Professional Documents
Culture Documents
The Seven Make or Break API Challenges CIOs Need To Address PDF
The Seven Make or Break API Challenges CIOs Need To Address PDF
Photocredit/Getty
credit: GettyImages
Images
To compete in the digital age, large enterprises Yet despite the promise, most enterprises have
need scalable and flexible IT systems to allow for failed to capture the value they initially envisioned
ongoing experimentation and iteration at speed.1 As from APIs. In many cases, a rush to build APIs
a result, many companies have launched programs to without a thoughtful strategy has created a mess,
modernize their technology. with redundancies, poor maintenance practices,
and limited transparency canceling out many of the
Application programming interfaces (APIs) have potential benefits. Some companies have spent years
emerged as a key element of tech modernization ripping and replacing megasystems, adding APIs in
at many businesses, including most banks and an ad hoc way the entire time, without making any
insurers. With their ability to link systems and data, real progress.
APIs play a crucial role in making IT systems more
responsive and adaptable. In our work with many clients on developing API
strategies and building out API portfolios, we’ve
1
found common themes behind the difficulties
Albert Bollard, Elixabete Larrea, Alex Singla, and Rohit Sood,
“The next-generation operating model for the digital world,” companies encounter. One is that IT assumes
March 2017, McKinsey.com. sole ownership of API programs, so they aren’t
Digital/McKinsey: Insights
tightly linked to business goals or an overarching Data access and integration
modernization vision. Another reason API programs APIs can expose data across various IT systems,
falter is siloed efforts—for example, efforts focused both legacy and modern. They can then be used to
solely on data or cloud migration—which can extract the data and link them to advanced analytics
generate only incremental value. To achieve the full systems.
promise of APIs, companies ultimately have to make
significant progress along multiple dimensions. Cloud migration
Most large organizations still have significant
To avoid these pitfalls and get the full benefit from captive, on-premise infrastructure and have started
their API initiatives, CIOs must address seven key to migrate to private clouds. A small number are
challenges. embarking on public-cloud migration to reach the
next horizon of benefits. Managing a hybrid cloud
Challenge #1: Where do I start? environment requires IT leaders to prioritize APIs
“We’re not sure where to start with our API program.” that can access infrastructure across both private-
—Digital-transformation leader at a large bank and public-cloud assets.
API teams need a product owner to ensure that Challenge #3: What do I track?
they build high-value APIs. They also need an “I need to demonstrate in-year benefits with our API
API architect to ensure that they follow technical program.”
standards and best practices and that what gets —Transformation officer at a large e-tailer
built is aligned with IT’s architectural vision—the
end state envisaged when the tech-modernization Companies often use a variety of different and
program has been completed. Scrum masters ensure inappropriate metrics to assess API performance.
that teams use an iterative, test-and-learn execution Teams’ activities should be assessed using a set
model to build APIs quickly. Once the business has a of common agile metrics: direct business value
prioritized backlog of high-value APIs, top-priority for customer-facing APIs and reuse/reduction of
items get assigned to scrum teams, which then build technical debt for back-end APIs (Exhibit 1). Other
APIs in one- to two-week sprints. Those APIs are potential metrics include developer adoption,
subsequently tested and iterated with users. contribution to simplifying architecture or
reducing infrastructure costs, and data-specific key
Companies can choose from three organizational performance indicators (KPIs). 3
structures to manage API development. Aligning
leadership around one of them is crucial for IT to take Challenge #4: How do I ensure my APIs
advantage of APIs. actually deliver business value?
“How do I ensure the APIs we build enable business
Centralized value and agility?
A centralized group develops most APIs for both —Chief digital officer at a large telco
business and technology units. This model can build
a lot of APIs quickly, but the central group needs to APIs historically were classified as middleware
work closely with local business or IT units to ensure that integrated and exchanged data among multiple
that the right APIs are prioritized and that they’re systems. Because most API efforts were housed in
adopted after they’ve been built. the IT group, the taxonomy used to classify them was
usually technical and nonintuitive. This prevented
Decentralized business stakeholders from engaging in API design
A set of dedicated API factory teams, embedded and prioritization.
in different business and technology units, works
cross-functionally to build and consume APIs. In Leading organizations today are defining their API
this model, APIs are more likely to be aligned with taxonomy in a way that creates a common language
business needs, but enforcing standards and best that’s understood by both business and technical
practices can be difficult.
Hybrid 3
Keerthi Iyengar, Somesh Khanna, Srinivas Ramadath, and
Daniel Stephens, “What it really takes to capture the value of
Under a hybrid model, a centralized API factory
APIs,” September 2017, McKinsey.com.
builds foundational APIs. Individual business and
3 Digital/McKinsey: Insights
EXHIBIT 1 Sample metrics for API teams
3 Incidents per API Average number of issues/bugs that get Calculation: issues reported over
reported per API once launched # of APIs built
4 Code quality Number of errors the automated scan returns Automated scan results
Quality
when looking for vulnerabilities
5 Automated test Measure of how much automation on test cases Automated test results
coverage is being executed
6 APIs launched Total number of APIs delivered to enable services
Output 7 Active use Percentage of APIs built that has been integrated Calculation: # of integrated APIs
with an app/service and in use over # of APIs built
8 Reduction of Percentage of middleware services that use API gateway
Service API technical debt APIs
impact 9 Reuse of API Average number of apps or services integrated Calculation: # of integrated
per API services over # of APIs built
Product API 10 Monetization Revenue/profit generated per API Calculation: revenue generated
impact by APIs over # of APIs built
units. The key is to distinguish between APIs that resources and poor performance. By making two
directly serve the business (where business input specific decisions first, they can help narrow the
is crucial) versus those that are technical enablers. field of technology options.
