White Paper



Building an API Strategy Using an Enterprise API Marketplace

By Mifan Careem
Senior Director - Solutions Architecture, WSO2

1. Introduction

API management is the prevalent technology for most organizations looking to embrace digital transformation. More and more organizations see API management as an important step in becoming digital.

An API marketplace, however, goes above and beyond simple API management; a marketplace involves the technology, business, and human aspects of API management, ensuring the APIs achieve what they were intended for in the first place: the consumption and usage of APIs. Thus, the API marketplace enable the connection between producers and consumers of APIs and ensures this connection works.

As part of this white paper, we will look at what typical API management means, and how that relates to the concept of an enterprise marketplace. We will look at the advantages of building an enterprise API marketplace and the required steps to effectively launch one. To further illustrate this concept, we'll discuss a very relevant and interesting case study on a telco enterprise API marketplace from Dialog Axiata PLC.

2. API Management - An Overview

APIs can be defined as a set of functions and procedures that help build applications to access the features or data of a particular system and API management involves a technology platform that allows one to expose and manage these APIs. In other words, API Management allows you to provide a facade or proxy for existing services and exposes these newly created APIs in a standard, compliant and consistent manner to consumers whilst providing additional capabilities such as security, rate limiting and other quality of service policies.

API management typically has multiple components and/or feature sets including an API Gateway as the actual API runtime and policy enforcement point, a Security component for API key management, an API Developer Portal acting as a catalog of APIs providing a centralized location for application developers to discover, subscribe to and test APIs, an API Publisher providing the ability to design APIs from backend services, API Analytics that provide an analytical snapshot of API usage, etc.

Figure 1

Figure 1: WSO2 API Manager Key Features

WSO2 API Manager is a 100% open source enterprise-class solution that supports API publishing, lifecycle management, application development, access control, rate limiting and analytics in one cleanly integrated system.

An important part of API management that's relevant to our discussion here is the Developer Portal - a one-stop portal for application developers to discover, test, read documentation, and subscribe to APIs. It's also the core of the API marketplace concept.

3. Beyond API Management - The API Marketplace

An API marketplace is a platform to effectively connect API producers and API consumers - and as with any marketplace this provides the tools and the means to do so. While some public API marketplaces exist today that provide a catalog of existing public APIs, this white paper focuses on building an Enterprise API Marketplace - a marketplace that is specific for an organization and exposed either internally or externally. However, the same principles can be used to build a public marketplace as well.

Figure 2

Figure 2: API Marketplace - Overview

A marketplace is much more than a simple API Developer Portal where potential consumers of the APIs and application developers come to discover and subscribe to APIs. As we mentioned above, a marketplace and its role in building an effective API strategy involves business and human aspects as well in addition to the technology aspect (Figure 2).

In a nutshell, an API marketplace go above and beyond what an API Developer Portal offers. A marketplace provides the means and mechanism for a diverse group of people to design and publish APIs and provides tools, documentation, and incentives, such as monetization and supporting activities like evangelism, to encourage the same. Similarly, the marketplace provides the tools, documentation, and evangelism to ensure application developers use or reuse these APIs. Hence, the marketplace is about ensuring the widespread and effective use and reuse of the API management platform to maximize value and benefits.

Figure 3

Figure 3: API Marketplace Components

Figure 3 illustrates the various components of an API marketplace. Producers publish APIs; these APIs are catalogued and displayed via an API Developer Portal. Consumers of the APIs come to the Developer Portal directly or indirectly (via system APIs for instance) to find, discover, and explore APIs. The Developer Portal displays different types of APIs, grouped by division, category, type etc. With specific APIs they can then test and subscribe to APIs. API management consists of many other components that are vital to the marketplace, including the API Gateway, API Security, API Analytics, etc. The organization also organizes activities and events and produces material to encourage producers to build APIs and consumers to consume APIs.

To put this into perspective, let's take a closer look at a case study on a successful API marketplace.

4. Case Study - a Telco Enterprise API Marketplace

A good example of a successful API marketplace is IdeaBiz by Dialog Axiata PLC (Dialog) - a platform for developers and content providers to use the Dialog network-based features via shared APIs and monetize their efforts.

