API Management Strategy
If APIs are a central part of your integration strategy, you need to make sure the service is reliable, secure, and documented. This is where API management tools play a vital role in an organization. They provide the means to expose your API to external developers in an easy and affordable manner.
API management features
API management services come with a lot of features. The main focus is to make designing, deploying, and managing an API easier, as well as to ensure that it is safe, secure, and functional. Some of these tools facilitate integrations, transformations, or API orchestrations. Ideally, the API management service should cover most of the below features:
1.Analytics and statistics:
It is critical to understand how people use your API and get insights for your business.
2.Documentation:
One of the most common problems developers have is figuring out how an API works. Development time is too precious to waste in trial and error of an undocumented API. An API management service has to provide an easy way to read the documentation and enable developers to try it before purchasing. In some cases, it is even possible to provide interactive documentation. Simplicity and usability are the keys.
3.Developer engagement:
Engaging with your API consumers, developers, or partners is important. Getting an easily accessible developer portal will significantly facilitate on-boarding.
4.Sandbox environment:
This feature will increase both the value of an API and its adoption rate. What’s better than being able to develop and test your code?
5.Deployment:
The deployment should be flexible and support public or private clouds, on-premises implementations, or combinations.
6.Security:
APIs carry sensitive data, so it is important to protect the exposed information. The service has to at least provide identity and access management for users and developers.
7.Traffic:
Traffic management and caching abilities should be provided.
8.Monetization:
They should provide the capability to monetize your API.
9.Support:
Legacy systems should be supported by your API.
10.Availability:
It should be available, scalable, and redundant. An API environment can become demanding, and the service should be able to deal with any kind of errors or temporary traffic spikes.
Yes or no to proxy?
Vendors in API management provide numerous solutions across the above categories, but that does not mean they support everything. Solutions are implemented in three different ways: proxies, agents or a hybrid approach.
1.Proxy:
The solution resides between the customer and their users and the traffic goes through them. Proxies provide caching capabilities and protection of customers’ back-end infrastructure from traffic spikes. The main criticism they receive is that they increase the cost and bring up privacy and latency issues. Apigee, Mashape, and Mashery are examples of such implementations.
2.Agents:
These are plugins that integrate with your server. They do not get in the way of the API calls as proxies do. As a result, they do not introduce network latencies or third-party dependencies. On the other side, features like caching are not easy to implement. 3scale is an example of such implementation.
3.Hybrid approach:
This means you may get both an agent and a proxy. For example, you may want to use a proxy for the caching and the agent for authentication. Companies like Apigee or 3scale that were mentioned previously are also moving to hybrid solutions.
A few key API management tools
MuleSoft:
MuleSoft’s solutions are based on open source technology. They offer easy API design, advanced integration, and testing features. MuleSoft is widely used and the company also frequently works with developer communities. https://www.mulesoft.com/
Apigee:
Apigee provides a range of services from free API tools for developers to large API management solutions for enterprises. Their solution can be deployed in the Cloud or on-premises. They offer API analytics, developer portal, transformations, traffic, and performance management. Apigee seems to provide the richest API analytics platform compared to other companies. In mid-2014, they launched the new version of their big data predictive analytics platform. https://apigee.com/api-management/
Oracle SOA:
Oracle provides an API Management solution that consists of its API gateway and SOA suite. The API gateway is used for securing and managing APIs and as a first line of defense in SOA environments. http://www.oracle.com/technetwork/middleware/soasuite/overview/index.html
Mashery:
Mashery is an Intel company, founded in 2013. They provide an all-around API management solution that supports SaaS and on-premises implementations as well as a few hybrid-oriented ones. Their services cover everywhere from API technology and infrastructure to business strategy. https://www.tibco.com/products/api-management
3Scale:
3Scale is very active in the API management space with a wide range of customers ranging from startups to enterprises. They provide a hybrid solution to help you deploy, manage, distribute, and monitor your API. They offer an on-premises API management solution along with cloud-based API administration, analytics, reports, developers, and partner portals. http://www.3scale.net/api-management/
WSO2:
WSO2 is considered the most complete open source solution today. It covers API integration, management, identity, and mobile. It supports public and private clouds as well as hybrid implementations. WSO2 follows an open development process where customers can provide input. https://wso2.com/
Microsoft’s Azure API Management:
Microsoft’s Azure API Management became available to the public rather recently. It allows you to provide and manage an API, get developer portals, documentation, security management, performance management, statistics, and analytics. They have on-premises and cloud versions (not limited to the Azure Cloud). https://azure.microsoft.com/en-us/services/api-management/
CA Layer7:
Layer7’s API Management is heavily enterprise-directed. They offer on-premises and cloud deployment solutions. Their services include integration, security management, performance management, mobile API gateways, mobile optimization, and developer portals. CA’s support for mobile applications is considered to be more feature-reached compared to other solutions. https://www.ca.com/us/products/api-management.html
IBM API Management:
IBM’s solution comes either as on-premise or cloud-hosted. It covers a lot of the API management needs of a large company and it is considered a very user-friendly platform. https://www.ibm.com/cloud/api-connect
ApiAxle:
ApiAxle is an open-source API management and analytics solution. It is a proxy that sits in front of your API and manages caching, security, performance, and traffic. As an open-source project, you may contribute to its codebase. https://github.com/apiaxle/apiaxle
A qualified digital consulting partner can help you navigate this area effectively. Infolob has done this before. Give us a call or send us an email to get started.
This blog post was written by Girish Mallampalli, Director of Architecture and Digital Platforms at Infolob Solutions. He can be reached at girish.mallampalli@infolob.com.
