How awful are your APIs !

Because I am now free and released from a duty of reserve, during my daily activites, including API management, I was extremely disappointed by the lack of interest by many large companies in producing high-level APIs or even with just the bare minimum of good-exposed resources. However, APIs are the pivot of the customer-centric, of the customer-driven, a grail to be reached.

All API subjects (also the case for all application components of an IS to be fair) are swallowed up and focused on the “do” instead of the “have”: DevSecOps, agility, move to cloud but then not the product by itself. Sometimes, the dev culture in design and functional part is so low and only given to the newbies that all the delivery is missed, useless, and even dangerous in terms of data security.

Sure, I originally come from a company, Dassault Systèmes / now 3DS, where the well-established leader was and is still the developer, but now with its Product Owner. It is a kind of “one-man band actor” sensible to the design, the ontology of objects and data constituting the resources, but it seems that, today, except for superstars in AI, development activities are still underplayed. When actually lowering the cost of the run, of duplications, of incomprehension between users and subscribers, it requires highly documented APIs with mocks to learn and practice that are exposed close to the endpoints of the API.

Then, the real Enterprise Architect transverse role to manage the whole lifecycle of the APIs must be protected and promoted. It is the ideal position to run an effective governance process on this topic.

Above all, an API catalogue is a valuable asset for a company and not only the result of trendy practices and fast then poor deliveries. Internally, for critical data, transverse open data, external exposition for suppliers or partners, and of course, monetized or Open API to share for free corporate enriched data, the maximum effort must be applied to the semantics and documentation, design of all the API parts (headers, endpoints and resources, body request and result payloads, including security rules and sensitive data lineage sometimes).

Do not forget that an API management tool, as a mediation layer, must be seen as a sufficient component to secure web services when very often, Security managers have denied this role to usually protect only the back-end components. What a pity!

I hope this message will resonate with sensitive managers, insiders, and discerning developers, including their Product Owners, to promote the role of API Managers who are trying to deliver the best guidelines and relevant ref cards, an optimized cataloguing for portals to promote this essential Information System matter.

This article is not a testimony of my durable API contribution, but rather a share of hope for all enterprises that will be sensitive to this” seen as extreme” approach. API deserves it as well as their resources!

Managing APIs is an activity of excellence and even an Art, the 11th Art ?

Indeed, it is still not fixed after the tenth assimilated to multimedia and videogame … Then let us use this free slot for APIs !