Bootstrapper’s Guide to API management
APIs are happening. Driven by the apps and mobile connectivity explosion on one end, and enterprises gearing up for faster, more effective way to do business on the other, APIs are becoming the lifeline for the internet powered economy. The gold rush into the API marketplace does not mean that every API is destined for success - there are a plethora of factors involved on top of just converting your business into HTTP packets. Making the API discoverable, developer friendly, secure and scalable are each critical to engage consumers of your API. After initial investment of effort to design for success, supporting a thriving community around the API is ongoing work.
If you're a small startup with the objective of getting to market quickly and efficiently, solving for these needs can be overwhelming. Enter API Management solutions (also known as API Proxies, your API’s best friend). At Rillate, we decided an API proxy was what we needed to bring our verification API to market. With the following checklist in hand, we set out to evaluate offerings in the API proxy market:
discovery: API marketplace gives our API additional visibility in front of developers ready to consume APIs.
monetization: building pricing and billing into our product is a nontrivial effort. We wanted to be able to use external provider for those to speed up our time to market.
consumability: features like built in documentation and testing, client libraries to minimize the zero to production time for the developer.
support: efficient way for developers to communicate with us about any questions or issues.
scalability and stability: features like rate limiting, uptime and latency monitoring at proxy level.
security: a core feature for API Proxy, we looked to make sure our design meets standards so developers don’t have to re-learn and re-implement authentication code.
analytics: anything worth doing is worth quantifying.
cost: last but not least, we wanted all the above features at a cost within the stage of our business
The quest for API began with identifying the key players. We found this API comparison article by API Evangelist aged quite well and it served as a pretty accurate starting point to narrow the candidates.
Mashery is the best known and most mature API proxy out there, trusted by enterprise market and is well suited for the needs of large scale, sophisticated business by offering high availability, on-premises and cloud deployment options, personalized API certification process and guidance on best practices. For our set of objectives, this was a higher point on features and cost that we looked for.
Apigee's offering is as solid and diversified, with similarly rich featured enterprise support. They do fantastic job advocating the API economy, promoting best practices and reaching out to developer community. Apigee has tiered services and pricing structure, and we realized that monetization capability comes in a price range that wasn't yet feasible for us.
3scale is set apart by its architecture - API management is done by NGINX proxy deployed alongside your app. We liked the idea of simplicity, greater control, flexibility and improved performance that this approach enables, and we loved the open source aspect of the technology. Monetization feature with clear pricing structure was also a plus. Operational overhead of installing and managing additional components in our production environment ended up being a deterrent.
Apiary, a relative newcomer, has attractive clean philosophy of iterative API design with automated testing and documentation generation, based on their emerging standard of API Blueprint. They're doing great work and are definitely worth another look in the future. However, our requirement of monetization feature had us continue our search.
Mashape ended up being our final choice. We found it to be on par with others when it came to developer centric features such as the developer portal and communication tools, fully interactive API documentation pages. Mashape biggest differentiator is its developer community and API Marketplace, which aligned with our objective to have our API discoverable by developers who need it. Setting up API endpoints was easy and intuitive and the resulting documentation/test page was easy to use - we soon found ourselves preferring Mashape's API Test/Documentation page to our internal tools for API testing. Mashape provides open source Unirest libraries in most popular languages enabling the developers to integrate our API in just a few lines of code.
A huge factor in our decision was how Mashape approaches monetization: we found it to be aligned with the needs of an early stage startup like ourselves:
no upfront cost: Mashape takes a cut of the price paid by developer to API provider. It costs nothing to start having your API consumed via Mashape.
flexible pricing structure: Mashape's price plans are oriented toward straightforward subscription pricing model; but Mashape also gives the API provider greater control over the cost billed for each call. This is done by setting the 'billing' header on the response to the desired amount, allowing the application to own the billing logic, but still delegate execution to Mashape. Our choice of pricing structure is closer to pay-per-use model, with a friendly twist - the caller only pays for checking someone's school enrollment if the call returned a positive response. Not only there's no upfront subscription cost to pay, we removed the upfront risk of integrating with us (such risk could come from unknown distribution of end user data, running pilots or exploratory projects, A/B testing). Even with the pricing structure so different from the typical subscription model, we were able to make it work with little code added to our backend.
Last but not least, we felt great cultural fit with Mashape - our questions and requests for support were answered quickly and with great deal of knowledge and understanding. It is obvious Mashape is still growing and adding features, but they got the key values right.