The Ultimate Implementation

Guide to API Management

Strategies, Insights, and Best Practices for API
Product Leaders
 TIBCO implemenation guide | 2

Purpose, Audience &

Objectives
This publication guides IT and business professionals in implementing APIs, formulating an API strategy,
measuring and prioritizing business value, and architecting overall success. It walks API product leaders
through a three-step process for implementing a successful API program and creating a culture. It begins
with building an API team and prioritizing business value before moving into selecting an API management
system and building APIs.

Who should read: Objectives of this Guide: Tools in this guide:

•  API Product Managers •  Understand the steps of •  Examples and worksheets
implementing an API program to help develop plans and
•  Application Architects
•  Formulate API strategy, document decisions
•  Product Owners
measure and prioritize •  Links to tools to help measure
•  Digital Product Leaders business value, and architect business value and drive
API success program success

What Will Readers Gain?

You will gain knowledge of best practices for managing the full API lifecycle and be able to:

•  Assemble the right API team with clearly defined roles and responsibilities
•  Define business value with clearly established, justified, and prioritized goals
•  Measure API program ROI by evaluating APIs for usability, consumption, and security
•  Select the right API management system using a key capability checklist and a balanced scorecard
•  Identify quick wins in integrating the API lifecycle into your organization and set your program on the
path to success
 TIBCO implemenation guide | 3

Worksheets in this Guide

Identify Your Team, 7
Defining Your API Strategy, 9
Define Your Business Value KPIs, 10
Strategic Prioritization, 13
Key Capability Checklist, 18
API Management Platform Requirements, 21
API Platform Scorecard, 23
Business Process Flow, 28
Minimum Viable Product, 30
Define KPIs, 32
Iteration Planning, 33

Step 1: Prepare
Build Your Team
Define Your API Strategy
Define Your Business Value
Prioritize Your Business Value

Step 2: Select API Management Solution

Create a Key Capability Checklist
Assemble a Balanced Scorecard

Step 3: Architect your success

Define your Process Flow
Create Minimum Viable Products
Build APIs that Are Easy to Use
Mature through Iteration
 TIBCO implemenation guide | 4

Step 1: Prepare
APIs are ubiquitous in today’s business environment, with the It can be called an API Center of Excellence (CoE) or an API Team.
greatest use for internal integration. One of the most important Think of it as the Project Management Office (PMO) for APIs.
investments you will make in your digital transformation will be in The charter of the API team is to be the backbone of your API
your API platform. Like with all major investments, you will need to program that drives governance, support, adoption, and overall
start with a well thought out plan. With the importance that APIs strategic direction for your organization. No matter the size of your
have on your success, developing a clear plan will help you stay on organization or the level of your API maturity, don’t let the API team
course, communicate with everyone, identify key stakeholders, and concept intimidate you. It doesn’t take a huge team to implement
keep your end goal in sight. your API program. You just need to cover these key roles (a person
As you plan and prepare to get your digital transformation can fill more than one):
underway, complete the following steps: •  API Champion
n Build your team •  API Product Manager
n Define your API strategy •  API Architect
n Define and prioritize your business value •  API Developer
To help jumpstart your implementation, leverage the worksheets •  API Evangelist
at the end of each section to develop plans, and document your
decisions. Download this guide and treat it as a living document API Champion
that you reference frequently as you complete the steps.
The API champion is your program’s executive sponsor, coach,
and internal influencer. They connect the API program strategy
to the organization’s financial goals and business initiatives.
Build Your Team They can be an influencer to enlist sponsors who have the
At one time, APIs were only used by technical teams and IT experts, ability to provide the funding and resources that API teams
but the rise of the citizen developer, low code/no-code tools, and need to be successful, as well as break down intercompany
the API product manager role changed all that. APIs are now a barriers. They should be capable of developing strategic
significant engine of business growth and a prime instrument in business goals and business value analysis, and have a detailed
the modern-day product managers toolkit. Using APIs effectively understanding of the technical capabilities of an API product
requires a new way of thinking about partnerships, a new way offering. Their main goal is to support the API product manager
of collaborating among business and technology teams, and a in breaking down silos, unlocking funding, and freeing up
new pace of developing, funding, and coordinating. This is where technical resources.
having centralized governance and organizational model is critical.
 TIBCO implemenation guide | 5

