How Are You Doing?

• API Economy Journey Map FAQs

• Discussing Your API Initiative With the Legal Department

• Why Isn’t My API Achieving the Desired Results?

Alan’s Articles, Blogs, Papers, and Videos…

Industry • API use cases for every industry

• APIs for Aerospace and Defense Blast Off

• What’s driving APIs in Automotive?

• Identifying API Use Cases: Automotive (white paper) + Blog

• Banking on APIs

• Banking on APIs – part 1 and part 2 (podcast)

• PSD2: Banking and the API Economy (video panel discussion)

• Q&A with the Head of Technology at Open Banking Ltd.

• Identifying API Use Cases: Banking (white paper) + Blog

• Drilling into API usage in Chemical and Petroleum

• APIs for CPG – Managing Bathrooms to Supply Chains

• Learning your ABCs using APIs – APIs in Education

• No Shock the Electronics Industry is Charged Up about APIs

• Financial Services – Planning to Retire on APIs

• Identifying API Use Cases: Life Insurance / Financial (white paper) + Blog

• Government APIs – Do More with Less

• Identifying API Use Cases: Government (white paper) + Blog

• Healthcare APIs – A Cure to Accessing Healthcare Systems

• Healthcare Providers – A Prescription for APIs

• Identifying API Use Cases: Healthcare / Life Sciences (white paper) + Blog

• Healthcare and APIs (podcast)

• Sample API Use Cases for Insurance (article)

• Creating an Insurance API Platform (article)

• APIs for Insurance – Avoid the Risk of Falling Behind

• Identifying API Use Cases: P&C Insurance (white paper) + Blog

• Legal vs IT: Usage of APIs throughout the Business (article)

• APIs: A Prescription for Challenges in Life Sciences

• Building APIs for the Manufacturing Industry

• Media and Entertainment – Hooray for APIs!

• Unearthing API Use Cases in Metals and Mining

• Today’s Special: APIs for the Retail Industry

• Identifying API Use Cases: Retail (white paper) + Blog

• ReshAPIng Cities – Using APIs to Build Smarter Cities

• Software Industry API Use Cases – Eating Our Own Cooking

• Telecom and APIs – Now We Are Talking

• Identifying API Use Cases: Telecommunications (white paper) + Blog

• APIs are Taking Off In Travel and Transportation

• APIs for Utilities – Let’s Do Something About the Weather!

• API Industry Standards and Regulatory Requirements

Architecture, Technology, and IBM API Connect

• Introducing API Connect (video)

• APIs and SOA – Better Together (video)

• API Connect Video Series: APIs and Services What’s the difference? (video)

• Positioning APIs and Services – Let’s End the Confusion!

• How To Get To Two Speed IT

• An ESB is Not API Management

• Is a Combined ESB and API Management a Good Idea?

• IBM Brings Multiple Integrations To a Single Platform; Focuses on Optimizing

Integration for the Multi-Cloud Enterprise (interview)

• Using APIs and Microservices as a Fast, Low-Cost and Low-Risk Innovation

Engine (article)

• API Connect Video Series: IOT – Focus on Security (video)

• Internet of Things APIs – Focus on Security

• Analytics: The Icing on Top of Your API Management Cake

•Clearing Up Misconceptions About APIs and Microservices

•Which Comes First, The API or The Service?

•Do Not Be Afraid of API Initiative SUCCESS

•Integration Architecture Decisions – APIs, Services, and Microservices

•Use API-First Design to Address Multi-Cloud Architectures (article)

•How Do You Ensure API Quality?

• API Connect V2018 Whitepaper Now Available

• Ping Identity and IBM Partner to Protect Against API Cyberattacks

• IBM API Connect Wins 2019 iF Design Award