As a global shipping company, CMA CGM required a sophisticated and reliable IT infrastructure, underpinned by APIs that unlock the data needed to flow across the ecosystem of internal IT, partners, and customers, to support such complex international logistics.

When the team first started working with APIs a few years ago, CMA CGM built in manual checkpoints to ensure consistent API design, security, and governance; APIs were not published unless they conform to standards set by multiple teams.

Over time, as business needs and API adoption accelerated, those API operations became a bottleneck. Romain Genoulaz, who leads the Digital API Factory, said, "Our best case scenario every time we needed to build an API from design to production to delivery with all gates and validation would end up being a 3-month journey."

In this case, what started out as the right approach to ensuring high-quality APIs significantly slowed down API delivery: CMA CGM traded off speed to deliver APIs that conformed to standards. Therefore, they set a new goal, to improve the time to market.

"Every time we wanted to go to production, we needed to go through many processes including a change advisory board. And that was happening once a week," Romain said. "We knew that we had to change that completely."

These challenges led the team to adopt an APIOps approach to API delivery, bringing in automation throughout the API lifecycle, with Kong.

"By automating what we were doing and adding more tools, like Kong, and more controls within the tools, we could avoid having manual validation steps in the process that took days and days," Romain said. "We had so many dependencies on stakeholders who did manual checks of things like security and observability, and the only way to speed up our delivery was to automate this."

"This approach satisfied the needs of the production and operations teams, who no longer need to manually validate each API deployment because each API now has a configuration file about its operational setup, like monitoring, that we push into our stack on each deployment," Romain said. "This ensures that when we deploy an API, it is deployed at the same time as the component that will be monitoring it."

This freedom from manual checks has empowered Romain and his team to deliver a higher quantity of valuable APIs more quickly.

"We were looking for autonomy," said Romain. "With APIOps built on Kong, we can now control the full lifecycle and once we have a new API to build, then we have a bootstrapped component simultaneously building the archetype for the API along with all the necessary configuration files that are required to go through the different integration or monitoring tools. All of this is pre-populated and drives how we build APIs by design."

Testing and security have also been shifted left in the pipeline, meaning deviations from standards are caught and corrected earlier on; deployments are now declarative; and by ensuring every API is deployed following the same pipeline, the required security and observability are consistently added to every API. Automating these steps prevents many wasted cycles of back and forth between teams, who would previously manually validate the configuration of each API.

The best news? CMA CGM went from being able to deploy only once a month to 130 deployments in production last month while maintaining any of the standards that ensure a high-quality experience for their consumers.