Rob Zazueta | Director, Platform Strategy
November 05, 2013

Everything as a Service: Applying APIs to your Internal Systems


Traditionally, the value in a well designed API is found in the ability to easily share your data and functionality with partners and customers in a secure, flexible manner. In organizations containing several different systems all working together, however, the patterns of access to that data start resembling partnerships. Concerns of internal security and tracking - often driven by compliance requirements - arise quickly, and different teams with different skill sets struggling to bridge their applications often turn to complicated, outdated and unscalable solutions. 

Applying a RESTful API facade to legacy systems internally can return immediate benefits by opening functionality typically locked behind specific technologies to anyone within the organization who needs access, regardless of programming language or hosting platform. This frees your engineers to rapidly innovate using best of breed tools and to more easily recruit and onboard new talent. We’ve seen organizations, like EPSN, grow functionality by letting existing teams apply new and brilliant ideas to existing data, and create products faster because of internal APIs. 

An API driven architecture makes it easier to add new functionality to evolve with your company’s needs. As the business landscape changes, you’ll be able to keep up and adjust your offerings to the expanding demands of the market. 

To truly unlock the power of APIs internally, however, you should design your application architecture with APIs in mind from the start. Your engineering teams should take the additional time to consider how to best structure the systems they build for maximum reusability. One quick win here is to extract your user management system as a separate system with a RESTful interface. Each of your applications should determine how users and their assigned roles may access the data and functionality they represent, but a single server can be in charge of handling authentication of these users, creating a single database for user data - such as names, email addresses and phone numbers - that often find itself copied across multiple systems. Dependent systems can rely on standard authentication schemes like OAuth to grant access to each individual application and track who has access to which system from a single location.

The level of control you can have over access to the individual systems in your network - along with the ease of integrating new systems that come by way of mergers, acquisitions and other purchases - can make your systems administrators’ lives easier and increase the productivity of your entire technical team. The Mashery API Management platform makes it even easier, providing an intuitive, secure interface out of the box that allows you to completely control and track every action taken through your APIs. But getting to a completely API-driven architecture is no small feat. The strategy services team has the experience and knowledge you need to guide you through the thicket of issues that come up during this process. Let us help you transform how your technical team drives business value for your organization.