Submit support requests and browse self-service resources.
Third party APIs are used everywhere — but they're growing in popularity in the enterprise. But consuming third party APIs in the enterprise brings serious risks.
In this blog, we break down:
Third party APIs are APIs provided by a third party that allows one application to talk to another. For example, you may use a third party API to use data from an application that someone else has created. This might mean pulling in a map from Google.
The use of third party APIs is continuing to accelerate — especially in the enterprise. Here at Akana, we've seen too many companies who are not managing the consumption of third party APIs. And it's getting costly.
A first party API is one you've developed internally at your company. A third party API is one developed by another company that your company might decide to consume.
There are, of course, pros and cons to both first and third party APIs. First party APIs require work on your company's side to create — but they give you full control over the API lifecycle. Third party APIs don't require work from your company — but you don't have control over the API lifecycle.
In particular, this can lead to some major risks of consuming third party APIs — especially in the enterprise.
There are six major risks of consuming third party APIs in the enterprise.
One particular company that we spoke with was using a third party API that lets them download images. They are charged per image download. And if they download the same image multiple times, they are charged each time the image is downloaded.
This company said that some images get download several times, by the same person even, because they aren’t governing the consumption of that third party API.
Therefore the company is charged several times for an image they already own.
A common scenario that can occur in a company with several lines of businesses (LoB). Each one is armed with their own budget for discretionary spending. They have several different contracts with the same third party API provider.
Depending on the third party API provider, the company could negotiate a better terms of service contract. So, the enterprise could use one contract instead of have several contracts each at a higher rate. However, not all of the LoBs are happy with this, because they only want to be charged for their own particular usage.
A majority of the companies that we’ve talked with are unsure who is using the third party API.
Therefore the company is unable to accurately validate the usages charges they are being bill for. In addition, if they want to change service providers they have no idea what systems, applications, or products are using the third party service.
Quite often, employees tend to use their enterprise credential when signing up for third party APIs. These APIs might be taking in their credentials in the open.
And that employee could unknowingly be putting the entire company and all of their assets at risk.
Every single company has — or will have — the problem of not knowing which third party APIs are being consumed in the enterprise.
This can open the enterprise up to other problems in personal information security, regulatory compliance, and other technical and legal threats.
Not many companies are overly concerned about the visibility of the terms of service (ToS). Or they may not know if they are receiving the quality of services defined in their ToS, because using a third party API is still in its infancy. The third party APIs are not often core part of mission critical application.
That is changing, though. Third party services will become more critical to your business. So, you need to understand the ToS as this could determine in which aspects of your business you are allowed to use the API in.
For example, there might be terms as to who owns the data flowing through the API. These terms might not meet the personal information security policy established for that aspect of the business. As the third party services become more critical, you will want to measure and ensure you are receiving the quality of service defined in your contract.
The best way to reduce the risk of third party APIs is to use an API management platform. Using the right platform can save your enterprise millions of dollars a year.
Find Out How Much You Can SaveMeasure the KPIs for your APIs. Simply answer a few questions about your business and learn how using an API management platform can deliver business value. Measure API Performance Indicators
Find Out How Much You Can Save
Measure the KPIs for your APIs. Simply answer a few questions about your business and learn how using an API management platform can deliver business value.
Measure API Performance Indicators
Here's how an API platform like Akana can reduce the risk of third party APIs.
Security controls in API gateways enable you to secure and protect your system, so you can avoid misuse.
Consider the example we shared earlier of employees downloading the same image multiple times. By using an enterprise API catalog and API gateway — like those offered by Akana — you can avoid misuse and extra costs.
You can put controls on API use through the Akana API gateway. So, when an image is downloaded from the API, it is saved to a file system. The next time the API is called, it will check to see if the image exists in the local file system. Only if it does not exist in the local file system will it retrieve the image from the third party API. This will ensure that the third party API is not misused.
API analytics enables you to measure the impact of your programs. This helps you analyze API consumption, so you can reduce costs.
Consider the example we shared of negotiating an enterprise contract for multiple LoBs with the third party API. By using the Akana API gateway, you'll be able to track how much each LoB consumed of the API. The API analytics tools within Akana can break down the chargebacks accordingly.
So, as a result, each LoB gets what they need — a break down of their costs for using the third party API. At the same time, the entire enterprise benefits with a single view and contract for the third party API.
An enterprise API catalog gives you visibility into API usage. This helps you validate usage — and know who is consuming the third party APIs.
Consider the example we shared of not knowing who was using the third party API. With the Akana integrated API catalog and API gateway, you can track and manage who is consuming the API.
An API gateway enables you to protect your systems and data — and avoid security vulnerabilities that come with using third party APIs.
Consider the example of the employee signing up for a third party API with their company credentials. With the Akana API platform, you'll get visibility into who is using the third party API. And you'll be able to implement security controls to protect your data.
As we shared earlier, an API catalog gives you visibility into API consumption. This helps you monitor who is consuming APIs and protect your business.
Consider the example we shared of the security risks of API consumption. With the Akana API Gateway, you can prevent employees from inadvertently exposing their enterprise credentials. Plus, you get the analytics, alert management, and real-time system monitoring capabilities you need to control API consumption. So, you'll know who's using the API and what impact it will have on security and compliance.
API platforms improve developer engagement while providing visibility into usage, including terms of service.
Consider the example we shared of the lack of visibility into terms of service (ToS). With the Akana API platform, you'll get visibility into how third party APIs are consumed in the enterprise and what their ToS are.
The API catalog within Akana combines the collaborative, open practices of external API portals. This means you get search, controlled visibility, selective provisioning, and integration with enterprise security.
The catalog gives you the power to manage the ToS of those APIs — and understand the terms easily.
Third party APIs are everywhere. And your business will need to leverage them to move forward. But you can avoid the risks of third party APIs — and maximize the benefits — by using the Akana API platform.
With Akana, you get everything you need to secure, monitor, and analyze third party API usage:
See for yourself what Akana can do for your business. Sign up for your free 6-month trial of Akana.
Try AKANA fOR Free ▶️ WATCH A DEMO