Creating a digital platform with API keys
API keys identify who is accessing any particular API. They are a way to provide API security through controlling access; they can restrict which endpoints are accessible to which users, they can limit the number of calls to an API a user can make and they allow an API creator to set up usage plans (e.g. pricing) for an API.
While APIs have been around for a long time, it’s only recently companies have realized the importance of productized APIs, which are intended to be consumed by others. As a result of these modern APIs, there is now a thriving API economy of over 17,000 public APIs and enterprises are not only contributing to that public economy, but also creating internal marketplaces of thousands of APIs as well. Providers are investing in building developer-friendly APIs, enabling developers to easily interact with the APIs and use them for future projects. To manage those APIs successfully, companies should set up API keys.
API keys are necessary for open APIs
When you open up your APIs to third-party consumers, you should require that they get an API key. You should only give the key away to people or a program that meet your criteria of whoever should consume your API. These criteria include vetting the identity of the recipient, making sure they are not a bot, along with other factors.
With a key, the recipient can now write a program and consume their API and use your infrastructure. But, if something bad happens, you already have enough identifying information to turn the recipient’s access off and find out who the recipient was and take action if necessary.
API keys give API consumers a set of tools that you, as an organization, have some control over. You can define what people can and cannot do with the APIs and you also control who has access to them.
Generating an API key with Anypoint Platform
It is simple to generate an API key with Anypoint Platform. An API Key is used by any Mule application across your entire Master Organization that communicates with Anypoint Partner Manager. Therefore, before you create a new API Key, coordinate with your organization’s MuleSoft administrator to ensure that none of your organization’s processes are using an existing API Key because, if they are, creating a new API Key will cause them to cease functioning. In that case, instead of creating a new API Key, use the existing API Key.
- Start Anypoint partner manager. When the Transaction Monitoring Page appears, return to this page and proceed to the next step.
- In the left-hand navigation pane, click Administration. The Administration Page appears.
- In the Partners section of the left-hand navigation pane on the company information page, click Security. The security page will appear.
- On the Security Page, click Create a new API key. The API Key Warning Page will appear.
- Read the API key warning page carefully. If, after you have read the API Key Warning Page, you are sure you want to create the key, on the API Key Warning Page, click Generate.
Building a Digital Platform with Open APIs
API keys provide reassurance and security about opening up APIs for crowdsourced innovation. As Open Banking legislation has demonstrated in Europe, an open API strategy to allow third-party developers to create new functionality based on existing capabilities will become an important business model for the future.
APIs provide the means not only to connect apps, services and data to compose new capabilities, but also the means to allow others outside the organization to compose new applications using these capabilities as well.
Exposing data and services to partners and customers is the best way to create the wider ecosystem that companies need to operate at scale. In our work helping organizations build digital platforms, we see an imperative to develop core capabilities as reusable building blocks that build on and complement one another. What emerges as a result of this approach is an application network––whereby these capabilities can be recomposed and changed as necessary to fit business needs.
Addison Lee, Europe’s largest premium car service, has seen the benefits of becoming a digital platform by opening up its APIs. In just 6 weeks, Addison Lee was able to securely unlock their data and infrastructure with their first public API built on MuleSoft’s Anypoint Platform.
This was specifically designed to support development of booking apps and web sites by third party affiliates and partners to incorporate the Addison Lee service. “The MuleSoft technology allows us to rethink how we connect our systems and expose our data and services in new ways to support a creative mobile strategy,” says Paul McCabe, Head of Addison Lee Development. One new revenue stream that Addison Lee created through this initiative is the ability to seamlessly connect its mobile application users with its existing network of international fleets.
Take a look at more resources on Anypoint Platform’s API management capabilities.