How to generate profit—not peril—with your APIs
Section 1: Make money. But don’t get hacked.
A new API initiative here. Another there. And soon you’ve got a million. Your company is swimming in APIs, often at crosscurrents—and you don’t have a handle on it at all.
You’ve got several gateways. They are on premises, in the cloud, and using different API technologies in different business units. Great API approaches breed revenue, and bad ones simply breed APIs. Uncontrolled API proliferation and development cycles leads to an inability to manage digital services and products—and increased security risks. The digital transformation required to solve this problem is increasingly complex and more difficult to navigate with constantly changing needs. A misstep today can have a lasting impact on your ability to compete in the future.
It might be your downfall.
APIs make up over 83 percent of Internet traffic. And for good reason: APIs are profit multipliers. They help you create omnichannel experiences, accelerate innovation, improve business efficiency and create new lines of revenue. That’s because they connect deep and direct to your systems of record without changing them.
But they also shred security for the unprepared.
In 2021, LinkedIn suffered an API attack not just once, resulting in scraped data from 500 million users going on sale, but then again a few months later. The second attack hit 92 percent of the company’s users. The same year, Microsoft Exchange Server suffered a complex attack organized by a state-sponsored group—using APIs to help kickstart further breaches. These are two of many high-profile attacks that year, according to Salt Security.
Such vulnerabilities make poorly managed or misconfigured APIs an easy target for beginner and expert hackers alike. And it’s not just direct threats to your business you need to worry about—it’s about how quickly your customers can lose their trust in you, even when a well-publicized “breach” only reveals public information.
If it’s any consolation, you’re not alone in your concerns. Still, there are a few questions that may be giving you sleepless nights:
- How do I provide access to our critical systems of record without opening the organization to a single hack that could cost us millions?
- If I don’t have control of our API initiatives, how will we ever have comprehensive visibility or a bulletproof strategy?
- As competitors conquer the API challenge and roll out new tools and apps, will we lose customers to them?
- Will I invest time, money, energy and political capital only to fail? (And how do I sugarcoat that story when I’m looking for a new job?)
It’s clear that APIs are the path to growth and innovation, able to create connected experiences for employees, partners and especially customers. But what’s keeping you awake is how to manage the risks—the risk to the security of your data, the risk that you won’t have a clear understanding of how to drive your APIs to value, and the risk that your competitors will get there before you do.
Let’s get serious for a moment
The stakes really are this high—but you can do it.
By understanding the API landscape, you can be sure your organization keeps the profits, loses the liability, and wins the day. You’ll be the ones delivering personalized, omnichannel customer experience that will make your business the talk of TikTok. (And not in the bad way.) Your APIs will give you easy access to data and systems for transparency and seamless integration with customers, employees and partners. You’ll do this with tight governance and protection of the data APIs expose, total visibility, an ecosystem of connectivity, and full lifecycle management.
It’s actually pretty simple. You need to identify which threats are real and what types of solutions mitigate the potential for losses so you can stop worrying about APIs and start loving their results. Then instead of being known for the security risks you opened the company up to and the lost customers that followed, you’ll be the leader who drove new revenue, happy customers, and a connected enterprise with an innovative API strategy. Strap in.
Let’s make you an expert.
Section 2: Why you feel this way
The truth is that any concern you have is probably built on something quite real. We’d be fooling ourselves—and you—to say APIs guarantee big profits no matter how you implement them. But it’s important to know from the outset that every single one of the following risks can be addressed effectively. And with the risks managed, the upside potential is huge.
This is what you’re up against:
You’ve read the stories. (And we’ve shared a couple already.) API breaches expose customer data all the time. The 2022 API Security Trend Report noted that 41 percent of organizations were hit by API security incidents in the past year alone.
Staff turnover can lead to zombie APIs that no one owns or is aware of. Multiple versions of APIs can create confusion over which is the “official” supported and secure version.
You’ll want to lock down your APIs before they make you (in)famous.
Lack of API Strategy
You’ve watched as your competition quickly rolls out offerings in new geographies and new formats. You need those API-led self-service apps and the ability to quickly update customer-facing tools to plug the holes in the customer retention dam. Without a clear business-focused API strategy and the tools to execute it, you’ll continue playing catch-up as they siphon away your customers. And you’ll keep losing market share. That’s heavy stuff to see, with a long-term negative impact to your bottom line.
