API economy

API economy
From systems to business services

Application programming interfaces (APIs) have been elevated from

a development technique to a business model driver and boardroom
consideration. An organization’s core assets can be reused, shared,
and monetized through APIs that can extend the reach of existing
services or provide new revenue streams. APIs should be managed
like a product—one built on top of a potentially complex technical
footprint that includes legacy and third-party systems and data.

A PPLICATIONS and their underlying data

are long-established cornerstones of
many organizations. All too often, however,
SOA,1 and web services were defined within
the context of a project and designed based
on the know-how of small groups or even
they have been the territory of internal R&D individual developers. As the business around
and IT departments. From the earliest days them evolved, APIs and the rest of the legacy
of computing, systems have had to talk to environment were left to accrue technical debt.2
each other in order to share information Cut to today’s reality of digital disruption
across physical and logical boundaries and and diverse technology footprints. In many
solve for the interdependencies inherent in industries, creating a thriving platform
many business scenarios. The trend toward offering across an ecosystem lies at the heart
integration has been steadily accelerating of a company’s business strategy. Meanwhile,
over the years. It is driven by increasingly the adoption of agile delivery models has put
sophisticated ecosystems and business an emphasis on rapid experimentation and
processes that are supported by complex development. In addition, the application
interactions across multiple endpoints of DevOps3 practices has helped accelerate
in custom software, in-house packaged technology delivery and improve infrastructure
applications, and third-party services (cloud or quality and robustness. But interfaces often
otherwise). remain the biggest hurdles in a development
The growth of APIs stems from an lifecycle and the source of much ongoing
elementary need: a better way to encapsulate maintenance complexity. Leading companies
and share information and enable transaction are answering both calls—making API
processing between elements in the solution management and productization important
stack. Unfortunately, APIs have often been components of not just their technology
treated as tactical assets until relatively roadmaps, but also their business strategies.
recently. APIs, their offspring of EDI and Data and services are the currency that will

23
Tech Trends 2015: The fusion of business and IT

fuel the new API economy. The question is: What we’re seeing is disruption and, in
Is your organization ready to compete in this many cases, the democratization of industry.
open, vibrant, and Darwinian free market? Entrenched players in financial services
are exploring open banking platforms that
Déjà vu or brave new world? unbundle payment, credit, investment, loyalty,
and loan services to compete with new
The API revolution is upon us. Public APIs
entrants such as PayPal, Billtrust, Tilt, and
have doubled in the past 18 months, and more
Amazon that are riding API-driven services
than 10,000 have been published to date.4 The
into the payment industry. Netflix receives
revolution is also pervasive: Outside of high
more than 5 billion daily requests to its public
tech, we have seen a spectrum of industries
APIs.5 The volume is a factor in both the
embrace APIs—from telecommunications
rise in usage of the company’s services and
and media to finance, travel and tourism, and
its valuation.6 Many in the travel industry,
real estate. And it’s not just in the commercial
including British Airways, Expedia, TripIt,
sector. States and nations are making
and Yahoo Travel, have embraced APIs and
budget, public works, crime, legal, and other
are opening them up to outside developers.7
agency data and services available through
As Spencer Rascoff, CEO of Zillow, points out:
initiatives such as the US Food and Drug
“When data is readily available and free in a
Administration’s openFDA API program.

The evolution of APIs

The idea behind APIs has existed since the beginning of computing; however in the last 10 years, they have grown
significantly not only in number, but also in sophistication. They are increasingly scalable, monetized, and ubiquitous,
with more than 12,000 listed on ProgrammableWeb, which manages a global API directory.a

1960–1980 1980–1990 1990–2000 2000–today

Basic interoperability Creation of interfaces New platforms enhance Businesses build APIs
enables the first with function and logic. exchanges through to enable and accelerate
programmatic exchanges Information is shared in middleware. Interfaces new service development
of information. Simple meaningful ways. Object begin to be defined as and offerings. API layers
interconnect between brokers, procedure calls, services. Tools manage manage the OSS/BSS of
network protocols. and program calls allow the sophistication and integration.
Sessions established to remote interaction across reliability of messaging. techniques
exchange information. a network. techniques Integration as a service,
techniques Message-oriented RESTful services, API
techniques
Point-to-point interfaces, middleware, enterprise management, and cloud
ARPANET, ATTP, and
screenscraping, RFCs, service bus, and service- orchestration.
TCP sessions.
and EDI. oriented architecture.

Source: a ProgrammableWeb, http://www.programmableweb.com, accessed January 7, 2015.

