API security is a small piece of the API strategy puzzle

API security extends web application and web service security practices (e.g. SSL/TLS) to include access key management and OAuth2 authorization.  When establishing an API strategy and comparing API management products, evaluate more than just API security.    Important API strategy building blocks include:

  • API security: includes access key management, authentication, authorization, audit
  • API monitoring: subscription tracking by API version, usage by version, service level agreement violations, exceeding rate thresholds
  • API governance: lifecycle activities related to version management, deprecation tactics, retirement strategies, and service tiers
  • API monetization: includes establishing API billing rates, usage monitoring, API business value reports
  • API publishing and provisioning: rapidly deploy managed interfaces onto the network
  • API Store: self-service discovery, exploration, subscription, and evaluation
  • API analytics: review API portfolio, usage patterns, and business optimization targets


Leave a Reply