APIs provide a universal doorway to your data and services, making it dead simple for developers to build complex applications by plugging into what already exists.
APIs are the backbone of modern software ecosystems. They are not just technical interfaces but strategic assets that unlock the value of your data and services by making them accessible to developers inside and outside your organization.
The trap is to think of APIs as mere technical plumbing. The actual job is to design APIs that act as universal doorways — simple, secure, and consistent — so your partners and developers can build new products that expand your reach and enrich user experiences.
APIs are universal doorways, not just endpoints
Think of an API as a doorway or gateway into your server or database. This doorway is controlled by keys — API keys — that grant specific access rights. Some keys allow read-only access, others enable writing or updating data. Access can be finely controlled per user or per application.
This universal access means developers can build apps on any platform, device, or operating system and still get the same consistent interaction with your backend. It is like a universal electrical plug that works anywhere, regardless of the socket.
Product strategy meeting at a Bangalore-based fintech startup
You (PM): “If we expose our payment processing via APIs, partners can integrate wallets, mobile apps, or web portals seamlessly.”
Engineering Lead: “Yes, and using API keys, we can restrict access to read-only for some partners and full transaction rights for others.”
CTO: “That also helps us monitor usage and throttle traffic to protect our servers.”
The team aligns on API design as both a security layer and a growth lever.
Balancing openness for developers with security for the platform
APIs as communication systems that power rich user experiences
APIs enable applications and devices to communicate and exchange data effectively. This communication is the foundation of integrated workflows and connected experiences users expect today.
Without APIs, each app is an isolated silo. With APIs, apps talk to each other — sharing data, triggering actions, and composing complex user journeys. This is how ecosystems of apps like Razorpay, Swiggy, and Meesho create comprehensive solutions by integrating payments, logistics, and storefronts.
Building new apps by standing on the shoulders of giants
APIs let you build applications that reuse existing code, data, and services instead of reinventing the wheel. Developers can integrate payment gateways like Stripe, mapping services like Google Maps, or video hosting like Vimeo via their APIs.
This composability accelerates development and innovation. For example, Zapier and IFTTT are platforms built entirely by creatively leveraging other APIs, enabling users to automate workflows across hundreds of apps without writing code.
This is the entire profession in one line: building new value by connecting existing capabilities through APIs.
APIs provide a universal access system across platforms
One of the most powerful API functions is platform independence. Regardless of whether the user is on Android, iOS, Windows, or Linux, the API provides a consistent interface to your backend.
This universality is crucial for Indian startups serving users across diverse devices and connectivity scenarios. Your API must not assume a specific client or environment, ensuring broad accessibility.
APIs act as filters to protect data and control access
Your servers contain data of varying confidentiality and sensitivity. APIs are your frontline defense, controlling who can see or modify what.
API keys and tokens enable granular access control — read-only, write-only, or full access — assigned per user or application. Rate limiting and throttling protect servers from overload or abuse.
Security considerations must be baked into API design, not added as an afterthought. This is especially important in India, where regulatory compliance and data privacy laws are evolving rapidly.
The cleanest way to think about API functions
- Doorway: APIs open controlled access to your backend services and data.
- Communication system: APIs enable apps to talk, share data, and create integrated workflows.
- Platform independence: APIs provide a universal interface usable by any device or OS.
- Filter: APIs enforce security, access control, and data protection.
- Building blocks: APIs let developers build new apps by composing existing capabilities.
Test yourself: Designing API access for a fintech platform
You are the PM at a Series B fintech startup in Bangalore building a lending platform. Your engineering lead wants to expose APIs to partners — banks, NBFCs, and credit bureaus — to automate loan approvals and credit checks.
You must design the API access strategy balancing openness for ecosystem growth with security and compliance.
Your lending platform is preparing to launch APIs for partners. Banks require read-write access to submit loan applications, credit bureaus need read-only access to fetch credit scores, and NBFCs want read-write access but only for specific user segments. You have limited engineering bandwidth to implement access controls.
The call: How do you prioritize and design API access controls to satisfy partner needs while maintaining security and compliance?
Your reasoning:
Your lending platform is preparing to launch APIs for partners. Banks require read-write access to submit loan applications, credit bureaus need read-only access to fetch credit scores, and NBFCs want read-write access but only for specific user segments. You have limited engineering bandwidth to implement access controls.
Your task: How do you prioritize and design API access controls to satisfy partner needs while maintaining security and compliance?
your reasoning:
Field Exercise: Map the API functions of your product
Time: 15 minutes
Pick a product you are familiar with — it could be your current company’s product or a well-known app like Razorpay, Swiggy, or Flipkart.
- List the main APIs that product exposes or consumes.
- For each API, note:
- What doorway or gateway it provides (e.g., payment processing, user data access).
- What kind of access control is in place (read-only, write, scoped keys).
- How it enables communication between apps or services.
- How it supports platform independence.
- How it acts as a filter to protect sensitive data.
- Reflect on how these API functions enable developers or partners to build new experiences or integrations.
This exercise will sharpen your understanding of API functions beyond code — as strategic tools that expand your product’s reach.
Where to go next
- Deepen your API knowledge: API Design and Best Practices
- Learn how to manage developer ecosystems: Developer Relations and Platform Strategy
- Understand security essentials: Security for Product Managers
- Explore integration testing: Testing APIs and Microservices
PL alumni now work at Razorpay, Swiggy, Flipkart, PhonePe, Postman, and many other leading Indian tech companies.