DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Azure Migration Strategy: Tools, Costs and Best Practices
  • Blameless Integrates Incident Management Platform With Opsgenie
  • OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
  • Red Hat Brings Ansible Automation to Google Cloud
  • Three Trends That Will Transform DevOps in 2023

Home » Blogs » DevOps Practice » Challenges of Designing API-Driven Experiences

Challenges of Designing API-Driven Experiences

Avatar photoBy: Sid Phadkar on October 2, 2019 1 Comment

As SaaS and mobile application development–and cross-software integration and communication–continue to become increasingly important for organizations across all industries to remain competitive today, APIs play a critical role. In fact, APIs dominate digital experiences today, with an average of 220 new APIs published every month, representing a 30% increase over the previous four years.

Related Posts
  • Challenges of Designing API-Driven Experiences
  • Securing APIs at the Speed of DevOps
  • 22 Engineering Leaders Weigh in on APIs
    Related Categories
  • Blogs
  • DevOps Practice
  • Enterprise DevOps
    Related Topics
  • API management
  • APIs
  • load testing
  • strategic API design
Show more
Show less

As more organizations shift to an API-first development strategy to further drive innovation, partnerships and rich end user experiences, the proliferation of demand and consumption of APIs can bring its own challenges, if not properly executed from the get-go. Amidst the ever-increasing rush to develop and publish an API to remain competitive, we see several common issues arise–and often only after the API is rolled out–that negatively impact integrations, future partnership opportunities and end user experiences. Read on for a look at these common challenges and how to address them before you hit publish on your next API.

TechStrong Con 2023Sponsorships Available

Infrastructure Costs

One of the biggest challenges when it comes to API design is the ability to manage costs, in particular infrastructure costs. From managing multiple gateway servers and instances, to building an entire API management program from the ground up, we see many common infrastructure approaches that organizations deploy today when designing APIs that lead to unnecessary and often unwieldy expenses.

Critical to avoiding spiraling infrastructure costs is leveraging a single gateway to deploy, govern, secure and deliver global API traffic across various data centers. By using this approach, organizations can reduce man-hours spent managing and synchronizing servers; increase reliability by eliminating the need to manage multiple gateway instances; govern APIs without needing to build and maintain a separate API management platform; and eliminate regional gateway replication.

By considering an API gateway at the onset of a design project to ensure API centric operations (such as authentication, authorization and throttling) are happening at the edge, organizations can proactively control costs and avoid financial surprises.

Scale

To a developer, there’s nothing worse than having a wildly successful API that can’t scale to meet the demand.

Addressing scalability early on in the process can help define both early adoption, future success and the lifespan of the API. However, organizations commonly overlook the need to manage scalability in several ways–including planning for surges in API traffic and managing the volume of API requests consumers can make–which can lead to damaged user experience.

Developers should look to a combination of load testing, authentication, throttling, quota management and API caching at the edge to improve and predict traffic, while preventing infrastructure from being overwhelmed by requests to ensure availability and reliability for consumers. Building in load testing early on can help a developer determine the traffic volume the application can withstand when surges in requests occur.

Quota management can help enforce business service level agreements and limit the number of API requests that a partner is allowed to make. When it comes to API caching, some good places to start include: any resource accessible via HTTP GET, static data, immutable responses, infrequently altered or predictable responses and frequently requested data.

Security

While the commercial value of API development is clear, the reality is APIs can come with great cybersecurity risk. For one, APIs can provide a glimpse into the back-end of an application implementation and even the database it is connected to, providing hackers with new avenues for attacks. As the communication bridge between multiple applications, APIs left unprotected can also increase an organization’s attack surface and expose it to downtime and malicious attacks, including unintended misuse by legitimate users.

Critical to protecting APIs is incorporating security at the infrastructure level with a multi-pronged approach that includes leveraging an API gateway to easily validate, authorize and control the access of legitimate API consumers (and block legitimate users), and endpoint protection against malicious traffic. Additionally, rate limiting–which puts caps on the number of requests per minute or second that API consumers can make–can prevent adversaries from overloading origin in an attempt to bring down API infrastructure in the form of a DDoS attack.

Organizational Decentralization

As speed and agility increase exponentially and API development evolves from microservices to nanoservices with individual team members owning what feels like ever-shrinking components, it’s easy to see how teams can organizationally splinter. While autonomy is important to making the development process flow quickly, decentralization is creating major governance and communication issues within many organizations today.

This lack of governance creates its own challenges related to configuration visibility, changes and duplications across implementations which could lead to wasted resources, data leakage and more. Organizations should consider a single gateway that can expose APIs across multiple, distinct implementations but also provide suitable isolation so as to not affect the performance of other APIs when requests occur, while also providing separate control pages and the ability to set up distinct authorization and access rules for each API. The idea is the APIs are managed in the same decentralized way that is required to meet speed and agility requirements under a centralized infrastructure and governance policies.

Strategic API design is not a simple task, but it is absolutely critical to organizations that desire long-term API success. By seeking cost-effective infrastructure, tapping tools to ensure scalability, building security protocols, practices and policies, and taking steps to more centrally manage the API design process early on will ensure longevity for the API, driving strong partnerships and, ultimately, providing better user experiences.

 

This article was co-authored by Anthony Larkin, director of product marketing at Akamai. Anthony leads the go-to-market strategy for Akamai’s performance product portfolio. For more than 11 years at Akamai he has been dedicated to helping businesses remove barriers and unlock their potential to better engage users through web and mobile applications.

— Sid Phadkar

Filed Under: Blogs, DevOps Practice, Enterprise DevOps Tagged With: API management, APIs, load testing, strategic API design

« The Competitive Landscape
Maintaining Exceptional Quality Despite Shrinking Delivery Deadlines »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Automating Day 2 Operations: Best Practices and Outcomes
Tuesday, February 7, 2023 - 3:00 pm EST
Shipping Applications Faster With Kubernetes: Myth or Reality?
Wednesday, February 8, 2023 - 1:00 pm EST
Why Current Approaches To "Shift-Left" Are A DevOps Antipattern
Thursday, February 9, 2023 - 1:00 pm EST

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

Latest from DevOps.com

Azure Migration Strategy: Tools, Costs and Best Practices
February 3, 2023 | Gilad David Maayan
Blameless Integrates Incident Management Platform With Opsgenie
February 3, 2023 | Mike Vizard
OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
February 2, 2023 | Richi Jennings
Red Hat Brings Ansible Automation to Google Cloud
February 2, 2023 | Mike Vizard
Three Trends That Will Transform DevOps in 2023
February 2, 2023 | Dan Belcher

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

Most Read on DevOps.com

New Relic Bolsters Observability Platform
January 30, 2023 | Mike Vizard
OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
February 2, 2023 | Richi Jennings
Jellyfish Adds Tool to Visualize Software Development Workflows
January 31, 2023 | Mike Vizard
Cisco AppDynamics Survey Surfaces DevSecOps Challenges
January 31, 2023 | Mike Vizard
Let the Machines Do It: AI-Directed Mobile App Testing
January 30, 2023 | Syed Hamid
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.