API Product Manager API Developer

Industry best practices for implementing an API culture in any The API developer is the keyboard-wielding frontline technical
organization unanimously call for appointment of someone expert who transforms the wants and needs of the API
responsible for the program’s success. This person manifests as customer or application developer into reality. Their main
the API product manager, the quintessential CEO of your API purpose is to create intuitive and highly consumable APIs while
program, who is ultimately responsible for the implementation adhering to the guidelines put in place by the API architect.
and adoption of your API strategy. The API product manager They fulfill this goal not only by developing APIs, but by
turns the strategy into action by managing each stage of the contributing to program resources that will drive developer
API product lifecycle, prioritized by API metrics and analytics engagement and retention, such as documentation and tips
along with API customer feedback. The product manager is the & tricks on API discovery. Ideally, the API developer should
API subject matter expert and roadmap owner, who displays an have a strong understanding of the inner workings of the API
intimate knowledge of all technical specifications and business management platform to implement security policies, traffic
benefits and can effectively communicate those benefits across management, and other protocols that support the scaling of
the organization at all levels. Depending on the organization, APIs per the governance model.
their responsibilities may include: running standup meetings,
prioritizing roadmap backlogs, defining meaningful KPIs, API Evangelist
preparing customer presentations, and/or providing technical The API evangelist is your API program’s change agent. Their
insights for a go-to-market strategy. role is to spread the news on how your program can transform,
revolutionize, and enhance how API and application developers
API Architect do their jobs. This role is responsible for creating an API
The API architect, the technical consultant to the API product community and driving developer engagement. They will
manager, may maintain responsibility for defining software ensure that developers can easily access your APIs, product
environments, hardware, and other systems that keep the lights information, documentation, and software development kits
on, but for API programs, they’re responsible for planning, (SDKs). They’re your spokesperson for developer outreach,
designing, and reviewing the construction of APIs, data both internally and externally. API evangelists will lead and
integrity, security, and enforcing developer guidelines. As part run hackathons, meetups, organize developer feedback, and
of their strong collaboration with the API product manager, advocate for community enhancements on the roadmap.
they define the guidelines for API versions, compatibility, They will also market the APIs via social media, targeted
depreciation, and deployment. They guide API creation and posts on LinkedIn or Github, and various other marketing
implement development and testing requirements to meet the activities. Evangelists can play a crucial role in the success
highest standards in API design. As the API program grows, of your API program; a star evangelist will be able to inspire
this role may provide insight into and even be responsible for change and communicate with both the technical and business
the scaling of the underlying systems and ensuring optimal communities in ways that are truly meaningful.
system performance.
 TIBCO implemenation guide | 6

imply that there is only one viable solution, and it’s theirs.
Pro Tip: Through our implementation efforts with hundreds of
application architecture leaders and innovators, we’ve found
Although commonly advertised as individual three organizational API strategy archetypes:
roles, each of the API personas may manifest
•  API security archetype
themselves differently based on your
organizational size, budget, and technical prowess. •  API-led archetype
For example, in some organizations the API •  API monetization archetype
product manager may assume some of the API
evangelist marketing responsibilities while at other
companies, it’s beneficial if the product manager Pro Tip:
has a more technical focus working closer with The most successful API strategies are those that
the API architect and developer. maximize developer engagement, solve a business or
technical problem, and are rooted in value measurement.

*See the Identify Your Team worksheet on the next page.

API Security Archetype

Define Your API Strategy The API security archetype is used by organizations with strict
security measures that handle sensitive personal and financial
According to the 2019 Gartner API Usage and Strategy Survey,
data in high volumes, and have the expectation of maintaining
“98% of participating respondents either use APIs now, are
indestructible levels of security for all their internal and external
implementing APIs or plan to use APIs in the coming year. Of
data transmissions.
participating respondents, 88% say that they are using or plan
to use internal APIs.”1
API-led Archetype
This research solidifies what you already know to be true: APIs
The API-led archetype is used by companies focused on their
are now the de facto means for providing access to enterprise
customers’ journeys and experiences, and therefore need to
data and enabling complex system interactions at scale in the
connect various systems, technologies, protocols, and vendors
modern architecture stack. Internal APIs are becoming more
so they will all work together as one cohesive experience.
prevalent, providing tremendous gains from reducing technical
debt, reducing time-to-market for new products, and improving
the developer onboarding experience.
API Monetization Archetype
The API monetization archetype is inherent in organizations focused
As you search the Internet, you will find hundreds of articles
on creating customized packages and plans, the productization of
and reports that tell you how to define your API strategy, what
data, and the licensing of their APIs for financial gain.
process to use, what next-gen technology to include, and even

1 2019, Gartner, Top 3 Trends in Application Architecture That Enable Digital Business, Anne Thomas, Yefim natis, Mark O’Neill, 28 October 2019
 TIBCO implemenation guide | 7

Worksheet: Identify Your Team

It’s time to select your API Team. Use this worksheet to fill in and track
the people who will play key roles in your API program’s success.

MY API TEAM

KEY ROLES SUPPORTING ROLES

API MANAGER API EVANGELIST API CHAMPION API ARCHITECT API DEVELOPER

EXAMPLE  

INDIVIDUAL 1

INDIVIDUAL 2

INDIVIDUAL 3
 TIBCO implemenation guide | 8

Cultural and organization inertia can handicap the execution of

any API strategy. Unless an API product manager understands
Pro Tip:
and can clearly articulate the potential value of the company’s
APIs to organizational stakeholders, some groups may be wary Resources that can be helpful in ROI justification are
of sharing their assets and intellectual property or make the key performance indicators (KPIs) of the desired
necessary investments needed to participate with customers, quantitative and qualitative outcomes that are
partners, and members across a broader ecosystem.
measured by collecting information about your API’s
performance in the market and its impact on your
company’s way of doing business.
Pro Tip:
Clearly explaining the overarching business
case, and using the use cases and best practices *See the Define Your Business Value KPIs worksheet on page 10.

