The government agencies, institutions, organizations, and companies that I talk to on a regular basis always express their desire to get a handle on how to consistently deliver APIs across the API lifecycle, and ask me to help quantity their overall API maturity. They are looking for honest answers on how mature their approach is compared to other API providers , and companies that operate within the same business sector that they do. To help folks self-analyze, as well as help guide conversations I am having with them on the ground, I’ve drafted a short list of questions you can ask of your operations.
I have broken down my questions into six separate areas of the API lifecycle which go a long ways towards defining how mature a company is, asking some of the questions that I am commonly asking new companies I am engaging with in workshops, consulting, and now working with Postman. The goal of this is to help establish the overall maturity of an API operation, not to shame people involved, but to better get at where we should begin investing to help move teams along in their API journey. Here is a breakdown of API maturity questions I currently have.
Discovery - Knowing where all of your digital assets are at scale.
- Do you know where all of your APIs are?
- Do you have a way track schema used across APIs?
- Do you have an actively used catalog of APIs?
- Do you use Swagger, OpenAPI, RAML, API Blueprint or Postman Collections to define your APIs?
- Do you use JSON Schema to articulate the underlying data structure for APIs?
- Do your APIs have owners or teams assigned to them?
Design - Focusing in on an a design first area of the lifecycle.
- Do you hand edit and work with Swagger, OpenAPI, RAML, API Blueprint or Postman Collections?
- Do you auto-generate Swagger, OpenAPI, or Postman Collections
- Do you mock your APIs at any stage of their lifecycle?
- Do you share API designs across your API development teams?
- How much of your API infrastructure uses SOAP?
- How much of your API infrastructure uses REST?
- How much of your API infrastructure uses GraphQL?
- How much of your API infrastructure uses Kafka?
- How much of your API infrastructure uses Other?
- Do you have an API design guide for use across teams?
Deployment - Understanding the many ways in which APIs are deployed.
- How many API gateways do you use to deploy APIs?
- What programming languages do you use to deploy APIs?
- Do you deploy APIs on-premise?
- Do you deploy APIs in the cloud?
- Do you deploy APIs in multiple clouds?
- Do you use containers to deploy your APIs?
- Do you use a CI/CD pipeline to deploy your APIs?
- Do you have webhook implementations to support APIs?
- Do you have any streaming APIs available for consumers?
- Do you have any event-driven APIs available for consumers?
- Have you been looking at serverless for API deployment?
Production - Taking a snapshot of how APIs are maintained across operations.
- Do you have a dedicated public portal for all your external APIs?
- Do you have a dedicated private portal for all your internal APIs?
- Do you publish interactive documentation for all of your APIs?
- How do you require developers authenticate with your APIs?
- What percentage of your API infrastructure supports web applications?
- What percentage of your API infrastructure supports mobile applications?
- What percentage of your API infrastructure supports device applications?
- Do you actively monitor the availability of all your APIs?
- Do you actively validate the responses for all of your APIs?
- Do you actively test the performance of all of your APIs?
- Do you actively scan all of your APIs for vulnerabilities?
Outreach - Helping understand how organizations reach out internally and externally.
- Is there a dedicated API advocate or evangelist on staff?
- Do you have a dedicated blog for your API program?
- Do you have an email address dedicated to supporting your APIs?
- Do you have a ticketing system dedicated to supporting your APIs?
- Do you have a newsletter available for your API program?
- Do you have a dedicated Twitter account for your API program?
- Do you have a dedicated GitHub organization for your API program?
- Does your team attend or speak at conferences about your API efforts?
Governance - Understanding how organizations measure, report, and evolve API operations.
- Is there a central API governance strategy at your organization?
- Do you have an API design guide available for your API team?
- Do you have service level agreements available for your APIs?
- Do you measure revenue / value generated across your APIs?
- Do you quantify the reach of your APIs across applications?
- Do you report upon activity across all APIs to leadership?
These questions help paint a pretty interesting perspective of how far along a group is when it comes to their API journey. Some groups won't be able to answer some questions, while others will be able to confidently provide answers to most of them. It wouldn't be too difficult to attach scoring to each question, and then calculate a score for each area of the API lifecycle, as well as an overall score for the entity--using to understand what an organization is ready for, and where they should be investing.
If you’d like to learn more about your organizations API maturity, and learn more about what other companies, organizations, institutions, and government agencies are doing when it comes to their investment in their API operations., feel free to reach out. I have a significant amount of information regarding how other API providers are defining, designing, delivering, supporting, and governing their API operations—I’m happy to help share this knowledge. I’m going to continue to work on making this API maturity questionnaire more self-service so that companies can self apply, and potentially get at other resources to help them in their journey. If you have questions in the mean time, feel free to ping me with your questions.
