API Management General Innovation Technology
Raj Rajani  

API Management: What Is It & Why Does It Matter? 

Users expect a seamless experience no matter the website they visit or what they want to do. If you visit an ecommerce website, you should be able to browse the inventory, select an item, submit payment, and set up delivery from the same interface. 

However, many of these tasks require external services and data. Depending on the organization’s approach, inventory, pricing, point of sale, and shipping data may all live in separate systems. Or the organization may rely on external services to accomplish certain tasks, like integrating with PayPal to process payments and integrating with UPS to provide delivery date and shipping cost estimates. 

When time is short and your customers have easy access to competitors’ websites, user experience is more critical to your business’s success than ever. To combine capabilities and data from multiple systems, companies have turned to  application programming interfaces (APIs). 

APIs are purpose-built pathways for software applications to communicate with each other and share resources. With the rise of  microservice architecture, API creation has accelerated to maintain data sharing across dozens of applications and accomplish complex tasks. Given that hundreds of APIs may exist within one organization, how do teams maintain visibility into each of these interfaces to ensure every API is functioning as intended? 

IT teams turn to API management to govern their API ecosystems. 

What is API management? 

API management is the process of building, publishing, administering, and analyzing APIs. It is accomplished through a combination of tools and services to support provisioning, securing, and maintaining APIs. Visibility is key to ensure APIs are functioning and being consumed as intended. 

API Management Architecture

Benefits of API Management 

APIs alone will not offer the oversight and visibility an organization needs to ensure they are meeting the needs of users while safeguarding their APIs from unauthorized access and malicious use. With proper API management, organizations gain the following advantages. 

  • Governance and Security 

API management ensures compliance with corporate policies and external regulations around  data privacy. Businesses can also enforce rules around data governance and  API security  to ensure they are not leaving backdoors into their applications and sensitive data. 

Security can also apply to limiting access to applications or users with the correct  API keys  or other authentication credentials. API management ensures only those with proper permissions can leverage its services. 

  • Automation 

API management also saves time for the developers who build these interfaces. Many management platforms support templatizing and automating the creation of APIs to eliminate redundant work and accelerate deployment. 

The centralized directory of APIs also avoids duplicate work by allowing developers to check for APIs that may already fulfill their desired function. These new efficiencies allow the development team to follow agile methodologies without sacrificing quality or security. 

  • Analytics and Reporting 

An API may log the requests it receives and its responses, but that data is not in a readily consumable format by default. API management tools provide analytics on usage so that developers can track the frequency of requests and identify popular services to guide future API development. These metrics can also be packaged into reports to share with the larger team and organization. 

  • Distribution 

Businesses use API management to create a developer portal where newly published APIs can be distributed along with their documentation. Sometimes known as an API store, this digital marketplace allows developers to search for APIs to meet their needs. 

  • Onboarding 

An API management system allows developers to store documentation in a portal where developers inside and outside the organization can access it. This centralized repository allows engineers to quickly implement the proper methods to call the API and know what response to expect, smoothing the onboarding process. 

Now that you understand the benefits of API management for your organization, let’s review the common capabilities of API managers. 

API Manager Capabilities 

API managers should streamline the governance processes for your APIs and also unlock new efficiencies for the development team building these interfaces. Here are some key capabailities to look for in an API management tool. 

  • Access Control 

Your organization may build an open API that is accessible to the public. However, you will also have APIs that are limited to certain users or applications. Access control allows you to dictate who has permission to request resources from the API. You may also segment access further so that privileges grant access to certain services but not others. 

  • Authentication and Protection 

If you implement access control, you will also implement authentication and protection protocols to verify the identity of users sending requests to the API. Without proper authentication, bad actors may steal access tokens or spoof credentials to impersonate authenticated users, leaving your API open to abuse and exploitation. 

  • Design and Build Support 

The best API managers won’t just control access once the API is built, but support the entire creation process from designing to building. These platforms will also support maintenance of existing APIs and provide automated monitoring to detect outages for fast remediation. 

  • Support for Different API Types 

There are multiple  API types and API architectures  to serve different use cases. An API manager should not limit your organization to using either  SOAP or REST APIs, for example. Instead, the API manager should be flexible to support whichever APIs you identify as optimal for your business’s operations. 

  • Developer Portal 

Developer portals serve as a directory of available APIs and their documentation to allow subscribers to quickly discover services. The portal also supports efficient implementation for end users by providing documentation around proper formatting for requests and the expected results. 

This video walks through one implementation of an API manager using MuleSoft AnyPoint, a tool that will be examined in a following section: 

How to Evaluate an API Management Tool 

Below are the common criteria for evaluating potential API management tools and how they support your organization’s use case. 