24
 API economy

particular market, whether it is real estate or assets, goods, and services previously untapped
stocks, good things happen for consumers.”8 by new business models. And new tools and
Platforms and standards that orchestrate disciplines for API management have evolved
connected and/or intelligent devices—from to help realize the potential.
raw materials to shop-room machinery, from
HVACs to transportation fleets—are the early Managing the transformation
battlegrounds in the Internet of Things (IoT).9
Openness, agility, flexibility, and scalability
APIs are the backbone of the opportunity.
are moving from good hygiene to life-
Whoever manages—and monetizes—the
and-death priorities. Tenets of modern
underlying services of the IoT could be poised
APIs are becoming enterprise mandates:
to reshape industries. Raine Bergstrom, general
Write loosely coupled, stateless, cacheable,
manager of Intel Services, whose purview
uniform interfaces and expect them to be
includes IoT services and API management,
reused, potentially by players outside of
believes businesses will either adopt IoT or
the organization.
likely get left behind. “APIs are one of the
Technology teams striving for speed
fundamental building blocks on which the
and quality are finally investing in an API
Internet of Things will succeed,” he says. “We
management backbone—that is, a platform to:
see our customers gaining efficiencies and cost
savings with the Internet of Things by applying • Create, govern, and deploy APIs:
APIs.” versioning, discoverability, and clarity of
Future-looking scenarios involving scope and purpose
smartphones, tablets, social outlets, wearables,
embedded sensors, and connected devices • Secure, monitor, and optimize usage:
will have inherent internal and external access control, security policy enforcement,
dependencies in underlying data and services. routing, caching, throttling (rate limits and
APIs can add features, reach, and context quotas), instrumentation, and analytics
to new products and services, or become
products and services themselves. • Market, support, and monetize assets:
Amid the fervor, a reality remains: APIs manage sales, pricing, metering, billing, and
are far from new developments. In fact, they key or token provisioning
have been around since the beginning of
Many incumbent technology companies
structured programming. So what’s different
have recognized that API management
now, and why is there so much industry energy
has “crossed the chasm” and acquired the
and investor excitement around APIs? The
capabilities to remain competitive in the new
conversation has expanded from a technical
world: Intel acquired Mashery and Aepona;
need to a business priority. Jyoti Bansal,
CA Technologies acquired Layer 7; and SAP
founder and CEO of AppDynamics, believes
is partnering with Apigee, which has also
that APIs can help companies innovate faster
received funding from Accenture.
and lead to new products and new customers.
But the value of tools and disciplines is
Bansal says, “APIs started as enablers for things
limited to the extent that the APIs they help
companies wanted to do, but their thinking is
build and manage deliver business value.
now evolving to the next level. APIs themselves
IT organizations should have their own
are becoming the product or the service
priorities—improving interfaces or data
companies deliver.” The innovation agenda
encapsulations that are frequently used today
within and across many sectors is rich with
or that could be reused tomorrow. Technology
API opportunities. Think of them as indirect
leaders should avoid “gold-plated plumbing”
digital channels that provide access to IP,
exercises isolated within IT to avoid flashbacks

25
Tech Trends 2015: The fusion of business and IT

to well-intentioned but unsuccessful SOA poorly designed code that was not built for
initiatives from the last decade. reuse or scale. Second, security holes may
The shift to “product management” may emerge that were previously lying dormant in
pose the biggest hurdle. Tools to manage legacy technical debt. Systems were built for
pricing, provisioning, metering, and billing the players on the field; no one expected the
are backbone elements—essential, but only fans to rush the field and start playing as well—
as good as the strategy being deployed on the or for the folks watching at home to suddenly
foundation. Developing disciplines for product be involved. Finally, additional use cases
marketing and product engineering are likely should be well thought out. API designs and
uncharted territories. Pricing, positioning, decisions about whether to refactor or to start
conversion, and monetization plans are again, which are potentially tough choices,
important elements. Will offerings be à la carte should be made based on a firm understanding
or sold as a bundle? Charged per use, per of the facts in play.
subscription window, or on enterprise terms? Mitigating potential legal liabilities is
Does a freemium model make sense? What is another reason to control scope. Open
the roadmap for upgrades and new features, source and API usage are the subject of
services, and offerings? These decisions ongoing litigation in the United States
and others may seem like overkill for early and other countries. Legal and regulatory
experimentation, but be prepared to mature rulings concerning IP protection, copyright
capabilities as your thinking on the API enforcement, and fair use will likely have
economy evolves. a lasting impact on the API economy.
Understanding what you have used to create
Mind the gap APIs, what you are exposing, and how your
data and services will be consumed are
Culture and institutional inertia may also
important factors.
be hurdles to the API economy. Pushing to
One of the most important rationales
share IP and assets could meet resistance
for focus is to enable a company to follow
unless a company has clearly articulated the
the mantra of Daniel Jacobson, vice
business value of APIs. Treating them like
president of Edge Engineering at Netflix
products can help short-circuit the resistance.
(API and Playback): “Act fast, react fast.”10
By targeting a particular audience with specific
And enable those around you to do the
needs, companies can build a business case
same—both external partners and internal
and set priorities for and limits to the exercise.
development teams. Investing in the mindset
Moreover, this “outside-in” perspective can
and foundational elements of APIs can give
help keep the focus on the customer’s or
a company a competitive edge. However,
consumer’s point of view, rather than on
there is no inherent value in the underlying
internal complexities and organizational or
platform or individual services if they’re not
technology silos.
being used. Companies should commit to
Scope should be controlled for far more
building a marketplace to trade and settle
than the typical reasons. First, whether meant
discrete, understandable, and valuable APIs
for internal or external consumption, APIs may
and to accelerate their reaping the API
have the unintended consequence of exposing
economy’s dividends.

