What are the key components of an API Management solution?

September 4, 2017 Stephane Castellani

Across industries, disruptive competitors, new regulations and rising customer expectations are driving digital transformation. APIs are at the heart of digital interactions that will fuel this transformation by quickly connecting internal systems with new experiences that engage customers in dynamic and relevant ways.

The API Management solution that meets today’s requirements must:

  • manage the full lifecycle of API usage – check out what is API lifecycle management
  • provide a complete end-to-end set of services that simplify access to enterprise data
  • streamline app building to speed delivery of value to the business

A leading API Management solution contains several components explained below.

The API Catalog

This is the central API Management solution component. It contains in one place all available APIs – both REST and SOAP. To know more, check out this article on what is an API catalog.

  • Import and export common API definition formats such as Swagger, RAML. WADL, and WSDL for an API-first approach
  • Connectivity to 3rd party API catalogs
  • Easy API search and discovery
  • Support for all API lifecycle stages, from registration through retirement
  • Support for API products to bundle multiple APIs into the same product
  • REST API security and Web Service security thanks to multiple data security options that dramatically reduce the time to implement a high level of security designed to avoid breaches. Check out this API security video to learn more.
  • API quota enforcement
  • Simple or more advanced API monetization mechanisms.

The API Client registry

In addition to your API Catalog, you need an API Client registry, another API Management solution component. What is it? This is a component that extends your API catalog and contains the list of consumers and permissions of all APIs. Advanced API Management solutions often offer the API Client Registry as part of the same product as the API Catalog.

  • Defining default API access: public, restricted or private.
  • Organization registry for B2B use cases
  • Application registry: list of applications that can access a specific set of APIs
  • App developer registry to give them access to the API developer portal to manage their API access, keys and traffic themselves.

The API Developer Portal

The API developer portal boosts adoption by making it easy for developers to join an API community and discover, consume, build and test APIs. It’s a key API Management solution component when you want to run an external developer program to boost innovation and foster co-creation. The API developer Portal can also be used internally to drive adoption of APIs.

It’s often built on a standards-based CMS portal with search/read/try/use API discovery and FAQs, articles and forums for building developer communities.

  • Multiple onboarding mechanisms
  • Advanced search and documentation to easily browse large catalogs.
  • Mobile SDK available to easily integrate APIs into your favorite programming language
  • Connectivity to enterprise identity providers

To know more, check out this article on the key features of an API developer portal.

The API Gateway

The API Gateway is the core API Management solution component. It is a secured Gateway that proxies the API traffic. Quite often it is deployed in the DMZ for security reasons. It secures, checks and controls all API calls. With help of the API Policy Editor below, it offers integration services that free the data and services trapped in back-office silos with the security you expect in an enterprise solution.

The API Gateway can also be deployed in the internal network to act as a API composition layer. In advanced architecture scenarios, there can even be 3 API layers:

  • a layer in the DMZ for API security
  • two layers in the LAN, one for business API composition and one for technical API composition. Technical APIs are exposing legacy services and are then consumed by business APIs via business integration policies.

This is extremely important to select a scalable API Gateway that can smoothly accept and route very large volumes of traffic with no impact on performance.

As the market is moving towards microservice adoption, we see more and more micro-gateways that come either as a replacement or as an additional module to the legacy API gateway.

The API Policy Editor

The API Policy Editor is a policy development tool for integration and security teams. This API Management solution component allows to establish policies to allow conversion and modification of API Calls but also authorization and security. hose policies are deployed to each of the API Gateway runtimes and are can be different between all APIs.

It contains different features:

  • Integration policy filters and prebuilt connectors and adapters to simplify and speed integration with enterprise legacy systems.
  • Visual API Mapping tool with a graphical Data Map Editor and map engine that simplifies data format transformation – such as XML/JSON, JSON/JSON, XML/XML transformations.
  • Identity management simplifies integrating with existing identity access
    management systems and provides for identity mediation, federation and audit.
  • DevOps approach with team collaboration to create policies simultaneously.
    • Integration to your CI/CD chain
    • Zero downtime for delivery and upgrades
    • Docker container support for on-premise, cloud and hybrid deployments
  • IoT API integration

The API Creation Tool

The API Creation Tool is a very useful API Management solution component to address the needs of the digital development teams. While the API Policy Editor is very good for integration teams to turn legacy systems into APIs and contains hundreds of filters to accelerate integration with the enterprise applications, the API Creation Tool is much lighter and is dedicated to the “digital world” development.

