Your First-Gen Web Development Approach Is Officially Obsolete. Thank You APIs.

The growth of API services, the advent of consumer data regulations, and the increased expectations of customers have exposed the limits of first-gen web design. Many organizations with legacy websites are challenged in taking full benefit of APIs in delivering the individual experiences powered by microservices that enable Continuous Delivery, rapid time-to-market, and adhere to the new era of consumer data protection. API-first web- and app-development approaches create the opportunity for full CI/CD Integration, increased productivity and autonomy among teams, faster releases and more resilient Scaling of applications. But the benefits of a Microservice, API-centric approach to development can be hampered by legacy architectures and the challenge of gaps in objectives between Front-end and Back-end development teams in meeting the heightened expectations of their consumers. 

First-gen, monolithic web development typically fell into two camps: front-end and back-end. Front-end developers have years of practice building web pages that conform to well-defined performance standards for their users. The front-end team is concerned about shaving milliseconds off page-load times, optimizing image and video access, and creating intuitive registration and Authentication in order to deliver an optimal User Experience. Back-end developers are sometimes sheltered from the demands of users, and do not always understand how the performance of the backend can influence the customers’ experiences. Marketing and business (sales) teams are often in the ear of front-end developers, while the back-end developers get more input from operations and support teams. 

But the age of monolithic web and app development is nearing its “End Time.” The challenge in front of many legacy web and app developers is how to make the pivot to an approach that is more driven by an adoption of microservices. As consumer-focused teams approach this challenge, three key areas for discussion emerge: how to take advantage of an API-first approach to digital experiences, how to mitigate risk from malicious attacks and manage user identities, and how to collaborate across front-end and back-end teams to make improvements. As your organization is either aligning for a digital revamp or looking at ways to improve customers’ digital experiences, there are three key areas for consideration:

Keeping performance of mission-critical APIs front-of-mind from the start

“Performance” is the key word here. How unified are your organizational definitions of performance? Typically, front-end developers – along with your marketing teams – are focused on UX metrics. Rendering times, conversions, and downloads are key metrics on the front end. Often, back-end performance is ensiled from front-end metrics. 

A shared understanding of key performance indicators is mission critical for both front-end and back-end development teams. It’s not unusual for back-end teams to be insulated from the primacy of customer experiences. The result is that, while back-end developers work to optimize performance across numerous services, they are not necessarily optimizing – through queues or batch jobs – the high frequency calls that are most likely to impact user experiences

On the front end, knowing the time suck from the numerous API calls your site or app is making is integral to learning how to improve your UX. Tools are available to help you better understand what third-party calls are slowing down your site or application, wreaking havoc on your users’ experiences, and preventing your digital experiences from attaining their goals. 

The bottom line: Know what APIs – internal and external – are central to your customers’ experiences. Optimize those and then worry about the rest.

Mitigating malicious attacks, securing APIs and authenticating users at scale

Malicious attacks are a fact of life. They won’t stop – and if history is a reliable indicator – they will continue to increase in frequency and sophistication. An organization’s ability to implement and manage web-application protection, bot attack mitigation, and secure its APIs and customer data  – while always challenging – has moved to a new level of importance with the scrutiny of recently (or soon-to-be) implemented consumer data protections across the globe and the endless assaults of bad actors.

For front-end developers, the recent changes in consumer PII rights means a change in business as usual. With the ongoing demise of cookies, front-end developers and the marketing teams they support need to discover new ways to accurately identify customers and deliver personalized user experiences. Front-end teams are tasked with the burden of identity management along with managing the security of registration and authentication processes that are open 24/7. Mitigating bot attacks, authenticating users and combating fraudulent accounts while providing a positive user experience is a daunting task – and one that is often left to front-end teams. 

Many first-gen sites and apps, however, are designed to dump user PII into a single data lake. Back-end and front-end development teams need to build a singular, comprehensive understanding of  what user data is collected, what is the intended use of that data, and what aspects of that data are shared with which downstream systems and databases. In addition, they should have mutual responsibility of knowing what APIs are being called in the delivery of consumer data and how those APIs are protected.

The relentless assaults by bad actors places an increased importance on not only validating user identities, securing API calls and mitigating bot attacks, but also on deploying security adjustments rapidly and globally. Organizations benefit when these responsibilities are mutually understood by –front-end and back-end teams.

Closing gaps between front-end and back-end web development

Any split in understanding between front-end and back-end teams needs to be resolved. Often, front-end teams are focused on key metrics delivered by marketing or other business units. Typically, back-end teams are not exposed to the same demands – prioritizing metric improvements that may not align well with the overarching organizational goals. 

Shrinking the gap between front-end and back-end web and app development is largely a matter of communication – of ensuring that core business goals are cohesively understood among both teams. This also requires communication between teams and upstream stakeholders around shard key metrics, challenges and deliveries. 

Simply put: Your front-end teams and your back-end teams need to have unified goals. And those goals should be focused upon your users’ experiences.

Embracing an API-first approach 

The move away from a monolithic approach to app development can be challenging. Shifting to a microservices-focused approach can enable:

  • Autonomy of different functional teams
  • Faster deployment of user experience improvements
  • Agile security modifications in response to new threats
  • Lighter weight UX deliverables
  • Integration with CI/CD workflows

The move from a monolithic web or app experience to a more microservice, API-driven approach is, of course, a challenge for legacy development teams. But we’ve found that the payback – in terms of delivering smaller objects, being able to respond to business, security and consumer demands in real time, and to spend fewer cycles on infrastructure efficiency makes an API-first approach more tenable over the long term.

Be sure to read the next API Strategy article: How eBay’s Buy APIs Hit $1B in Gross Merchandise Bought