What to Consider When Building Your API Strategy

Posted in

In the last decade, the number of businesses that want to become more digitalized has multiplied. As part of this, the business strategy needs to include more digital strategy. The two core channels of a digital strategy have been web and mobile, and the new trend is to leverage application programming interfaces (APIs) to support or enable a digital strategy.

85% of businesses consider web APIs and API-based integration fundamental to their business strategy and continued success. However, before starting with the digital strategy, we must have a well-defined business strategy and a set of goals. With an API-first development approach, we must have a valid business case before we build APIs to provide more value to your customers. A business strategy, customer success, and API strategy need to be aligned and work together to achieve the business goals.

The API-First Approach

Many companies start with building web or mobile applications. Considering today’s development approaches, they also need to develop some APIs to allow web and mobile applications to consume the data. In most cases, the resulting APIs are not correctly built and tested and should not be used by third-party companies or for integration purposes.

An alternative route would be to build the API first and then build your web or mobile applications on top of that API. This enables us to design an API and use it for your apps to make it more real-world and developer-friendly. When building internal applications on top of APIs with developers in mind, we are laying down the foundations for others to build on. With an API-first approach, we can ensure that we are building a product of tomorrow. This process creates reusable building blocks, future-proofing the business with assets that have a more extended expiration date.

The API Economy

The notion “API Economy” describes an economy where companies make available their (usually internal) business assets or services in the form of web APIs to third parties to provide additional or new business value through the creation of new asset classes. There are several motivators for making internal assets or services available to third parties. The most common of them are:

  1. Trying to reach a wider audience and make the organization’s brand more visible.
  2. Enabling external sources of innovation.
  3. Creating new revenue sources

The value of the API Economy is already very well documented, and many large companies have leveraged their API well enough to generate over 50% of their revenue through APIs. Good examples are eBay, Salesforce, and Expedia, who respectively make 60%, 50%, and 90% of their income through APIs or app stores. APIs allow companies to expand into markets they may never have previously considered.

Challenges and Risks

With the drastic growth of public APIs, we see more data breaches. In fact, according to Gartner analysts, API abuse will be the largest source of data breaches by 2022. The problem is that security practices have not developed at the same pace and are often a secondary consideration for the developers shipping new applications.

Commonly, development teams work independently of their security teams, making it very complicated for the latter to effectively test or validate API security policies, leaving their organization vulnerable to an attack.

To succeed with the APIs, we need to treat them as “first-class citizens” and avoid the temptation of merely creating ad-hoc APIs only as a temporary or quick “plumbing” for web and mobile apps. We need to understand the full API lifecycle, and it needs to be part of the API strategy. A clear overview of the API design, proper documentation, and management process is a must-have when building an API strategy.


In my opinion, APIs must be treated as full-fledged products with a designated Product Manager and API team to support them. If we want to take full advantage of APIs, then “build and forget” or “build and they will come” approaches will not work. When building APIs, we should advance step by step and enable APIs for different stakeholders and audiences in the following order: internal teams, partners and customers, then third-party developers. Let’s look at how this should progress.

1. Internal Teams

The initial goal is to enable your internal teams to build new functionality and applications on top of your APIs. Even if internal teams use the APIs, we must have proper API documentation in place as we want our teams to work efficiently. Internal teams must be able to consume the APIs as a self-service product.

2. Partners and Customers

Your business partners and customers are the next stakeholders that we can provide new value via APIs. Your partner API could integrate with a customer’s HR application to streamline employee information or with a CRM to improve their task management processes.

3. Third-Party Developers

The final step is to make your APIs available for the general public. If by now, you have not thought about API documentation, developer experience, or API security, then it is too late, and you are about to fail.

Focusing on the Core Business

You should always focus on your core business and leverage your strengths. I firmly believe that APIs are the best way to extend the market by allowing third-parties to build specific value offerings on top of the existing core products. In my book, the best examples are Salesforce and Shopify; both developed a stable and robust core product. They then opened their platform to third-party developers to build additional value on top of their core services and offerings.

The idea is simple; Salesforce and Shopify opened their APIs to third-party developers, who now have access to hundreds of thousands of potential customers. In return, developers are building new applications for their customers, which Shopify or Salesforce wouldn’t pursue because it is either not their core business or the size of the market is not big enough. At the same time, both platforms collect a small commission fee from each developer. The actual product that Shopify or Salesforce provides is not their API, per se, but access to their customer base.

Providing Seamless User Experience

APIs are great for providing server-to-server integrations with external applications. Although, if developers need to build integrations that provide a user interface, we end up with fragmented user experience and different looking user interfaces. To unify the user experience, we would need to provide building blocks for developers to build integrations that look and feel like part of your application.

It is not a coincidence that again, we can look at Salesforce and Shopify and see what they have done. Salesforce provides Lightning Design System, which includes the resources to create user interfaces consistent with the Salesforce design language and best practices. Shopify has also provided a user interface package called Polaris that allows developers to use similar design components as available for Shopify internal teams. This will enable them to embed their application into the Shopify user interface, so the user doesn’t even realize that they are using some third party application. Providing easy-to-use building blocks lets developers concentrate on building logic rather than on pixels, experience, interactions, and flows.

On top of that, both software companies have introduced app stores where developers can promote their applications, and users can easily install them to their Salesforce or Shopify account. This approach allows Salesforce and Shopify to build their core product. At the same time, they have a competitive advantage over their competitors as there are hundreds of applications that solve niche problems and make their platforms attractive to customers.


APIs will play a significant role in building digital and business strategies in the coming years. If you want to take full advantage of APIs, you need to manage your entire API lifecycle, as the “build and forget” or “build and they will come” approaches will not work.

When starting with the API strategy, the first step is to map out what primary value you want to provide through your APIs and who your customers are. You also need to acknowledge that your customers also usually have multiple stakeholders: the decision-maker and the developer who will be implementing your API with their systems.

Think about the developer experience; your API must be well-documented and intuitive to speed up the integration process. Ease of use can become a decision point if your competitor provides the same value, but faster integration.

Make sure that you are building a product of tomorrow and future-proofing the business. The goal is to create solid building blocks that can be reused for decades to come.