How API Operational Intelligence solves critical business challenges
APIs in today’s Digital Transformation (DX) era, have become one of the core building blocks powering our highly connected world. Whether you’re shopping online, chatting with your friends on WhatsApp or using Google Maps to find your way to a new place, you’re interacting with several different businesses by making hundreds of API calls behind the scenes.
APIs have become a strategic investment for any business going through digital transformation because they allow business data and functionality to be accessed from any device anytime, anywhere. That in-turn opens up a whole new, data-driven revenue stream for businesses.
Many businesses going through digital transformations did manage successfully to get their data (Business Information Assets) exposed in the form of APIs to?customers, employees, business partners and IoT. These businesses have a golden opportunity to use API calls metadata to get valuable insights that is if acted upon, would give them the ability to be proactive in responding to customer experience issues, threats and strategic growth.
Gathering and producing intelligence from API calls is called API Operational Intelligence. API Operational Intelligence is the continuous, real-time analytics that delivers visibility and insight into business operations in The Digital Age.
In this article, I will walk you through how easily you can stand-up API Operational Intelligence capability. A capability that if designed and implemented properly, it would put timely actionable-intelligence at the fingertips of decision-makers and enable them to make better-informed critical decisions addressing customer experience issues, threats and strategic growth.
Intelligence gathering in The Digital Age
Without a comprehensive understanding of who is doing what, when and from where, organisations would lack the ability to be proactive in responding to customer experience issues, threats and strategic growth.?Who is doing what, when and from where represent what is called Raw Intelligence in the context of modern intelligence gathering. Actionable intelligence is information that can be acted upon and in the context of API Operational Intelligence it is represented by dashboards and alerts.
Raw Intelligence collected about and from API consumers (customers, employees, partners, & IoT) provides valuable insights about their usage patterns and help businesses custom-build products based on individual requirements.?Using these insights, the concept of one-to-one marketing or personalised marketing would be made possible on a massive scale.
API Call Metadata (Raw Intelligence) are the data that provides information about the API being called. This includes, but not limited to the following:
It is better to refrain from collecting the actual request and response of the API itself as from a privacy standpoint, this is considered invasive and would expose the business to new threats and ongoing risks.
Modern API Operational Intelligence-gathering methods are highly invasive by nature. The focus of this article is to standup API Operational Intelligence capability to get deep and valuable insights without the need to be invasive. Invasive intelligence gathering techniques are usually used in Corporate Counterintelligence to protect highly sensitive business information assets (e.g. intellectual property, trade secrets, business processes, strategic goals, etc.). Invasive intelligence gathering are outside the scope of this article but in the future I will be writing an entire separate article about it. If you would like to be up to date with the latest articles published in my blog, you can subscribe here.
API Operational Intelligence is the natural evolution of solutions like SIEM, log management, monitoring, etc. As the businesses advance in their digital transformation journey, API OI would replace partially or entirely these solutions. The diagram below outlines the typical way of gathering and producing intelligence in the digital age.
In an age of increasing connectivity and data-collection technologies, businesses need to find the right balance between getting valuable insights about an individual (customers or employees) and the individual own privacy. It would be in the best interest of a business going through digital transformation to find some innovative ways of striking that balance as the consequences of one data leak could be beyond its own survival. For example,?Home Depot spent $43 million?to manage the consequences of one data leak in one quarter. Money was spent on investigations, providing identity theft protection services to consumers, increased call center staffing, and other legal and professional services.
Business Scenario
Let's take a business scenario and walkthrough the pressing operational needs and see how an API Operational Intelligence capability can satisfy these needs.
Earth2 Golden View Beach Resort (fake name) is one of the best diving & snorkeling spots on earth. The resort has a hotel, villas, parking lot, bars, restaurants, two pools, small Casino, kids play park, entertainment shows, fitness center, Spa, Beauty Salon, shopping arcade, and On-site diving center are all here to ensure a relaxing getaway.?
In-terms of digital capabilities, the resort has
The resort management team faces lots of challenges everyday and they are unable to cope with them as they don't have enough insights to help them make informed-decisions quickly. They lack the ability to be proactive in facing these challenges or providing customer-facing employees with insights to guide their more complex decisions. Some of the insights that can help are:
Among the challenges they have is that most of Earth2 Resort team are moving around the resort a lot and not office-based staff. Even the office-based ones are also moving around having meetings and in places scattered around the resort. It's more of mobile workforce use case.
You can think of the resort as being a small town with people living in it as customers, resort management as the city council, employees as the city council employees and IoT as cameras and sensors all over the town. The business partners as some of the businesses that offers services through the city council.
Solution: Splunk -based API Operational Intelligence Capability
Standing up an API OI capability requires:
There are several products in the market that can achieve some or all of what we need to achieve here. Based on my experience in that domain, I found Splunk to standout from the rest.
Splunk is one of the top software products in the Operational Intelligence domain. Some businesses have the perception that it is an extremely expensive product. Usually businesses with that perception don't have the right expertise to guide them through their journey toward API Operational Intelligence.
Splunk becomes expensive if you use it as a logging platform where you have an endless amount of logs from everywhere that you want to inject into Splunk so that later on (who knows when) you can may be get something out of it. usually also organisations do that to comply with a requirement from IT Security Team.