outlined in the ebook “The Definitive Success

If you plan on using a KPI approach to help define and track your
Guide for the API Product Manager” to set business value, API products are measured on an analysis of
priorities, can guide the evolution of your API the business impact (external and internal), the ROI calculation
program and the overall success of your strategy. (increase in profits + cost savings / costs), and your team’s ability
to consistently deliver measurable value while exceeding defined
targets. The outcome is that API products identified as having
*See the Defining Your API Strategy worksheet on the next page. strategic value but low product readiness—or that are easy to build
but have minimal business benefit—are likely not the best initial
candidates for the API program or project launch.
Questions to help guide the design of your KPIs as they relate to
Define Your Business Value your business impact and organizational readiness include:
Understanding how the business and technical drivers of your Business Impact:
organization and industry mesh with your API strategy, and
•  What is the measurable impact of APIs on business
ultimately map to the vision and goals of your executive leadership
objectives and customer needs?
team, play a critical role in determining the priorities of your API
program. Most people over commit and under deliver on any •  What is the impact of using APIs versus doing nothing or
project’s goals. If the planning process, project plans, and business keeping things as they are?
initiatives do not map back to these drivers, it won’t matter what •  How much will this contribute to the organization’s goals?
your ROI forecast is—you’ll face an uphill battle getting buy-in and
Organizational Readiness:
project approval at every level. Having clearly defined, justified, and
prioritized goals will make it easier to decide where to start to gain •  What is the technical difficulty in building APIs (back-end
the most value for your business. systems, integration, technical debt, etc.)?
•  What is the readiness of the organization (Marketing, Legal,
Product, etc.) to deliver and adopt APIs?
 TIBCO implemenation guide | 9

Worksheet: Defining Your API Strategy

(EXAMPLE) API STRATEGY

• Build and maintain the most developer-centric experience by creating personalized experiences across all touchpoints, anticipating
developer needs, and providing customized service and documentation when needed.
• Make increasing developer loyalty the highest priority.
• Provide the highest level of personalized service and give developers the communication channels they want.
• Connect all environments (internal and external) of applications and data to provide partners, developers, and end-users with a seamless
experience—and the business with the ability for agile change.

MY API STRATEGY
 TIBCO implemenation guide | 10

Worksheet: Define Your Business Value KPIs

(EXAMPLE) API VALUE ANALYSIS

DATA SOURCE STRATEGIC READINESS BASELINE UPDATE TARGETS
FREQUENCY

EXTERNAL Customer Prod Mgt  500 customers Monthly 100%

(BUSINESS IMPACT) retention

Customer Sales Ops 50 opportunities Monthly 25% 

acquisition

ROI Fin  $25M Quarterly 325% 

Market share Mktg  20% Monthly 15% 

INTERNAL Product quality Prod Mgt 5 days tech debt Quarterly —

(ORGANIZATIONAL
READINESS)

R&D viability Tech  10 velocity points Weekly 50% 

Marketing adoption Mktg 1000 leads Monthly 50% 

Sales adoption Sales Ops 1000 MQLs Monthly 25% 

 TIBCO implemenation guide | 11

MY API VALUE ANALYSIS

DATA SOURCE STRATEGIC READINESS BASELINE UPDATE TARGETS
FREQUENCY

EXTERNAL
(BUSINESS IMPACT)

INTERNAL
(ORGANIZATIONAL
READINESS)
 TIBCO implemenation guide | 12

Prioritize Your Business Value

Don’t make the mistake of coming up with and attempting to Security is an important aspect of an API strategy, regardless
get project approval for hundreds of APIs at the outset. It will of how your APIs will be consumed or exposed. As with the
cost your organization valuable time, money, and resources. various protocols, frameworks, standards, or specifications
In addition to the business viability discussed in the previous associated with the API program, it is important for API owners
section, review your potential APIs for usability, consumption, to be aware of the different forms of API security and various
and security to determine if they’re worthy to be part of your business and technical impacts they have on the overall success
API program. of your strategy and program.
Evaluating each and every API against these measures will give
you the context to understand if and how the API will be used,
by whom, and at what consumption rate.

IT ARCHITECTURE BUSINESS VALUE

PRIORITIZATION PRIORITIZATION
Pro Tip: TRANS
ITION TO

Creating an API-centric strategy as the

cornerstone of your business transformation,
and using tried and true business and technical
OPERATIONS BUSINESS PLAN
guidance suggested by Nelson Petracek in “API (IS) ENABLERS
(USABILITY)
(WILL)

APPLICATION API PRODUCT

Success: The Journey to Digital Transformation,” ARCHITECTURE MANAGEMENT

will help you cement your long term API

management success and navigate the pivotal BUSINESS BUSINESS
PROCESS MODELS
decisions that lie ahead. (SECURITY) (CONSUMPTION)

QUANTATIVE QUALITATIVE
VERIFICATION VALIDATION
KPIs RESOURCES

SU
*Refer to the Strategic Prioritization worksheet on the

S
PP

ST
OR

TE
TS
STRATEGY
next page. (SHOULD)

Figure 1 Evaluating an API Strategy

 TIBCO implemenation guide | 13

Worksheet: Strategic Prioritization

(EXAMPLE) BUSINESS GOALS & PRIORITY

GOALS METRIC PRIORITY

WILL THE APIs BE USED?

