apim
2020/04/27
 
27 Apr, 2020

APIs in the Time of COVID-19

  • Dunith Dhanushka
  • Lead Solutions Engineer - WSO2 Inc

Image credits: Fusion Medical Animation on Unsplash

Let’s face it.

Traditional business models that require physical human interaction are going to fail soon.

The COVID-19 pandemic is in full swing at the moment. The biggest damage it has been doing is not only the human cost but the paralysis of economies worldwide. Many countries were forced to go into a lockdown mode, restricting people’s mobility by almost 99%. If the pandemic situation prevails it will lead traditional businesses like retailers, hotels, restaurants, and airlines to go out of business very soon as they require the physical presence of people. So they need to come up with new strategies to reach their customer base who will likely stay at their homes for a long time.

Let’s see how technology can help organizations to be creative and make a come back at money-making.

Businesses Need to Redefine Their Existing Value Delivery Channels - Going Digital is a Must

The biggest challenge that businesses will face is to figure out a mechanism to deliver business values to their customers. What would movie theater owners or restaurant owners do to reach their customers amidst lockdowns? How do you think the casino owners would survive? With limited mobility, people will definitely use the web or mobile devices to access usual business services. Ordering groceries and food online, performing financial transactions online, and attending lectures online are just a few examples. These things didn’t come of the blue, they were there before the pandemic - just as an option.

But today, delivering business value over the Internet is not just an option; it’s the only choice. It is inevitable that businesses that are not adopting digital strategies will go extinct very soon.

What Are the Challenges When Going Digital?

Even in today’s world, many businesses are neither digitally enabled nor do they see a value of going digital. For example, businesses like retail stores, fine dining restaurants, and movie theaters always had people coming into them. They can continue their core business even if the Internet is down.

Then why fix it, if it ain’t broke? But now, everyone is forced to go digital for their survival. Would that be an easy task? Well, let’s see.

Let’s take a fine dining restaurant as an example. For many years, customers visited these restaurants and they didn’t regard online food delivery as a serious thing. There is no customer-facing IT applications except the website which simply displays the menu. Other systems like table reservations, kitchen, and inventory management are strictly internal. Now the only choice they have is to accept orders online and deliver them to people’s homes. Obviously the restaurant owner has to:

  • Build a mobile app to display the menu and let customers place orders
  • Modify the website to accept orders online
  • Build a back-end application to process orders and integrate it with existing in-house systems
  • Hire delivery staff
  • Track deliveries and manage the fleet

Now it appears that the restaurant has to invest in IT and delivery aspects of the business which they are not very familiar with. Surely this seems like a lot of work and many businesses will face similar problems when reaching their customers online. The most common problems would be lack of expertise in digital transformation, shortage of skilled staff, complexity, slow go to market, and most importantly the budget.

How Business Ecosystems Could Help

What if businesses can go digital while still doing what they are good at? How about partnering with other businesses that offer the features that your business lacks?

Obviously, handling IT is not a core competency of a restaurant or a retailer of a small or medium scale. Also, they should not be undertaking the complexity of maintaining a fleet of vehicles and staff to do doorstep deliveries. But handling IT and deliveries will be critical survival skills these days for any business.

How about if the above restaurant could partner with another business whose core competency is IT? For example, it can be a mobile or web app that lists nearby restaurants to users and allows them to browse the menu and place orders. Then the order will be forwarded to the restaurant. In this way, the restaurant doesn’t need to worry about building web/mobile applications to reach its customers and they’ll continue to receive orders. On the other hand, the same restaurant can partner with a delivery service to deliver the cooked meals to their customers. That offloads the order fulfillment burden from the restaurant and allows them to focus more on the kitchen. Maybe they can even recruit more chefs? Well, that may be too much.

The main point here is that businesses should not attempt to go digital individually unless they have the right capacity to do so. They should always build ecosystems to complement each other with the skills they lack. Not only will this help businesses to survive the hard times ahead but it also boosts the economy by opening new revenue streams as well. As per the above example, the mobile app, restaurant, and delivery service will continue to make money during the pandemic while doing what they are good at. Their key to success is the close-knit ecosystem they operate. Let’s see how this ecosystem can be implemented with the right technology.

Building Business Ecosystems With APIs

Businesses that partner together needs to communicate frequently and effectively. That could be either B2C or B2B communications. According to the above example, the mobile app should let the restaurant know about an order being placed. Also, the restaurant should let the delivery service know about a package that is ready to be delivered. The ideal way is to do this via APIs.

APIs and API Management - An Overview

APIs can be defined as a set of functions and procedures that help build applications to access features or data of a particular system and API management involves a technology platform that allows one to expose and manage these APIs. In other words, API management enables you to provide a facade or proxy for existing services and exposes these newly created APIs in a standard, compliant, and consistent manner to consumers whilst providing additional capabilities such as security, rate limiting, and other quality of service policies.

