Check Point® Software Technologies Ltd. has been recognized as a leader in The Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.
APIs are a fundamental part of modern web application development, and it's a little hard to imagine a world without them. But the decisions that startups make about implementing and managing their APIs can have profound effects on the growth trajectory of their business, both good and bad.
Startups building tools for developers are often eager to impress their customers, exposing all manner of cool tech within their applications for those customers to consume via APIs. This is often the simplest path forward at the beginning; it's a quick and easy way to get developers using your technology, and it feels like a good foundation for the application as it matures.
But over the next five years, the way that software developers build applications is likely to change. Startups need to give themselves flexibility so that, as things change, developers have a choice of what they are going to use to access technology, and how they are going to pay for that access.
Should You Expose APIs to Developers?
As your application grows, you'll soon face a problem: what's your business model? Do you charge developers for API calls? Do you build an official client library for your tech, buttressed by enterprise support? These are questions that need to be considered at the outset.
There are many benefits to thinking critically about exposing APIs to developers. Easily accessible APIs sound great, but they're not necessarily very efficient: even simple shopping-cart applications can require developers to hit dozens of APIs to get a result. Building a client library that can achieve that result in one fell swoop creates value, and also makes your technology easier to consume.
When you take a foundational component like an API and make your users dependent on it too soon, you will struggle to change it out of fear of breaking existing customer functionality, and it will warp everything you want to build on top of it. You're going to be wrong about things, and you're going to have to react to being wrong.
Twitter is perhaps the most famous example of a company that went all-in on API access only to discover it couldn't make money if people preferred to consume Twitter outside of Twitter, using superior third-party user-interface clients to what Twitter Inc. offered at the time. It cracked down on third-party Twitter client development and acquired some talent on the client side, but this process alienated a lot of developers.
Different companies have different needs, but there's one fact of life that anyone working in enterprise technology over the last decade knows all too well: Things change, and the pace of these changes seems to be accelerating.
Take Java: Five years ago, Java was insanely relevant, and it wasn't uncommon to see development tools designed specifically for Java developers. Today, a ton of Java apps are still out there, but the language is only relevant to specific communities of developers. Others have moved on to brighter and shinier languages, and tools built specifically for Java developers can't address their needs.
Startups also tend to build their early products according to the needs of their early customers, which makes a lot of sense when you're trying to prove that your technology and your team are worthy of that revenue. However, as your company grows, newer customers might have different needs, and your product needs to be able to protect the APIs built for the early customers while adding layers that address the new use cases.
Thinking About APIs as Microservice Architectures
A better way to think about APIs might be microservice architectures. In a microservice architecture, the individual services are relatively minor cogs in the wheel; some are more important than others, but the whole concept holds that if one microservice goes down, the application stays afloat.
The value comes from being able to organize and manage those microservices, which is why startups should think carefully about whether or not to expose their APIs early in their development. Once your customers depend on your APIs, rather than your products, so do you.
All of these issues involve trade-offs, of course; exposing a lot of your APIs might kick-start interest in a particular project or company. That's why these decisions are hard.
Here are a few things to keep in mind when settling on a strategy for your APIs:
■ Include rate limiting in all your clients, even if you don't expect to be that big right away. No matter what your business involves, you'll encounter bad actors, service instability at the exact moment you start to attract users en masse, and potential infrastructure cost overruns from inartful scaling.
■ Give yourself portability in your stack. Use Kubernetes and Docker, adopt a microservices architecture, and don't use services that bind you to a particular cloud.
■ Give yourself a layer of abstraction that can adapt to changing software development norms. Make it very clear which APIs are public and which are experimental, and hold on to the experimental ones as long as possible.
■ Take responsibility right away for managing the versions of your APIs and client libraries, and make sure you keep them in sync.
If you think of your APIs as your business, you'll likely default to charging on a per-request basis, based on the cost of providing the service and some sort of markup for the investment in the technology. This is easy to do as an API-driven company, but it also makes life that much harder for your customers. Is that what you really want?
Industry News
Red Hat and Oracle announced the expansion of their alliance to offer customers a greater choice in deploying applications on Oracle Cloud Infrastructure (OCI). As part of the expanded collaboration, Red Hat OpenShift, the industry’s leading hybrid cloud application platform powered by Kubernetes for architecting, building, and deploying cloud-native applications, will be supported and certified to run on OCI.
Harness announced the availability of Gitness™, a freely available, fully open source Git platform that brings a new era of collaboration, speed, security, and intelligence to software development.
Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).
Sonar announced zero-configuration, automatic analysis for programming languages C and C++ within SonarCloud.
DataStax announced a new JSON API for Astra DB – the database-as-a-service built on the open source Apache Cassandra® – delivering on one of the most highly requested user features, and providing a seamless experience for Javascript developers building AI applications.
Mirantis launched Lens AppIQ, available directly in Lens Desktop and as (Software as a Service) SaaS.
Buildkite announced the company has entered into a definitive agreement to acquire Packagecloud, a cloud-based software package management platform, in an all stock deal.
CrowdStrike has agreed to acquire Bionic, a provider of Application Security Posture Management (ASPM).
Perforce Software announces BlazeMeter's Test Data Pro, the latest addition to its continuous testing platform.
CloudBees announced a new cloud native DevSecOps platform that places platform engineers and developer experience front and center.
Akuity announced a new open source tool, Kargo, to implement change promotions across many application life cycle stages using GitOps principles.
Check Point® Software Technologies Ltd. announced that it has been recognized on Newsweek’s inaugural list of the World’s Most Trustworthy Companies 2023.
CloudBees announced significant performance and scalability breakthroughs for Jenkins® with new updates to its CloudBees Continuous Integration (CI) software.