APIs connect businesses, people, and things. They are everywhere nowadays, allowing developers to unlock new opportunities for innovation. The vision of any API program is a powerful developer ecosystem that enables organizations to connect with the world digitally. Both modern, as well as legacy, APIs encapsulate the business. In our case, they are the front door to our marketplace platform. eBay developers leverage our APIs to manage their business. They trust us, so our APIs must be reliable digital assets that enable growing a successful business.
Every digital technology comes with risk. Now is the age of the API gold rush, where APIs play an integral role in the digital world. We also live in the age of digital ethics and privacy. With live integrations, it is very challenging to make changes to address security concerns without impacting partners and their businesses. On the other hand, legacy APIs show their age, which requires implementation of new security principles. It makes sense to apply the concepts of a networking zero-trust model, which never assumes trust, to API programs as well. None of the entities are trusted by default. When translated to developer ecosystems, this refers to: APIs, both legacy and greenfield, actors, applications, security protections implemented in the past, systems, and humans who assess the value of integrations. The new model relies on all sorts of data and continuous auditing of APIs.
Look beyond the numbers. Around them. Through them. - Al Harrison
Ongoing monitoring and API usage analysis is essential to any API program. Near real-time scanning and alerting is vital to keep the APIs up and running. It is not always simple to estimate the usage of APIs. At eBay, it is common to have sudden seasonal and other spikes related to business events. On the other hand, an unexpected surge in traffic coming from certain integrations is often a good indicator of anomalies.
The API usage analysis is beyond operational metrics and pure insights into the API availability. Mining API traffic data for patterns is what enables API providers to have visibility into the way developers use the capabilities. By doing this, organizations can identify normal behavior, detect anomalies, assess the value the APIs bring, and understand benefits coming from third-party integrations. (If you cannot measure it, it does not exist!) And data ages like wine