BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
API management is the process of overseeing application program interfaces (APIs) in a secure, scalable environment. The goal of API management is to allow organizations that either publish or utilize an API to monitor the interface's lifecycle and ensure the needs of developers and applications using the API are being met.
API management needs may differ from organization to organization, but API management itself encompasses some basic functions, including security, monitoring and version control.
API management has become increasingly prevalent due to business's growing dependence on APIs, a significant rise in the number of APIs they depend on and the administrative complexities APIs introduce. The requirements and process of building and managing APIs is different than most other applications. In order to be utilized properly, APIs require strong documentation, increased levels of security, comprehensive testing, routine versioning and high reliability. The use of API management software has also increased since these requirements often go beyond the scope of the software-based projects organizations typically run.
Why is API management important?
APIs expose a company's data and make enterprise assets available through applications. They are also used by organizations to add a digital layer to customer, employee and partner interactions. As a result, API management is important because it enables developers and organizations to secure, scale, govern, analyze and monetize these API programs.
API security is the first vital element of API management; it is necessary for the protection of APIs against unauthorized access and threats. API security requires more than authenticating and authorizing user access to the API. Standards and policies must be established to protect sensitive data and ensure it is not leaked or compromised. API management platforms can help organizations define a standardized set of policies to protect APIs. API management can also be used to ensure traffic to back-end systems is successfully managed and stopped.
Another essential element of API management is API governance. The primary goal of API governance is to create a consistent experience for end users. However, it also includes API discoverability, lifecycle management, documentation and reusability. Furthermore, API governance allows developers to ensure that each API program is built proactively and fulfills a specific goal that adds value to the overall business.
Mobile devices are becoming the more popular choice for engaging with applications. Therefore, it is even more important for developers to use API governance to create rich and complex APIs that improve the mobile user experience.
API analytics, the third element of API management, focuses on the centralized collection and analysis of API metrics, provided by real-time monitoring and dashboards. API analytics allows developers and organizations to see and understand how their APIs are being used as well as rank their performance. This component is beneficial to developers, IT operations and business teams.
Finally, API management enables the monetization of APIs. This refers to the ability of an enterprise API to generate revenue. API monetization includes the creation of customized packages and plans; the productization of data; and the proper licensing of products.
API management software and tooling
API management software is built with the intention of making API design, deployment and maintenance easier and more efficient. Although each individual API management tool has its own unique set of features, most of them include essential features like documentation tools, security, sandbox environments, high availability and backward compatibility.
API management software tools typically provide the following functions:
- Automate and control connections between an API and the applications that use it.
- Ensure consistency between multiple API implementations and versions.
- Monitor traffic from individual apps.
- Provide memory management and caching mechanisms to improve application performance.
- Protect the API from misuse by wrapping it in security procedures and policies.
- Configure endpoints, load balancing and fault tolerance.
API management software can be built in-house or purchased as a service through a third-party provider. The open API movement -- spearheaded by big-name companies like Facebook, Google and Twitter -- led to significantly reduced API dependency upon conventional service-oriented architecture (SOA) in favor of more lightweight JSON and REST services. Some API management tools can convert existing SOAP, JMS or MQ interfaces into RESTful APIs or JSON content.
API management platform
While some organizations are capable of stitching together multiple API management tools to meet their management needs, other organizations use an API management platform, which is a prefabricated collection of tools that usually comes packaged within a standardized API creation, deployment and management environment.
An API management platform acts as a proxy for API requests and protects the back-end services from being brought down by too many queries or breaches. Those in the organization considered to be an API manager may use API management platforms to ensure customers, partners or internal users don't take down services intentionally or unintentionally by making too many queries to the back-end server.
Generally, API management platforms also include analytics and usage reporting, API key and authorization management, live updated documentation and developer community management. The platform may also include a developer portal that provides a simplified way for developers to both acquire and distribute APIs needed to build certain applications. Apigee is an example of a platform that features a developer portal.