  • Quality: Does the API always deliver the requested data? Is that data complete and in a usable format? Developers expect high-quality deliveries from APIs, and external engineers may not always be able to discern if the data is compromised, making the quality of your API’s responses critical for customer satisfaction. 
  • Dependability: APIs need to be dependable above all else. If external websites are integrating your API into their operations, they do not want their functionality to suffer because your interface is down. By the same token, you do not want your organization’s operations to suffer because of internal API outages. 
  • Agility: Can your API satisfy more than one request type without sacrificing performance? The more flexible your API, the more adoption it will see. API gateways  are another way that organizations achieve this flexibility by fielding multiple requests to different APIs and returning one comprehensive response. 
  • Speed: Your API should be both dependable and quick. Requests should be answered in the shortest amount of time by providing only the specific information requested to reduce latency and decrease the time between the API call and response. 
  • Cost: Does your API operate efficiently? If your interface is optimized for fast and lean responses to requests, then you should see cost savings by implementing APIs over more resource-intensive pathways to deliver data and services. 

The best management tools will support all of these goals while providing greater control over and visibility into API usage. 

API Management Tools 

API management solutions offer the benefits and capabilities discussed above. Below is a selection of the tools available to manage your organization’s APIs. 

API management  helps companies:  

  • Secure data,  
  • Send information transferred over APIs,  
  • Achieve workflow automation,  
  • And promote data-driven growth.  

Despite API management’s benefits, picking the suitable API management tool for your business might be confusing considering there are around 190 tools available in the market with different capabilities.   

Our analysis on API management platforms initially found two types of API Management system deliveries. However, we see that a considerable amount of API Management solutions aims to offer both services, we can list them as: 

  • Proxy  
  • Agent  
  • Hybrid (Offering both proxy and agent services) 

API Management as a proxy 

API Management services as a proxy prevent the back end of services from going down due to a high volume of queries. The proxy-based system is installed at the enterprise’s perimeter; it handles proxy calls forwarded to API servers using proxy-level policies rather than API-level ones. Security and traffic monitoring are the prominent features of proxy delivery. 

API Management service as an agent 

API Management service as an agent is situated in the enterprise network. They can be considered as plug-ins integrated with the server. This delivery type exposes APIs in a regulated manner using a security gateway. Afterward, the entity that can be referred to as an “agent” provided by the platform applies the API policies to the API servers. 

While there is no definitive indicator that can allow us to confirm one type is better than the other, each API management delivery type may be better suited to the specific needs of a business. 

The purpose of this article is to determine the best API management tools that can benefit API providers and users. Thus, we introduce the Top 7 API management tools with their capabilities to close the information gap. The order of the list is not correlated to the performance of the tools. 

1. Apigee API Management 

Apigee API management is a platform for managing and developing APIs. It provides an abstraction of backend service APIs while maintaining rate limiting, quotas, analytics and providing security, it fits to the proxy type of API Management delivery. 

Apigee API management offers the following features. 

  • Manage traffic with APIs: A fully managed API gateway, it allows building APIs to unlock data from applications, systems, and services.  
  • Mitigating security threats: Apigee offers Advanced API Security4 to identify API errors, attacks, or disruptive traffic patterns. Advanced API Security constantly assesses and keeps in check the managed APIs, alerting the API teams if there is an error.  
  • Creating new revenue streams: Apigee allows users and developers to build API products by gathering resources into a unit that complies with a specific use case. The users can publish their APIs in developer portals. It also allows the monetization of API products to unlock new revenue streams from digital assets. 

2. Microsoft Azure API Management 

Microsoft Azure API management platform enables the user to manage all APIs from one place. It’s a hybrid, multi-cloud management platform suitable for multiple environments. It fits to hybrid type of API Management delivery. Microsoft Azure API management offers the following features: 

  • Manage APIs across multiple platforms: Users can deploy API gateways with APIs managed in Azure, clouds, and on-premises. Azure API management contributes to API traffic flow while unifying external and internal APIs by providing observability.  
  • API-first approach: Help accelerate business by allowing the creation of developer portals and publishing API.  
  • Customization and discoverability: Users can create a customizable portal for APIs to be easily managed and share them with internal and external teams5 
  • Transforming existing services: Azure API management can turn legacy web services into modernized versions of REST-based APIs. It is used in leading payment services in Europe.6 

You can see how the Azure API Management functions with Application Gateway, External APIs and SQL Managed Instances in the Figure 2 below. 

