All APIs must be deployed through a common platform gateway established for the domain, line of business, or team, leveraging development, staging, and production environments, and a common set of policies for configuring access to digital resources and capabilities via APis.
APIs Are Made Available Through a Platform Gateway
Policies
Gateways
Gateways are a central building block in the API landscape. Running APIs through a designated gateway gives you shared authentication, rate limiting, and all the operational capabilities that come ...
Environments
Having clear development, staging, and production environments available in a machine-readable way lets consumers and automation navigate between environments without guessing.
OpenAPI Servers
Server objects in OpenAPI tell consumers where to find the API across environments. HTTPS URLs, meaningful descriptions, and sandbox/staging/production configurations are all essential here.
Rate Limiting
Rate limiting headers tell consumers where they stand with their usage. RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset, and Retry-After in responses let applications handle throttling gracef...
Experiences
Access
I keep seeing teams struggle with getting consumers proper access to their APIs. The sign-up, authentication, and authorization process is where you lose people before they ever make their first AP...
Automation
I keep shining a light on automation because it's the only way to scale API operations. When testing, validation, deployment, and governance are all manual, you're just adding human error and slowi...
Change
Change is the one constant across the API landscape, and I watch teams struggle with it every single day. If you aren't actively managing and communicating change across versions, deprecations, and...
Consistency
When I look across the API landscape, consistency is one of the biggest challenges I see. Every team does things differently, and the surface area of inconsistency just grows until governance becom...
Discovery
Discovery is the dark matter of the API landscape. Teams build APIs that already exist somewhere else, and consumers can't find the APIs they need. Without a catalog and proper metadata, you're jus...
Onboarding
I see teams dealing with massive friction during onboarding. If a consumer can't get from zero to their first successful API call in minutes, you've already lost them. Getting started guides, sandb...
Quality
I see the quality of APIs eroding across the landscape. Teams ship fast and never look back, but consumers feel every rough edge, every missing example, every inconsistent response. Quality is what...
Reliability
Reliability is where the rubber meets the road in the API landscape. If your APIs aren't up when consumers need them, and if new versions don't land smoothly, none of the other building blocks matter.
Security
Security is the area where I see the most gap between what teams think they have covered and what's actually happening. The surface area of APIs keeps growing, and most organizations aren't keeping...
Self-Service
Self-service is the goal I keep pushing teams toward. If a consumer can't find your API, sign up, get keys, and make their first call without emailing someone, you've created a bottleneck that will...