CMA CGM is a global player in sea, land, air, and logistics solutions, serving 420 of the world’s commercial ports and operating 285 shipping lines with 580 vessels. Supporting such complex international logistics requires a sophisticated and reliable IT infrastructure, underpinned by APIs that unlock the data needed to flow across the ecosystem of internal IT, partners, and customers.
When they first started working with APIs a few years ago, CMA CGM built in manual checkpoints to ensure consistent API design, security, and governance; APIs are not published unless they conform to standards set by multiple teams.
Over time, as business needs and API adoption accelerated, those API operations became a bottleneck. Romain Genoulaz, who leads the Digital API Factory, said, “Our best case scenario every time we needed to build an API from design to production to delivery with all gates and validation would end up being a 3-month journey.”
In this case, what started out as the right approach to ensuring high quality APIs ended up significantly slowing down API delivery: CMA CGM traded off speed to deliver APIs that conformed to standards. Therefore, they set a new goal, to improve time to market:
“Every time we wanted to go to production, we needed to go through many processes including a change advisory board. And that was happening once a week,” Romain said. “We knew that we had to completely change that.”
This led the team to adopt an APIOps approach to API delivery, bringing in automation throughout the API lifecycle.
“By automating what we were doing and adding more tools and more controls within the tools, we would avoid having some manual validation steps in the process that took days and days,” Romain said. “We had so many dependencies on stakeholders who did manual checks of things like security and observability, and the only way to speed up our delivery was to automate this.”
This approach satisfied the needs of the production and operations teams, who no longer need to manually validate each API deployment because “each API now has a configuration file about its operational setup, like monitoring, that we push into our stack on each deployment,” Romain said. “This ensures that when we deploy an API, it is deployed at the same time as the component that will be monitoring it.”
This freedom from manual checks has empowered Romain and his team to deliver more.
“We were looking for autonomy” said Romain. “With APIOps we can now control the full lifecycle and once we have a new API to build, then we have a bootstrapped component simultaneously building the archetype for the API along with all the necessary configuration files that are required to go through the different integration or monitoring tools. All of this is pre-populated and it drives the way we build APIs by design.
Testing and security has also been shifted left in the pipeline, meaning deviations from standards are caught and corrected earlier on; deployments are now declarative; and by ensuring every API is deployed following the same pipeline, the required security and observability is consistently added to every API. Automating these steps prevents many wasted cycles of back and forth between teams, who would previously manually validate the configuration of each API.
The best news? CMA CGM went from being able to deploy only once a month to 130 deployments in production last month, while maintaining any of the standards that ensure a high-quality experience to their consumers.
“In a nutshell, we believe in ‘continuous everything,’ from automated components bootstrapping to swagger design validation APIs,” Romain said. “Now by following an APIOps approach, we’re able to define, design, build, and deploy an API in production within 48 hours. This has greatly improved the customer journey.”
Want to learn more about why innovative enterprises choose Kong? See why Kong is king for modernization.