API management typically has multiple components and/or feature sets including an API Gateway as the actual API run time and policy enforcement point, a security component for API key management, an API Developer Portal acting as a catalog of APIs providing a centralized location for application developers to discover, subscribe to and test APIs, an API Publisher providing the ability to design APIs from back-end services, API Analytics that provide an analytical snapshot of API usage, etc.

API management platform components

Connecting Businesses With APIs

The following diagram illustrates how APIs can help the businesses to communicate effectively.

High level business/ technical architecture

Let’s look at the necessary steps to implement the above.

The Methodology

1. Business level agreements (SLA) and API design

First, the restaurant aggregation service, restaurant, and the delivery service need to come to an agreement on what business interfaces they will be needing from each other for their operations. At this stage, businesses and technical stakeholders should collaborate together to produce an API contract that documents and governs what interfaces are exposed, the expected request and response formats, and how each interface will be secured. The output of this step would be an API design document prepared with Open API version 3, which is a well established standard for describing modern APIs. This file can be checked into some public place like a GitHub repo where everyone can access it.

API design comes first

2. API implementation

At this stage each business has to implement interfaces (APIs) as per the agreement they have made in the above step. For that, an API management system has to be installed in each business. There are multiple API management vendors in the market that offer on-premise, cloud-based, or hybrid API Management capabilities. All the mega cloud vendors like AWS, Google, and Azure have their own API management solutions as well. Apart from that, there are commercials and open source solutions available in the market.

Since the time-to-market is a critical factor here, businesses should go with any API management solution that is cloud-based (low cost, low overhead), managed (no need to hire staff to manage), and offers great support when starting from scratch.

API management platform comes with an API Designer component that helps developers in each business to create APIs from an already existing Open API definition. Once the API has been created, it needs to be published to the Developer Portal component for outside consumption. Also, the API definition will be available in the API Gateway component and ready to receive API traffic.

3. Developer on-boarding

Once APIs are created and hosted in API management platforms, that means that each business is ready to accept traffic from the outside. Now each business has to discover available APIs, try them out, and build the client applications to consume those APIs. Developer Portals of each API management platform offers these capabilities. Usually, the Developer Portal is hosted publicly to enable access for partner developers. They can self-register there and search for APIs that would suit their needs. Also, APIs can be tried out on a sandbox with an embedded Swagger console that mimics the actual API behavior. In our example, developers from each business will explore each other’s APIs and subscribe to get a client ID and a client secret according to the OAuth 2 standard.

4. API run time, governance, and monitoring

At this stage, developers from each business should have subscribed to each other’s APIs and have the credentials to access them. For instance, the restaurant aggregation service’s back-end should subscribe to the restaurant’s Order API and must generate an OAuth2 access token prior to invoking that. When APIs are invoked, API Gateway components of each business will receive the traffic and route it to the appropriate back-end service. While doing that, the API Gateway can do certain value additions such as:

  • Authenticating the request for valid tokens (if the token is invalid, an API request is dropped)
  • Enforcing policies on requests (rate limiting, payload schema validation)
  • Payload transformation (e.g. JSON to XML transformation and vice-versa)
  • Logging API requests
  • Collecting API run time statistics and storing for future use

The above listed features are built into most API management platforms these days, preventing developers to implement them from scratch. In addition to that, they offer features like API versioning for creating new API versions to keep the backward compatibility and API lifecycle management to complete the bigger picture. Each business is API now enabled and businesses can collaborate together in a meaningful way to achieve their mutual business goals.

API Marketplaces and Monetization - Taking Things to the Next Level

What we have considered above is the simplest example where businesses can collaborate digitally with APIs. But API management offers many more benefits beyond that level. The biggest benefit is that APIs can generate revenues for businesses. This is made possible with the API marketplaces concept.

On an API marketplace, businesses that produce APIs can list their APIs for sale. Developers who plan to consume them can subscribe to them and start using them in their applications. Developers will be billed according to the API call volume they made to the API provider.

Architecture of an API marketplace

Considering our example, the restaurant should publish their APIs in a marketplace like this to draw more attention from various business partners. There can be other mobile/web apps that perform the aggregation of nearby restaurants as well. Or maybe new channels like Amazon Echo and Alexa will start placing orders to restaurants soon. After listing in a marketplace, the restaurant should enable API monetization to bill their consumers according to the call volume. That feature is also provided by major API management platforms. From a business point of view, this might be a good opportunity to recover the initial investment made on the API management platform.

Conclusion - API Management to Survive and Thrive

In this post, I have summarized the major benefits of adopting an API management platform for a business to be included in a business ecosystem. From a business and technical standpoint, API management platforms provide a lot of value to digitally expose existing business services to the outside. When properly planned, traditional businesses can sell their APIs in API marketplaces to gain revenue from their APIs.

To learn more about an open source, full lifecycle API management solution that can be deployed on-premise, on a private cloud, available as a service on cloud, or deployed in a hybrid fashion, check out WSO2 API Manager.

Undefined