As digital transformation becomes a leading initiative across industries, businesses are onboarding and using more and more applications—leading, in many cases, to more and more application programming interfaces. Having too many APIs—or “API sprawl”—can lead to confusion, inefficiency, higher technology costs and even increased cybersecurity risk.
To protect themselves and ensure that digital transformation yields the intended benefits (and avoids unintended consequences), organizations and their tech teams must establish ways to avoid sprawl and responsibly manage APIs. Below, 18 members of Forbes Technology Council share their expert tips for effective API oversight.
1. Deploy API Security Gateways
APIs are a critical cog in delivering applications, as they enable automation inside and outside the enterprise. However, widespread use of APIs can introduce security- and privacy-related issues. A way to limit the impact of this is to deploy API security gateways on your network and application edges that force all API traffic from outside of your organization to pass through them for validation. – Carlos Morales, Vercara
2. Apply Observability And Tracing Tools
Applying observability and distributed tracing tools to get an auto-generated API catalog (including specs) is an extremely efficient approach to supporting scaling teams and products. It provides the most accurate visibility into what APIs are available and how to use them—based on instrumented data from the application—and enables an organization to put in automatic governance controls. – Maya Mandel, Helios
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. Put Your Cybersecurity Team In Charge Of The URLs
Microservices are on the rise, and consolidating to a platform is no longer an option. Here are two practical measures. Have the cybersecurity team open up the URLs for new APIs so they can control what gets accessed and from where. And before cybersecurity opens the URL, the tech team needs to update documentation about the new API in a common repository. This way, there is no redundancy in API development. – Punna Paramasivan, EvonSys Inc.
4. Label And Track APIs
Treat APIs as an organizational entity, just as you treat apps, endpoints and cloud environments. Label and track them. Are they internet-facing? Which versions are they, and which apps do they serve? Build an infrastructure and processes that help engineering move fast but still keep a tight grip on all APIs in the organization. – Liav Caspi, Legit Security
5. Establish An API Marketplace
To mitigate API sprawl, tech leaders can establish an API marketplace where teams can discover, share and reuse APIs. This centralized hub fosters collaboration, eliminates duplication and encourages API standardization, leading to efficient resource utilization and streamlined development processes. – Andrew Blackman, EZ Cloud
6. Create A Multitiered Architecture
Create a multitiered architecture—with tiers such as platform as a service and/or software infrastructure services, third-party APIs, enterprisewide services, and vertical and/or application-specific services—to encourage reuse. Further, establishing governance standards and the periodic review of service-granularity and service-dependency matrices can help. – Sreenivasan Iyer, Antares Vision Group (RfXcel)
7. Decommission Unused Or Unauthorized APIs
Constantly inventorying and monitoring all APIs across the organization is critical. Maintaining an API catalog provides security teams with a central view of APIs in use, as well as zombie or rogue APIs. Unused or unauthorized APIs should be decommissioned. These steps will help you avoid API sprawl—including those that should no longer be deployed or that shouldn’t have been added in the first place. – Gene Fay, ThreatX
8. Treat APIs As Products
Treating APIs as products, not just resources, is key to avoiding API sprawl. This approach entails strategic planning, defining purpose and lifecycle management. It ensures each API serves a unique, valuable role, encouraging consistency and the efficient use of resources. It will also limit the development of multiple APIs with overlapping features and without an overarching strategy. – Patrick Emmons, DragonSpears, Inc.
9. Leverage GraphQL
When used effectively, GraphQL can reduce the number of distinct APIs by allowing the requestor to specify the type and structure of data they need. While this is easier said than done, a small set of APIs can be customized by the requesting platforms. As new data becomes available, only the systems that need it will request it, and only those systems will receive it in responses, keeping your API profile “svelte.” – Luke Wallace, Bottle Rocket
10. Take A Choreography Approach
Instead of connecting APIs directly to each other, use an API choreography approach where APIs work together as a team to achieve specific goals. This helps you avoid creating more APIs and allows those you have to coordinate and collaborate effectively. This will help you focus on developing a minimal set of versatile APIs. – Mani Padisetti, Digital Armour
11. Establish A Dedicated Management Platform
Tech leaders can centralize API management through a dedicated platform. This consolidates APIs, streamlines governance and ensures consistency. Centralization reduces complexity, enhances security and improves oversight, making it an effective strategy to avoid API sprawl. – Indiana (Indy) Gregg, Wedo
12. Encourage Cross-Team Communication
Tech leaders can avoid API sprawl by encouraging strong cross-team communication. When team leads and employees talk about which APIs they use to do their jobs, the company can determine what can stay, what should be combined and what needs to go. Ensuring strong communication will help you keep your APIs in check and reduce confusion across the board. – Thomas Griffin, OptinMonster
13. Implement An API Governance Strategy
One effective way to avoid API sprawl is by implementing an API governance strategy. This involves defining clear standards, protocols and documentation for API development and use. It’s effective because it ensures that APIs are consistent, reusable and purposeful, thereby reducing redundancy and improving efficiency and manageability. – Nicolas Vidal, Global Task
14. Introduce ‘DRY’ Best Practices
The technology stack in any organization needs to have strict governance. To specifically avoid API sprawl, introduce “DRY” (that is, “Don’t Repeat Yourself”) programming best practices. Make sure that all your API feature sets are modular and multifunctional. That structure will allow the same functions to be used across the ecosystem and, most importantly, limit redundant programming and long-term API sprawl. – Nicholas Domnisch, EES Health
15. Create ‘API Zoning’
Tech leaders should take a cue from city planning and create “API zoning.” Think of your digital landscape as a city and APIs as buildings. Each “zone” or system should have clear guidelines about what type and amount of APIs it can have. This makes your API infrastructure organized and scalable and helps to avoid API sprawl—just as urban planning helps avoid city chaos. – Andres Zunino, ZirconTech
16. Foster A Culture Of Reusability
You can tackle API sprawl by fostering a culture of reusability. Encouraging teams to share and leverage existing APIs rather than creating new ones at every opportunity can prevent unnecessary duplication. This approach is effective because it promotes efficiency, reduces maintenance overhead and ensures consistency in API usage. – Sandro Shubladze, Datamam
17. Centralize API Administration
Tech executives can profit in a number of ways by centralizing API administration. First of all, it gives the company more visibility and control over the APIs used. Tech executives can keep track of API usage, monitor performance and guarantee adherence to security and data governance regulations using a centralized approach. – Neelima Mangal, Spectrum North
18. Ensure Vendors Use Standard And Open APIs
Organizations should carefully choose which applications and systems they deploy and ensure the vendors of those systems use standard and open APIs to avoid single-instance situations. When looking to deploy new technologies, you should be very open about how those technologies need to work with what you already have and make sure the vendor uses standard approaches to ensure interoperability and limit sprawl. – Russ Kennedy, Nasuni
Read the full article here