Creating a digital platform with API Keys
Learn how API keys help you control access to your APIs, monitor usage, and keep your data secure while improving collaboration.
Learn how API keys help you control access to your APIs, monitor usage, and keep your data secure while improving collaboration.
API keys identify who is accessing any particular API. They are a way to provide API security through controlling access; they can restrict which endpoints are accessible to which users, they can limit the number of calls to an API a user can make and they allow an API creator to set up usage plans (e.g. pricing) for an API.
While APIs have been around for a long time, it’s only recently companies have realized the importance of productized APIs, which are intended to be consumed by others. As a result of these modern APIs, there is now a thriving API economy of over 17,000 public APIs and enterprises are not only contributing to that public economy, but also creating internal marketplaces of thousands of APIs as well. Providers are investing in building developer-friendly APIs, enabling developers to easily interact with the APIs and use them for future projects. To manage those APIs successfully, companies should set up API keys.
When you open up your APIs to third-party consumers, you should require that they get an API key. You should only give the key away to people or a program that meet your criteria of whoever should consume your API. These criteria include vetting the identity of the recipient, making sure they are not a bot, along with other factors.
With a key, the recipient can now write a program and consume their API and use your infrastructure. But, if something bad happens, you already have enough identifying information to turn the recipient’s access off and find out who the recipient was and take action if necessary.
API keys give API consumers a set of tools that you, as an organization, have some control over. You can define what people can and cannot do with the APIs and you also control who has access to them.
It is simple to generate an API key with Anypoint Platform. An API Key is used by any Mule application across your entire Master Organization that communicates with Anypoint Partner Manager. Therefore, before you create a new API Key, coordinate with your organization’s MuleSoft administrator to ensure that none of your organization’s processes are using an existing API Key because, if they are, creating a new API Key will cause them to cease functioning. In that case, instead of creating a new API Key, use the existing API Key.
API keys provide reassurance and security about opening up APIs for crowdsourced innovation. As Open Banking legislation has demonstrated in Europe, an open API strategy to allow third-party developers to create new functionality based on existing capabilities will become an important business model for the future.
APIs provide the means not only to connect apps, services and data to compose new capabilities, but also the means to allow others outside the organization to compose new applications using these capabilities as well.
Exposing data and services to partners and customers is the best way to create the wider ecosystem that companies need to operate at scale. In our work helping organizations build digital platforms, we see an imperative to develop core capabilities as reusable building blocks that build on and complement one another. What emerges as a result of this approach is an application network––whereby these capabilities can be recomposed and changed as necessary to fit business needs.
Addison Lee, Europe’s largest premium car service, has seen the benefits of becoming a digital platform by opening up its APIs. In just 6 weeks, Addison Lee was able to securely unlock their data and infrastructure with their first public API built on MuleSoft’s Anypoint Platform.
This was specifically designed to support development of booking apps and web sites by third party affiliates and partners to incorporate the Addison Lee service. “The MuleSoft technology allows us to rethink how we connect our systems and expose our data and services in new ways to support a creative mobile strategy,” says Paul McCabe, Head of Addison Lee Development. One new revenue stream that Addison Lee created through this initiative is the ability to seamlessly connect its mobile application users with its existing network of international fleets.
Take a look at more resources on Anypoint Platform’s API management capabilities.
Try MuleSoft Anypoint Platform free for 30 days. No credit card, no installations.
Tell us a bit more so the right person can reach out faster.
Get the latest news about integration, automation, API management, and AI.