How Developer APIs Can Make or Break Your Business
January 27, 2020

Jevon MacDonald
Manifold

APIs are a fundamental part of modern web application development, and it's a little hard to imagine a world without them. But the decisions that startups make about implementing and managing their APIs can have profound effects on the growth trajectory of their business, both good and bad.

Startups building tools for developers are often eager to impress their customers, exposing all manner of cool tech within their applications for those customers to consume via APIs. This is often the simplest path forward at the beginning; it's a quick and easy way to get developers using your technology, and it feels like a good foundation for the application as it matures.

But over the next five years, the way that software developers build applications is likely to change. Startups need to give themselves flexibility so that, as things change, developers have a choice of what they are going to use to access technology, and how they are going to pay for that access.

Should You Expose APIs to Developers?

As your application grows, you'll soon face a problem: what's your business model? Do you charge developers for API calls? Do you build an official client library for your tech, buttressed by enterprise support? These are questions that need to be considered at the outset.

There are many benefits to thinking critically about exposing APIs to developers. Easily accessible APIs sound great, but they're not necessarily very efficient: even simple shopping-cart applications can require developers to hit dozens of APIs to get a result. Building a client library that can achieve that result in one fell swoop creates value, and also makes your technology easier to consume.

When you take a foundational component like an API and make your users dependent on it too soon, you will struggle to change it out of fear of breaking existing customer functionality, and it will warp everything you want to build on top of it. You're going to be wrong about things, and you're going to have to react to being wrong.

Twitter is perhaps the most famous example of a company that went all-in on API access only to discover it couldn't make money if people preferred to consume Twitter outside of Twitter, using superior third-party user-interface clients to what Twitter Inc. offered at the time. It cracked down on third-party Twitter client development and acquired some talent on the client side, but this process alienated a lot of developers.

Different companies have different needs, but there's one fact of life that anyone working in enterprise technology over the last decade knows all too well: Things change, and the pace of these changes seems to be accelerating.

Take Java: Five years ago, Java was insanely relevant, and it wasn't uncommon to see development tools designed specifically for Java developers. Today, a ton of Java apps are still out there, but the language is only relevant to specific communities of developers. Others have moved on to brighter and shinier languages, and tools built specifically for Java developers can't address their needs.

Startups also tend to build their early products according to the needs of their early customers, which makes a lot of sense when you're trying to prove that your technology and your team are worthy of that revenue. However, as your company grows, newer customers might have different needs, and your product needs to be able to protect the APIs built for the early customers while adding layers that address the new use cases.

Thinking About APIs as Microservice Architectures

A better way to think about APIs might be microservice architectures. In a microservice architecture, the individual services are relatively minor cogs in the wheel; some are more important than others, but the whole concept holds that if one microservice goes down, the application stays afloat.

The value comes from being able to organize and manage those microservices, which is why startups should think carefully about whether or not to expose their APIs early in their development. Once your customers depend on your APIs, rather than your products, so do you.

All of these issues involve trade-offs, of course; exposing a lot of your APIs might kick-start interest in a particular project or company. That's why these decisions are hard.

Here are a few things to keep in mind when settling on a strategy for your APIs:

■ Include rate limiting in all your clients, even if you don't expect to be that big right away. No matter what your business involves, you'll encounter bad actors, service instability at the exact moment you start to attract users en masse, and potential infrastructure cost overruns from inartful scaling.

■ Give yourself portability in your stack. Use Kubernetes and Docker, adopt a microservices architecture, and don't use services that bind you to a particular cloud.

■ Give yourself a layer of abstraction that can adapt to changing software development norms. Make it very clear which APIs are public and which are experimental, and hold on to the experimental ones as long as possible.

■ Take responsibility right away for managing the versions of your APIs and client libraries, and make sure you keep them in sync.

If you think of your APIs as your business, you'll likely default to charging on a per-request basis, based on the cost of providing the service and some sort of markup for the investment in the technology. This is easy to do as an API-driven company, but it also makes life that much harder for your customers. Is that what you really want?

Jevon MacDonald is Co-Founder and CEO of Manifold
Share this

Industry News

May 28, 2020

Docker has extended its strategic collaboration with Microsoft to simplify code to cloud application development for developers and development teams by more closely integrating with Azure Container Instances (ACI).

May 28, 2020

Eggplant announced updates to its Digital Automation Intelligence (DAI) platform.

May 28, 2020

Aptum launched its Managed DevOps Service in partnership with CloudOps, a cloud consulting and professional services company specializing in DevOps.

May 27, 2020

Red Hat announced an expansion of its application services portfolio with the addition of Quarkus as a fully supported framework in Red Hat Runtimes.

May 27, 2020

Couchbase has completed a $105 million all-equity Series G round of fundraising.

May 27, 2020

Aqua Security closed a Series D round of $30M led by Greenspring Associates.

May 26, 2020

GitLab is releasing 13.0 of its DevSecOps platform to enable organizations to efficiently adapt and respond to new and dynamic business challenges.

May 26, 2020

Solo.io announced the availability of the Istio Developer Portal to streamline the developer onboarding process for improved developer experience and increased productivity with added security features.

May 26, 2020

WhiteHat Security will offer free application scanning services to any education institution to support secure online learning.

May 21, 2020

Exadel announced the Grand Prize winner of the “Appery.io COVID-19 Virtual Hackathon.”

May 21, 2020

CloudBees announced significant advances for its Software Delivery Management (SDM) platform – integrations with additional continuous integration and continuous delivery (CI/CD) engines, including Google Cloud Build and Tekton, and extension of the availability of CloudBees’ SDM Preview Program.

May 21, 2020

OutSystems is announcing over 70 development accelerators that ensure web and mobile applications created on the OutSystems low-code development platform can comply with the highest accessibility standards and regulations.

May 20, 2020

Styra announced that Styra Declarative Authorization Service (DAS) now supports microservices and extends context-based authorization to the service mesh.

May 20, 2020

Optimizely announced that its free feature flagging plan for development teams, Rollouts, now also includes A/B testing and feature configuration.

May 20, 2020

StackRox announced new runtime security features in the latest release of the StackRox Kubernetes Security Platform.