Open or Closed API: Six Guidelines to Help CIOs Make the Call

More enterprises are paying attention to the business-building potential of open APIs, and it’s not hard to figure out why. When companies like Expedia tell ReadWriteWeb that APIs (check out the Expedia API) contribute about 90 percent of its $2 billion a year, you can bet CFOs and CEOs will take notice. The problem is, not every API should be open and, in some situations, an open API might jeopardize your API business strategy.

When an API is not open — meaning, released publicly — it’s called a "closed API" or  an “enterprise API.” Sometimes, developers also refer to “dark APIs.” Whatever it’s called, the API will not be made publicly available and will be tightly controlled.

It may seem counter-intuitive, but closed APIs can be essential to a successful API business strategy.

For  instance, although Pandora obviously relies on APIs as a key part of its infrastructure, it does not offer a public API, according to a recent post by Mark O’Neill, the founder and CTO of the API management company, Vordel.
That may seem like a strange business decision for an Internet-based company, but Pandora’s business strategy is based on selling advertisement. A public API would allow developers to tap into Pandora’s music service, but without the ads; so obviously, an open API would undermine Pandora’s  business model.
For CIOs, deciding whether or not an API is open or closed should be an key question as you develop the overall API business strategy. A closed API might be in your best interest if:

The API is for business partners or other B2B uses. Guillaume Balas, CMO of the API management company, 3Scale, described two ways 3Scale’s clients used APIs to generate additional revenue. The first is by developing stronger relationships with business partners.
If it’s used with business partners, then a closed API or a managed API might be better options. Chris Haddad, vice president technology evangelism, WSO2, explained in a recent IT Briefcase column that managed APIS work by providing subscribers with a unique key ID. This allows you to retain control over the API, add an additional “layer” of security, and yet still benefit from the ease of an API by deploying it with the specific business partners.
An open API might undermine your business model. The other way businesses leverage APIs is as a way of improving the User Experience and quality of service, Balas said. If that is your goal, then an open API should be consider. Still, you’ll want to consider how the API could be used. Does it fit in with the goals of your overall API business strategy?
Obviously, Pandora could reach more people by opening its API, but it would lose revenue. Evaluate the potential consequences of an open API, both bad and good.
The API will handle confidential information. Enterprise APIs may be dealing with highly confidential information must have a  robust management strategy to monitor for inappropriate use, according to O’Neill.
The API is involved with high value business transactions. O’Neill points to this as another situation where enterprises can’t afford to lose control over any aspect of the API and its security features.
Regulatory compliance issues are at play. One of the key components of any regulatory compliance is being able to account for what happened. The only way to ensure that is through strict monitoring of the API, O’Neill says.
Integration to your business applications infrastructure is a key part of the API. Obviously, you don’t want just anybody to have that capacity.
You’re only comfortable with developing based on  standards. Standards are still an evolving discussion with APIs, as EMC recently noted, and developing  standards would be slow down and restrict the development of  high- Function APIs. But if you need to rely on standards before you’re comfortable developing an open API, then a closed API might be a better option for now.

Closed enterprise APIs may not make headlines for their business-changing impact, but there are real advantages to keeping an API closed, including more advanced security features,  better integration and use runtime middleware, O'Neill says.

But in the final analysis, whether to keep an API closed or open and publicly available should be based on your API business strategy.

Be sure to read the next Enterprise article: Getting Enterprises Using Your APIs: Understanding the Challenges and Workarounds