领英推荐
If you take the above approach, regardless of which software product you choose, the solution would end-up really expensive and in most cases totally useless and the business would miss out on so many opportunities to be proactive in responding to digital experience issues, threats and strategic growth. Add to this, the risks and new threats associated with collecting massive amount of data.
My approach to this would be different from the usual approach taken by businesses mentioned above. The focus here is to standup API operational intelligence capability not a logging capability. We will collect only the raw metadata that has the potential to be used to produce actionable intelligence. It is also a good practice to have a business process in-place to periodically retire data after a certain amount of time to mitigate privacy risks that result from the accumulation of data.
By collecting only what you need, retiring data periodically and the latest cloud offering from Splunk we can cut down the cost dramatically and the delivery timeline.
One of the main challenges in standup up API OI as a capability is working out what dashboards and alerts to define as this requires lots of experience and knowledge in the intelligence gathering domain. In this section, I will walk you through some of examples of dashboards and alerts and in what situation you can use them to make better-informed decisions.
API Operational Intelligence Dashboards (Consumed By Humans)
4. Max TPS per Day (Last 7 days): This dashboard gives you a pie chart with a slice for every day in the last 7 days. The pie chart can tell you quickly what is your busiest day in the week. This can help you decide when to plan activities for changing APIs. It can also help you to establish a pattern for consumer usage around the week.
5. Top 10 APIs: In a microservice for customer account management, this dashboard gives you the top 10 APIs used within the microservice. This helps you in deciding which APIs you need to focus on in-terms of performance and capacity. The higher the number in the count column, the more attention the relevant API needs.
6. How many API calls were successful/failed: This dashboard shows you a pie chart with a slice for every success or fail reason. It can help you to assess how the API is performing, and the more the success slice percentage the less you need to worry. In the same dashboard you can have the pie chart display success/fail by front-end App and this where you can filter down errors to specific apps. If you found that there are Apps that are showing many number of errors you can cut off the access for that particular app immediately or you can have a chat with the App product owner depending on the criticality and number of errors.
7. API Requests by location on a map: This dashboard shows a map of the world and from where the API requests are initiated. If you hover on the green circles on the map, you would get to see the number of requests initiated from every location. The location can be determined by source IP address, source GPS location (collected by front-end Apps) or Indoor location which can be determined by BLE beacons or Wifi hotspots. Please note that GPS coordinates as well as indoor locations are far more accurate than IP Address. Getting GPS coordinates or indoor location for users is an invasive exercise that requires user's consent and a whole process to manage access to these data. Knowing from where users are accessing the APIs can help in decisions related to threat protection, and strategic growth as well as customer experience.
There are many others useful dashboards you can develop to help in making informed-better decisions quickly every single day. If you would like to know more, please get in touch.
API Operational Intelligence Alerts
Defining alerts is proven to be invaluable in being proactive and taking actions quickly when a critical event occurs. Splunk can send alerts to Splunk Mobile App which in-turn display the alert on a smartwatch if paired with the app. Splunk can also be easily integrated with Slack to send alerts, which can make all of your communication in one place if the organisation is heavy on the use of Slack.
API Operational Intelligence APIs (Consumed by Machines)
The APIs would be always vulnerable to attacks and unauthorised access. You could have dozens of incidents per year just dealing with these kind of attacks and trying to block them. Sometimes you get false alarms too. What if you can have a machine takes care of that for you and report back, wouldn't that be super awesome!!.
Let's see how can we achieve blocking attacks automatically and accurately without any human intervention.
The above is just one small example of the many opportunities that are available in a typical API Operational Intelligence platform. You need to be careful while defining patterns for blocking traffic to avoid false positives.
The 4 hours implementation
The steps below assumes that earth2 resort IT has API Gateway capability stood-up and has a level of maturity to enable the OI policies to be embedded smoothly. I will be writing another articles to walk you through how to establish API Channels & API Gateway as a capability to support digital initiatives. You can subscribe to?my blog?to get notified when I do if you are interested.
The setup needed to be done takes around 4 hour if not less and can be summarised in the following?11 steps:
Conclusion & Takeaways
Nowadays, businesses have a golden opportunity to use API calls metadata to get valuable insights that is, if acted upon, would give them the ability to be proactive in responding to customer experience issues, threats and strategic.
Striking a balance between what you collect about individuals (customers or employees) and the individual own privacy is key to success in this area. It could be difficult to strike that balance but not impossible if you have the right expertise to guide you through your journey.
The same article published on my blog can be found here.
All of my articles can be found here.
Notice of Non-Affiliation and Disclaimer The author of the article is not affiliated, associated, authorized, endorsed by, or in any way officially connected with any of the product vendors (Splunk, Axway, Akamai, Imperva InCapsula, Optus, IBM, Amazon AWS, WhatsApp, or Google) mentioned in this article, or any of its subsidiaries or its affiliates.
Technical Manager at Honeywell Technology Solutions/ Qatar ????
6 年Good article Adam Ali ?? Great deal of knowledge around the API subject
Experienced Product, Transformation and Delivery Executive | Speaker & Presenter | Specializing in product, technology, agility, and strategic portfolio leadership |
6 年Great article Adam, just one thing, I might disagree with you that BI could be replaced by API Operational Intelligence. Are you saying we can completely replace BI as a business function?
very interesting article, thanks for posting it Adam
President at P3 Cost Analysts
6 年I'd like to see the use of API operational intelligence implemented more in business.
Business Development Director
6 年Really useful and valuable article