Appendix

API Maturity Model

Overview

The API Platform Maturity Model is a holistic and open framework designed to assess an organisation’s API platform's maturity. It helps teams chart a strategic roadmap for developing and managing APIs and API products, ensuring alignment with business goals, enhancing developer productivity, and fostering collaboration.

Objectives

  1. Assess current API platform maturity.
  2. Define target maturity levels within 6 to 12 months.
  3. Allocate resources effectively to achieve the defined maturity roadmap
  4. Foster collaboration across teams towards a shared outcome

Key Pillars and Levels

Part 1: For Platform Managers and Decision-Makers

Maturity Pillar
Maturity Questions
Level 1 (Provisional)
Level 2 (Operational)
Level 3 (Scalable)
Level 4 (Optimising)
Investment
How are resources/ funds being allocated in the development of the API platform and platform team?
Temporary project basis/ ad-hoc.
Dedicated resources/ project based.
API platform as a product for 80% of use cases
Platform extended to enable innovation of latest API standards or widened to incorporate bespoke edge cases.
People & Team
Who maintains/ is responsible for the API platform, and who has access?
Voluntary/ individuals dotted across the organisation.
Small central tech, architecture or ops team.
Dedicated platform team overseeing federated/ distributed dev teams.
Dedicated platform product managers and API specialists continuously iterating on priority API platform improvements.
Tooling & Interfaces
How are APIs within the platform surfaced to consumers?
Shareable API documentation (if at all).
Thinnest viable platform e.g. API wiki.
Mature API catalogs as part of an IDP/ external portal.
APIs deeply integrated into products and accessible on granular user permissions.
Process & Operations
How are API platforms and their capabilities planned, prioritised, developed and maintained?
On individual requests/ ad-hoc sharing basis.
Manual submission to the central resource.
Central team enablement & automated service deployment and operations.
Further bespoke workflows and distributed developer experience tooling to drive further efficiencies.
Measurement & Reporting
How do you measure and report successes and learnings?
Basic metrics with ad-hoc reporting.
Dedicated KPIs collected and reported frequently.
Focused KPIs reported along with insights and analysis, available on a central portal.
Self-service KPI reporting dashboards targeted at technical and non-technical audiences.

Part 2: For Platform Engineers and Implementers

Maturity Pillar
Maturity Questions
Level 1 (Provisional)
Level 2 (Operational)
Level 3 (Scalable)
Level 4 (Optimising)
API Governance
How do you manage and apply API governance policies and standard practices across your organisation?
Developers run API development tasks on an ad-hoc basis.
Central API platform team with API ops still owned by distributed API dev teams, basic API ownership enforced.
Templated API development and operations golden paths standardised across the organisation, personalised ‘API team’ views.
Continued investment to support latest API standards and drive further innovation and efficiencies. End-to-end visibility of APIs. Development of platform APIs to add further value.
API Security
What organisation-wide API security standards do you have in place?
Basic per API rate limiting, token-based authorisation applied by individuals.
Standardised API rate limiting and token-based API authentication and authorisation advised by central platform team.
Global API security enforced inc. rate limits, central trust using claims to further token-based API authorisation and authentication.
Continual API security, pen testing and audits. Robust compliance to sector-specific or global regulations regularly achieved.
API Consumer Experience (API discoverability)
How are APIs documented, discovered, accessed, and supported?
Internal word docs shared, API access granted via manual requests e.g. email. Individual adoption.
Internal API catalogs emerging (e.g. API documentation wikis), access granted through formal API requests to central owners. API adoption by multiple teams.
Self-service API catalogs with documentation standards adhered to and access granted on a permissions basis. API SLAs in place.
Context-specific API interfaces, with granular permissions and automated role or subscription-based access control baked in. SLAs continually met. API adoption by non-techs.
API Developer Experience (APIOps)
What does your end-to-end API development and deployment workflow/SDLC look like? What best practices are followed?
Click ops or manual process to move APIs between environments. Ad-hoc API design and development workflows.
GitHub actions, config scripts and basic GitOps or CI/CD deployment pipeline best practice for APIs achieved.
Native technologies in use (CI/CD ops tools), automated API creation, testing and deployment achieved.
Consistent API development tooling in use at all stages of the API SDLC e.g. API design, linting, SDKs or IDEs. Seamless collaboration within teams.
API Observability
What level of insights do you have across your API platform stack?
Basic API telemetry used to analyse API stability, error rates and traffic levels.
Comprehensive API analytics summary dashboards, accessible for API platform management and API development.
Granular API tracing, API telemetry exported and viewed within central observability platform.
Mature API observability dashboards for variety of BAU (alerting and monitoring) and strategic platform KPI/value reporting.

Conclusion

Advancing through the maturity levels requires intentional collaboration across all pillars. The model is a flexible tool tailored to each organisation's context and goals, guiding meaningful progress and innovation in API platform management.

Previous page
Contents
Back to top

Download as PDF