Why Managing APIs is Critical for Federal Agencies

Even while federal CIOs juggle data center consolidation, IT modernization, and other factors, they must focus on providing user-friendly solutions that make federal employees’ jobs easier,  more efficient and productive. That is why IT teams have supplied agency employees with commercial cloud-based solutions, along with their own homegrown applications. Indeed, today’s API economy has turned federal IT managers into software-as-a-service providers.

To thrive in this new world, IT organizations must become more adept at managing the building blocks of today’s web- and microservices-based applications: Application Programming Interfaces, or APIs. While APIs in and of themselves are important, they also need to be nurtured to be truly effective and add value. API management creates a supportive infrastructure that enables managers to open, package, distribute, control and monetize their APIs. Without it, agencies run the risk of wasting time, money and resources, and could even potentially sacrifice application security.

For example, let’s say that a developer creates an API that becomes very popular. Workers across the agency are continuously using the program to the point where the IT team decides to buy another server and continuously scale out the API to meet demand before the quality of service begins to suffer.

Unfortunately, budgets are not infinite. If they continue down this path, the development team may eventually run out of funding. At that point management may demand an explanation that the team cannot provide because they do not have the data to back up their decisions.

Using some form of API management would have provided the team with a wealth of valuable analytics that could have saved them a lot of trouble and expense. They would have had insight into who was using the API, what those users were doing with it, and more. With this information, they may have been able to implement strategies to drive down utilization rates or at least quantify the need to expand the API. The insight provided by the management system could have preserved the user experience while saving the agency costs and the development team a number of headaches.

With that example in mind, let’s take a look at a few specific benefits that API management brings to the table.

Better Security and Control

APIs can be easy targets for hackers and other bad actors. For example, the IRS “Get Transcript” hack of 2015 was the result of an API breach. But strong API management can greatly mitigate these types of threats.

The key is to set up effective authentication and access control. Managers should use API tokens to identify, authenticate, and issue credentials to users and control access to applications. For instance, a manager may allow a user who is willing to authenticate themselves the ability to use the API 10 times a minute, versus once per minute for someone who declines authentication. Managers can also restrict access to certain endpoints, methods, and services.

Managers can also set up rate limits for API usage, including quid pro quo service exchanges, and receive alerts whenever those limits are exceeded. Similar to the aforementioned example, a registered API user may be permitted to make 10 requests per second, while an unregistered user may only make one per minute. Regulating publicly available APIs in this way not only provides for rate limiting, but helps developers and administrators understand who their API consumers are, and the value those consumers extract from the API.

Valuable Insights

After an API is built and released into the wild, managers may want to understand how it is performing and impacting related systems. Having this data in hand can help provide a good idea of the impact that the API is having on the agency.

Insight into API usage can help managers gain a better understanding of which APIs are successful and which are going unused. This can help managers prioritize the maintenance, optimization, and depreciation of their APIs. They can optimize the heavy hitters and dispose of the dead weight, and talk to the small handful of users reliant upon “long tail” APIs about new ways of using those services so as to avoid maintaining their technical debt. Further insight into API usage can also provide opportunities for experimentation and “failing fast,” since managers can gain greater insight into who is using which APIs.

Detailed metrics can also provide valuable insights into the API’s impact on other agency systems and more. For instance, managers can monitor overall traffic volume and usage to gain a better perspective on how many people are accessing applications. They can also look at the amount of resources the API is consuming, including CPU utilization, to get an idea of how the program is impacting other IT solutions. They can then take this data and make adjustments as necessary to maximize the API’s effectiveness.

Complete Visibility

True API management can provide managers with a great deal of intelligence, which, taken piecemeal, would be extremely difficult to decipher. Therefore, it’s important that agencies use systems that provides teams with centralized access to information regarding user authentication, traffic, usage alerts, overall application performance and other factors.

The open-source community has been excellent at providing these kinds of solutions. Indeed, there are many open-source projects that focus on API management, backed by the tireless innovation efforts of the worldwide open-source community. However, government agencies should look closely at the offerings to ensure that the solutions they use have been tested, polished and security features-hardened for use in a federal agency environment. Ideally, these solutions should be commercially-supported open-source software, backed by a vibrant worldwide development community committed to innovation.

As the API economy continues to expand, government IT managers and developers must look for ways to maximize their API investments to deliver the best possible tools to end users, all while maintaining tight security protocols. API management strategies can help teams deliver the reliable applications users have come expect while minimizing the compromises required to meet agency needs.

Adam Clater is the chief architect of U.S. Public Sector for Red Hat.