APIs are all about empowering users and creating partnerships. There are a lot of great, standard ways to use APIs but they are much more powerful than you think. APIs have the ability to completely transform your product or an entire business into something much, much better - a platform.
If you’re not familiar with platforms, then here’s the quick lowdown: Products are goods and services offered by a company. Platforms are goods and services that can be extended or improved upon by the community at large. Let me give you a quick example:
In 1998, you bought a cell phone from Motorola and it only did two things: make calls and send text messages - it was a product. In 2016, you buy a cell phone from Apple and install cool apps that are made by a lot of different people and do a lot of different things - now it’s a platform.
By turning your product into a platform (as Apple did to iOS with their app store) you can effectively crowdsource features and innovation from your developer community.
“Platform beats a product every time” --Wolfram Jost (Software AG CTO)
Apple and Google are not the only ones that have seen the power of community driven innovation. Every single technology sector - Wearable Tech, IoT, SaaS and IaaS can benefit from platformization.
Why Build an App Ecosystem?
There is one main reason why companies build an app ecosystem - to reach a wider audience. Every single app created by your community is another feature that puts you on par with or differentiates you from your competition. Every single feature in your product opens up new and wonderful use cases. Every single use case attracts users that can now use your product to solve their specific problem.
Who Should Build an App Ecosystem?
Everyone from CRM’s to drone manufacturers to cloud hosting providers are looking to platformize their product with community built apps but i’m not going to lie; an app ecosystem isn’t for every company and it’s not easy to build your own. Even for a small set of basic apps, the integration, validation and version control infrastructure can distract a company from what really matters most - the product. On top of it all, the complexity grows another 10x when creating an app store by enabling commerce, licensing and revenue sharing. Many large, well funded companies have spent years (and millions) only to fail in the end. I’ve built a more than a few app ecosystems myself and highly recommend using a service provider - they have APIs and infrastructure that make this all a lot simpler.
Integrating with the API
Let’s get into the meat and potatoes of it all. Apps need access to your API if they are to provide useful functionality to your users. So naturally you’re going to want to give an app access to your API on behalf of a specific user (the user installing the app) and this raises a few technical challenges: app permissions, making the connection, single sign-on and breaking the connection.
Your API can be very powerful and it’s a good idea to restrict API access for an app based on its needs. The first step is to divide your API into logical, individually accessible sections. For example, a SaaS accounting service’s API could be divided into the following access categories: transactions, invoices, bills, receipts and payroll. When developers submit apps into your ecosystem, they will need to specify the API access needs of their app.
Sticking with the topic of access control, every API is capable of performing different CRUD (create, read, update, delete) operations. Create, update and delete access allows the app to make changes the user’s data and as a result, is considered more dangerous than read access alone. So, to help further define access requirements, each access category should have two modes: Read Only (R) or Read and Write (CRUD). For example, an app that generates a tax report may choose to require read only access to invoices and bills while an app that automatically creates new invoices would require both read and write access.
Before the installation of an app, users need to be notified of the app’s access requirements. A user will have to understand and accept that the app is created by a third party and will need access to their data in order to function properly.