API management platform examples
There is a wide range of API management platforms available, and many are tailored to specific needs ranging from those of small businesses to those of large enterprise organizations. A number of major software companies, including Red Hat, IBM, Oracle and Microsoft, have created their own offerings for API management.
Examples of popular API management platforms include:
- Google Apigee API Management Platform
- CA Technologies
- MuleSoft Anypoint Platform
- Apigee Edge
- TIBCO Software
- Software AG
- Rogue Wave Software
Various open source options for API management have also been made available to the public as an alternative to proprietary tools. Examples of these choices include Kong, Tyk Technologies and API Umbrella.
API management platform architecture
The ideal API management platform possesses a layered architecture with various interacting components. The core components of an API management platform are:
- API portal
- API lifecycle management
- API policy manager
- API analytics
- API gateway
The API portal -- also known as the community manager -- has two uses. First, API developers and owners use the portal to successfully deploy and onboard their APIs; this includes access control of the API through plans and contracts. Second, internal and external developers use the portal to test and document APIs as well as assess their availability.
The API lifecycle management component manages the state of the API at each point in its journey. A typical API lifecycle progresses from design to development and then onto testing, deployment, deprecation and, finally, retirement.
The API policy manager is an administrative component that controls the lifecycle of policies used to define and manage the API. API policies will follow the same journey as an API, from design through retirement. Many API management platforms provide users with out-of-the-box policies that control API traffic, enhance security, improve performance and increase the value of the API. These policies can be implemented without writing code or modifying back-end services.
API analytics provides platform users with numerous dashboards that display different operational aspects and business metrics. This data can be used to gather insights on the error and performance constraints of an API as well as about API usage patterns and trends. This information can then be used to make business decisions, such as whether to monetize the API.
The API gateway is the most crucial element of the API management platform architecture since it acts as the middleman between API consumers and providers; it is a software pattern that handles the request and presentation of certain APIs.
The API gateway can be utilized, for instance, as a management tool within a microservices architecture. API gateways are implementations of the façade design pattern; they present an API to a user or client device, and then invoke APIs to microservices, harmonizing API and microservices management. An API gateway presents a single API to a device to mask a complex series of microservice access processes. It does carry some risk, however, because the API gateway becomes an essential application. The loss of its functionality may cause the failure of services, and if it is compromised, it can affect all associated microservices. Avoiding these issues requires building strong resiliency into the gateway and being wary of adding features that affect performance.
API gateways also promise to streamline business-to-business (B2B) integration as an alternative to legacy approaches, such as electronic data interchange (EDI) services. As APIs become increasingly popular in the business world, API gateways are being hailed as an essential part of digital business. However, there are numerous challenges enterprise architects need to address to make things work smoothly. They must address the fact that internal business processes may be open for external consumption and also maintain security by separating external-facing interfaces from internal systems.
Cookies can also be manipulated by the gateway to ensure they work on both sides. The gateway can rewrite cookie attributes to track its origins or to guarantee that it will be sent back to the gateway with future requests. Some API management platforms offer automatic rewriting of cookies.
Benefits of API management
The various benefits of API management include:
- The ability to make data-driven decisions through business insights gained from API analytics.
- Protection of the organization from security threats that affect APIs.
- The ability to produce detailed documentation of the API that can be used to attract developers and inform users.
- Centralized visibility that allows organizations to see all their API connections in one place, thus reducing security vulnerabilities, decreasing the number of repetitive APIs, and identifying gaps for developers to address.
- The ability to monetize APIs, share revenue with partners and track billing in real time.
- Creation of a positive user experience for API consumers.
- Improvements in API agility and the ability to rapidly create new digital assets.
- The ability to create a flexible, agile, adaptable and innovative ecosystem in which all people, processes and technology can work together.
Additionally, API management enables an organization to optimize the value of their existing legacy systems by updating outdated security protocols so they match the modern standards used by today's APIs. API management solutions also translate complex data from the legacy systems into easier message formats. Furthermore, API management can be used to combine all back-end services into one functionality that is exposed as an API.