Identify top API products Number of API calls Must have

Identify top users Number of active users Important

API usage

New revenue/service opportunities Increase in service revenue Nice to have

Number of partners
Lifetime customer value

WILL MY INTERNAL TEAMS CONSUME THE API?

Better visibility into internal users Number of active developers Must have

Increase API adoption Increase my conversion rate by (x%) Must have

Executive reporting API usage reports Must have

WILL THE API INCREASE DATA SECURITY?

A standardized process for OAuth, SSO, LDAP Important

authentication and authorization

Minimize security faults Whitelisting, blacklisting reports Important

Role-based access Auditing and logging Must have

 TIBCO implemenation guide | 14

MY BUSINESS GOALS & PRIORITY

GOALS METRIC PRIORITY

WILL THE APIs BE USED?

WILL MY INTERNAL TEAMS CONSUME THE API?

WILL THE API INCREASE DATA SECURITY?

 TIBCO implemenation guide | 15

Step 2: Select an API

Management Solution that
Connects your People,
Process, and Technology
“API” has become a common term thrown out when questions are As you evaluate API management platforms, complete
being asked and answered about a new application or feature set the following steps:
you’re reviewing. Whether it’s to purchase, integrate, or partner,
nine times out of ten, someone will ask if there is an API that can
n Create a key capability checklist
be exposed or consumed. The most common response is “yes,” and n Identify key differentiators
the vendor will go on to explain how it works. n Assemble a balanced scorecard
Multiply this one conversation by the thousands that are going
on across your business, and you will soon start to understand
the magnitude of APIs and the need for a way to manage them.
Just creating thousands of APIs is not enough; you must also
Pro Tip:
manage and govern them using an API management system. It’s important that you select the API management
This system will surround your APIs with supporting functions: solution that complements your organization’s culture,
user management, monitoring, and reporting to ensure that enables your API strategy, easily fits into your current
your program does not become a bucket of patchwork code,
architecture, and provides your developers with the
manual workarounds, and security vulnerabilities.
technology that improves the way they operate, scale,
and deliver reusable assets.
 TIBCO implemenation guide | 16

Create a Key Capability Checklist

Whatever API management system you are evaluating, you •  Automated deployments: Use modern CI/CD processes to
must ensure that the capabilities your organization will need implement consistent quality code that’s readily available
now and in the future are included in the platform and offered to users
at the right cost. The best tool to help you in this evaluation
process is a simple checklist. API Monetization
If your API strategy calls for treating APIs as products, your
*See the Key Capability Checklist worksheet on page 18. enterprise may be in uncharted waters, requiring that you
establish competencies in disciplines such as API marketing,
Identify Key Differentiators ecosystem or platform positioning, API lifecycle management,
Managing your new API infrastructure and security may be and/or developer outreach. Additionally, API product managers
a new concept for your IT team. In addition to the above must consider how to approach the direct and indirect
checklist, ensure that you install an API management system monetization of APIs. Direct monetization provides access to
with product differentiators that enable you to scale your data or services via APIs in exchange for money (for example,
business, implement your business strategy, and closely through a subscription-based plan). Indirect monetization can
monitor your API performance: use APIs to develop ecosystem relationships. For example, a
public land registry gives access to its services by offering
•  Cloud-native capabilities
a subscription-based plan to third-party tools for architects,
•  API monetization notaries, lawyers, real estate agencies, and others.
•  API analytics
API Analytics
Cloud-native Capabilities Analyzing API performance and measuring value is of the utmost
importance to the success of your API strategy. It requires your
Cloud-native API design capabilities help you develop, discover, and
organization to have best-in-class data visualization, monitoring,
connect cloud-native and event-driven microservices with APIs
and value reporting capabilities to report on KPIs that are valuable
out of the box and with minimal setup. Additionally, your developer
to your leadership and strategic goals. For example, your analytics
community will demand that the selected platform puts security
should be able to provide:
and performance at the core while providing complete control over
the ability to define policies, request authentication/authorization, •  Insight-driven results: Real-time data insights on your
and validate all requests. Opening the door for you to embrace ecosystem—apps, consumption, performance, and usage
modern architecture approaches like serverless, microservices, and metrics (spikes, latency, response times) for end-to-end
containers leads to benefits such as: program visibility.

• “Dependable” security: Build security and compliance as a •  Risk mitigation: Real-time monitoring and alerts on system
part of your app dev thresholds, capacity and payloads to safeguard your APIs
and data from potential danger.
•  Business agility: Take advantage of microservices’ autonomous
lifecycle to evolve independently and deploy frequently
 TIBCO implemenation guide | 17

•  Customer experience improvements: Drive better

relationships with customers (developer and API consumers)
and better decisions based on insights and measures of
customer engagement
•  KPI status: Make better decisions based on user insights and
track the performance of APIs throughout their full life cycle

Analytics can help you demonstrate API program performance,

facilitate data-driven decisions, and respond quickly to
customer and market changes.

*See the API Management Platform Requirements worksheet

on page 21.