  • Facilitated API creation out of modern SaaS applications and data sources. It allows to compose mobile-ready APIs visually or programmatically.
    • Available SaaS connectors to facilitate integration
    • Definition of the app data model without writing any code
    • Automatic documentation generation
  • Combining multiple APIs into optimized APIs – aka API orchestration – to split incoming API calls into multiple underlying API calls. Leading API Management solutions offers an online Graphical Editor to facilitate such an API orchestration.
  • Leveraging the enterprise APIs created with the API Policy Editor, combining them with 3rd party APIs and providing optimized developer-facing APIs.

Meshing up APIs from internal systems and external providers is the new challenges for companies who realize that the additional value resides in combining their own information and service with the ones from their partners, suppliers, customers. This paradigm is called the Mesh App and Service Architecture – aka masa mesh – and contributes building a Customer Experience Network.

Those new APIs also compose the microservices of those distributed architectures, as there are needs for different sizes of microservices depending on the location on the architecture and their use cases in terms of reusability.

The marketplace for internal & external connectors

Data drives relevancy, personalization, convenience and speed — the hallmarks of a good digital experience. The explosion in the quantity and sources of available data provides ripe opportunities when you can access, integrate and secure it with ease and speed.

As we’ve seen with the API Creation Tool, there is a need for digital developers to connect to multiple data sources very easily. Those data sources can be either internal or external, SaaS applications or databases.

As the number of external data sources is exploding, it’s extremely important to rely on API Management solution vendors that address this by proposing a large panel of connectors themselves – often leveraging OEM with SaaS connector vendors –  but also operate an open connector marketplace where many external developers can add new connectors and propose them either for free or with fees. Axway offers for example an interesting marketplace for connectors, APIs and apps.

The MBaaS module

When it comes to APIs, this is not just about internal or external APIs. Your developer also need to accelerate their development time by leveraging common mobile services such as localization, social sharing, picture storage, key/value pair storage, social graph, push notifications … They are many mobile services that are not specific to your application and reusing those existing services will save you a lot of time when developing your mobile applications. Those services are commonly offered via an MBaaS module.

If you wish to learn more about MBaaS, please check out this article explaining what is MBaaS.

This MBaaS module can also be delivered as part of a larger Mobile app development solution that reduces time to deliver apps thanks to RMAD features.

The API monitoring and analytics component

API monitoring & analytics provide the ability to measure and monitor success with visibility across the digital business value chain. You can’t measure what you can’t control, this API Management solution component is paramount for the success of your API program.

A complete API monitoring and analytics solution should provide real-time analytics with those capabilities:

  • Operational metrics: real-time, end-to-end visibility of API usage.
  • Developer metrics: API consumer adoption metrics with visibility to top consumers, churn risk and quota status. They are important to understand API program business success.
  • API usage metrics: measure most and least popular, volume, traffic and TPS.
  • API performance metrics: API quality metrics with latency and error rates.
  • API infrastructure metrics: analysis of resource bottlenecks, error rates and latency.
  • Traffic monitoring: monitor and troubleshoot individual transactions, including drilling into processing steps and message content to perform root-cause analysis.
  • Mobile metrics
  • Predictive analytics: they are important for proactive identification of abnormal situations and key operational insight for decision-making.

Those dashboards can be developed with help of external solutions but we recommend to use best of breed dashboards that are often proposed as Embedded Analytics in API management solutions and meet the needs of the multiple stakeholders who are part of your API program.

As you can see, a full-fledged API Management solution doesn’t contain just one or two components but quite many. Leading API Management vendors such as Axway offer the whole suite, while other vendors only offer a subset of it.

The post What are the key components of an API Management solution? appeared first on API Friends.

Previous Article
Now my Mom starts asking me about API Security
Now my Mom starts asking me about API Security

If you get questions from friends or family around topics that usual are things you consider important but ...

Next Article
Real-time analytics ensure customer experience and boost revenue
Real-time analytics ensure customer experience and boost revenue

Complimentary article from my colleague Clay Cowdery, sharing his thoughts on real-time analytics. Clay is ...