Would you start building a house without a set of plans? Probably not, but can you imagine the outcome if you did?
Over the course of my 20 years in the software industry, I’ve seen the software and API equivalent of many such houses built — and more often than not, these projects have been expensive and time-consuming, and led to less-than-ideal business outcomes. There is a better way to build APIs: We call it a design-first approach.
In an API design-first development process, API architects begin with writing a specification and engaging all stakeholders in the process from its inception. The result of a design-first process is an API product that is comprehensive, consistent, and understandable by both collaborators and machines.
There are numerous reasons to build your API program with this mindset, and in this blog I’ll focus on perhaps the four most important ones.
Let’s start with your most valuable API development asset: your developers.
Positive Developer Experience
As someone who’s been a developer tasked with fixing poorly written APIs, I can tell you firsthand that it’s a nightmare. When a design-first approach is not followed, the development process can become chaotic and disorganized. These projects often experience lapses and disconnects between the developers, security, governance, and documentation teams, and it tends to fall to the developers to “make it fly” toward the end of the development process.
This isn’t so much quality control, as it might be called, as it is trying to reverse engineer poor planning and coordination. It is akin to being brought in as a building inspector for that house that was built with no blueprints.
As developers go back and test endpoints to iron out the problems, they are often met with unpredictable connections and vulnerabilities that have to be addressed by other contributors. This is a time-consuming process, and it is not a good use of developers’ time or talents.
By taking a design-first approach using tools such as those developed by Stoplight, the API specs, governance, design, development, and documentation all start on the same page and are developed and maintained simultaneously. This built-in level of coordination keeps developers focused on developing solutions and prevents them from being slowed down by weeks or months of API clean-up work.
Engineering Efficiency and Cost Savings
There is no need to reinvent the wheel with every API your organization develops. When quality components are developed and maintained using a design-first approach, they can be reused for future APIs. You only need to build each component once.
For many of our customers, this is the most important and beneficial business outcome of using the Stoplight platform. Reusable components allow for significant cost savings in the time it takes to develop an API and enable new APIs to get to market faster than ever before.
The synchronized maintenance aspect of Stoplight’s approach also benefits developers, as they can rely on having predictable, updated, and well-designed API components to plug into each new project.
Improved API Security
Over the past five years or so, APIs have assumed a prominent, high-profile position connecting consumers to businesses. APIs have also become favorite targets of hackers and malware, due to their visibility and reputation for having design flaws and vulnerabilities. Several recent high-profile breaches, where exposed API endpoints were exploited by hackers, serve as unfortunate examples of what can go wrong if every endpoint isn’t accounted for. Security should be your primary concern, and it should be built into your APIs from day one. Otherwise, loose ends can get overlooked until a breach occurs at some point in the future.
Large development teams are notoriously hard to coordinate, and it’s difficult to bring in people midstream and keep everyone on the same page. By taking a design-first approach, you get all the key stakeholders — including the cybersecurity team — involved from the outset of design and can build their input into the governance of the API. Coordination at this level throughout the development process will keep your security team plugged in and will also eliminate the potential for loose API endpoints to be left exposed and vulnerable to exploitation.
No organization wants to go through a cybersecurity crisis, and this is one of those instances where an ounce of prevention is worth a pound of cure.
APIs Can Be a Catalyst for Growth
Whether you’re building a house or a developing APIs, synchronization is the key — making sure everyone is on the same page and that their efforts are tightly coordinated.
The APIs your organization is developing shouldn’t be a constant drag. Rather, they should be an engine for growth, increased revenue, and improved user experiences. And it’s easier than you may expect to go from an expensive, inefficient process to something that works better for your developers, customers, and bottom line.
I would love to know how your API program is going and what challenges and opportunities you are encountering. Feel free to leave a question or comment below.
I’m the CEO of Stoplight, a software company focused on API design and development with a design-first approach. In the coming months, I’ll be blogging about APIs and how we help our customers realize outstanding business outcomes through APIs engineering. I hope you’ll join the conversation.