API Management: What It Is and Why You May Need It
We live in a world where Application Programming Interfaces (APIs) are not just useful tools for connecting software — they’re also products. Products so essential to the technology landscape that they can contribute to the endless number of innovative tools in your own organization or outside of it.
For many organizations, APIs are just pieces of code that help perform tasks. But if you’re engaged in the API economy and start seeing APIs as the source of monetization or growth, you need to operate them with more finesse. For you, APIs should be easy to find, access, share, and understand. Achieving this level of control over APIs is what this article is all about.
What is API management?
API management is a centralized and unified way to deploy and reuse your integration assets, share documentation, and keep your services safe. When you’re employing a lot of APIs to digitize, adopt a microservices architecture, or build your business strategy around APIs, you need to control not just one aspect of your APIs, but their full life cycle, including such tasks as:
- Defining API schemas and publishing them
- Securing access to APIs
- Controlling and billing traffic that goes through your APIs
- Tracking APIs for errors in real time
- Reviewing usage analytics and improving APIs
- Onboarding new users and creating great developer experience
API management covers the full API lifecycle
In many situations, you won’t need API management to build and share APIs. You may still use one or two components of API management to reduce latency or save costs, but full-cycle control over APIs makes sense only in the following scenarios.
When you’re experiencing digital transformation. When a company goes through digital transformation, it starts creating an API catalog and needs an easy way to register APIs, create security and access policies, and a way to track the feasibility of introducing new services, for example, healthcare providers adopting interoperability rules or financial companies starting the open banking program. An API management platform will be a great fit for their goals.
When you’re adopting a microservices architecture. In microservices architecture, you need a central hub for users to interact with rather than having them face the complexity of hundreds of services.
When you’re monetizing your API. With numerous payment tiers to consider and the need to track request quotas and bill consumers accordingly, you need a centralized deckhouse to distribute APIs. It’s the same when designing your docs and providing exceptional customer experience.
Found yourself in this list? Then read on. Because to achieve these goals, you need a set of tools that exist under the umbrella of an API management platform.
API management platforms
Tools like IBM API Connect, Microsoft Azure API Management, or Axway Amplify help organizations manage their growing number of integrations and share them within internal teams and with outside users, all without compromising performance and security. They are needed when a company adopts a lot of APIs in a short period of time or for organizations that want to share and monetize their APIs.
The architecture of an API management platform
Other than that, the value of API management platforms can be illustrated by the following benefits:
API-first development. When all of your company’s APIs are in a single place where they can be easily accessed, devs will be more likely to use them. Consistent and reusable APIs are integral for the API-first development approach that starts with integration in mind. This adaptability also means better communication — users can comment on the services, interact with each other, and make it simple to learn about APIs and adopt them.
Customer analytics. For customer-facing APIs, API management platforms provide a layer of interaction between the dev team and API customers. For example, you can learn about customer usage statistics, apply this data to generate insights, and plan how you can better meet demand. There is also a consolidated way for you to collect feedback and run forums.
Better security practices. API security is a big concern for devs since the lack of protection in one API can lead to data leakage for the whole application. API management usually has different security options, such as authentication keys and client certificates, including integration with OAuth, for example.
Monetization support. Although API management platforms don’t develop your business model for you, they will help you reach your monetization goals with integrated options. You will be able to configure different rate plans and billing functions, manage customer tiers by putting constraints on the number of calls, and monitoring what service they’re getting. Often, you can also bundle API products into packages.
Now, let’s look at the main components of API management platforms responsible for handling API production and consumption.
An API gateway is the layer between users and backend APIs or services that accepts API calls, routes them to appropriate services, and returns the aggregated results. Basically, an API gateway is a command center where you overview and administer your APIs and services responsible for the development stage.
An example of API management architecture within Amazon’s cloud environment
Source: Alex Debrie
There are a few principal functions that an API gateway will help you perform.
Authentication, rate limiting, and throttling. The API gateway deploys identity verification, credential checking, and token validation to ensure the security of connections. It also controls how much traffic flows through APIs using rate limits or other policies that you defined.
Caching. By enforcing caching policies, you can enable the API gateway to cache some types of content and handle high traffic better where it makes sense, for example, in travel or eCommerce.
Request and response transformation. An API gateway can perform light data transformations between the client and the backend, for example, renaming headers and query strings. This ability can ensure that the request and response conform to the requirements, protect the backend from bad requests, and redact sensitive information.
Bundling responses. The gateway will be able to combine several endpoints, fetch data from different services, and aggregate them into one response for the client.
Routing users to specific service versions. This can be helpful when you’re not confident about your new releases and want to route only a fraction of traffic to a new version. That way, you can control how much traffic hits a new version and gradually increase it so it doesn’t cause a system-wide outage.
API gateway configuration. Last but not least is the ability to configure API policies via a graphical user interface. Although not offered by all API management providers, it is favorable compared to the command-line interfaces.
A dev portal is a place where API consumers come to find and learn about an API. Basically, this is where documentation lives. Although we previously talked about best practices for writing API docs, the developer portal is responsible not only for the presentation of the docs, but also for accessing, configuring, user engagement, and incorporating different doc formats and metadata.
An API management platform provides tools for creating a developer portal to varying levels of customization. Typically, these tools would include the following.
API catalog. Having a unified API catalog helps anyone in an organization find what APIs already exist so they don’t create similar APIs when they need them. An API management platform usually has self-services API registration capabilities that allow people to log APIs in common definitions, which can be then sent for approval or trigger notifications.