26
 API economy

Insurance Industry Perspective

David Schmitz

Public application programming interfaces development teams, share APIs created by

(APIs) are proving to be successful in multiple their clients among their entire client base, and
industries, and these models can inform the encourage business partners to develop APIs
insurance industry’s attempts. Any correlation that can be used by their clients to integrate
between insurance and other industries should into their core systems platforms.
take into account the nature of consumer This strategy has proven to be effective,
and business interactions. If we look at the particularly with regard to common insurance
attributes of current market uses, we see functions (e.g., address verification, standard
thriving public APIs for frequent-touch industry transactions, geocoding) that need
consumer models in near-monopolistic to be used by every customer. For example,
markets (e.g., Twitter, Facebook), utilities leading policy administration vendor Duck
with universal consumer appeal (e.g., Creek teamed with Pitney Bowes to develop an
Google, MapQuest), and where government API to validate address information and enrich
regulations drive conformance (e.g., The address-related data for policy administration
Affordable Care Act). Evolving market quote and issuance.i This simple, yet effective
opportunities such as payments similarly carry approach highlights how fully leveraging reuse
significant common attributes to these models. and increasing the quality of data is a common
While, at first glance, insurance may not goal of both software vendors and insurers.
appear to align with many of these models,
taking a closer look at the interactions between Common services accelerated
insurers and distributors, business partners,
Common insurance service providers use
consumers, and regulatory bodies highlights
public and private APIs to provide insurers
where opportunities for APIs exist, and—in
access to data impacting their underwriting
fact—are succeeding. Looking though this lens,
and claims adjudication decisions. Typically,
we see both public and private APIs providing
these common insurance services have
value in four distinct ways: through core
significant market share or provide a utility
insurance systems, in developing common
service attractive to the broad market.
insurance services, through government
For example, R.L. Polk & Co., a leading
regulatory agencies, and via intermediaries.
provider of marketing information and
services to the auto industry, developed the
Maximizing reuse in private API VINtelligenceTM ii which provides
core systems vehicle specifications (e.g., vehicle make,
Insurance core system software vendors model, engine detail) for nearly 300 million
can leverage APIs as a means to accelerate active vehicles in North America. Similarly,
implementation timeframes for their Deloitte’s D-rive mobile based telematics
customers. APIs maximize common data platform captures, scores, and reports driving
elements and fuel reuse, reduced effort, and behaviors while engaging drivers through a
increased speed to implementation. mobile app and online portal. Insurers use
These vendors have a variety of paths to the D-rive API to gain access to driver data,
enable APIs that can simplify integrations which can be used to determine the risk profile
and speed up implementations. For example, of an insured or premiums for usage based
vendors can create APIs in their product insurance policies.

