The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
Open in app Sign up Sign In
Search Medium
Published in Hybrid Cloud Engineering
John DeMarco Follow
Sep 15, 2019 · 12 min read · Listen
Save
The Strategy for API-Enabling Legacy
Applications
Externalization of legacy applications is a path on the Modernization
Journey
As part of a company’s overall Modernization and Migration strategy, existing
critical applications can (and hopefully will) undertake a number of journeys to
cloud, all with different pros and cons. The right journey depends on the current
state of the application portfolio, the overall technology platform strategy, the
business and IT goals of the company, and the overall ROI of taking on a specific
path. You can find out more about Modernization and Migration journeys in the
Application Modernization Point of View blog.
An increasingly popular modernization journey is the externalization of existing
applications as APIs so that they can be accessed by other applications through their
internal, partner, and public ecosystems, typically as RESTful APIs. One of the
primary reasons for its popularity is that it provides a high ROI — for relatively little
effort, application functionality can be made available to large number of users and
applications, allowing new business models and business processes to be more
easily supported. Also, companies are seeing the opportunity to monetize access to
their business logic and data, provide a new business revenue channel.
1 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
Figure 1: API Enablement is represented as the Externalize journey in the overall
modernization/migration strategy
However, this doesn’t mean that companies should embark on the journey of API-
enabling every service that has been developed within the enterprise. The API
enablement strategy needs to be carefully thought through in order to maximize the
business value of the effort. Your API enablement strategy must ensure that
information isn’t compromised as the window to outside access is opened, that
existing business applications are not impacted by providing access to external
channels, and also to decide which APIs are used in the first place. This is not a
“build it and they will come” scenario.
In this blog, we will cover the various aspects of developing a good API strategy,
including a business model, identification of key APIs, architecture and design,
governance, and adoption. You will develop a better understanding of what
constitutes a good API strategy and be able to embark on your own API strategy and
implementation journey!
API Business Models
APIs need to be treated as “products”, that need business objectives, business
models, ownership, funding, sales management, and marketing. Issues such as
“why is nobody using our APIs” often stem from API’s not being treated as products,
but as part of an overall project, so that they have the wrong focus.
2 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
A comprehensive API strategy begins by defining the firm’s business objectives.
Typical business goals of an API strategy include:
• Grow revenue through new channels
• Increase brand recognition
• Speed integration with partners
• Accelerate delivery of mobile apps
• Improve customer satisfaction
In order to meet these business goals, APIs need to be enabled to meet different
stakeholder expectations. Stakeholders in our case include developers (both
external and internal to the firm), consumers, business partners, internal business
or product owners, and employees. As a result, three primary types of APIs have
evolved:
• Public APIs: open to any developer who wants to sign up. Apps are more
targeted towards end consumers. Public APIs foster external innovation and
allow firms to quickly enter new customer-facing ecosystems and tools.
• Partner APIs: open to select business partners. Apps can be targeted at end
consumers or business users. Partner APIs provide the ability to automate
processes, exchange data, and accelerate partner on-boarding.
• Private APIs: exposed to internal systems and channels. Applications are usually
targeted at employees of the enterprise. Private APIs provide channel
consistency, promote productivity through re-use, foster internal innovation,
and reduce cost.
3 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
Figure 2: Public, Partner, and Private APIs
Understanding the key business domains, and how they map to Public, Partner, and
Private access to these domains, are helpful in further defining the API Business
Model.
API business models will differ by line of business depending on their related
business goals, the external parties involved in conducting that business, and
monetization options. Examples include:
• Producer Model — a product or service is produced by one company that other
companies rebrand to make it appear as their own
• Distributor Model — a product or service leverages a capability provided by
another partner
• Marketplace Model — product or service capabilities are extended beyond
typical offerings by leveraging partner capabilities in an ecosystem
In order to determine what makes a good API, the following questions need to be
addressed:
4 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
Who is the Audience?
Obtaining a clear understanding of the audience is a key aspect of a good API. APIs
are the currency of Cloud and Mobile applications, so this perspective is typically a
good place to start. However, the audience is not typically one type of person —
three different personas need to be considered:
• The end customer, to whom we are going to deliver business value.
• The user or developer, who will exploit all the possibilities of the API to produce
an attractive product for the customer.
• The API provider, who has to plan an API strategy to satisfy both the developer
and the end customer, and obtain benefits for the company
What do they want?
Exposing “what you have” as an API isn’t always useful. Simplicity and ease of
understanding are key attributes of a good API that should be considered during
design. Think from the perspective of the consumer and strive to provide a
“delightful API experience”. Many APIs have a short life, meaning fast time to
market using a Minimum Viable Product mentality is important.
Under what terms and conditions are you willing to share?