Figure 1: Microsoft Azure API management 

3. IBM API Connect 

IBM API Connect is an API management solution that allows businesses to adopt an API strategy by strengthening the backbone of the API ecosystem. As API Connect can be used across multiple clouds, it boosts the  digital transformation  of businesses. It fits to the hybrid type of API Management delivery. API Connect provides the following features: 

  • API Manager: It manages APIs for both internal and external use. It can monetize and manage services such as  REST  or  SOAP APIs. 
  • IBM® DataPower® API Gateway: IBM gateway helps secure and control API traffic and interactions, maintaining performance during the process. 
  • Developer Portal: It allows the users to share APIs with app developers through a company-branded portal.  
  • API Analytics dashboard: Offers a variety of dashboards and visualization to establish the business value of API usage.1 
  • Developer Toolkit: Offers tools for modelling, developing, and  testing APIs
  • Multicloud deployment: Provides flexibility by allowing the user to utilize the service on premises, in the cloud, or a hybrid cloud environment. 

IBM API Connect maintains the API life cycle by creating, running, managing, and securing APIs (See Figure 2). 

Figure 2: Steps of the IBM API Connect API lifecycle. 

Plans offered by IBM API Connect can range from $100 for 100K API calls to 25 million API calls per month for $10,000.  

4. Kong API Management 

Kong API management service provides solutions to organizations such as Paypal, Papa Johns, and Yahoo! The API management is built on Kong Gateway. It aims to modernize legacy applications and accelerate time to market with enterprise plug-ins, developer portals, analytics, and security. It fits to proxy type of API Management delivery. Kong API Management provides the following features:  

  • Developer productivity. Kong API management provides APIs to internal and external teams through a customizable developer portal. It eases developer onboarding with Role-Based Access Control (RBAC). Kong API management removes manual coding tasks by utilizing CI/CD pipelines. 
  • Simplifying management. Kong API management can be implemented with existing legacy or emerging technologies. Kong Manager interface provides a simplistic approach by allowing users to do simple one-click operations. 
  • Simplifying API Security. Kong enterprise has a FIPS 140-2 compliant gateway, which is ideal for highly regulated industries and their mission-critical security applications 

You can see the RBAC, Kong Manager, and which components are included in which plan in the Figure 3 below. 

Figure 3: Kong Gateway 

5. MuleSoft Anypoint Platform 

MuleSoft’s Anypoint is an API management platform that allows users to manage and secure APIs. It is suitable for any API, regardless of its architecture or environment. MuleSoft provides services to industry leaders such as Coca-Cola, Airbus, AT&T, Unilever, and Netflix. It fits to proxy type of API Management delivery. Anypoint Platform has the following features: 

  • Accelerating application delivery. By using CI/CD pipelines or Git repositories, the user can automatically discover APIs and their relevant documentation with Anypoint.  
  • Scalability and modern architectures. MuleSoft’s flexible gateway allows the management of any service regardless of size or type.11  
  • API manager. MuleSoft’s API manager allows users to secure and analyze APIs and microservices from a single control pane. 
  • Creating API ecosystems. MuleSoft’s API Community Manager boosts the value of the users’ APIs by engaging API communities. 

6. Workato 

Workato’s API platform allows businesses to manage their APIs and  automate workflows  while maintaining security and governance. Workato is  codeless, meaning that there is no coding required. It fits to hybrid type of API Management delivery. Its API management platform is full lifecycle with the following features:  

  • Access Policies. The user can set restrictions on the usage of an API. 
  • API Collections. API Collections are used to arrange endpoints. API Collection is a group of endpoints that may be controlled collectively. 
  • Dashboard. API platform dashboard allows users to monitor the performance of the API platform or a specific endpoint collection.  
  • Discoverable APIs. The platform has a library catalog of APIs that are discoverable by users in an organization.  

See Workato’s API Platform video for detailed information about their product. 

7. Dell Boomi 

Boomi offers an API management platform that is  low-code  and cloud native. It supports the full lifecycle of APIs in a hybrid environment. It allows users to configure APIs and integrate them easily.  

The users can manage and monitor the function of APIs via dashboards, catalog and developer portal. Companies such as Lavazza, Markas, and McCarhy use Boomi services.It fits to the hybrid type of API Management delivery. The platform has the following features: 

  • Govern data access. The platform allows the user to restrict access to data. It helps establish secure API deployments. 
  • Real-time engagement. The platform enables third-party access with APIs, increasing their productivity in the API ecosystem.  
  • Centralized lifecycle management. Boomi has a centralized approach to API lifecycle management where the user enjoys visibility of their APIs while managing and administering web services.  

Provide seamless user experience with API management. 

APIs are a key component of modern websites, and API management is a central practice for organizations seeking to optimize their interface usage. API management tools allow developers to scale their creation of APIs while optimizing resource consumption and enforcing security rules. 

By supporting efficient API usage, API management enhances the user experience by providing access to multiple sources of information and services so the user can accomplish complex tasks all in one window. 

Visit us at https://www.periscope-tech.com for more. 

Reach out to us for API Management infrastructure setup –  https://periscope-tech.com/contact/ 

Leave A Comment