Succeeding with an API Management project requires good discipline and following three major steps: a good preparation upfront – cf. API Management project kickoff checklist – , a detailed list of project specifications and a good methodology to evaluate the different vendors.
We are focusing here on the second phase, which is the list of specifications for your API Management project. You will use this list to engage and discuss with the different API Management software vendors. You will find below the 10 most important topics to address along with sample questions.
#1 Digital Imperatives – Explain the business context of your project.
- “How can your solution help to address the growth demands for our product portfolio and emerging Omni-channel presence?”
- “A critical business metric for us is Customer Retention. Challenged in a large part because of the web, it has become even more competitive. How can your solution help us to provide a better customer experience, through self-service and Customer Digital context?”
- “Reducing Partner Onboarding cost and complexity is a key Corp. mandate that helps ensure we are easy to do business with. How does your solution help us in this area?”
#2 Ease of Use – Go for a solution with an easy ramp up
- “Technical programming skills are getting harder to find, and are some of our most expensive costs relative to digital. How much technical programming expertise is required to leverage your solution?”
- “It is critical that your solution will participate in our ability to easily manage changes. Can the product be integrated into an existing Continuous Delivery / Continuous Integration process, no matter which vendors we standardize on for our DevOps strategy?”
- “Complexity is something we try to avoid, but if we need to extend the capabilities of your solution to accommodate our architecture and integration requirements, how flexible is your solution to allow for this?”
#3 Security – Make security a mandate
- “APIs require a large community involvement from developers, administrators, architects, security experts etc. So, automation and self-service is a key initiative for our company to allow these communities to participate without over complicating the ability to implement. How does your solution support this approach?”
- “Can your solution provide the following security controls, and if so, describe how: IP Whitelist; IP Blacklist; JSON Threat Protection; XML Threat Protection”
- “Please describe your expertise with OAuth (including major customers you have supported).”
#4 API Management – Ask for the best
- “It’s important to keep a separation between our API development, API management and Policy Administration. How does your solution keep these safely apart?”
- “In addition to REST, our company continues to support SOAP. How does your solution provide support for both?”
- “What are your management capabilities to support digital communities based on their roles in the organization?”
#5 Policy Enforcement – Anticipate your needs for advanced integration
- “Ability to reuse policies can save our developers and administrators considerable time and complexity. So, with your solution can already established policies be re-used? Provide examples.”
- “Can API behavior change dynamically based upon factors such as user credentials, message header and other variables?”
- “Can your solution allow field data mapping between JSON & XML without coding? Please describe.”
#6 … #11. To be continued …. Stay tuned!