We have seen a sound taxonomy reduce API analysis
time by 50 to 75 percent, increase adoption by 30 to The first key technical decision is choosing the right
50 percent, and increase value realization by 25 to 50 application-development framework/platform
percent. for building APIs. It is important to work with
business leaders and list the right use cases for the
A solid taxonomy allows businesspeople to have APIs, based on technology feasibility (back-end
conversations with IT staff about which APIs readiness, for example), the business rules around
directly drive customer experiences and which are them, and error conditions to be handled. The IT
part of the infrastructure that enables delivery of organization then needs to establish data formats for
those experiences (Exhibit 2). the APIs and design an API reference architecture
that is modular, flexible, and extensible. This will
Challenge #5: What technology tools do prevent creation of unnecessary technical layers and
we need? technology debt. Engineering leaders should also
“A dizzying array of API-related technologies are establish API guiding principles, educate product
available. Which ones should we use or buy?” owners on the benefits of good versus bad APIs, and
—Architect lead at a global bank provide tool kits and API catalogs so that developers
adhere to best practices and APIs are reused.
IT leaders can easily get lost in the proliferation
of API-related technologies, leading to wasted
Process APIs
Channel agnostic and meet the needs of multiple experience APIs by exposing business processes, Input required
while incorporating business rules and exception handling from business
System APIs
Expose data and algorithms contained in back-end systems Low
The second big technology decision is around the When deciding whether to insource or outsource
gateway and the API developer portal that serves as API development, the rule of thumb is that APIs
the front door for an organization’s API activities. should be kept in-house when they can create
The API gateway houses all the APIs, captures distinctive capabilities. APIs that don’t enable
transaction analytics, and does data caching. It differentiation are better acquired from outside.
is important to decide who manages the gateway For example, many banks rely on external vendors
and to establish governance rules around it. Some for payments APIs.
companies select a centralized API platform.
While it can be beneficial for a single team to be Challenge #6: Who owns which APIs?
responsible for the gateway, that team can also “My business should not bear the up-front investment
become a bottleneck. A cloud-based API gateway in an API platform, especially if I cannot prioritize my
and developer portal allows for separate units to be own projects.”
responsible for different sets of APIs and also allows —Business-unit leader at a global retailer
developers to access all APIs in one place. This
Who gets to define which APIs get built—and who
enables decentralized governance based on a set
pays for their development—is an important and, at
of published standards that apply across the entire
times, contentious issue.
organization.
5 Digital/McKinsey: Insights
Some organizations have business units define and APIs and decides which new ones to add and which
pay for customer-facing APIs, while the technology existing ones to sunset. It also oversees agile funding
group builds them. This works well when a clearly of API projects, with money released gradually at
defined digital strategy is already in place. first, as APIs meet specific milestones, and later, as
business impact has been achieved. The council also
Some organizations, however, are in the process of continually reprioritizes projects in the queue, while
defining their digital strategy and thus are not yet pushing to encourage API reuse.
ready to build customer-experience APIs at scale. If
that’s the case, the IT group should manage and fund As part of its work, the council must tackle API
process APIs and lower-level system APIs. By using adoption. That means that any API project needs
this approach, the IT organization can build lower- to have a clear adoption plan to be approved. These
level APIs that will already be in place when the digital are critical to avoid the “build it and they will come”
strategy is ready. trap. Adoption plans should be developed by business
and marketing groups working closely with IT.
The best practice is joint ownership of APIs, Self-service APIs that will be exposed externally
particularly when cross-functional digital teams to customers or partners need to align with the
are building experience APIs to enhance customer relevant technical, legal, and marketing specs and
journeys. In cases like these, business units have also be easy to use. Internal APIs should have enough
ownership of and pay for experience APIs, while the documentation and be sufficiently evangelized within
technology group owns the process and system APIs the organization to promote adoption and reuse.
needed at the bottom of the stack.
Challenge #7: Where is the talent to do all
In all cases, a council or board should oversee the this going to come from?
API portfolio over the entire life cycle (Exhibit 3).
API councils are often made up solely of IT staff but “Talent became a bottleneck.” —API center-of-
should include representatives from the businesses excellence lead
as well. The council monitors the performance of
Analyze
Build/ex- Operate Review API
individual Deploy API Retire API
tend/reuse the API performance
API needs
Map individual API Design, develop, Publish API to Maintain and fix the Each sprint, API When APIs become
requirements and test APIs. gateway, provide API as necessary. metrics are obsolete or require-
against road map. Where possible, documentation, and Provide support to reviewed to ments change
Cross-reference API reuse and extend communicate to user project teams that determine next significantly, retire
need against existing APIs community. are leveraging the steps (continue current version and
existing catalog. instead of building API. operation, modify, support any partner
net new. retire), integrating teams to migrate.
Publish all APIs Monitor during learnings from
through discovery operation: monitoring.
portal (in road map • Security
and nice-to-have • Usage New versions may
requests). need to be
• Business value
published, following
• Metering and this same life cycle.
throttling
Keerthi Iyengar is an associate partner in McKinsey’s Sydney office, Ling Lau is a partner in the New
Jersey office, and Srinivas Ramadath is an associate partner in the Chicago office, where Vik Sohoni is a
senior partner.
7 Digital/McKinsey: Insights