Unified API and integration governance takeaways: Why API complexity happens

It started with customers telling us they had a pain point: they were using multiple API gateways — both from Axway and from other vendors — and it was making their APIs very difficult to govern.

In a recent webinar, Senior Product Marketing Manager, Jana Frejova and Catalyst, Erik Wilde tackled why this happens, why it can cause problems, and how research shows the API landscape is growing more complex.

Enterprises are frequently using multiple API gateways

Jana Frejova led qualitative research across several regions and industries and found six principal reasons enterprises end up with multiple API gateways:

• External vs. internal traffic
• On-premises vs. cloud deployment
• Central vs. local governance
• Old vs. new functionality
• Development vs. testing vs. staging vs. production environment
• Microservices vs. monoliths

There were good reasons companies are ending up with this sort of complexity, from meeting different security needs, to moving to the cloud, to making their infrastructures — and their businesses — more resilient and agile.

“Very often, the reality is that you don’t want to and cannot reasonably rebuild everything,” said Wilde. “The question for us was to better understand what challenges our customers are facing and to make sure that we can then use that understanding to also inform our product design and help our customers better.”

External vs. internal traffic

Erik Wilde said this was a common pattern. In some organizations, for example, all the internal APIs might be more managed on the IT side whereas external ones are managed more like products in order to monetize them.

They can end up as entirely different initiatives where these environments are created and managed with different motivations and management. Some organizations also cited the need for different security processes internally vs externally.

On-premises vs. cloud deployment

Hybrid environments are growing, as companies that started on-premises are now moving into the cloud. They may pick up a gateway as they transition and end up with a hybrid deployment with several gateways. They may be in a temporary stage until they fully transition into the cloud, which will bring some cost challenges.

Central vs. local governance

This tension is an age-old struggle that applies to politics as much as it does to IT: How do you govern a growing and increasingly complex ecosystem?

Larger, multinational organizations will often elect to give different regions and business units local governance, a move that Wilde says makes a lot of sense:

“It’s a very sensible approach to say we’re such a large organization and motivations and scenarios are so diverse that it doesn’t make sense for us to try to do everything centrally. But then you have to have an idea in place for how to manage that decentralization,” said Wilde.

Jana described how Axway customer BNP Paribas allowed their companies to govern themselves locally because each business unit knew best was needed in the particular country or region.

They ended up with 30 different API management platforms around the world but found they needed to better see what APIs were being used and where.

Old vs. new functionality, development vs. testing vs. staging vs. production environment

Some clients adopted a couple of gateways just to plug a gap in functionality with their original gateway. They may choose one that fits their needs today, but then may also outgrow it or have different requirements in the future. And most clients were adopting different gateways as they developed and tested products.

Microservices vs. monoliths

Finally, a growing reason many companies are adopting multiple gateways is to support a more resilient infrastructure. It’s an approach that’s likely to increase with the adoption of microservices and containerized infrastructures, Frejova said.

One of the clients her team spoke with said they adapted this containerized approach after an outage, where a big surge in demand had overwhelmed their infrastructure. They isolated the different workflows and technologies to be more resilient so a one-hour outage wouldn’t take out the whole system.

Wilde explained that it’s a typical microservices payoff: “You earn in terms of scalability and flexibility, but you pay in terms of operational complexity, and you have to make sure that you somehow manage that complexity.”

API gateway complexity creates challenges

Four main challenges arise with the increased complexity of multiple API gateways:

1. Governance and security: Organizations need to enforce a set of corporate standards and policies across these different APIs and API gateways, which becomes difficult when the process of setting these policies is different in each gateway. While companies don’t need complete control, they do need some level of visibility and control in order to make decisions and see what’s happening with APIs throughout the organization.
2. Consumption visibility: When APIs are scattered around different gateways and different regions, you don’t know who’s consuming them, and they tend to get duplicated across regions. That lack of visibility into your product means it’s harder to monetize APIs. “An insight into how APIs are being used is an insight into your business,” Frejova said. 
3. Economic trade-offs: Several customers told us they were missing opportunities for reuse due to a lack of visibility. Sometimes, APIs are built when it would’ve been simpler — and more cost-effective — to reuse a similar API from a different unit that could do that job. Duplication of APIs was a real struggle, and then there’s the added cost related to running multiple gateways.
4. Debugging and monitoring: Finally, the complexity of using multiple API gateways made it harder to monitor APIs, with companies sometimes discovering errors too late. It is much harder to search for and pinpoint where in the chain the error occurred when there isn’t a central tool providing that visibility.

Embrace the complexity, armed with the right tools

Consolidation has been the traditional response to growing organizational complexity, but Wilde points out the impulse to rebuild in a simpler way often turns into never-ending projects that end up obsolete before they are finished.

Complexity often happens for good reasons, he says, and companies can embrace that diversity if they make sure they have something in place that allows them to have continuous visibility and governance.

A unified platform, with the right API management tools built on top of this decentralized landscape, can help manage the complexity so your APIs are more discoverable and consumable.

“Instead of trying to change the things you have, design them in a way that they play well in a decentralized environment,” said Wilde.

Read about new research on multiple API gateways and learn why, no matter where you find yourself on the digital and API maturity scale, it’s time to brace for complexity. Learn how BNP Paribas Personal Finance became one of the first adopters of the Amplify Unified Catalog to unlock fine-grained, real-time insights into all APIs in use across the organization.