27
Tech Trends 2015: The fusion of business and IT

Enabling consistency partners, their agents can complement their

own products with white-labeled offerings that
for governments provide a more comprehensive solution and
From a regulatory perspective, multiple create greater stickiness among their insureds.
states require real time or near real time Players in the intermediary market, such
verification or communication of insurance as SelectQuoteiv, a leader in L&A products
data. Government entities can leverage APIs to directly servicing the end consumer, and
simplify their access to insurance information, Insurance Noodle, which services independent
typically resulting in faster, higher quality data agents as part of the P&C industry, use APIs to
at lower costs. aggregate product information from a number
States such as Florida, Oklahoma, and of insurance providers and offer real-time
Wyoming require online verification of a comparative quotes. Developing an API is
driver’s automobile insurance coverage to only part of the answer, as the intermediaries
validate compulsory vehicle liability insurance also must have a client base sufficiently
for any auto registered in the state.iii To enable significant to convince insurers to participate
these capabilities, the states publish an API in their market. To that end, longevity matters.
for insurance companies to provide this Longtime comparative rate provider EZLynx
information real time. Without these APIs, has been servicing the intermediary market
the states would have to capture and retain since 2003, and as a result of this longevity
massive amounts of information from each now services more than 19,000 agencies in 48
insurer and attempt to maintain accuracy states.v In order to develop and distribute a
with a very dynamic set of data—an almost truly successful API, the scale and breadth is
impossible task. necessary to achieve a critical mass.

Aggregation driving A wave of APIs

intermediary APIs The insurance sector is still an emerging
The intermediary market for insurance space with regard to the use of APIs. The
products continues to expand, and insurers insurance ecosystem is increasingly being
looking to participate in these markets should augmented with the application of APIs to
align to the public APIs enabling these markets. streamline business processes and introduce
This is true for consumer marketplaces as well greater speed, agility, and cost effectiveness.
as comparative rating services that are used by Insurers typically consume these APIs rather
a variety of business partners. Some insurers than create or own them. As the wave of
insure only specific lines of business or within APIs continues to evolve in the industry, the
limited states, yet want to offer a broader, question is when will the insurance companies
one-stop shop for their clients. By developing themselves enter the game and develop their
relationships with other insurers and an API own standard-setting APIs?
that can aggregate quotes from multiple

Footnotes
i
Pitney Bowes, Business Insight and Duck Creek Technologies Form Partnership to Deliver Enhanced Policy Administration Solution,
May 24, 2010, http://news.pb.com/press-releases/pitney-bowes-business-insight-and-duck-creek-technologies-partnership-to-
deliver-enhanced-policy-administration-solution.htm, accessed May 12, 2015.
ii
R.L. Polk, “VINtelligence Web Service”, https://vintelligence.polk.com/vintel/resources/vintelligenceWebService.html, accessed
May 12, 2015.
iii
Oklahoma Department of Public Safety, “Oklahoma Compulsory Insurance Verification System: Web Service & Database
Manual”, http://digitalprairie.ok.gov/cdm/singleitem/collection/stgovpub/id/6521/rec/1, accessed May 12, 2015.
iv
Select Quote Insurance Services, “How we help”, http://www.selectquote.com/how_we_help.aspx, accessed May 12, 2015.
v
EZLynx, “About”, https://www.ezlynx.com/about.html, accessed May 12, 2015.

28
 API economy

Lessons from the front lines

Fueling the second Web boom API-based services, spawning new services,
acquisitions, and ideas. As some organizations
APIs have played an integral role in some
matured, they revised their API policies to
of the biggest cloud and Web success stories of
meet evolving business demands. Twitter, for
the past two decades. For example, Salesforce.
example, shifted its focus from acquiring users
com, which launched in 2000, was a pioneer in
to curating and monetizing user experiences.
the software-as-a-service space, using Web-
This shift ultimately led to the shuttering of
based APIs to help customers tailor Salesforce
some of its public APIs, as the company aimed
services to their businesses, integrate into their
to more directly control its content.
core systems, and jump-start efforts to develop
new solutions and offerings.11 Moreover,
Salesforce has consistently used platforms APIs on demand
and APIs to fuel innovation and broaden In 2008, Netflix, a media streaming service
its portfolio of service offerings, which now with more than 50 million subscribers,15
includes, among others, iForce.com, Heroku, introduced its first public API. At the time
Chatter, Analytics, and Salesforce1. public, supported APIs were still relatively
In 2005, Google introduced the Google rare—developers were still repurposing RSS
Maps API,12 a free service that made it possible feeds and using more rudimentary methods
for developers to embed Google Maps and for custom development. The Netflix release
create mashups with other data streams. In provided the company a prime opportunity to
2013, the company reported that more than a see what public developers would and could
million active sites and applications were using do with a new development tool. Netflix
the Maps API.13 Such success not only made vice president of Edge Engineering, Daniel
APIs standard for other mapping services, Jacobson, has described the API launch as
but helped other Web-based companies a more formal way to “broker data between
understand how offering an API could internal services and public developers.”16 The
translate into widespread adoption. approach worked: External developers went
In 2007, Facebook introduced the Facebook on to use the API for many different purposes,
Platform, which featured an API at its core creating applications and services that let
that allowed developers to build third-party subscribers organize, watch, and review Netflix
apps. Importantly, it also provided widespread offerings in new ways.
access to social data.14 The APIs also extended In the years since, Netflix has gone from
Facebook’s reach by giving rise to thousands offering streaming services on a small number
of third-party applications and strategic of devices to supporting its growing subscriber
integrations with other companies. base on more than 1,000 different devices.17 As
By the late 2000s, streamlined API the company evolved to meet market demands,
development processes made it possible for the API became the mechanism by which
Web-based start-ups like Flickr, Foursquare, it supported growing and varied developer
Instagram, and Twitter to introduce APIs requests. Though Netflix initially used the API
within six months of their sites’ launches. exclusively for public requests, by mid-2014,
Likewise, as development became increasingly the tool was processing five billion private,
standardized, public developers were able to internal requests daily (via devices used to
rapidly create innovative ways to use these stream content) versus two million daily public

