I spend a lot of time thinking about – and working on – enterprise technology needs and problems. At Postman, we get an up-close look at what drives enterprises to choose the tech products and services they use; choices that are rooted in the concerns they have and the problems they consistently run into. We see significant variety in the behavior of what would be considered traditional “enterprise software” companies. There are developers at large companies using our free product – both with their work and personal emails; some very large enterprises have multiple teams using Postman Pro in teams of 5-10; and, Postman has customers using Postman Pro within large teams of several hundred. Plus, with our new launch of Postman Enterprise, we have insight into the needs of a more traditional enterprise software buyer.
Above all else, software enterprise buyers are concerned about security, administration and control, cost-effectiveness and visibility.
These concerns are likely found in every enterprise, but it turns out they are also inextricably connected with APIs. The reason for this: fundamentally, APIs are now the point of distribution and consumption of software. This applies even more so for internal software. Enterprises have different divisions contained within – from engineering to product to marketing to professional services. They’re all creating software to various degrees, and they’re publishing internal APIs for that software. Last year’s survey of the Postman community was telling: 70 percent of Postman users spend 10 or more hours per week with APIs.
So let’s get into the details on these issues and see how forward-thinking enterprises are solving them. While the problems are not unique to APIs, the solutions include them.
This is typically the first topic of discussion between Postman and an enterprise software buyer. In some ways, this is the hallmark of an enterprise buyer, more than revenue or number of employees. In addition, APIs face intense security scrutiny because of their nature as ubiquitous application connectors, regardless of API type – public, private or internal. Because of their connected nature, APIs that are not secured can expose many applications to hacking and other security risks.
While we’re constantly adding features, we started Postman Enterprise with security-minded features for exactly this reason. Our current Enterprise product has three key features, and we’re hoping to add more as the product develops:
- Single Sign-on: Dev managers want to promote collaboration while ensuring secure access for the entire team. Postman Enterprise supports multiple SSO providers, allowing our customers to use their existing identity management solution.
- Audit Logs: With audit logs, Postman Enterprise admins can review key activities related to billing, security and team management; such as increasing team size, adding a team member or updating custom authorization.
- Static IP: This enterprise-only feature allows customers to test IPs securely behind a firewall by whitelisting a single static IP address to use for monitoring.
Administration and Control
Enterprises have complex tech stacks and massive amounts of infrastructure to worry about, not to mention thousands of employees, partners and customers. That’s a lot to keep track of – never mind manage and control. As a result, anything to do with technology gets real complicated, real fast.
The issues of administration and control really hit home for CIOs, CISOs and other IT leaders who are managing multiple development teams that need to collaborate on complicated problems with far-ranging effects. Again, these aren’t issues specific to APIs, but APIs are so prevalent that effectively administering and controlling them has a positive ripple effect throughout the enterprise. At Postman, we focused on the team collaboration dynamic found at the enterprise level to solve some of the key administration and control problems.
Postman built a collaboration tool called Workspaces that helps to mitigate administration and control problems. If you’re using Postman in the enterprise, you might have five different product lines and five different engineering teams, and there will be some things that they want to share, and some they won’t. Workspaces provides insight into who is sharing what, and, as we add functionality, will provide fine-grained control over who can discover, edit, and share content. Conceptually it will be similar to using Slack, with different channels covering different people.
Even at the enterprise level, cost matters, despite the fact that CIOs and other IT executives rarely get fired for hiring expensive consultants to solve their technology problems. As software providers, we help our customers when we provide a solution that is better, faster and more cost-effective, and can be justified with measurable developer efficiency improvements.
We have tried to keep our product value-priced, and are committed to continuing that going forward. Our customers tell us that’s working. Watch this space in the future to see how we do.
We’re in a development environment where applications are easy to discover and easy to access. There are legitimate uses of many types of applications, all across an organization. That is great for the individual user, but, from an enterprise perspective, getting visibility into everything and making sure it is shared, consumed and managed securely is a massive challenge.
In the external world, API discovery and consumption is enabled through a combination of Google searches and platform provider-owned portals. You can find out what APIs exist, how to use them and how to consume them. The equivalent infrastructure does not exist within the enterprise; there’s no equivalent of the “published API.” A team in one division might have created an auth API that would be perfect for their colleagues working on a different product line, but there’s no way for the second team to know about it.
I often hear from enterprises about the issues of discoverability and management of internal APIs. While we hear more about public, published APIs, we know that in many cases the use of internal APIs is an order of magnitude more common in the enterprise. This usage pattern can be traced to the rise of microservices, and the resulting need for connecting APIs within a single organization. Before APIs were used as widely as they are now, monolithic applications were the norm for the enterprise. Now, it’s not atypical for an organization to have hundreds of microservices, and hundreds of associated APIs – with no well-understood way to discover, consume, and share them. These enterprises need the tools to allow discovery and encourage collaboration. This understanding was the driver behind many of the tools within Postman.
Discoverability is all the more important in software, as we all know that an implementation rarely matches the original specification for very long. This is especially true for APIs: the architect creates an API specification, documentation is created...and then the API develops a life of its own as it is developed, expanded, and patched. Postman created collections to address this concern: as an executable description of an API, the collection is the most up-to-date and accurate representation of the API at any point in time.
One final thought about visibility of APIs: it helps with the retention of knowledge within an organization. When a developer leaves an organization, specific knowledge can disappear. If their work isn’t part of some kind of corporate visibility and management, it can get orphaned or completely lost.
The Human Element is Also Critical
Lastly, the typical enterprise software buyer cares first about technical problems and technical solutions. The four cases I presented here are just the biggest among many others. But I would be remiss if I didn’t mention that it is also true that people matter, even in a very technical sale. In fact, my team gave me a t-shirt that reads “Computer Psychiatrist” because, well, that’s often the role we play. As my team and I continue to improve Postman’s API Development Environment to solve enterprise problems, the t-shirt will serve as a daily reminder to not underestimate the value of the personal touch along the way.