This is a guest post for the Computer Weekly Developer Network written by Siim Kibus, engineering manager at Pipedrive – a company known for its sales and Customer Relationship Management (CRM) platform technology.
Kibus writes in full as follows…
APIs as a product feature – or part of a product offering – are critically important for developers creating strong services for demanding end users.
Good APIs and developer relations are entwined. Savvy customers look at both when choosing a new SaaS offering for their tech stack and it’s often a factor in churn, if problems or lack of connections are not addressed.
In order to establish a consistent API look and feel, APIs should ideally be design-first, with design principles, documentation and processes to ensure a quality result. Developers end up with better results when they specifically design with safety, efficacy and (resource) efficiency in mind.
With that in mind, it can be tempting to build APIs for your own UI first and then release them to the public… But a safer bet is to strictly separate the two from the start.
Without the right integrations, API or otherwise, a percentage of potential customers might not choose your service.
Cloud connections enable users to overcome product limitations or supercharge their tech stack and get more done. For that reason, it’s vital to stay close to your customers – in more ways than one. For example, for performance reasons, by deploying to multiple AWS regions, or taking advantage of content delivery networks like Cloudflare. Yes, having your data across multiple locations will add complexity, but unless your customer base is located in one region, it will perform better. It also makes it easier to deal with data privacy legislation, like GDPR.
Additionally, services like Cloudflare provide DDoS protection – which when you need, you need yesterday, like rate limiting. This can come by the aforementioned external tooling, a self-managed API gateway, or an API token. The latter are easier to get going for smaller businesses or teams but come with their own security and usability issues.
To help the dev team manage all that connectivity complexity, employ an infosec team or continuously train your devs to be aware of the major threats – and make sure your work is audited, such as through what we call ‘mission landing’ checklists, AKA release management checklists.
Don’t over index on APIs
Beyond the API, there’s a whole landscape of cloud connections to play with and deploying the right solution right sizes the software development and engineering workflow.
Webhooks can be beneficial both for the receiver and provider, with less resource spent on serving polling requests, which really scale up. In a SaaS CRM example, a sales team’s deal win can be pushed through to the relevant users once the data has been input. The server does not need to be constantly pinged for an update.
Consider APIs to be a product feature – not a silver bullet – as their use is context-dependent.
Take Twilio, where APIs are the main product; but for SaaS providers, again, taking CRM as an example, you’re likely to first build the UI and progress to providing APIs only after you have grown big enough that connectors can further scale your reach.
Maximise the value of connectors
Always monitor actual performance for resource efficiency. For example, if you give the user too much data it slows down the performance, so keep watch how requests scale. Keep utilisation high by ensuring users see value. Ideally your API should offer the same features as the UI front end. Additionally, a great ecosystem lets people know about the connector, so maintain excellent dev relations with the wider community. It’s how you encourage others to learn how to use it.
First focus on security and scalability – even where this is contradictory! Trust is the most valuable currency. If users don’t trust their data is secure, then they won’t do business with you. Once that’s in great shape, deploy cloud services which can supply your services to users even if demand rises quickly. No one wants to be spinning up new servers in a hurry.