29
Tech Trends 2015: The fusion of business and IT

requests.18 During this same period, revenues The Hub acts as a single common entry
from the company’s streaming services point into federal, state, and third-party data
eclipsed those of its DVD-by-mail channel, a sources without actually storing any data. As
shift driven in large part by Netflix’s presence an example of how the Hub works, under the
across the wide spectrum of devices, from set- ACA, states are required to verify enrollee
top boxes to gaming consoles to smartphones eligibility for insurance affordability programs.
and tablets.19 The Hub connects the state-based insurance
Today, roughly 99.97 percent of Netflix exchanges to federal systems across almost a
API traffic is between services and devices. dozen different agencies to provide near-real-
What was once seen as a tool for reaching new time verification services, including Social
audiences and doing new things is now being Security number validation, income and tax
used tactically to “enable the overall business filing checks, and confirmation of immigration
strategy to be better.”20 status, among others. State exchanges also use
In June 2014, the company announced that the Hub as a single entry point for submitting
in order to satisfy a growing global member enrollment reports to multiple federal agencies.
base and a growing number of devices, it The intent of the Hub’s technical
planned to discontinue its public API program. architecture is to include scalable and secure
Critics have pointed to this decision as another Web services that external systems invoke
example of large technology companies via APIs. This system is designed to provide
derailing the trend toward increased access near-real-time exchange of information, which
by rebuilding walls and declining external enables states to make benefits eligibility
developer input.21 However, as early as 2012, determinations in minutes instead of in days
Jacobson had stated, “The more I talk to people and weeks with the previous batch-based
about APIs, the clearer it is that public APIs are process and point-to-point connections.
waning in popularity and business opportunity Moreover, with a growing repository of data
and that the internal use case is the wave of and transactional services, the Hub can
the future.”22 Like any other market, the API accelerate the development of new products,
economy will continue to evolve with leading solutions, and offerings. And with common
companies taking dynamic, but deliberate APIs, states are able to share and reuse assets,
approaches to managing, propagating, and reducing implementation overhead and
monetizing their intellectual property. solution cost. The FDSH can also help agencies
pay down technical debt by standardizing and
Empowering the simplifying integration, which has historically
been one of the most complex factors in both
Beltway—and beyond project execution and ongoing maintenance.
On March 23, 2010, President Barack
Obama signed into law the Affordable Care
Act (ACA), which reforms both the US
health care and health insurance industries.
To facilitate ACA implementation, the
government created the Federal Data Services
Hub, a platform that provides a secure way
for IT systems from multiple federal and state
agencies and issuers to exchange verification,
reporting, and enrollment data.

