Thursday, 25 May 2017 15:55

API management in the real world

By Robert Merlicek and Ray Shaw

Effective API management tools are critical as they can control factors such as how many times an individual can make a call on an API in a given period of time, and also assist with caching often-requested data at the edge of the network, according to Robert Merlicek, APAC chief technology officer at TIBCO.

Both these techniques can help to ensure the API remains available even during peak periods, he told iTWire.

Tibco Robert Merlicek

Speaking about the increasing use and associated challenges of APIs, Merlicek said while they could deliver significant benefits, they needed to be properly managed.

He said a strategy was needed that covers three key areas: scalability, security, and support. 


"For APIs to be effective, the systems behind them must be readily scalable. As increasing numbers of users hit an API and make requests for data, the back-end infrastructure must be able to cope with the load and maintain performance.

"Here, having effective API management tools in place is critical. They can control factors such as how many times an individual can make a call on an API in a given period of time, and also assist with caching often-requested data at the edge of the network. Both these techniques can help to ensure the API remains available even during peak periods.

"The organisation's IT team should also consider making use of the Swagger specification to describe the APIs in a standardised way. It can also define what the interface for the API is going to look like so external developers will know what to expect when making use of it.

"Good API management tools will also themselves have APIs. This makes their management easier when the environment becomes more complex as regular tasks can be automated. This, in turn, helps to ensure reliability as API usage scales even further."


"API security is all about making sure the right people have access to the right data at the right time. Offering functionality for users should not create any unnecessary risks for the organisation.

"When an IT department first starts making use of APIs, there can be some people in the organisation that become wary about increased chances of data loss or system intrusions. However, it is actually very rare to see a data breach happen through an API. When one does occur, it tends to be because of poor code security rather than poor API security.

"However, security is still critical and good API management tools can help by setting up an effective authentication system. The process starts by identifying what data is security sensitive. This data should then be tagged so its access can be controlled both internally and externally.

"Developers must also adopt the habit of constantly reviewing new code for security and data sensitivity issues. They must ensure that any new or enhanced APIs are designed from the start to be secure. Management tools can assist by offering automated testing which will help to streamline the process."


"Developers are critical to the success of an API-based ecosystem and providing them with the support they require is very important. This holds true both for internal teams as well as external developers accessing established APIs.

"From the outset, you should ensure there is a standard, three-tier support structure in place. Simple queries can be handled in Tier 1 through mechanisms such as forums and social media threads. More complex queries go to Tier 2 where they are handled via email or phone support. The most complicated are fed into Tier 3 where they are assigned to the product team for resolution.

"In this way, a large chunk of queries can be handled in an automated way which keeps technical experts free to focus on the higher value-adding activities.

"API management tools can aid in the support function. They can provide reports that show who is accessing what resources and what they are trying to achieve. Support can then be targeted to where it is needed the most.

"The tools can also provide a content management system which can be used to create a developer portal. This will become the place that people can find documentation and technical details in a self-service manner. Having good documentation in place is critical, and it must be clearly written and complete.

"By focusing on theses three key areas, an organisation can be sure its APIs are being managed correctly and providing the level of performance that users will require. The organisation will then be best placed to reap the significant business benefits that APIs can deliver.

Mashery Graphic 1 x2



As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.




Recent Comments