Assemble a Balanced Scorecard

For most organizations, outlining basic needs when selecting
a software vendor can be a cumbersome task that generally
falls behind normal operational workload; The task goes to
someone not yet familiar with your API strategy. To help in this
process, create a balanced scorecard to assist your team in the
evaluation process.
Listen to the requirements of your technical teams, understand
your enterprise architecture limitations, and keep your eyes
and ears open for signals of differentiation and innovation. All
this can be mapped back to your API strategy and provide you
with the trifecta for an effective API management system that
connects your people, process, and technology.

*See the API Management Platform Scorecard worksheet on

page 23.
 TIBCO implemenation guide | 18

Worksheet: Key Capability Checklist

(EXAMPLE) API MANAGEMENT PLATFORM CHECKLIST

CAPABILITY DESCRIPTION 

API PORTAL • Customizable design, look & feel, workflows, forums, documentation, and governance 
• Developer onboarding with configurable sign up and approval process
• Self-learning and hosting of bundled resources and specs like API proxies and other API configurations
• Easy access with key registration for gaining access to the tools and information developers need to explore,
test, and consume APIs

DESIGN FLEXIBILITY • Development of APIs from any data source including backend systems 
• API modeler to create API specifications with simple options for defining resources, methods, and responses of
the API
• Any data source contract-first modeling, with native OAS, plus native Node.js hosting of API implementations

BEYOND REST APIs • Support for non-REST APIs such as SOAP and GraphQL; and support for and integration with 
microservices environments
• Architect cloud-native apps with API choreography, event-driven APIs, and other non-REST protocols such as
AsyncAPI, WebSockets, GraphQL, gRPC, and Kafka types

PERFORMANCE • High throughput, low latency, scalability through federated and distributed API gateways 
• Reduced latency using global caching, HTTP cache-control headers, surrogate cache-control, custom
caching adapter
• Multi-tenant architecture and geo-routing and automated failover as part of disaster recovery

ACCESS & SECURITY • Single system management of traffic for all gateways, including embedded microgateways 
• Definable access and security policies like rate limiting and throttling between consumers and role-based and
group-aware access control
• Robust security standards such as OAuth2, HTTPS, JWT, HMAC, XML sig, Kerberos, CORS, WS-I, ISO 27001, PCI,
Hitrust, Kubernetes Secrets with RBAC, and MTLS
 TIBCO implemenation guide | 19

CAPABILITY DESCRIPTION 

DEPLOYMENT OPTIONS • Anywhere deployment including on-premises, in the cloud, or in a hybrid environment (gateway on-premises 
with cloud based API management)
• Multi-cloud support including AWS, Azure, or private cloud deployment options
• Edge deployment using microservices, service-mesh, north-south and east-west service patterns

API ANALYTICS • Monitoring and visualization with custom operational and usage-based KPIs and endpoint-level drill 
down capabilities
• Operational reporting and monitoring of real-time performance and business metrics of APIs, packages, plans,
endpoints, and developer analysis
• Business value reporting combining business KPIs with API metrics delivering actionable insights

INTEGRATION • API-led integration with seamless registry, discovery, and reuse of APIs and artifacts 
• Product management of APIs as products and orchestratration of APIs, applications, and systems
• Connectors/adapters out of the the box for common business SaaS services

INNOVATION • Open API standards for industry accelerators like open banking and HL7 FHIR healthcare interoperability 
• Mobile and multiexperience development of APIs for mobile, web, and wearables capable of engaging with new
conversational ecosystems
• Service mesh to create, purpose-built applications that are easier to design, develop, and deploy
 TIBCO implemenation guide | 20

MY API MANAGEMENT PLATFORM CHECKLIST

CAPABILITY DESCRIPTION 
API PORTAL 

DESIGN FLEXIBILITY 

BEYOND REST APIs 

PERFORMANCE 

ACCESS & SECURITY 

DEPLOYMENT OPTIONS 

API ANALYTICS 

INTEGRATION 

INNOVATION 
 TIBCO implemenation guide | 21

Worksheet: API Management Platform Requirements

(EXAMPLE) API MANAGEMENT PLATFORM ENABLERS

CAPABILITY CONSIDERATIONS PRIORITY

BUSINESS OF APIs®

Enable an API Ecosystem Create a value chain with API products Must have

Create a Marketplace Monetize API products and expand channels Important

Create a Developer Platform Engage developers with API products Important

DEV & OPS & PRODUCTIVITY

Collaboration Facilitate the collaboration of diverse Must have

persona technical requirements and
business needs

App Dev Provide apps and tooling to power the pipeline Important

Microservices Management Provide visibility and apply policies to all Important

APIs and microservices
 TIBCO implemenation guide | 22

MY API MANAGEMENT PLATFORM ENABLERS

CAPABILITY CONSIDERATIONS PRIORITY

BUSINESS OF APIs®

Enable an API Ecosystem

Create a Marketplace

Create a Developer Platform

DEV & OPS & PRODUCTIVITY

Collaboration

App Dev

Microservices Management
 TIBCO implemenation guide | 23

Worksheet: API Platform Scorecard

(EXAMPLE) API MANAGEMENT PLATFORM SCORECARD

COMPANY NAME: Example

SYSTEM CATEGORY: API Management OVERALL RATING: 3.00
CONTACT: John Doe

AREA SCORECARD CRITERIA RATING SCALE FOR COMMENTS AREA AREA WTD.
EXPECTATIONS WEIGHT RATING RATING
1= BELOW, 3= MEETS, 5= EXCEEDS

