API management is the process by which an organization creates, oversees and controls application program interfaces (APIs) in a secure and scalable environment. The goal of API management is to ensure that the needs of developers and applications that may use the API are being met, concerning organizations that publish or use APIs to monitor an interface's lifecycle.
API management needs may differ from organization to organization, but API management itself encompasses some basic functions, including security, monitoring and version control.
API management has become prevalent due to business's growing dependence on APIs, the increasing number of APIs upon which they depend and the administrative complexities APIs introduce. The requirements and process of building and managing APIs is different than most other applications. In order to be utilized properly, APIs require strong documentation, increased levels of security, comprehensive testing, routine versioning and high reliability. The use of API management software has also increased since these requirements often go beyond the scope of the software-based projects organizations typically run.
Why is API management important?
APIs expose a company's data and make enterprise assets available through applications. Organizations also use APIs to add a digital layer to customer, employee and partner interactions. As a result, API management is important because it enables developers and organizations to secure, scale, govern, analyze and monetize these API programs.
API security is the first vital element of API management; it is necessary for the protection of APIs against unauthorized access and threats. API security requires more than authenticating and authorizing user access to the API. Standards and policies must be established to protect sensitive data and ensure it is not leaked or compromised. API management platforms can help organizations define a standardized set of policies to protect APIs. API management can also be used to ensure traffic to back-end systems is successfully managed and stopped.
Another essential element of API management is API governance. The primary goal of API governance is to create a consistent experience for end users. However, it also includes API discoverability, lifecycle management, documentation and reusability. Furthermore, API governance allows developers to ensure that each API program is built proactively and fulfills a specific goal that adds value to the overall business.
Mobile devices are becoming the more popular choice for engaging with applications. Therefore, it is even more important for developers to use API governance to create rich and complex APIs that improve the mobile user experience.
API analytics, the third element of API management, focuses on the centralized collection and analysis of API metrics, provided by real-time monitoring and dashboards. API analytics allows developers and organizations to see and understand how their APIs are being used as well as rank their performance. This component is beneficial to developers, IT operations and business teams.
Finally, API management enables the monetization of APIs. This refers to the ability of an enterprise API to generate revenue. API monetization includes: the creation of customized packages and plans; the productization of data; and the proper licensing of products.
What are the benefits of API management?
The various benefits of API management include:
- the ability to make data-driven decisions through business insights gained from API analytics;
- protection of the organization from security threats that affect APIs;
- the ability to produce detailed API documentation that can be used to attract developers and inform users;
- centralized visibility that allows organizations to see all their API connections in one place, thus reducing security vulnerabilities, decreasing the number of repetitive APIs and identifying gaps for developers to address;
- the ability to monetize APIs, share revenue with partners and track billing in real time.
- creation of a positive user experience for API consumers;
- improvements in API agility and the ability to rapidly create new digital assets; and
- the ability to create a flexible, agile, adaptable and innovative ecosystem in which all people, processes and technology can work together.
Additionally, API management enables an organization to optimize the value of its existing legacy systems by updating outdated security protocols so they match the modern standards used by today's APIs. API management software can also translate complex data from the legacy systems into easier message formats. Furthermore, API management can be used to combine all back-end services into one functionality that is exposed as an API.
API management software tools and platforms
API management software is designed and built to make API design, deployment and maintenance easier and more efficient. Although each individual API management tool has its own unique set of features, most of them include essential features such as API documentation, security, sandbox environments, high availability and backward compatibility.
API management software tools typically provide the following functions:
- Automate and control connections between an API and the applications that use it.
- Ensure consistency between multiple API implementations and versions.
- Monitor traffic from individual apps.
- Provide memory management and caching mechanisms to improve application performance.
- Protect the API from misuse by wrapping it in security procedures and policies.
- Configure endpoints, load balancing and fault tolerance.
API management software can be built in-house or purchased as a service through a third-party provider. The Open API movement -- spearheaded by big-name companies like Facebook, Google and Twitter -- led to significantly reduced API dependency upon conventional service-oriented architecture (SOA) in favor of more lightweight JSON and REST services. Some API management tools can convert existing SOAP, JMS or MQ interfaces into RESTful APIs or JSON content.
While some organizations stitch together multiple API management tools to meet their management needs, other organizations use an API management platform -- a prefabricated collection of tools typically packaged within a standardized API creation, deployment and management environment. An API management platform acts as a proxy for API requests and protects the back-end services from being brought down by too many queries or breaches, intentionally or unintentionally. This is accomplished through policies such as a rate limit.
API management platform architecture: The ideal API management platform generally incorporates a layered architecture with various interacting components. These include analytics and usage reporting, API key and authorization management, live updated documentation and developer community management. The platform may also include a portal for developers to both acquire and distribute APIs needed to build certain applications.
- The API portal, also known as the community manager, enables API developers and owners to successfully deploy and onboard their APIs, including access control of the API through plans and contracts. Internal and external developers also use the API portal to test and document APIs as well as assess their availability.
- API lifecycle management enables an organization to manage the state of the API at each point in its journey. A typical API lifecycle progresses from design to development and then onto testing, deployment, deprecation and, finally, retirement.
- The API policy manager controls the lifecycle of policies used to define and manage the API. API policies will follow the same journey as an API, from design through retirement. Many API management platforms provide users with out-of-the-box policies that control API traffic, enhance security, improve performance and increase the value of the API. These policies can be implemented without writing code or modifying back-end services.
- API analytics provides platform users with numerous dashboards that display different operational aspects and business metrics. This data can be used to gather insights on the error and performance constraints of an API as well as about API usage patterns and trends. This information can then be used to make business decisions, such as whether to monetize the API.
- The API gateway is a software pattern that handles the request and presentation of APIs to a user or client device. API gateways also can be used as a management tool within a microservices architecture, and streamline business-to-business (B2B) integration as an alternative to legacy approaches such as electronic data interchange (EDI) services.
The API gateway is the crucial middleman between API consumers and providers, and that presents unique challenges. If the API gateway's functionality is impaired, that may cause the failure of associated services -- and if it is compromised, that is potentially a serious security problem. Enterprises must build strong resiliency into the API gateway, be wary of adding features that affect performance, and separate external-facing interfaces from internal APIs and systems.
API management platform examples
There is a wide range of API management platforms available, and many are tailored to specific needs ranging from those of small businesses to those of large enterprise organizations. A number of major software companies, including Red Hat, IBM, Oracle and Microsoft, have created their own offerings for API management.
Examples of popular API management platforms include:
- Google Apigee API Management Platform
- CA Technologies
- MuleSoft Anypoint Platform
- Apigee Edge
- TIBCO Software
- Software AG
- Rogue Wave Software
Various open source options for API management have also been made available to the public as an alternative to proprietary tools. Examples of these choices include Kong, Tyk Technologies and API Umbrella.