U.S. companies alone lose $136.8 billion per year due to avoidable consumer switching, with 76 percent of consumers saying it has gotten easier to switch. Over 91 percent who are unhappy with a brand leave without ever complaining.
Building new apps with APIs in the cloud is a complex technical topic, but for many, the real challenge is aligning with business goals and delivering value.
This means designing APIs that reflect a deep understanding of both the consumer and your business strategy, choosing the proper approach to monetization (indirect or direct, there are many options for each) and marketing them. Engaging with customers and gaining insights into their problems is the key to capture their attention (and wallets!) with the right strategy.
To put it bluntly, the road to financial ruin is paved with the companies that didn’t think through their API strategy. Let’s not add your name to the list.
Rapid API proliferation
The popularity and ease of creating APIs can have another downside: uncontrolled proliferation and inconsistent development approaches across different parts of an organization.
It doesn’t take much to build an API; almost any developer can do it. Sometimes it’s easier to take someone else’s API, make a small change and release it as a new API instead of going through the process of providing feedback, enhancing the original API and releasing a new version. Business units looking for a quick win might choose an API-led solution they can implement rapidly that doesn’t rely on central IT for support. And in large organizations, you might have no idea that there’s already an API for a need you’ve identified.
The result, for some, is a truly overwhelming number of internal, external, zombie, local, global, duplicate, multi-version, partner-oriented, customer-oriented, employee-oriented, and in-progress APIs with inconsistent quality and security. And that can affect your customers—and your business.
Rapid API proliferation is likely to transform APIs to the number one IT vulnerability and attack vector by around 2022
Section 3: There’s a light at the end of this tunnel
Here’s the best thing you’re going to read about APIs today and a reason for you to smile.
Actually, this thought should have you beaming.
There are great solutions on the market that minimize risk while you helping you capture all the benefits APIs can bring to the table. And if you can move towards one of those solutions, you might just get a promotion for being the only person in your organization who knew what to look for.
With that in mind, make sure to choose a solution that:
1. Strengthens your API program
Comprehensive security is non-negotiable. But implementing that security with automation and speed is how you win. Look for an API solution that does both. That means support for all core authentication standards with an easy-to-use UI, advanced user-based security, and automated deployments for high-quality releases. On top of these pillars, you need centralized views for compliance, and powerful API management that lets your team monitor, customize, and control cloud native-applications.
Here’s the cheat sheet to use:
- A secure platform, support for all authentication standards and providers, easy to use visual UI for layered security policies
- Advanced user-based security like JSON web tokens, SAML, API keys, OAuth, Open ID, and masking for sensitive PII data
- Fully automated deployments in your DevOps toolchain with “everything-as-an-API” functionality
- Microgateways to protect and mediate APIs and microservices in distributed architectures in the cloud, protected the minute they’re deployed
- Centralized visibility, management, and control of microservices and APIs
- Partnerships with major API security vendors for cloud-specific API threats
2. Provides strategic advantages with API-led capabilities
API monetization gets a boost when your organization has a single platform to run the show. That’s how new revenue springs from existing data – you capture value without missing anything, and your customers get the useful, fun, confidence-inspiring mobile and cloud apps they’ve been clamoring for. That’s omnichannel, single-source happiness you can take to the bank.
Here’s the cheat-sheet to use:
- A single platform to connect, integrate to an application, and expose services and data as APIs
- The tools to monetize APIs and define plans and packages to capture all value scenarios: free, developer pays, developer gets paid, and indirect
- Visibility into API usage metrics
- Create a community and marketplace for your APIs with a customizable portal that allows developers to provide feedback, download APIs, and share apps
- Rich collaboration capabilities including social feeds, community groups, hackathons, and promotions
- Fully hosted APIs in the cloud for customer-friendly mobile and cloud apps
3. Takes control of your APIs with end-to-end lifecycle support and governance
APIs are how your digital business opens new ways to reach customers and partners. But because they’re such an essential part of your business strategy, it’s critically important that you have full operational visibility and control. Above all, you must have a centralized governance and end-to-end lifecycle management model for all APIs and microservices. And don’t forget that unless you’re in of the 1% of companies where developers flock—you’ll need killer DevEx to make it easy to use.
