Language
Techniques to gain control over unruly API sprawl
HomeHome > News > Techniques to gain control over unruly API sprawl
LATEST NEWS

Techniques to gain control over unruly API sprawl

Aug 21, 2023

Getty Images

When left unchecked, a large portfolio of APIs can rapidly become a big problem -- and costly liability -- for businesses. Without a well-defined API strategy and standardization, applications can easily spiral out of control and cause API sprawl.

When API sprawl occurs, inefficiencies like duplicated development effort on redundant application functionality can creep in, requiring higher investments for maintenance and increasing the complexity of the system. The need for backward compatibility for many consumers can be immensely complex and expensive. Multiple sources of truth can also lead to data conflicts, resulting in poor experiences and ambiguity that can lower adoption.

In this article, we'll examine a few overarching strategies software teams can implement to prevent API sprawl from happening or, if needed, regain control over an already-mismanaged API portfolio.

Managing an unchecked proliferation of APIs requires focused effort by software teams to ensure they can keep overall complexity, cost of change and emergency maintenance to a minimum.

Addressing API sprawl starts with determining an API's overall scope of impact on operations and resource consumption. Often, APIs can interact with software entities both within the organization and outside its boundaries. The scope of impact for the APIs is often limited when the consumers, whether internal or external, are explicitly integrated with them.

Publicly available APIs can represent a significantly higher degree of management complexity. In addition to the classification by scope of impact -- which could include any number of components and endpoints beyond the organization's control -- a singular public API can often embody multiple data formats, security standards and communication protocols. As such, it is imperative to identify the extent of fragmentation during contract and protocol implementation.

Sometimes, APIs will need to migrate between systems over the course of their lifecycle. To enable a smooth transition path, software teams will need to prep APIs before migration to ensure they maintain their desired state. To reduce transition issues, this might also require calibrating the migration so that APIs migrate slowly over time rather than in bulk. There are some basic API versioning techniques that can come in handy in this regard, such as allowing consumers to migrate to newer versions while the older contracts are deprecated. Teams can also create accessible libraries for popular runtimes, create compatibility layers for newer APIs or add consumer-specific feature flags to help support a seamless migration.

Once the existing landscape and impact are well understood, the subsequent steps should focus on converging existing standards. This stage can be executed into three "substeps," which we'll review below.

Teams need to regularly measure and analyze API use across the entire environments. Areas where no or little control exists over API consumers might require the assistance of API management tools or platforms that provide support for capabilities like mocking. Identify core exposure areas, critical functionalities and all existing API formats.

APIs in large, unmanaged portfolios can often exhibit redundant behaviors that lead to duplicate sources of information and development efforts. It is important to disambiguate the sources by drawing strong domain boundaries for API classifications and, perhaps more importantly, management responsibilities. This might require creating new APIs that are "consolidated versions" of older ones, deprecating existing APIs that are deemed redundant or simply updating the contracts of existing APIs to narrow their scope.

Once functional consolidation occurs, it's important to establish definitive conventions that align with the business-side needs and goals that will ultimately chart the path for transitions as well as new developments. Documenting and diagramming these relationships will go a long way in terms of building a broader consensus on things like contract structures and underlying protocols.

To ensure that an API sprawl doesn't bring overall business operations to a halt, it's imperative to establish governing bodies that review any updates to the overall API strategy and functional landscape before they are published. This review should include any conventions or exceptions that are applicable to all API interfaces.

A solid API management platform can provide the support needed to consolidate and establish governance standards early on. It is worth studying and learning from APIs that are publicly available, operate at scale and are designed and managed with rigor (the Stripe API reference being one good example of this). From a tooling perspective, Kong and Tyk are two popular open source API management platforms that feature an extensible catalog of plugins for API analysis and consolidation capabilities.