API discovery: What is it and how does it work?

Whether it’s the thought of zombie API security vulnerabilities or the need for features you don’t want to develop in-house that’s stressing you out, API discovery could be the answer. APIs are connecting the world and API discovery is how you can find them and uncover what they do. 

What is API discovery? 

API discovery is the process of searching for and finding API resources. It covers both internal and external APIs. 

Why use API discovery? 

You can use API discovery to: 

  • Find rogue and zombie APIs – all those old versions that should have been taken offline and decommissioned but, for one reason or another (personnel changes or forgetfulness, usually), remain operational.
  • Ensure project efficiency and avoid different teams reinventing the wheel when working on company projects. API discovery can help engineering and security teams find out what already exists within the business that might be reusable.
  • Develop functionality. Say you want to provide an interactive map and route planning functionality via your website or app. You can develop this functionality in-house or search for an external API that provides it. Discovering the latter can mean saving a great deal of time and effort.
  • Test software. Finding the right APIs to help with their work means software testers can undertake tasks faster and more efficiently. This can deliver a faster time to market while still ensuring rigorous testing quality. API discovery can also help software testers ensure they are using the most recent version of an API, as well as flag any new APIs that may introduce further efficiencies.

Note that software testers may test APIs themselves. In this case, automated API discovery tools can help; some can identify which forms of sensitive data an API can access. This can help identify security vulnerabilities and concerns.

The benefits of API discovery

The above examples highlight some important reasons for using API discovery:

  • Discovering shadow, rogue or zombie APIs can neutralize the threat of them compromising data security by making company data accessible when it shouldn’t be. They could also deliver a poor user experience, with nobody maintaining or monitoring them. 
  • Using internal API discovery for project efficiency delivers better use of resources and enhanced collaboration, saving costs on developer time and resources while getting to market faster.
  • Using external API discovery to embed specific functionality can save money and support faster product development.

Types of API discovery 

Broadly speaking, API discovery can be broken down into two main types: 

  • Manual API discovery – this involves developers manually searching for APIs through directories, documentation and word-of-mouth recommendations.
  • Automatic API discovery – this involves using tools that scan and index APIs. These tools are faster than manual methods. A discovery API is one such example. It can enable developers to search for APIs based on criteria such as functionality, tags and keywords. 

How to make your API discoverable 

API discovery benefits businesses selling APIs. Documentation is critical to making an API discoverable, making it easy for people to find out what it does and how. You can do this by: 

  • Listing your API with directories 
  • Ensuring your API is machine readable – after all, it may be a computer trying to discover what your API is about rather than a human
  • Making your website SEO-friendly 

API discovery tools

Some API discovery tools scour directories based on specific criteria and keywords. Others scan your API traffic to identify instances of API calls going through your network, then establish where those calls go. Some of these can also identify if sensitive data has been accessed.

The industry standard in making APIs discoverable, meanwhile, is the OpenAPI Specification. This defines a standard, language-agnostic interface to HTTP APIs, meaning that humans and computers can discover, understand and interact with only a minimal amount of implementation logic.

Is service discovery in microservices the same as API discovery? 

Service discovery and continuous API discovery are not the same thing. Service discovery in microservices is about locating available services within a microservices architecture. That means dealing with a dynamically changing upstream service set across independent microservices. 

A client uses service discovery functionality to find the service it needs within containerized environments where various factors (such as the number of service instances) can change dynamically.

With a microservices API gateway added into the mix, service discovery can be combined with other functions to deliver a more robust service. For example, combining service discovery with a circuit breaker makes it possible to easily detect and discover failures at the gateway level when load balancing between multiple Docker containers. When a container fails and a new service spawns on a different IP address, the service discovery functionality can detect the failure and reconfigure itself without the need for manual intervention.

Wrap up

API service discovery can enhance your efficiency, help you remove security vulnerabilities, find functionality and features you need and help you test software. Use it to find the resources you need to take your API management to the next level. 

Need more input? Why not browse the Tyk Learning Center to see what you can discover?