The ramifications of making your APIs available to a potentially large (and growing)
set of new consumers need to be considered. What are the privacy implications of
making this data available? What security needs to be in place? What types of
business terms and conditions need to be in place to allow other firms to access
your APIs? What if a flood of API requests inundates your systems unexpectedly,
bringing your backend business systems to a grinding halt? Unmanaged APIs
quickly lead to chaos, so a good API management structure needs to be put in place
from the outset to make sure that information, systems, and employees are not
compromised. However, there needs to be some give and take, as sharing
information with partners and consumers needs to be easy, not cumbersome.
5 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
Defining an API Catalog
So now that you’ve thought about the type of business model you want to develop
through your API strategy, and considered the aspects of who is going to consume
your APIs, what’s next? How do you go about defining what APIs should be exposed
to your consumers? In other words, how do you define a preliminary API Catalog?
Figure 3: Defining a preliminary API Catalog
1. Select a strategic initiative, based on a high priority line of business
This should map back to the business objectives and business model defined in
Section 1. What area of the business do you want to address first? It should be an
area with high impact but relatively straightforward to enable. Look for “quick wins”
so that you can gains some early momentum.
2. Conduct an API discovery workshop for each of these initiatives
The API discovery workshop needs to address:
• Identification of key user scenarios for the selected initiative
• Definition of the Persona for each scenario (who is the key consumer in the
scenario?)
• Identification of potential APIs based on information required to execute the
6 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
business process for that scenario and persona. Identify these potential APIs as
Public, Partner, and Private.
• Identification of potential alliances, business partners, or internal sources to
provide the API as a service. This tends a more “bottoms up” approach — look at
your existing service catalog, service model, application documentation, static
code analysis, etc., to identify how you can provide the API as a service. If you
can’t provide the information internally, then consider other alliances or
business partners as sources of information to satisfy the API.
Design Thinking methods are utilized to facilitate the identification and ideation
process during the workshop.
3. Discover and Prioritize APIs
• Define attributes for each API, remembering that API’s are products and need a
purpose, domain, source, scope, owner, and monetization options
• Define prioritization criteria and relative weightings. Two key prioritization
criteria are Business Impact and Feasibility. Clearly, APIs rating high on
Business Impact and Feasibility are a good place to start! The following 9-box
chart is a powerful illustration of how to prioritize APIs based on Business
Impact and Feasibility.
7 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
Figure 4: API prioritization based on weighted criteria
4. Further Consolidate and Elaborate APIs
• Look for opportunities to consolidate or combine APIs
• Utilize industry models to define additional APIs
• Validate that APIs can be provided by alliances, business partners, or internal
lines of business based on the existing service catalog. This is the next level of
due diligence conducted in the API Discovery Workshop (step 2 above) on how
the API will be satisfied.
• Benchmark and compare your proposed API catalog against competitors and
industries
API Architecture and Design
API Architecture and Design
A good API architecture helps bridge the gap between cloud and on-premises
applications, as well as provide internal and external access, quickly and easily. It
must be based on the following architectural principles:
• Separation of concerns: no business logic, transformation, or orchestration
should be performed in the API layer itself
• Reusability: An API Architecture must enforce the reuse of existing assets
• Service Orientation: APIs are services designed and built to be exposed and
consumed by third parties
• Security: An API Architecture must secure the access to the platform
• Repository & Catalogue: APIs must be published and documented
Key API Design Principles include:
• Interface First Design: Design the API interface first, using Swagger
8 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
• Domain Driven Design: Design APIs based on business domains (loans,
customers, etc.)
• API Taxonomy guidance: Design an API taxonomy/ hierarchy to be adhered to
by the ente
• Mock-based iterative collaboration before implementation: Design API mocks
iteratively, collaborating with API consumers
• Upfront performance and QoS design: Design for performance and QoS, not as
an afterthought
When designing APIs in an enterprise, the following types of APIs need to be
considered:
• Outer APIs are designed to be used across multiple Channels, and are often
exposed through an API Gateway
• Experience APIs are similar to Outer API’s, but they are Channel app specific, so
the client side and server side application is tightly coupled
• Inner APIs (or Enterprise APIs) expose business logic and data of the systems of
record. They are strictly governed with reusability and consistency in mind,
following the enterprise object/data model. Everyone has the same definition of
a customer in Inner APIs. Use Model Driven Design principles along with
industry models to define these APIs.
• Technical APIs provide interfaces specific to a system of record and are more
ad-hoc. They are often provided by COTS packages as a means of integrating to
the COTS package.
9 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
Figure 4: API Platform Architecture with different API types
Rapid API Enablement of Legacy Applications
One of the key modernization patterns is to Externalize legacy applications via rapid
API enablement so that modernized applications can access key legacy functions
and transactions via Rest APIs. These APIs can be used to integrate to modernized
systems, integrate with modernized user interfaces, and enable multichannel and
partner integration.
