July 22, 2021
6 min read

How to manage the necessary chaos and the unnecessary risk of APIs?

It’s a time of abundance for APIs. Abundance in the value being created through APIs. And the literal abundance of APIs. 

APIs create new sources of value by enabling connections. They are the mechanisms that allow communication between two or more pieces of software. This network between applications increases the speed and choice that customers now expect. They also create a network effect where you get out more than you put in. 

These increasing returns create pressure to act quickly and grow fast. It has led to the dominance of agile organizations that are speedy, nimble, and work in iterative cycles. 

However, this expanding network comes with risks: 

  • Dependencies are created as ownership is distributed and decentralized
  • Redundancy is necessary and therefore processes can be messy and hard to optimize 
  • The network is complex and hard to understand 
  • Reduction of control can feel chaotic 

With so many opportunities to create new sources of value, governance can feel like a debilitating handbrake. However, the risk increases exponentially as the network grows. The time to balance the chaos of growth with the risks through control is now. 

Addressing the source of growth and risk: dependencies

Borders between sectors, industries, and even business functions are disappearing. Networks of connected businesses have become profitable and competitive. 

APIs have made this connection low cost and easy giving access to internal and external data, technology, and infrastructure. 

APIs are enabling and generating value from this decentralization with combinations of internal, external, and external-that-rely-on-another-external APIs. 

However, the growth of APIs can quickly turn your system into a saturated swampland. As APIs stretch across several systems beware you do not create a wild place full of risks. Instead, you need to understand the ecosystem you are creating to keep it healthy and flourishing. 

Make sure you know how the connections you’re creating will impact the ecosystem’s reliability. Start by understanding the impact if a: 

  • System goes offline or fails 
  • Vendor goes under 
  • Interface or data format changes 
  • Or a connection you rely on has an unforeseen security issue. 

Dependencies will continue to grow and with the complexity and the risk for an entangled mess. The sooner you start to understand your ecosystem the better. It will also be easier to take advantage of APIs evolution as they find new ways to become more independent. 

APIs independent evolution 

APIs have been around since 2000. While they are not new they are still in their early evolution. As they evolve they are finding ways to increase their independence. 

REST APIs

REST-based APIs have been a major advance in their evolution. Their popularity shows they address many of the issues that APIs face. One of the benefits is that they increase independence. With REST APIs the client and server are independent. Their protocols separate the data storage and the UI from the server. 

Modular Architecture 

APIs naturally allow for modular architecture. A modular approach reduces risk by reducing complexity. Smaller units are easier to test and solve issues that occur. 

Cloud computing 

Working in the cloud is another move towards increased security and disaster recovery. However, this doesn’t solve for all possible risks such as companies going under or shutting down based on security risks. 

APIs increased independence goes part way to solve the risks created through dependence but there is still a long way to go. 

Accept what you cannot change: redundancy and chaos 

Dependency charts will quickly show you a picture that looks like chaos. They show lines going all over and often returning to themselves.

The balance between governance and freedom needs to be weighed up carefully. Total freedom is what allows for rapid development, innovation, and extraordinary value creation. It can also result in chaos. Many successful companies, like Spotify, speak of running their organization close to the edge of chaos. 

Similarly, redundancy needs to be carefully orchestrated. Redundancy has negative connotations with waste, repetition, and inefficiency. A complex web is difficult to optimize and it’s even more difficult to know what to optimize for. Redundancy is needed to minimize the risk of systems going down. It also creates the space to take calculated risks when there is a worthwhile payoff. 

It is not enough to understand single points of connection and possible failure. Governance needs to take a systems view to understand the overall impact. Impacts such as losing connections, where you have risks, and what redundancy is necessary. 

Systems thinking for APIs 

There are no easy answers when it comes to reducing the risk of the hyper-growth of APIs. The best solution is to understand the API system that is being created.

Systems thinking allows you to consider multiple factors and tradeoffs. Ask the questions in advance: 

  • What will happen with each new connection? 
  • What are the unintended effects in another part of your system? 
  • What concessions need to be made? 
  • What are you giving up to get somewhere else? 

APIs create a digital ecosystem. Be aware they don’t become an invasive species. They should make the ecosystem thrive. 

Necessary chaos unnecessary risk 

API growth is not slowing down. Each connection leads to greater dependency and therefore increased complexity and risk. Right now, the value being created outweighs the risk. The trouble is, the intricate knotted web will be impossible to undo when the risk increases and becomes overwhelming. 

The short-term rewards need to be weighed against the long-term risks. APIs will continue to evolve and become increasingly independent. At the same time, the system needs to be understood as it grows. Redundancy is necessary, so is some space for chaos. But the costs and trade-offs need to be deeply understood through rigorous testing for system failure and governance. 

The first way to manage this risk is to get data to assess it. API usage needs to be collected and understood at a granular level. Risk should be assessed through the impact it would have if it occurred, and the cost of remediation. For this to work best, build minimum APIs by design.

You can consult our experts to understand how Blobr can help you.