Supports multiple deployment options (e.g. On-prem, SaaS, 3 Add comments here
ARCHITECTURE and hybrid)

High throughput, low latency, and Provides appropriate technical capabilities and skills to 3 Add comments here
support multi-tenancy 20% 3.00 0.60
scalability combined with best
practices and technology that result
in flexible, consumable and Provides flexible scaling and provisions additional capacity 3 Add comments here
extensible experience based on load and traffic

Provides customizable registration workflow and forms 3 Add comments here

DEVELOPER PORTAL

Innovative developer community Provides appropriate user management and access controls 3 Add comments here
engagement model and tools 15% 3.00 0.45
(e.g role based & group-aware access control)
offering configurable partner and
developer onboarding and Provides features for single sign-on and integration with 3rd 3 Add comments here
experience management party solutions

Supports the entire API lifecycle governance 3 Add comments here

API GATEWAY

API lifecycle management, API Provides features for automating the development process 3 Add comments here
10% 3.00 0.30
mocks, configuration management,
streaming, and standardized CI/CD
deployment options Provides appropriate technical capabilities for traffic 3 Add comments here
management (quotas, rate limiting, etc..)

Supports single sign-on for administrators and users 3 Add comments here
API SECURITY

Provides appropriate data security controls (e.g. data 3 Add comments here
General security standards and 15% 3.00 0.45
processing, data storage, and data access)
polices for user access, data
processing, API authentication, and
protection against malicious attacks Supports API security mechanisms (e.g. tokens, encryption, 3 Add comments here
policy systems, etc.)

Provides out of the box configurable reports for API metrics 3 Add comments here
API ANALYTICS

Basic monitoring and reporting on Provides drill-down analytics for API program health checks 3 Add comments here
and KPI analysis 10% 3.00 0.30
API program performance and
advanced analytics to provide
business KPIs and API metrics Offers on demand report generation for exception handling 3 Add comments here
visualization and real-time troubleshooting
 TIBCO implemenation guide | 24

AREA SCORECARD CRITERIA RATING SCALE FOR COMMENTS AREA AREA WTD.
EXPECTATIONS WEIGHT RATING RATING
1= BELOW, 3= MEETS, 5= EXCEEDS

Provides support for DevOps practices like automation, 3 Add comments here
API SDLC workflows, scripts, and testing tools

Provides support for CI/CD, multiple Supports role based access control ensuring no overlap 3 Add comments here
between development roles 10% 3.00 0.30
deployment options, and governance
of independent API teams
Provides audit trail (date, time, user) of all changes made to 3 Add comments here
production systems

Provides open API support for industry accelerators (e.g. open 3 Add comments here
API INNOVATION banking, HL7 FHIR Healthcare)

Accelerates time to value through Supports mobile and multiexperience API development and 3 Add comments here
activation of an API economy and 10% 3.00 0.30
engagement
multiple monetization models
Supports microservices and service mesh architectures 3 Add comments here

Provides effective and timely communication regarding 3 Add comments here

TRAINING & SUPPORT changes

Supports proactive response to meet Offers a follow the sun support model (e.g 24x7 support) 3 Add comments here
5% 3.00 0.15
the needs for quality, service, cost,
and technical support
Provides access to user community to gain insights, guidance, 3 Add comments here
and support

Provides a comprehensive API strategy and investment plan 3 Add comments here
INDUSTRY EXPERIENCE

Provides strong API management Supports a strong customer success and onboarding 3 Add comments here
methodology 5% 3.00 0.15
rooted in industry experience and
thought leadership positions
Provides cloud-based solutions for diverse customer sets 3 Add comments here
 TIBCO implemenation guide | 25

MY API MANAGEMENT PLATFORM SCORECARD

COMPANY NAME:
SYSTEM CATEGORY: OVERALL RATING:
CONTACT:

AREA SCORECARD CRITERIA RATING SCALE FOR COMMENTS AREA AREA WTD.
EXPECTATIONS WEIGHT RATING RATING
1= BELOW, 3= MEETS, 5= EXCEEDS

ARCHITECTURE

High throughput, low latency, and

scalability combined with best
practices and technology that result
in flexible, consumable and
extensible experience

DEVELOPER PORTAL

Innovative developer community

engagement model and tools
offering configurable partner and
developer onboarding and
experience management

API GATEWAY

API lifecycle management, API

mocks, configuration management,
streaming, and standardized CI/CD
deployment options

API SECURITY

General security standards and

polices for user access, data
processing, API authentication, and
protection against malicious attacks

API ANALYTICS

Basic monitoring and reporting on

API program performance and
advanced analytics to provide
business KPIs and API metrics
visualization
 TIBCO implemenation guide | 26

AREA SCORECARD CRITERIA RATING SCALE FOR COMMENTS AREA AREA WTD.
EXPECTATIONS WEIGHT RATING RATING
1= BELOW, 3= MEETS, 5= EXCEEDS

API SDLC

Provides support for CI/CD, multiple

deployment options, and governance
of independent API teams

API INNOVATION

Accelerates time to value through

activation of an API economy and
multiple monetization models

TRAINING & SUPPORT

Supports proactive response to meet

the needs for quality, service, cost,
and technical support

INDUSTRY EXPERIENCE

Provides strong API management

rooted in industry experience and
thought leadership positions
 TIBCO implemenation guide | 27

