We are seeing an uptick in conversations around API service composition, monetization, and value exchange. This business side of API operations has been part of the narrative here on API Evangelist since 2010, but it is one that often a conversation that often gets lost in the shuffle towards the latest shiniest object and trend. With the increased appetite of AI platforms for data and content, we are getting a lot more inquiries around how to generate value with APIs, but more specifically, how to protect the value that already exists using APIs. Here are the properties of API management that we would have recommended in 2010, and here are the properties of API management we recommend in 2025.
- Resources - Individual API paths and operations that make digital resources available.
- Encryption - Requiring encryption by default for all digital resources made available via HTTP.
- Authentication - All HTTP APIs require authentication to be able make a request to any path.
- Authorization - All HTTP APIs have the ability to limit what each consumer has access to.
- Plans - All resources defined as APIs are composed into plans that align with business goals.
- Rate Limits - All APIs have rate limits applied to them as defined within the constraints of a plan.
- Applications - All consumers of APIs have to access digital resources using a defined application.
- Usage - Each application usage of HTTP APIs is recorded, audited, and logged as part of use.
- Invoicing - All usage is invoiced for consumers, whether or not a payment for usage is collected.
These properties of API management are the same recommendations API Evangelist has made for keeping your digital resources safe with desktop, web, mobile, device, and now artificial intelligence applications. Every single digital resource within the enterprise is made available via HTTP, is encrypted and requires authentication and authorization. Period. All of that usage is organized into well thought out plans with rate limits, that are accessible via individually defined applications in which usage is recorded and invoiced for. All value exchange is defined as part of API management, and is baked into just about any API gateway out there today, and should be a default part of the operation of internal, 1st-party, and 3rd-party APIs produced within any enterprise.