Dialog is the largest Telecommunications Provider in Sri Lanka and is a subsidiary of the Axiata Group Berhard, a leading telecommunications provider servicing the Asia Pacific region. At a time when most telecom companies were losing out to digital startups and disrupters including over-the-top (OTT) applications, such as Skype and Whatsapp, Dialog moved towards recognizing the digital products needed for the modern customer by providing a marketplace of its products and services.

Dialog launched IdeaMart - an ecosystem marketplace followed by IdeaBiz - an API marketplace. Dialog first focused on internal innovation and standardization by publishing and exposing around 500 internal services as internal APIs using the WSO2 API Manager. This immediately provides a multitude of benefits to internal consumers. Cross division developers can search, discover, and explore APIs from a centralized developer portal. They can test these APIs on the portal before subscribing and consuming them from apps. Metrics would then be available to view usage reports and calculate cross division monetization. Forums on the portal allow consumers to interact with publishers and thereby provide feedback, request features, etc. The centralized management of internal APIs ensure reuse of APIs and promote internal innovation whilst ensuring internal efficiency and faster time to market.

With its internal API management platform in place, Dialog was perfectly poised to explore newer business opportunities and unique digital products. Dialog launched IdeaBiz, an external API marketplace built on WSO2 API Manager to selectively publish APIs to external stakeholders and long tail developers. Numbering 65 external APIs today, IdeaBiz provides potential applications developers with APIs, documentation, and SDKs to build innovative applications that utilize telco APIs and telco services. One could write an enterprise app that used the telco location-based services and send out group SMSs using the telco SMSC.

Dialog took its successful marketplace concept to the next level by organizing a number of events, hackathons, workshops, conference talks and various kinds of evangelism, ranging from events at schools in Sri Lanka to telecom professionals at TAD in Istanbul. These events focused on building applications using APIs and building newer APIs on top of existing ones. Through its ecosystem management platform, Dialog allowed users to rapidly create applications using pre-defined templates. Incentives played an important role as well in the marketplace - application developers could select various revenue share business models with the telco, thereby encouraging increased apps and APIs. Workshops and hackathons resulted in prizes for the top applications. Dialog also had a funding scheme for applications using its APIs. All of the above resulted in a number of individual and enterprise applications being spawned that utilized internal telco APIs.

Dialog's APIs range from APIs to send SMS to Location Based Services APIs to Identity APIs - the latter implementing GSMA's Mobile Connect specification allowing subscribers to login to applications using their mobile device and telco as authentication sources. The API management platform and marketplace is now implemented across multiple subsidiaries of the Axiata group, providing a federated API management infrastructure across the group.

Dialog's API marketplace initiative was a step in the right direction for Dialog's digital innovation journey. For more information see: https://wso2telco.com/customers/api-management-driving-product-innovation

5. Benefits of an API Marketplace

So why build an API marketplace? The above case study gives a very good indication. The section below will discuss some key benefits:

  • Discovery of APIs by consumers - Allows application developers to discover APIs. The API developer portal can provide APIs grouped by functional areas, capabilities, business units, or ad hoc tags. Developers can search, browse, and find APIs providing a given functionality, thus promoting use and reuse. APIs can also span different formats and are grouped by RESTful vs. SOAP APIs, event/IoT APIs, B2B APIs, System APIs, etc.
  • Reuse of APIs - An important goal of a marketplace is to use and reuse. What’s the point of an API if it wouldn't be used or reused by applications? The marketplace needs to ensure APIs are discoverable, which means the APIs need to have the right categorization, grouping, and documentation associated with it. The marketplace also needs to have the necessary controls in place to ensure that duplicates of APIs aren't created.
  • Social features encourage participation - Discussion boards and forums are good to capture requests and improvements from the community and provide a way for consumers to interact with other consumers and publishers. Similarly, social ratings provide feedback to producers on the usability of APIs, documentation, SDKs, etc. and this feedback loop is vital for a sustainable environment.
  • Evangelism to encourage application development and usage of APIs - Material including articles, white papers, and How Tos provide good guidance on building applications using APIs. These can point to the API documentation and SDKs hosted on the API developer portal. Events such as workshops and hackathons provide a hands-on approach to quickly build applications that promote reuse.
  • Evangelism to encourage API design and development - This is the other side of the above point and the 'build it and they will come' concept. Again, this include material and events that encourage developers to build APIs and the importance of adding documentation, etc.
  • API composition - As a consumer of APIs, there might be certain changes you wish to be able to perform. For instance, say a mobile device needs to access 4 different APIs in a sequential manner to support a use case. Since this is a mobile app, there are benefits of doing this via a single call, i.e. a single authentication request and savings in terms of round trip time and bandwidth. Consumer driven API composition would allow this API consumer, via the API Developer Portal, to write some integration logic that sits on the API Manager domain and chains these 4 APIs and exposes a single API for the mobile device to consume.
  • Promote participation via incentives - Incentives always help nurture supply and demand and this is no different in a virtual API marketplace. Leaderboards, 'gimmifications' and metrics, such as 'Most consumed APIs,' 'Top Applications,' 'Highest throughput APIs' or 'APIs by Developer' can provide the necessary motivation to participate. These stats can also be fed into PAR or monetary incentives.
  • Governance and standards - A well-governed API marketplace can ensure APIs follow organizational standards, such URL patterns, naming conventions, access control rules etc. Governance can be via a proactive mechanism or reactive by using analytics. An organization can opt for a decentralized API publishing model giving each business unit autonomy in designing and publishing APIs. APIs can be published into a centralized API Developer Portal, which also ensures centralized governance of the APIs.
  • Cross division usage and monetization - Monetizing APIs may be a no brainer when APIs are exposed to external users. But does it make sense internally? Analytics and metrics help keep track of cross division or inter business unit API consumption; this allows an organization to judge the effectiveness of APIs. Monetization can be actual chargeback models or simple reports showing inter business unit usage; they can also include notifications/alerts on specific events that happen in the marketplace (e.g., addition of new APIs, updates, deprecations, etc.).

6. Types of APIs - From Managed APIs to Event APIs

We've spoken about conventionally managed APIs. Our case study was around telco APIs. However, the API store can be home to all kinds of APIs that are exposed via the API gateway. Different vendors categorize these APIs in different ways, but at the end of the day, they are all APIs exposed via the API gateway and cataloged via the API Developer Portal (Figure 4).

Figure 4

Figure 4: An API Store

Some categorizations of APIs are

  • By protocol/type
    • RESTful API - APIs exposed as standard RESTful APIs following RESTful best practices. Refer to this paper for REST API design guidelines.
    • SOAP API - APIs exposed directly as SOAP web services to clients. While REST is the way to go for most, many enterprises still need to manage legacy SOAP clients, which means there might be a mix of SOAP APIs in the picture as well.
    • Streaming API/Websocket API - APIs that keep a streaming connection open. Websocket APIs are growing in popularity in this space.
    • Asynchronous APIs/JMS API - Most APIs are request/response type APIs or synchronous in nature. There would also be async APIs that do not provide immediate responses. Async APIs can be modelled using sync APIs as well.
  • By visibility
    • Internal APIs - APIs visible to and consumed by internal clients only. These APIs should show up depending on the access level of the subscriber and can be set using the API visibility option.
    • External APIs - APIs visible to and consumed by external clients including partners and long tail app developers.
  • By capabilities
    • Telco APIs - Telco specific APIs.
    • Finance APIs - Finance APIs, for instance maybe grouped further into trading APIs, banking APIs, etc.
  • By consumers
    • End user APIs - APIs typically consumed by applications, which in turn have end users or are directly called by end users. These can be internal or external users and apps.
    • Partner APIs - APIs that are designed to integrate third-parties and collaborate with partners, customers, etc.
    • B2B API/System APIs - APIs consumed by other systems, B2B systems including EDI APIs.
    • Event API/IoT API - APIs typically consumed by automated system, sensors or APIs wrapping device services. Event stores that consist of event APIs are growing in popularity in the IoT world.