30
 API economy

Our take
Ross Mason, founder and vice president, product strategy
Uri Sarid, chief technology officer
MuleSoft
Over many years, companies have built up masses of CIO has a critical role to play in all this, potentially
valuable data about their customers, products, supply as the evangelist for the new thinking, and certainly
chains, operations, and more, but they’re not always as the caretaker of the architecture, platform, and
good at making it available in useful ways. That’s a governance that should surround APIs.
missed opportunity at best, and a fatal error at worst.
Within today’s digital ecosystems, business is driven The first step for CIOs to take toward designing that
by getting information to the right people at the right next-generation connected ecosystem is to prepare
time. Staying competitive is not so much about how their talent to think about it in the appropriate way.
many applications you own or how many developers Set up a developer program and educate staff about
you employ. It’s about how effectively you trade on APIs. Switch the mindset so that IT thinks not just
the insights and services across your balance sheet. about building and testing and runtimes, but about
delivering the data—the assets of value. Consider
Until recently, and for some CIOs still today, a new role: the cross-functional project manager
integration was seen as a necessary headache. But who can weave together various systems into a
by using APIs to drive innovation from the inside compelling new business offering.
out, CIOs are turning integration into a competitive
advantage. It all comes down to leverage: taking the We typically see organizations take two
things you already do well and bringing them to the approaches to implementing APIs.
broadest possible audience. Think: Which of your The first is to build a new product
assets could be reused, repurposed, or revalued— offering and imagine it from the
inside your organization or outside? As traditional ground up, with an API serving
business models decline, APIs can be a vehicle to spur data, media, and assets. The
growth, and even create new paths to revenue. second is to build an internal
discipline for creating APIs
Viewing APIs in this way requires a shift in thinking. strategically rather than on a
The new integration mindset focuses less on just project-by-project basis. Put a
connecting applications than on exposing information team together to build the initial
within and beyond your organizational boundaries. It’s APIs, create definitions for what
concerned less with how IT runs, and more with how APIs mean to your organization,
the business runs. and define common traits so you’re
not reinventing the wheel each time.
The commercial potential of the API economy really This method typically requires some
emerges when the CEO champions it and the board adjustment, since teams are used to
gets involved. Customer experience, global expansion, building tactically. But ultimately, it forces an
omnichannel engagement, and regulatory compliance organization to look at what assets really matter
are heart-of-the-business issues, and businesses and creates value by opening up data sets, giving IT an
can do all of them more effectively by exposing, opportunity to help create new products and services.
orchestrating, and monetizing services through APIs. In this way, APIs become the essential catalyst for IT
innovation in a digital economy.
In the past, technical interfaces dominated discussions
about integration and service-oriented architecture
(SOA). But services, treated as products, are what
really open up a business’s cross-disciplinary, cross-
enterprise, cross-functional capabilities. Obviously, the

31
Tech Trends 2015: The fusion of business and IT

Cyber implications

A PIs expose data, services, and transactions—creating assets to be shared and reused. The upside is
the ability to harness internal and external constituents’ creative energy to build new products and
offerings. The downside is the expansion of critical channels that need to be protected—channels that
may provide direct access to sensitive IP that may not otherwise be at risk. Cyber risk considerations
should be at the heart of integration and API strategies. An API built with security in mind can be a
more solid cornerstone of every application it enables; done poorly, it can multiply application risks.
Scope of control—who is allowed to access an API, what they are allowed to do with it, and how they
are allowed to do it—is a leading concern. At the highest level, managing this concern translates into
API-level authentication and access management—controlling who can see, manage, and call underlying
services. More tactical concerns focus on the protocol, message structure, and underlying payload—
protecting against seemingly valid requests from injected malicious code into underlying core systems.
Routing, throttling, and load balancing have cyber considerations as well—denials of service (where
a server is flooded with empty requests to cripple its capability to conduct normal operations) can be
directed at APIs as easily as they can target websites.
Just like infrastructure and network traffic can be monitored to understand normal operations, API
management tools can be used to baseline typical service calls. System event monitoring should be
extended to the API layer, allowing unexpected interface calls to be flagged for investigation. Depending
on the nature of the underlying business data and transactions, responses may need to be prepared in
case the underlying APIs are compromised—for example, moving a retailer’s online order processing to
local backup systems.
Another implication of the API economy is that undiscovered vulnerabilities might be exposed
through the services layer. Some organizations have tiered security protocols that require different
levels of certification depending on the system’s usage patterns. An application developed for internal,
offline, back-office operations may not have passed the same rigorous inspections that public-facing
e-commerce solutions are put through. If those back-office systems are exposed via APIs to the front
end, back doors and exploitable design patterns may be inadvertently exposed. Similarly, private
customer, product, or market data could be unintentionally shared, potentially breaching country or
industry regulations.
It raises significant questions: Can you protect what is being opened up? Can you trust what’s coming
in? Can you control what is going out? Integration points can become a company’s crown jewels,
especially as the API economy takes off and digital becomes central to more business models. Sharing
assets will likely strain cyber responses built around the expectation of a bounded, constrained world.
New controls and tools will likely be needed to protect unbounded potential use cases while providing
end-to-end effectiveness—according to what may be formal commitments in contractual service-level
agreements. The technical problems are complex but solvable—as long as cyber risk is a foundational
consideration when API efforts are launched.

32
 API economy

Where do you start?