IBM’s z/OS Connect product can be used to easily enable the access of z/OS assets as
RESTful APIs from modernized applications, as illustrated in the following diagram.
10 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
Figure 5: Enabling z/OS assets as RESTful APIs using z/OS Connect
z/OS Connect can also be used to enable the access of REST APIs from z/OS
applications using API Requester, as illustrated in the next diagram.
Figure 6: Accessing REST APIs from z/OS using API requester
API Adoption and Success Metrics
The importance of governance and measurements should not be overlooked in the
development of an API strategy. All of the strategy, business models, API catalogs,
prioritization, architecture, and design work will be wasted without a thin layer of
11 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
governance driving usage and acceptance, and a feedback loop to provide an
indication of how the journey is progressing.
Governance
The API Governance structure needs to make sure that the following enablers are in
place to drive adoption of the API strategy:
Figure 7: Key enablers to API adoption
For APIs, the focus is on speed and time to market, requiring a lightweight
governance model.An API Center of Excellence operating model is the preferred
mechanism to drive API adoption and enablement of supporting capabilities. The
API CoE provides a thin layer of governance that works with business and IT to drive
standards, usage, monetization, measurements, architecture/design principles, etc.
across the API ecosystem.
The API CoE members provide leadership for the overall API development and
consumption program, provide business and technical advisory services for the
various domains or lines of business charged with designing, implementing, and
maintaining the APIs for their respective domain, and provide a design authority for
12 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
driving consistency through business and technical standards for the
implementation of the APIs.
Product-oriented roles outside of the CoE, such as the API Domain Business Owner,
and IT roles such as the API Technical Owner and API Architect, are all integral in
the design, development, deployment, and consumption of the APIs for each
business domain.
Of course, having the commitment and participation of business executives are key
to the overall success of the API program, as they provide the guidance needed to
make for a successful integrated team.
Figure 8: Sample API Governance structure based on a CoE model
Major governance functions that need to be addressed include by API governance
structure include:
• API identification
• Versioning plan
13 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
• Security
• Privacy
• Monetization
• Entitlement enforcement
• Communication
• Measurements
Marketing and Socialization
A developer marketing strategy is needed to help drive the usage of APIs to external,
internal, and partner developers. Incentives should be considered to reward
developers for reuse as opposed to invention. Social events and co-marketing
programs, such as hackathons, meetups, and blogs, are also helpful to drive the use
of APIs. The right level of API documentation and resources is also required to make
sure the APIs are easy to consume by the developer community.
The co-creation of new offerings helps reap the largest business benefits from
external (public/partner) APIs. To get the most out of the developer community, and
outside-in approach should be used instead of an inside-out approach, where the
firm works closely with the external developer community to co-create new
capabilities and supporting APIs.
Socializing the APIs through a branded developer portal available externally and
internal is helpful to communicate key information, such as:
• Access to API documentation
• Developer sign-up and management
• Application management and analysis of API usage
Measurements
14 of 15 3/20/2023, 4:20 PM
The Strategy for API-Enabling Legacy Applications | by John DeMarco... https://medium.com/hybrid-cloud-engineering/the-strategy-for-api-enab...
APIs should be treated as a product and adoption must drive the development of the
API Ecosystem Strategy, not the reverse. Consequently, key adoption factors and
success metrics should address the generation of foundational capabilities and
recommendations for the API’s evolution, as follows:
1. APIs must have a clear business reason and ROI — Measurement: 100% of the
APIs will have a Business Owner and a defined ROI
2. Collaborative relationships and alignment across Enterprise Architecture,
LOBs and Development and Operations teams — Measurement: Stakeholders
across Modernization
API organization are responsible
Cloud for the
Point success of API Ecosystem
Of View
3. Encourage self-direction for teams to unleash innovation, instead of
concentrating leadership in the hands of a select few — Measurement: 100%
Agile delivery and 95% adherence to governance and standards
9
4. The API Ecosystem adoption must be driven through an incremental and
continuous improvement approach — Measurement: quantity of MVPs delivered in
typical periods of 8 to 12 weeks
About Help Terms Privacy
Summary
A successful
Get API
the Medium strategy requires a symbiotic relationship between business and IT.
app
Clarity in what the firm desires to accomplish from a business perspective helps
drive the definition of the actual APIs that need to implemented and exposed. APIs
need to be consumable, meaning that understanding how the APIs will be used from
a Public, Partner, or Private perspective, helps drive not only the signature and
function of the APIs, but also the details of the architectural implementation.
Definition of the API catalog should be done collaboratively, leveraging business and
IT stakeholders, as well as the actual personas that will be utilizing the APIs. Lastly,
a lightweight governance structure helps drive the consumption, consistency, and
overall success of the API program, with a measurements program providing
continuous feedback to stakeholders.
15 of 15 3/20/2023, 4:20 PM