--- published: true layout: post title: Will You or a Vendor Complete The Map of Your API Resources and Capabilities? tags: - Surveying - Assessment - Mapping - Landscapes - Gateways - Pipelines - SDKs - Clients - Security image: >- https://kinlane-productions2.s3.amazonaws.com/algorotoscope-master/eugenics-city-clouds-waterfront.jpg --- Mapping out the landscape of existing HTTP APIs across the enterprise is the number one challenge engineering leadership faces right now. In the race for the web, then for mobile, and now for API, enterprises are left with thousands of APIs in operation that they can’t quite ever see. Vendors are racing to provide the solution for enterprises to survey and assess their APIs from a gateway, security, client, or other perspective. As with every other aspect of our enterprise operations there are plenty of vendors working to provide us with solutions for surveying and assessing our API landscape in one-time and ongoing ways, approaching this landscape mapping from the following dimensions of our API operations. - **Gateway** - The configuration and the logs at the runtime provide information that should be added to the system of record. - **Pipelines** - Each CI/CD pipeline used to deploy APIs provides important details of each API as well as the governance of APIs. - **SDKs** - The SDKs developed and generated as part of the production and consumption of APIs contain useful evidence of APIs. - **Clients** - API clients provide an important opportunity for forking, sharing, and gathering of the evidence of how APIs get used. - **Security** - Scanning, fuzzing, testing, and other types of security tests provide an opportunity to map the overall API landscape. These rareas epresent the primary targets for acquiring the evidence of APIs in production, with gateways being the holy grail of the API runtime source of truth. Each of these areas can be mined and sampled for evidence of APIs in production, and used to enrich OpenAPI and JSON Schema artifacts that are in turn used to make documentation, sandboxes, SDKs, clients, and automation for useful in our everyday work. The big question though, is who will ultimately be able to complete the definition of your enterprise API resources and capabilities. Will you be able to complete the definition, or will your vendor be able to do it first? Ultimately this will define the control you have over the direction your enterprise is able to move, and just how fast you can move in any one direction.