A T first glance, entering the API economy

may seem like an abstract, daunting
endeavor. But there are some concrete steps
platform, S3 storage cloud, warehouse
management and fulfillment services,
Mechanical Turk, and other initiatives.23
that companies can take based on the lessons
learned by early adopters. • Embrace the bare necessities.
Organizations should consider what
• What’s in a name? APIs should have the governance model they should establish
clarity of a well-positioned product—a based on the intended consumers (internal,
clear intention, a clean definition of the partners, public at large) and whether
value, and perhaps more important, a the program is being driven by IT or the
clearly defined audience. Is it a small set of business. Tools such as API management
known developers, a large set of unknown platforms can provide a dashboard-like
developers, or both? What is the trust zone? view into the inner workings of a solution
Public, semi-private, or private? How do landscape. The visibility provides a better
these essential facts inform the scope and handle on dependencies and performance
orientation of the service? of the core services across legacy systems
and data.
• Who’s on first? Top-down or bottom-up?
Or more to the point: What will drive the • Avoid technology holy wars. There
API charge…business model innovation or are many decision points, and they can
technical services? The latter may be easier become distracting. REST or SOAP for the
for an IT executive to champion, especially service protocol? JSON or XML for the
if the API is launched as part of a broader data formatting? Resource or experience-
IT delivery transformation, technical debt based design philosophy? Versioning via
reversal, or DevOps program. Placing path segment, query string, or header
the effort under an IT executive can (or none of the above)? Oauth2.0 or
also simplify the path forward and the OpenID Connect security? What API
expected outcomes by focusing on service management platform vendor should be
calls, performance, standard adherence, used? These are all good questions that
shrinking development timelines, and lower lack a single good answer. One size likely
maintenance costs. won’t fit all, and further consolidation and
Planting the seed of how business services change in the vendor landscape is likely
and APIs could unlock new business to continue. Companies should make
models may be trickier. But the faster appropriate decisions to guide shorter-term
the initiative is linked to growth and needs with a focus on pragmatism, not
innovation, the better. In the early days doctrinaire purity.
of Amazon, Jeff Bezos reportedly issued
a company-wide mandate requiring all • Easy does it. Opportunities leveraging
technical staff, without exception, to cross-industry cooperation may be
embrace APIs. The mandate served as the tempting right out of the gate. However,
foundation for the EC2 cloud computing businesses should decide if the payoff

33
Tech Trends 2015: The fusion of business and IT

trumps the extra complexity. Companies ready yourself for a sustained campaign
should plan big, but start small. Ideally, they to drive awareness, subscriptions, and
should use open, well-documented services support. Beyond readying the core
to accelerate time to prototype. Expecting APIs and surrounding management
constant change and speedy execution services, companies shouldn’t forget
is part of the shift to the API economy. about the required ancillary components:
Enterprises can use their first endeavors to documentation, code samples, testing
anchor the new “business as usual.” and certification tools, support models,
monitoring, maintenance, and upkeep.
• Build it so they will come. If you are Incentives and attempts to influence
trying to launch external-facing APIs or stakeholders should be tied to the target
platforms for the first time, you should audiences and framed accordingly.

34
 API economy

Bottom line

W E’RE on the cusp of the API economy—coming from the controlled collision of revamped IT
delivery and organizational models, renewed investment around technical debt (to not just
understand it, but actively remedy it), and disruptive technologies such as cognitive computing,24
multidimensional marketing,25 and the Internet of Things. Enterprises can make some concrete
investments to be at the ready. But as important as an API management layer may be, the bigger
opportunity is to help educate, provoke, and harvest how business services and their underlying APIs
may reshape how work gets done and how organizations compete. This opportunity represents the
micro and macro versions of the same vision: moving from systems through data to the new reality
of the API economy.

Authors
George Collins, principal, Deloitte Consulting LLP

Collins is a principal in Deloitte Consulting LLP and Chief

Technology Officer of Deloitte Digital US. He has over 15 years
of experience helping executives shape technology-centric
strategies, optimize business processes, and define product and
platform architectures. Collins has delivered a variety of technology
implementations from eCommerce, CRM, and ERP, to content
management and custom development. With global experience, he
has a broad outlook on the evolving needs of a variety of markets.

David Sisk, director, Deloitte Consulting LLP

Sisk is a director with Deloitte Consulting LLP in the Systems

Integration practice. He has extensive experience in the
architecture, design, development, and deployment of enterprise
applications, focusing on the custom development area.

