Image Blog 6 Risks Consuming 3rd Party API
August 25, 2018

6 Risks of Consuming Third Party APIs

Security
Developer Portal

Third party APIs are used everywhere — but they're growing in popularity in the enterprise. But consuming third party APIs in the enterprise brings serious risks. 

In this blog, we break down:

What Are Third Party APIs?

Third party APIs are APIs provided by a third party that allows one application to talk to another. For example, you may use a third party API to use data from an application that someone else has created. This might mean pulling in a map from Google. 

The use of third party APIs is continuing to accelerate — especially in the enterprise. Here at Akana, we've seen too many companies who are not managing the consumption of third party APIs. And it's getting costly. 

First vs. Third Party APIs

A first party API is one you've developed internally at your company. A third party API is one developed by another company that your company might decide to consume. 

There are, of course, pros and cons to both first and third party APIs. First party APIs require work on your company's side to create — but they give you full control over the API lifecycle. Third party APIs don't require work from your company — but you don't have control over the API lifecycle.

In particular, this can lead to some major risks of consuming third party APIs — especially in the enterprise.

👉 Become an Expert. Explore the API Lifecycle Hub >>

 

6 Risks of Consuming Third Party APIs

There are six major risks of consuming third party APIs in the enterprise

1. Misuse of the API Leads to Unnecessary Charges

One particular company that we spoke with was using a third party API that lets them download images. They are charged per image download. And if they download the same image multiple times, they are charged each time the image is downloaded.

This company said that some images get download several times, by the same person even, because they aren’t governing the consumption of that third party API.

Therefore the company is charged several times for an image they already own.

2. Inability to Negotiate With Third Party API Providers Increases Costs

A common scenario that can occur in a company with several lines of businesses (LoB). Each one is armed with their own budget for discretionary spending. They have several different contracts with the same third party API provider.

Depending on the third party API provider, the company could negotiate a better terms of service contract. So, the enterprise could use one contract instead of have several contracts each at a higher rate. However, not all of the LoBs are happy with this, because they only want to be charged for their own particular usage.

3. Can’t Validate Usage Charges Due to Unknown Enterprise Consumers

A majority of the companies that we’ve talked with are unsure who is using the third party API.

Therefore the company is unable to accurately validate the usages charges they are being bill for. In addition, if they want to change service providers they have no idea what systems, applications, or products are using the third party service.

4. Potential Security Vulnerabilities

Quite often, employees tend to use their enterprise credential when signing up for third party APIs. These APIs might be taking in their credentials in the open.

And that employee could unknowingly be putting the entire company and all of their assets at risk.

5. No Visibility Into Third Party API Consumption

Every single company has — or will have — the problem of not knowing which third party APIs are being consumed in the enterprise.

This can open the enterprise up to other problems in personal information security, regulatory compliance, and other technical and legal threats.

6. No Visibility Into Terms of Service (ToS)

Not many companies are overly concerned about the visibility of the terms of service (ToS). Or they may not know if they are receiving the quality of services defined in their ToS, because using a third party API is still in its infancy. The third party APIs are not often core part of mission critical application.

That is changing, though. Third party services will become more critical to your business. So, you need to understand the ToS as this could determine in which aspects of your business you are allowed to use the API in.

For example, there might be terms as to who owns the data flowing through the API. These terms might not meet the personal information security policy established for that aspect of the business. As the third party services become more critical, you will want to measure and ensure you are receiving the quality of service defined in your contract.

How to Reduce the Risk of Third Party APIs

The best way to reduce the risk of third party APIs is to use an API management platform. Using the right platform can save your enterprise millions of dollars a year. 

Find Out How Much You Can Save

Measure the KPIs for your APIs. Simply answer a few questions about your business and learn how using an API management platform can deliver business value. 

Measure API Performance Indicators

Here's how an API platform like Akana can reduce the risk of third party APIs.

1. Avoid Misuse By Applying Security Controls

Security controls in API gateways enable you to secure and protect your system, so you can avoid misuse. 

Consider the example we shared earlier of employees downloading the same image multiple times. By using an enterprise API catalog and API gateway — like those offered by Akana — you can avoid misuse and extra costs. 

You can put controls on API use through the Akana API gateway. So, when an image is downloaded from the API, it is saved to a file system. The next time the API is called, it will check to see if the image exists in the local file system. Only if it does not exist in the local file system will it retrieve the image from the third party API. This will ensure that the third party API is not misused.

2. Reduce Costs by Analyzing API Consumption

API analytics enables you to measure the impact of your programs. This helps you analyze API consumption, so you can reduce costs.

Consider the example we shared of negotiating an enterprise contract for multiple LoBs with the third party API. By using the Akana API gateway, you'll be able to track how much each LoB consumed of the API. The API analytics tools within Akana can break down the chargebacks accordingly. 

So, as a result, each LoB gets what they need — a break down of their costs for using the third party API. At the same time, the entire enterprise benefits with a single view and contract for the third party API. 

3. Validate Usage With an API Catalog

An enterprise API catalog gives you visibility into API usage. This helps you validate usage — and know who is consuming the third party APIs. 

Consider the example we shared of not knowing who was using the third party API. With the Akana integrated API catalog and API gateway, you can track and manage who is consuming the API. 

4. Avoid Security Vulnerabilities With an API Gateway

An API gateway enables you to protect your systems and data — and avoid security vulnerabilities that come with using third party APIs. 

Consider the example of the employee signing up for a third party API with their company credentials. With the Akana API platform, you'll get visibility into who is using the third party API. And you'll be able to implement security controls to protect your data.

5. Gain Visibility Into API Consumption

As we shared earlier, an API catalog gives you visibility into API consumption. This helps you monitor who is consuming APIs and protect your business. 

Consider the example we shared of the security risks of API consumption. With the Akana API Gateway, you can prevent employees from inadvertently exposing their enterprise credentials. Plus, you get the analytics, alert management, and real-time system monitoring capabilities you need to control API consumption. So, you'll know who's using the API and what impact it will have on security and compliance. 

6. Gain Visibility Into Terms of Service

API platforms improve developer engagement while providing visibility into usage, including terms of service.

Consider the example we shared of the lack of visibility into terms of service (ToS). With the Akana API platform, you'll get visibility into how third party APIs are consumed in the enterprise and what their ToS are. 

The API catalog within Akana combines the collaborative, open practices of external API portals. This means you get search, controlled visibility, selective provisioning, and integration with enterprise security. 

The catalog gives you the power to manage the ToS of those APIs — and understand the terms easily. 

Manage Third Party APIs With Akana

Third party APIs are everywhere. And your business will need to leverage them to move forward. But you can avoid the risks of third party APIs — and maximize the benefits — by using the Akana API platform

With Akana, you get everything you need to secure, monitor, and analyze third party API usage:

  • An enterprise developer portal (with a complete API catalog) to maximize engagement and minimize misuse.
  • A strong Akana API gateway that enables security controls and protects the enterprise. 
  • In-depth API analytics and insight into how third party APIs are used.
  • Full lifecycle management capabilities for the lifespan of third party APIs. 

See for yourself what Akana can do for your business. Sign up for your free 30-day trial of Akana. 

Try AKANA fOR Free ▶️ WATCH A DEMO