Among these, event APIs are interesting as they enable new types of use cases. For example, let's assume that Joe has found a new way to predict the long-term weather patterns in an area and he can publish an event API that provides weather alerts. This can be useful to many other use cases such as traffic, health advisories, stock market, etc. If his predictions are accurate, farmers might find it useful to subscribe to those events. It is an API market, where the only difference is now the API provider will push the events to the consumer.

7. Building an Enterprise API Marketplace

Now that we've built the foundation, let's see how an API marketplace can be implemented.

An API marketplace consists of technology and business components and ancillary activities that ensure the success of such marketplaces. This section will explore the various components and activities and how each can be effectively used to build an enterprise API marketplace.

7.1 Define the API management technology strategy

The sections above highlighted that a full API management platform is a key requirement (and the most important for that matter) for an API marketplace. Within API management, a developer portal is a mandatory component and provides several key advantages toward achieving a full marketplace potential.

API management might span more than just the management and exposure of APIs. Complex transformation might require an integration platform; most customers seem to bring their own ID systems (BYOID) - in which case the API Manager needs to allow consumers to authenticate against the existing system by federating them. This is where the power of a platform vendor comes into play.

7.2 Hybrid environments: On-prem, Cloud or a hybrid platform

Where and how you deploy is an important part of your technology strategy. A platform that can be deployed on the cloud, or on-premise or hybrid of both is ideal to cater to your changing requirements. An on-premise deployment again can be containerized and fully automated; it can be deployed as a single horizontally scaled out deployment or a large scale distributed deployment.

7.3 Define an internal or external API management strategy

Is the organization looking at creating a pure internal community for its APIs? Is the goal to increase discovery and reuse of internal APIs? As an organization, are you looking towards internal innovation? Then internal API management is a vital step. Application developers streamline the API consumption process by consuming a set of standard APIs. Not only is API reuse and discovery vastly improved, but it is also now possible to track usage of highly performing APIs and applications.

WSO2 API Manager Deployment Patterns

WSO2 API Manager can be deployed to match your business and technical requirements and to cater to your forecasted load. The API Manager can scale from a brand new API management platform handling around 1000 API calls per day to a geographically distributed horizontally scaled out deployment catering to a 100 million API calls an hour or more.

The simplest and most typical deployment of the API Manager would be an 'all-in-one' deployment consisting of the API Developer Portal, API Gateway, API Security, API Publisher, and management components in a single node that can handle up to around 40 million API calls a day. Couple this with a dedicated API Analytics node and your simplest deployment is up and running in minutes. Replicate this to achieve a highly available deployment in an active-active setting or an active-passive (hot-warm or hot-cold) setting as required. For details refer to this article or documentation.

External API management is useful if the organization is ready to take the leap and expose certain APIs externally to be consumed by external partners. An even more open approach is to expose APIs to the long tail, i.e. third-party developers building applications around APIs.

The developer portal is a vital component in both the above scenarios, especially in external API management. The portal in this occasion, while providing a catalog of APIs to developers, also provides self registration, registration of applications and provisioning of keys, an API console for testing, etc.

7.4 Engage and Evangelize

Most organizations make the mistake of stopping short with the technology aspects. As with any good marketplace and regardless of whether you sell APIs or fresh fish, the consumer is key. The success of the API marketplace depends on the amount of applications and users consuming APIs, which in turn means that as an organization you need to encourage customers to use the platform.

The goal here is twofold: ensure API developers publish their APIs with enough documentation through the API platform (while ensuring they aren't recreating an existing API) and ensuring application developers use the published APIs; in some scenarios the role might be performed by the same person, but regardless this approach promotes reuse.

Evangelism can be anything ranging from frequent company updates on the various APIs available to articles and How Tos on using those APIs. Hackathons are a very productive way of promoting actual practical usage. A typical hackathon maybe a two-day dedicated event bringing together API developers, application developers, and business users and getting them to build newer applications using the APIs or build out newer APIs themselves. A hackathon-in-a-box is an ideal model in this scenario.