35
Tech Trends 2015: The fusion of business and IT

Endnotes
1. Electronic data interchange (EDI); 12. Google, The world is your JavaScript-
service-oriented architecture (SOA). enabled oyster, June 29, 2005, http://
2. Deloitte University Press, Tech Trends 2014: googleblog.blogspot.com/2005/06/
Inspiring disruption, February 6, 2014, world-is-your-javascript-enabled_29.
http://dupress.com/periodical/trends/tech- html, accessed October 6, 2014.
trends-2014/, accessed November 10, 2014. 13. Google, A fresh new look for the Maps
3. Ibid. API, for all one million sites, May 15, 2013,
http://googlegeodevelopers.blogspot.
4. See ProgrammableWeb, http://www. com/2013/05/a-fresh-new-look-for-maps-
programmableweb.com/category/ api-for-all.html, accessed October 6, 2014.
all/apis?order=field_popularity.
14. Facebook, Facebook Platform launches,
5. Daniel Jacobson and Sangeeta Naray- May 27, 2007, http://web.archive.org/
anan, Netflix API: Top 10 lessons learned (so web/20110522075406/http:/developers.
far), July 24, 2014, Slideshare, http:// facebook.com/blog/post/21, October 6, 2014.
www.slideshare.net/danieljacobson/
top-10-lessons-learned-from-the-netflix-api- 15. Netflix, “Q2 14 letter to shareholders,” July 21,
oscon-2014?utm_content=buffer90883&utm_ 2014, http://files.shareholder.com/downloads/
medium=social&utm_source=twitter. NFLX/3530109523x0x769749/8bc987c9-
com&utm_campaign=buffer, ac- 70a3-48af-9339-bdad1393e322/
cessed November 10, 2014. July2014EarningsLetter_7.21.14_final.
pdf, accessed October 8, 2014.
6. Thomas H. Davenport and Bala Iyer, “Move
beyond enterprise IT to an API strategy,” 16. Daniel Jacobson, Top 10 lessons learned from
Harvard Business Review, August 6, 2013, the Neflix API—OSCON 2014, July 24, 2014,
https://hbr.org/2013/08/move-beyond-enter- Slideshare, http://www.slideshare.net/danielja-
prise-it-to-a/, accessed November 10, 2014. cobson/top-10-lessons-learned-from-the-netf-
lix-api-oscon-2014, accessed October 8, 2014.
7. See ProgrammableWeb, http://www.
programmableweb.com/category/ 17. Ibid.
travel/apis?category=19965. 18. Ibid.
8. Alex Howard, “Welcome to data transpar- 19. Netflix, “Form 10-K annual report,” Febru-
ency in real estate, where possibilities and ary 3, 2014, http://ir.netflix.com/secfiling.
challenges await,” TechRepublic, April 30, cfm?filingID=1065280-14-6&CIK=1065280,
2014, http://www.techrepublic.com/article/ accessed December 17, 2014.
welcome-to-data-transparency-in-real- 20. Daniel Jacobson, “The evolution of
estate-where-possibilities-and-challenges- your API and its value,” October 18,
await/, accessed November 10, 2014. 2013, YouTube, https://www.youtube.
9. Deloitte University Press, Tech Trends 2015: com/watch?v=oseed51WcFE, ac-
The fusion of business and IT, February 3, 2015. cessed October 8, 2014.
10. Daniel Jacobson and Sangeeta Narayanan, 21. Megan Garber, “Even non-nerds should
Netflix API: Top 10 lessons learned (so far). care that Netflix broke up with develop-
11. Kin Lane, History of APIs, June ers,” Atlantic, June 17, 2014, http://www.
2013, https://s3.amazonaws.com/ theatlantic.com/technology/archive/2014/06/
kinlane-productions/whitepapers/ even-non-nerds-should-care-that-netflix-
API+Evangelist+-+History+of+APis. just-broke-up-with-developers/372926/,
pdf, accessed October 6, 2014. accessed December 17, 2014.

36
 API economy

22. Daniel Jacobson, Why REST keeps me up

at night, ProgrammableWeb, May 5, 2012,
http://www.programmableweb.com/news/
why-rest-keeps-me-night/2012/05/15,
accessed October 8, 2014.
23. The API Economist, “Jeff Barr’s head is in the
cloud,” April 30, 2013, http://apieconomist.
com/blog/2013/4/29/jeff-barrs-head-is-
in-the-cloud, accessed January 8, 2015.
24. Deloitte University Press, Tech Trends 2014:
Inspiring disruption, February 6, 2014,
http://dupress.com/periodical/trends/tech-
trends-2014/, accessed November 10, 2014.
25. Deloitte University Press, Tech Trends 2015:
The fusion of business and IT, February 3, 2015.

37