This API catalog template allows for overviewing, testing, and downloading API offerings
Automatic doc generation. API management platforms usually support popular API specifications (OpenAPI, WSDL, JSON and XSD schemas) to automatically create and update docs with industry-standard metadata.
Managing signups and access workflows. API management has customizable user registration flows and allows for self-service API key management.
Sign-on options from Red Hat API management
Source: Red Hat
Look and feel customization. You can use templates to customize the portal to match your branding, as well as change the site structure and add or delete elements. Sometimes it will be an integrated CMS with limited configuration options. In other cases, these could be APIs for predefined modules you can use when building a custom portal hosted on-premises.
Other than that, API management allows you to configure webhooks, customize email templates, and create restricted content sections, so it’s easier to grant access to different groups of partners.
Using analytics to track success metrics is critical not only for improving and marketing an API, but also to help the operations team anticipate the adjustments in backend resources. An API analytics solution provides data collection, analytics themselves, and visualization services. Let’s go into detail for each of them.
Collecting data across API gateways. The analytics module normally collects all types of data with API proxies to analyze data on average response time, request size, total traffic, and more. This can also be categorized to see more targeted insights, like traffic errors for each API product.
Real-time monitoring. Monitoring is different from analytics because it provides real-time information about API performance to instantly capture issues and start solving them. There’s also an alert feature integrated with the communication channel of your choice that lets the Ops team know when the fault threshold is hit.
This API monitoring dashboard provides the summary of traffic, error rate, proxy response latency, and number of alerts
Customizable dashboards. Analytical solutions are designed with a broader audience in mind so everyone from product owners to API designers can use insights to their advantage. Accordingly, prebuilt dashboards and drag and drop functionality exist along with analytics APIs that allow you to build your own dashboards and integrate with third-party visualization tools. Or even export the analytics data to take advantage of advanced machine learning capabilities.
API management tools
As always, we used ratings from software review websites like G2, Gartner, and Capterra, to overview the most popular API management solutions. Note that most of such tools provide pricing only on request, so you’ll be able to make a choice only after reviewing free trial functionality yourself and considering the prices that they give you.
We’re giving an overview of the five leaders from Gartner’s API management quadrant
Microsoft Azure API Management
Microsoft’s API management tool might be the perfect option to start with. First, it provides a convenient pricing calculator for you to draft your expectations for other solutions. Second, its concise docs give a clear understanding of how API management itself works.
Basic enterprise integration on Azure
Deploy API gateways on-premises, in Azure, or in other clouds, apply complex authorization policies, automate docs creation, and create a user-friendly developer portal, all in a convenient environment that only such an industry leader can offer.
Axway Amplify API Management
Amplify API Management platform from Axway stands out because of its advanced asset management capabilities. Amplify can connect to third-party gateways like AWS, Azure, or MuleSoft, host not only REST APIs, but also SOAP, webhooks, gRPC, and uses flexible asset organization to easily choose by product, role, team, or geography. All this allows creation of a truly unified API catalog.
Thanks to an open platform, Amplify allows you to create an API catalog without compromising
If you need to design or test APIs, you can do that on the same platform by reusing existing assets and employing the tools you like.
Apigee API management
Acquired by Google in 2016, Apigee delivers an industry standard in API publication, monetization, and analytics. To build proxies, use their Edge UI browser tool or Edge API for low-level configuration. Host APIs on-premises, in Google Cloud, or choose a hybrid approach. Apply advanced analytics using AI and machine learning to eliminate false alerts and find anomalies that you couldn’t have predicted.
Before you choose one of their paid subscriptions, try a free sandbox environment and make sure to go through Google’s masterfully compiled docs and educational resources.
MuleSoft Anypoint Platform
Anypoint Platform from MuleSoft is an end-to-end API design and management product. With built-in support for Jenkins and Maven, you can follow a CI/CD pipeline to build APIs and integrations in a web interface or desktop IDE.
Anypoint API designer tool
Otherwise sharing a set of standard capabilities, Anypoint can boast a broad client portfolio, for instance, helping Netflix with their famous migration to microservices.
IBM API Connect
Another solution combining API creation and management, IBM API Connect provides a design toolkit consisting of a command-line interface and a GUI-based API designer to automate API and microservices development. After creation, the toolkit allows you to publish APIs to the connected runtime and server.
API analytics at IBM API Connect
Source: if World Design Guide
IBM offers three subscription tiers: Essential that offers free API creation and management capabilities for only one instance, Professional that should be enough for department-level environments, and Enterprise with full analytical capabilities and an unlimited number of instances.
Getting started with API management
If you’ve seen our list of use cases earlier in the article and found your case, here are some final recommendations.
Build your API strategy. API management starts with understanding what your ultimate goal is, which really starts with defining your business goals. How will APIs assist in developing your organization? Do you want an extra mode of monetization or do you wanto to create a customer base from your API users? If so, who are these users and what are their needs? And finally, how much will you have to change or build in your IT infrastructure to meet your users’ goals?
Prepare for API-first development. In the API economy, API development and support can’t be an afterthought. API-first software development creates a cultural shift in an organization: You need to align your business pipeline with the API management pipeline.
Choose an API management tool. Request demos, experience free trials, compare prices, and pick a solution that responds to your needs. We’ve shared what features you should be looking for, but also pay close attention to detailed docs and tutorials as it will be hard to adopt new workflows if people find it difficult to work with a new system.