Creating a digital platform with API Keys

When you open up your APIs to third-party consumers, you should require that they get an API key. You should only give the key away to people or a program that meet your criteria of whoever should consume your API. These criteria include vetting the identity of the recipient, making sure they are not a bot, along with other factors.

With a key, the recipient can now write a program and consume their API and use your infrastructure. But, if something bad happens, you already have enough identifying information to turn the recipient’s access off and find out who the recipient was and take action if necessary.

API keys give API consumers a set of tools that you, as an organization, have some control over. You can define what people can and cannot do with the APIs and you also control who has access to them.

It is simple to generate an API key with Anypoint Platform. An API Key is used by any Mule application across your entire Master Organization that communicates with Anypoint Partner Manager. Therefore, before you create a new API Key, coordinate with your organization’s MuleSoft administrator to ensure that none of your organization’s processes are using an existing API Key because, if they are, creating a new API Key will cause them to cease functioning. In that case, instead of creating a new API Key, use the existing API Key.

• Start Anypoint Partner Manager. When the Transaction Monitoring Page appears, return to this page and proceed to the next step.
• In the left-hand navigation pane, click Administration. The Administration Page appears.
• In the Partners section of the left-hand navigation pane on the Company Information Page, click Security. The Security Page will appear.
• On the Security Page, click Create a new API key. The API Key Warning Page will appear.
• Read the API Key Warning Page carefully. If, after you have read the API Key Warning Page, you are sure you want to create the key, on the API Key Warning Page, click Generate.

API keys provide reassurance and security about opening up APIs for crowdsourced innovation. As Open Banking legislation has demonstrated in Europe, an open API strategy to allow third-party developers to create new functionality based on existing capabilities will become an important business model for the future.

APIs provide the means not only to connect apps, services and data to compose new capabilities, but also the means to allow others outside the organization to compose new applications using these capabilities as well.

Exposing data and services to partners and customers is the best way to create the wider ecosystem that companies need to operate at scale. In our work helping organizations build digital platforms, we see an imperative to develop core capabilities as reusable building blocks that build on and complement one another. What emerges as a result of this approach is an application network––whereby these capabilities can be recomposed and changed as necessary to fit business needs.

Addison Lee, Europe’s largest premium car service, has seen the benefits of becoming a digital platform by opening up its APIs. In just 6 weeks, Addison Lee was able to securely unlock their data and infrastructure with their first public API built on MuleSoft’s Anypoint Platform.

This was specifically designed to support development of booking apps and web sites by third party affiliates and partners to incorporate the Addison Lee service. “The MuleSoft technology allows us to rethink how we connect our systems and expose our data and services in new ways to support a creative mobile strategy,” says Paul McCabe, Head of Addison Lee Development. One new revenue stream that Addison Lee created through this initiative is the ability to seamlessly connect its mobile application users with its existing network of international fleets.

Take a look at more resources on Anypoint Platform’s API management capabilities.