Step 3: Architect Your

Success
At this point, you’ve defined a winning API strategy, selected they map to internal business processes. Figure 2 shows an
the right API management system, and assembled a rockstar example of an API end-to-end lifecycle process (Fig 2).
team to conquer the world and take your digital transformation
to the next level. What’s next? Here’s where the rubber meets
the road and you integrate the API lifecycle into your MANAGE PUBLISH
PUBLISH REFINE API PRODUCT
organization. Keeping aligned with your API strategy, follow WITH CONTROL PRODUCTION
CENTERV
MOCK API POLICIES
API MANAGER

these steps as part of your rollout plan:

n Define your process flow

DESIGN DISCOVER
API
n Create minimum viable products
MODEL & SHARE ADDITIONAL
WITH API MODEL & API
MOCK
MOCK API API CONFIG
ENDPOINT ARCHITECT

n Mature through iteration

IMPLEMENT AUTOMATED API

DESIGN & TEST DEPLOY TO
WITH INTEGRATION ENDPOINT
APPS
BUILD API LOCALLY CLOUD
REGISTRATION
DEVELOPER

Define a winning API strategy, select the right API

management platform, and assemble a rockstar
team to conquer the world and take your digital Figure 2 API end-to-end lifecycle.
transformation to the next level. What’s next? Here’s
where the rubber meets the road and you integrate To map your own API end-to-end lifecycle process:
the API lifecycle into your organization. •  Start at the point where an idea becomes an API opportunity
•  On whiteboard or paper, draw each step of the information
flow across your API ecosystem
Define your process flow •  Identify critical system integrations

Define key pieces of your business and technical processes and

*Refer to the Business Process Flow worksheet on the
map out the API end-to-end lifecycle. The goal of this step is to
next page.
develop a visual representation of your API processes and how
 TIBCO implemenation guide | 28

Worksheet: Business Process Flow

(EXAMPLE) API END-TO-END LIFECYCLE

STAGE ENTER THIS STAGE WHEN... OWNER

DESIGN API budget approved, data sources API Architect

identified, and resources allocated

IMPLEMENT API mockup created, endpoints API Developer

configured, and security settings added

MANAGE API built, tested, deployed, and endpoints API Product Manager
and policies registered

STEADY STATE API published API Product Manager

MY API END-TO-END LIFECYCLE

STAGE ENTER THIS STAGE WHEN... OWNER

DESIGN

IMPLEMENT

MANAGE

STEADY STATE
 TIBCO implemenation guide | 29

access control (RBAC), SSO, or LDAP, in conjunction with transport

layer encryption (TLS) to protect data. Implement API throttling,
Pro Tip: rate limiting, and quotas to maintain API peak performance.
Discuss the sample process with your API Team
and modify it to fit your organization’s business
and technical environments. If you don’t have a Pro Tip:
defined API end-to-end process, now is a good A resource that can be helpful in understanding the
time to define one. complete API lifecycle and managing the integration
in your organization’s business processes and software
development model is Nelson Petracek’s “API Success:
The Journey to Digital Transformation,” in which he
Create Minimum Viable Products describes how the API lifecycle varies from traditional
Full lifecycle API management includes everything you need to software development.
get an API modeled, built, and published for your community
to consume. Although the lifecycle does have numerous stages,
and some can be more lengthy than others, speed is still the
goal. Your focus should be to release minimum viable products Test Your APIs
(MVPs) that meet the core requirements and can be rapidly Include testing in every stage of the API lifecycle. One
scaled and improved based on market feedback. When creating recommended starting point is to use mock apps to allow testing
MVPs, follow these guidelines: of API contracts before the underlying service(s) are built. Another
recommendation is to employ an iterative software development
•  Build APIs that are easy to use lifecycle (SDLC), and automate API testing and deployment.
•  Secure your APIs
•  Test your APIs *See the Minimum Viable Product worksheet on the next page.

Mature through Iteration

Build APIs that Are Easy to Use When you are considering iteration, you know that you
Design your API according to best practices. Focus on have reached the end of your API’s first lifecycle. This is not
consumption, security, and provide easy to understand the proverbial end of the road, but rather an opportunity
documentation and SDKs. Keep it simple and ensure that you are to communicate the business value of your API and
providing data that your consumer needs to enrich their application. release a roadmap that incorporates market feedback. This
process includes:
Secure your APIs •  KPI Definition
Enforce general security management capabilities across APIs
•  Continuous Improvement
(internal and external). Offer authentication like OAuth, role-based
 TIBCO implemenation guide | 30

Worksheet: Minimum Viable Product

(EXAMPLE) API MVP LIST

AS A (TYPE OF USER) I WANT TO (PERFORM A TASK) SO THAT I CAN (ACHIEVE A GOAL)

As loyalty program member I want to view and book redemption So that I can use my loyalty points to
flights through the mobile app book redemption tickets without
switching to an alternate interface

MY API MVP LIST

AS A (TYPE OF USER) I WANT TO (PERFORM A TASK) SO THAT I CAN (ACHIEVE A GOAL)