Here’s the cheat-sheet to use:
- A platform that provides full lifecycle of your APIs from requirement to retirement so you’ll know who’s using your APIs, you’ll understand how they’re performing, and you can identify rogue APIs
- A catalog for capturing and managing all dependencies and relationships, defining and enforcing consistency and review processes
- No vendor and dev tool lock-in with support for the largest number of open API standards including OAS 3.0, SOAP, REST, WebSockets, and more
- A single API gateway to secure access and apply policies for all transactions, including B2B integrations, mobile consumers, APIs, files, and services
Section 4: Taking a business from fragility to agility
Lower cost and risk of modernization
Responding to the demands of cloud and scale by adopting API-led and microservices-based architectures without ripping and replacing legacy investments.
The U.K. Army needed a way to unify flow and access to army data, documents, and information between agencies. It had to be highly secure and standardized. The Army lacked visibility into essential systems and sources. This led to inaccurate stock levels, poor equipment utilization, conflicting requests for resources, and pricey waste. The challenge was getting the right information at the right time.
Top-notch security with an advanced API Gateway underpinned an API-first solution that delivered trusted information flow, accurate activity planning, and decision-making. New management dashboards provided improved monitoring, measurement, and reporting.
Inter-agency visibility enabled the Army to execute in lockstep with an understanding of costs, improved forecasting, more efficient utilization of equipment, and reduced waste. Running as a leaner operation saved £8B in the first year alone. And a letter of commendation by a 2-star general.
Build an API-led foundation that reduces the complexity and time needed to create innovative digital products and services.
Carnival Cruise Lines has a complex network of worldwide travel partner integrations in their reservation and shipboard point-of-sale systems. Tracking all these interactions was made even more challenging by the need to synchronize data before and after cruises. It needed to radically improve customer experience at every point of contact.
Carnival designed APIs to enable 3rd-party ticketing with their travel partners as well as in their ship-to-shore eCommerce apps. Onboard apps enabled passengers to easily order food and amenities with zero friction. With a unified API management and integration solution, Carnival streamlined its partner and customer interactions to the next level.
Carnival’s API-driven approach to integration resulted in quicker, more seamless partner onboarding, and data handoff for applications, shoreside or shipboard. The result? Happy customers. From the moment they decide to book a cruise, to when they step off the boat. And every moment between.
Simplify digital transformation
Imagine new digital programs and respond to business needs by using existing data and services to deliver new applications.
A leading telematics provider delivers vehicle data analytics for the insurance sector. It wanted to take advantage of its huge database of travel data to create new sources of revenue, and capture new customers. In essence, it wanted to get value from a treasure chest of historical and current data.
The company implemented a digital business model selling its data via APIs to insurance companies and related organizations. Now, instead of simply collecting data—the company is using an API management platform to monetize it.
The solution is a win-win-win. The telematics provider created a new digital product in its portfolio. Insurance companies gain insight into driving behavior that can be used for more accurate policy decisions. And drivers benefit from better rates based on good driving.
Section 5: Ready to make API magic?
The market for API management vendors is hotter than ever, with many small players trying to get in on the action. But your peers know that the leading API solutions—the platforms that give you one place to do it all, while still innovating faster than the startups—are worth their weight in gold.
Imagine if you could squash your security concerns in one move. You’d be playing security on easy mode, while your competitors get bogged down in ransomware and blatant security own-goals.
Imagine if you could monetize your APIs directly—and indirectly—to open new revenue streams from existing data and applications.
Imagine if you could sit at the center of a spiderweb of control, with visibility into every stage of the API lifecycle and tools at your fingertips to ensure quality and customer satisfaction with every deployment.
If you’re ready to make API magic, say hello to the webMethods API Management platform. Winner of Best in API Management at API World 2021, and a Gartner Magic Quadrant leader. But more importantly, the platform of choice for industry leaders—and your peers.
Explore what’s possible without fear. And unlock advanced security, amazing customer experience, and new lines of revenue from your existing data.
Try webMethods today in your own environment to see how easy it is to be agile.
Our demo is free. And your API management future has never looked better.