Who’s Keeping Track of Your API Usage?

Your association, for various reasons, might rely on dozens of APIs to offer members basic functionality and integrations. So what happens when one of them stops working?

Let me know if this state of affairs sounds familiar: You have a piece of legacy technology, something that’s worked for a while but was built using custom parts, and all of a sudden it stops working.

The cause? A third-party provider whose application programming interface (API) provided the basis for that custom tool decides one day to make a change.

Fixing the broken tool requires a lot of extra work that you haven’t budgeted for, and even if you have a relationship with the vendor, the tool is basically useless due to the API change—until you fix it, if you can.

Maybe the API was put to pasture because it was outdated technology. Maybe it was because the company made a business shift. But whatever the case, you’re stuck reacting.

A couple of examples of this worth pointing out:

MailChimp, the popular email service, sunsetted an old version of its API a few years ago, choosing not to support it, but it still worked until the company made changes to its security approach at the end of last month. This was probably a necessary change, but it caused the old version of the API not to work.

Google made modifications to its API model for the popular Google Maps tool. (You might use it on your association’s website, say, for an interactive campaign in which you use mapping to highlight data.) An API key is now required for using Maps on a third-party site or application, and the company will require payments for use beyond a $200 monthly credit.

Last week, Twitter disabled a vintage API that didn’t have a lot of corporate users, but those users were responsible for a number of popular third-party clients, including Tweetbot and Twitterrific. The apps still work, but their notifications are delayed, their livestreaming functionality is broken, and their activity feeds are disabled, which means that you’ll get a degraded experience compared to the official Twitter app. The company, which has lately gained a reputation for poorly explained decisions, was obtuse about why it made the move.

The problem for associations is that there are a lot of custom applications, or integrations, to manage, and they’re not always the easiest things to keep track of. Chris Yoko, the president and CEO of the nonprofit-focused web design firm Yoko Co., says API management issues can be a major headache for any organization, even vendors who do this work full-time.

“It adds yet another thing you need to worry about,” Yoko wrote in an email. “It makes it that much harder for organizations to manage all of this on their own, especially in conjunction with a myriad of other things.”

Yoko notes that for associations, integration is particularly complicated because of the sheer number of APIs that must be managed. Your bedrock technology alone—your association management system, your learning platforms, your online community, and your content management system—spit out and digest different APIs. And those applications speak with lots of different platforms as well. Yoko says that some of his company’s clients “may have literally hundreds of components to manage on an ongoing basis.”

What can be done? A few thoughts and insights:

Write stuff down and keep it in an easy-to-find place. API management is far easier if it’s well organized. If you sign up for different applications and use them willy-nilly, it can make problems hard to track later on. As with passwords, it makes sense to store common API keys in a place where those who need access to them can get to them.

Don’t tie API keys to individual users. You may have an on-staff guru who knows everything there is to know about the Google Maps API, but remember: People leave jobs, email addresses get shut down, and APIs inevitably get upgraded—and it might happen years after your guru did the original work. Recovering from a broken API breakpoint or a missing password, as Yoko Director of Client Results Ray Van Hilst explained in a blog post last year, is a heckuva lot harder when you can’t track the source.

Consider making API management someone’s job. Yoko says you may reach a point with managing integrations where it makes sense to have someone minding all of these relationships to ensure everything works. “Every move like this that requires yet another account is another thing to manage,” he explains. “It’s death by 1,000 paper cuts. At some point you [may need to] have a full-time staff member whose sole function is to keep existing licenses and accounts active and running as they should, hopefully without cost overruns and outages.” Consider it your own on-staff software auditor.

In a world where a necessary software integration can break because of a decision that had nothing to do with your own use of the tool, or where a software vendor can suddenly hit you with an out-of-the-blue licensing change, it’s a lot to consider.

But having a plan and a little organization is way better than running into the shock of a broken plug-in or tool after the fact.

If something breaks out of the blue, you might be stuck reacting. (Allkindza/E+/Getty Images Plus)

Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!