 TIBCO implemenation guide | 31

KPI Definition
Transforming API data into actionable insights and valuable •  Are developers asking for additional features to make their
business measures requires that the API Team defines and lives easier?
measures the right KPIs to demonstrate value as it relates •  Has the market shifted?
to the organization’s core business goals and KPIs. Example
•  What are the top five support issues raised last quarter?
KPIs include number of active developers, number of API calls,
number of active users, average revenue per user (ARPU), The process of addressing these questions lies with your
lifetime customer value score, and much more. organization’s product management model. If you are following
a pragmatic marketing approach, the API product manager will
*See the Define KPIs worksheet on the next page. work these insights into their market definition and product
roadmap feature backlogs.
Continuous Improvement
*See the Iteration Planning worksheet on page 33.
After an API has been in the market for a short period of time,
the API Team should review market and user data to plan
roadmaps. Here are some questions to start asking:

•  Is performance taking a dip because of call volumes?

 TIBCO implemenation guide | 32

Worksheet: Define KPIs

(EXAMPLE) API PROGRAM KPIs

GOAL METRIC PRIORITY

Increase subscriptions by 25% Number of active developers Must have

Number of active users

Increase company market share by 15% Number of API calls Must have
Number of active users

Increase revenue per customer by 50% Average revenue per user (ARPU) Important
Lifetime customer value

MY API PROGRAM KPIs

GOAL METRIC PRIORITY

 TIBCO implemenation guide | 33

Worksheet: Iteration Planning

MY API PRODUCT PLAN MATRIX

EXAMPLE Q1 Q2 Q3 Q4 H1 H2 Y FUTURE
THEME Mobile
redemption

MARKET Travel

MARKET Airline
SEGMENT

TARGET Frequent
PERSONA(S) Traveler

PERSONA Book
GOAL(S) redemption
ticket on
mobile device

DEPENDENCIES • Mobile App

• Loyalty System
• Reservation System
• Payment Gateway
• Booking Engine

PLATFORM Company
App

KEY EVENT(S) Member

engagement
campaign
 TIBCO implemenation guide | 34

Continue the Momentum

As your API program and team grow, set your sights on new discovered. Every business wants to grow partner ecosystems
use cases that can unlock innovation opportunities. If you’ve so they can focus on what they do best while relying on others
been focused on developing and deploying internal APIs to to help fill go-to-market needs and provide scale so they can
accelerate digital transformation initiatives, you may consider better serve their customers.
exposing an API to mobilize innovation from an external APIs that are designed, delivered, and managed as products
developer community. Some API teams may find that once can support all of these goals. They can make an organization’s
data or a new service is exposed, people will think of new ways digital assets available for everyone’s consumption. They can
to use the data. More importantly, users will come up with enable an instantaneous business turnaround in response to
recommendations for how more data can unlock a specific market shift for change in the customer journey. API products
innovation. You may also choose to take a deep dive into your can expose an organization to new businesses, partners, and
usage patterns to identify better ways of giving access to data ecosystems. And they can do all of these things quickly and
and services to foster innovation and revenue growth. In the with agility, creating a competitive advantage. The journey
API world, you can’t just build APIs and sit back and watch starts with getting the first API product on the roadmap.
them grow—they need nourishment.
APIs are how modern business is executed. They’ve become
Business agility is now a business necessity. Widely fluctuating an integral part of the IT architecture and also a catalyst
markets and disruptions of all types demand that businesses for industry disruption and innovation. Organizations that
adapt more quickly than ever to stay resilient, or risk losing approach APIs with the right team, strategy, and execution plan
their right to stay in the game. Many organizations have will be destined for success in today’s marketplace.
mountains of data full of untapped value just waiting to be

Since 1995, Campari has completed 27 acquisitions. Each time, to publish APIs to the outside world, the company needed to
integrate the acquired company’s systems and data, first transforming it to make it consistent with its standards. Its digital
transformation journey to create digital products started in late 2017. With its TIBCO API platform and well-defined API-first
strategy, it provided secure access to its data, increased partner and customer adoption of its APIs, and paved the way for
innovative new services to be quickly offered to the market. Rapid innovation came from aligning APIs to offer B2B services
and deploying Open API initiatives for the developer community.
 TIBCO implemenation guide | 35

“Our API strategy is staring right now. So this is the biggest change that we are looking forward to do since
we are really exposing our data to external developers. This will enable Campari Group to share data that
was not shared before as well as providing services that were not provided before.”

—Campari Integration Architect Alessandro Lanna

Build your momentum. Visit the TIBCO API-Led Integration

website to learn about the benefits of API-Led Integration
to accelerate your enterprise with API-led microservices,
serverless functions, and integration flows seamlessly
connecting all your business systems and data sources in a
single actionable platform providing you with the tools to
redefine your digital business model, pivot to new verticals and
adapt to changing customer expectations, fluctuating markets,
and technology trends.

©2021, TIBCO Software Inc. All rights reserved. TIBCO, the TIBCO logo, Mashery, and TIBCO Cloud are trademarks or
registered trademarks of TIBCO Software Inc. or its subsidiaries in the United States and/or other countries. All other
product and company names and marks in this document are the property of their respective owners and mentioned for
identification purposes only.