While reviewing the details of Twilio's new enterprise plan, the one thing that stood out for me was the strong emphasis of the security and legal elements within this level of business integration. I've talked out security being included as part of plan details before, and is something I will keep talking about as leading providers continue to bring it front and center as part of API plans and operations.
Advanced security is the focal point for Twilio's new enterprise plan, providing audit events, and public key client validation, but shortly after showcasing these security features, the next section is all about providing finer grain access management including customizable role-based access control (RBAC), and Single Sing-On (SSO). Demonstrating how important security is overall to the average enterprise customer.
From what I'm seeing across API providers, security is definitely the number one concern, and something that I'm guessing will keep showing up as part of API pricing and pricing tiers. Every time I come across this practice in the wild I will record which elements are being included, and try to do a write up showcasing and sharing the approach. Good security practices and features won't be cheap, and as more companies tightene their belts, I am guessing it will keep bubbling up as paid features in the upper tiers of API access.
On the same note, the second area of growth I'm seeing, which is also present in TWilio's approach to their enterprise plan, is greater control over accounts, billing, and systems usage--something that includes API access, allowing API consumers to automate. Security is top of mind, but efficiently managing usage and dialing in revenue seems to be just as important to businesses looking looking to optimize their integrations with 3rd party API resources.
