Consumer APIs and Enterprise APIs

Originally posted on, on Tuesday July 17th 2012, by Mark O’Neill, CTO at Vordel

Consumer APIs and Enterprise APIs – the difference is the data

In the Enterprise API Management article I recently wrote for Computer Technology Review, I draw a distinction between consumer APIs and enterprise APIs. Consumer APIs are APIs which businesses “put out there” primarily in order to drive developers to create apps which drive traffic and generate advertising revenue. Enterprise apps, by contrast, typically connect back into enterprise systems (such as HR or payment processing systems). If you look at enterprise and consumer APIs at a technical level, they look the same: typically both use REST, JSON, API Keys and OAuth. The difference is not the API itself, the difference is the data. When people talk about securing an API, really they mean securing the data which is flowing through the API. Enterprise APIs have high-value data. That is the difference.

An API Server allows you to manage both consumer and enterprise APIs. In the case of a consumer API, although the data is not high-value, you still want to apply an SLA to the API so that you are alerted if it is not performing as expected. In addition, it is valuable to use API Analytics to answer the “Goldilocks Question” (Who’s been using my API?). In the case of enterprise APIs, where the stakes are higher, you must ensure that data is protected en route to the API, and that requests are validated (here is a how-to guide to API authentication based on what a key early adopter has done).