Why Managing APIs is Critical for Federal Agencies

Panchenko Vladimir/Shutterstock.com

Federal IT managers are basically software-as-a-service providers and should be prepared to act that way.

Even while federal CIOs juggle data center consolidation, IT modernization, and other factors, they must focus on providing user-friendly solutions that make federal employees’ jobs easier,  more efficient and productive. That is why IT teams have supplied agency employees with commercial cloud-based solutions, along with their own homegrown applications. Indeed, today’s API economy has turned federal IT managers into software-as-a-service providers.

To thrive in this new world, IT organizations must become more adept at managing the building blocks of today’s web- and microservices-based applications: Application Programming Interfaces, or APIs. While APIs in and of themselves are important, they also need to be nurtured to be truly effective and add value. API management creates a supportive infrastructure that enables managers to open, package, distribute, control and monetize their APIs. Without it, agencies run the risk of wasting time, money and resources, and could even potentially sacrifice application security.

For example, let’s say that a developer creates an API that becomes very popular. Workers across the agency are continuously using the program to the point where the IT team decides to buy another server and continuously scale out the API to meet demand before the quality of service begins to suffer.

Unfortunately, budgets are not infinite. If they continue down this path, the development team may eventually run out of funding. At that point management may demand an explanation that the team cannot provide because they do not have the data to back up their decisions.

Using some form of API management would have provided the team with a wealth of valuable analytics that could have saved them a lot of trouble and expense. They would have had insight into who was using the API, what those users were doing with it, and more. With this information, they may have been able to implement strategies to drive down utilization rates or at least quantify the need to expand the API. The insight provided by the management system could have preserved the user experience while saving the agency costs and the development team a number of headaches.

With that example in mind, let’s take a look at a few specific benefits that API management brings to the table.

Better Security and Control

APIs can be easy targets for hackers and other bad actors. For example, the IRS “Get Transcript” hack of 2015 was the result of an API breach. But strong API management can greatly mitigate these types of threats.

The key is to set up effective authentication and access control. Managers should use API tokens to identify, authenticate, and issue credentials to users and control access to applications. For instance, a manager may allow a user who is willing to authenticate themselves the ability to use the API 10 times a minute, versus once per minute for someone who declines authentication. Managers can also restrict access to certain endpoints, methods, and services.

Managers can also set up rate limits for API usage, including quid pro quo service exchanges, and receive alerts whenever those limits are exceeded. Similar to the aforementioned example, a registered API user may be permitted to make 10 requests per second, while an unregistered user may only make one per minute. Regulating publicly available APIs in this way not only provides for rate limiting, but helps developers and administrators understand who their API consumers are, and the value those consumers extract from the API.

Valuable Insights

After an API is built and released into the wild, managers may want to understand how it is performing and impacting related systems. Having this data in hand can help provide a good idea of the impact that the API is having on the agency.

Insight into API usage can help managers gain a better understanding of which APIs are successful and which are going unused. This can help managers prioritize the maintenance, optimization, and depreciation of their APIs. They can optimize the heavy hitters and dispose of the dead weight, and talk to the small handful of users reliant upon “long tail” APIs about new ways of using those services so as to avoid maintaining their technical debt. Further insight into API usage can also provide opportunities for experimentation and “failing fast,” since managers can gain greater insight into who is using which APIs.

Detailed metrics can also provide valuable insights into the API’s impact on other agency systems and more. For instance, managers can monitor overall traffic volume and usage to gain a better perspective on how many people are accessing applications. They can also look at the amount of resources the API is consuming, including CPU utilization, to get an idea of how the program is impacting other IT solutions. They can then take this data and make adjustments as necessary to maximize the API’s effectiveness.

Complete Visibility

True API management can provide managers with a great deal of intelligence, which, taken piecemeal, would be extremely difficult to decipher. Therefore, it’s important that agencies use systems that provides teams with centralized access to information regarding user authentication, traffic, usage alerts, overall application performance and other factors.

The open-source community has been excellent at providing these kinds of solutions. Indeed, there are many open-source projects that focus on API management, backed by the tireless innovation efforts of the worldwide open-source community. However, government agencies should look closely at the offerings to ensure that the solutions they use have been tested, polished and security features-hardened for use in a federal agency environment. Ideally, these solutions should be commercially-supported open-source software, backed by a vibrant worldwide development community committed to innovation.

As the API economy continues to expand, government IT managers and developers must look for ways to maximize their API investments to deliver the best possible tools to end users, all while maintaining tight security protocols. API management strategies can help teams deliver the reliable applications users have come expect while minimizing the compromises required to meet agency needs.

Adam Clater is the chief architect of U.S. Public Sector for Red Hat.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.