API management is the process of overseeing application programming interfaces (APIs) in a secure, scalable environment. The goal of API management is to allow organizations that either publish or utilize an API to monitor the interface's lifecycle and ensure the needs of developers and applications using the API are being met.
API management needs may differ from organization to organization, but API management itself encompasses some basic functions, including security, monitoring and version control.
API management has become increasingly important due to business's growing dependency on APIs, a significant rise in the number of APIs they depend on and the administrative complexities APIs introduce. The requirements and process of building and managing APIs is different than most other applications. In order to be utilized properly, APIs require strong documentation, increased levels of security, comprehensive testing, routine versioning and high reliability. Because these requirements often go beyond the scope of the software-based projects organizations typically run, the use of API management software has become popular.
API management software and tooling
API management software is built with the intention of making API design, deployment and maintenance easier and more efficient. Although each individual API management tool has its own unique set of features, most of them include essential features like documentation tools, security, sandbox environments, high availability and backward compatibility.
API management software tools typically provide the following functions:
- Automate and control connections between an API and the applications that use it.
- Ensure consistency between multiple API implementations and versions.
- Monitor traffic from individual apps.
- Provide memory management and caching mechanisms to improve application performance.
- Protect the API from misuse by wrapping it in security procedures and policies.
API management software can be built in-house or purchased as a service through a third-party provider. The open API movement, spearheaded by big-name companies like Facebook, Google and Twitter, led to significantly reduced API dependency upon conventional service-oriented architecture (SOA) in favor of more lightweight JSON and REST services. Some API management tools are capable of converting existing SOAP, JMS or MQ interfaces into RESTful APIs or JSON content.
The API management platform
While some organizations are capable of stitching together a number of API management tools and still meet their management needs, other organizations use an API management platform, which is a prefabricated collection of tools that usually comes packaged within a standardized API creation, deployment and management environment.
An API management platform acts as a proxy for API requests and protects the back ends of services from being brought down from too many queries or breaches. Those in the organization considered to be an API manager may use API management platforms to ensure customers, partners or internal users don't take down services intentionally or unintentionally by making too many queries to the back-end server.
Generally, API management platforms also include analytics and usage reporting, API key and authorization management, live updated documentation and developer community management. The platform may also include a developer portal that provides a simplified way for developers to both acquire and distribute APIs needed to build certain applications. Apigee is an example of a platform that features a developer portal.
There is a wide range of API management platforms available, many tailored to specific needs ranging from those of small businesses to those of large enterprise organizations. A number of major software companies, including Red Hat and Microsoft, have created their own offerings for API management.
Here are some examples of API management platforms:
- 3scale API Management
- Akana Platform
- Azure API Management
- TIBCO Mashery
- Amazon Web Services (AWS) API Gateway
A number of open source options for API management have also been made available to the public as an alternative to proprietary tools. Examples of these choices include Kong, Tyk and API Umbrella.
The API gateway
While API Gateway is the name for the AWS API management platform, it can also be used as a general term for a software pattern that handles the presentation and invocation of certain APIs.
The API gateway can be utilized, for instance, as a management tool within a microservices architecture. API gateways are implementations of the façade design pattern; they present an API to a user or client device, and then invoke APIs to microservices, harmonizing API and microservices management. An API gateway presents a single API to a device to mask a complex series of microservices access processes. It does carry some risk, however, because the API gateway becomes an essential application. The loss of its functionality may cause the failure of services, and if it is compromised, it can affect all associated microservices. Avoiding these issues requires building strong resiliency into the gateway and being wary of adding features that affect performance.
API gateways also promise to streamline B2B integration as an alternative to legacy approaches, such as electronic data interchange (EDI) services. As APIs become increasingly popular in the business world, API gateways are being hailed as an essential part of digital business. There are a number of challenges enterprise architects need to address to make things work smoothly, however; they must address the fact that internal business processes may be open for external consumption and also maintain security by separating external-facing interfaces from internal systems.