Have You Tried Our Hackathon-in-a-box?

WSO2 Hackathon-in-a-box will help to design a hackathon based on your API platform with our expertise in organizing and executing technical events large and small. Inspire new ideas and concepts and find creative ways to identify problems, craft solutions, and build practical plans to execute these ideas!

7.5 Promote reuse through incentives

Incentives or the so called "Gimmification" is a vital part of any marketplace if success needs to be sustained. A traditional marketplace has an inherent financial incentive; while it is tough to match this in virtual, technology marketplaces, there are more subtle ways of handing out incentives. A leaderboard on top of API publishers and application developers, recognizing APIs that have the most subscribers and thus the most reuse and displaying them in dashboards within the company and on the API Developer Portal are a few examples of incentives. Analytics and key performance indicators provide key metrics to facilitate incentives.

Figure 5

Figure 5

7.6 Monetization and cross business revenue ops

APIs themselves are fast becoming the product that is sold (literally or figuratively) to application developers. In an internal API management environment this means cross business revenue as well where a business unit consumes APIs published by a different business unit. Regardless of actual currency exchanges, API monetization plays a key role in enabling this. For internal API management there can be cross busines consumption that's reported every quarter to quantify the contribution from a particular division.

7.7 Analytics, governance, and its convergence

It would be obvious by now that most of the features above highlight analytics and governance in some way or the other. In order to display a leaderboard, a report on the top API publishers are required in the first place. To enable monetization, an accurate usage report must exist. In order to control who can publish what and where, an overarching governance model needs to be in place. A centralized analytics view that features real-time notifications, alerts, streaming analytics, and batch reports is a key part of any marketplace.

API governance is key to ensuring the right APIs are published following the right standards. It is an important part of ensuring certain APIs are visible and accessible to certain groups only. API lifecycle needs to be managed across environments by a diverse group of participants - all of these governance requirements need to be part and parcel of an API marketplace solution. However, governance shouldn't be too stringent so it stifles creativity. Hence, rather than a top-down governance approach an effective API marketplace governance strategy would be more of a bottom-up approach. The convergence of analytics in this domain means analytics can be used for governance leading to an environment where creativity can be allowed, while ensuring a certain level of governance.

WSO2 API Analytics

WSO2 API Analytics is part of the WSO2 API Manager and provides a range of real time and batch analytics, categorized into analytics for APIs, analytics for Applications and Subscription related analytics. This also provides alerts for real time notifications. A list of sample analytics dashboards available are

  • Published APIs over time
  • Faulty invocations in APIs
  • API latency time
  • API usages across geo locations
  • Application throttled out requests
  • Developer signups over time
  • Abnormal response time alert
  • API health availability alert

8. Beyond API Marketplaces - Application Marketplaces and Ecosystem Management

We've looked at the benefits of API marketplaces and how to build an API strategy using an API marketplace. The concept of a marketplace can go above and beyond an API marketplace; when applications start to grow beyond reasonable numbers, i.e., the API marketplace was mega successful, it means you need to start looking at providing an ecosystem for applications as well. This can be referred to as an Application Marketplace or Ecosystem Marketplace. In this instance, everything we mentioned about API marketplaces can be migrated over to applications where we connect application providers to application consumers, an application store to discover and host applications, an application publisher to publish application metadata, application governance, and analytics, etc.

However, our recommendation is that one walks before they run. Start with API management, move on to an API marketplace, and then consider an application marketplace when a critical mass of applications exist.

9. Conclusion

There are many API management initiatives around today; however, to truly reap the benefits of an API program, an organization needs to look towards an API marketplace from day one. As in any business, success comes from the contribution and participation from all stakeholders. A working API marketplace is participatory business at its best.

This paper focused on API marketplaces as an extension to typical API management. We looked at the types of APIs that benefit from being available in an API Developer Portal and looked at the business advantages of API marketplaces. We then looked at the various steps and concepts required to build an effective API marketplace. We finally looked at going beyond API marketplaces to ecosystem management.

For more details about our solutions or to discuss a specific requirement


Interested in similar content?