In this follow-up to my previous blog Why invest in API Management? I highlight the need for very mature API Ecosystems. With this blog about the best breed of API Management platforms, I discuss questions such as:

  • What responsibilities are held by such an ecosystem?
  • What capabilities should it provide?
  • And: why should the make-or-buy decision indisputably result in off-the-shelf solutions?

1 – Platform responsibilities

From an agnostic perspective, a best breed of API Management platforms is comprised of 3 base building blocks. Assembled together, these will ensure that all API’s exposed by the platform are secured and governed, and there is full visibility on their consumption.

  • API Gateway – Generally positioned as the first line of defense for exposed API’s, the Gateway is a valuable security enforcing component. It acts as a single point of entry for all consumers, insulating them from multiple service providers, geographical locations, etc.
  • API Manager – Enables API producers to engage partners and developers and help them onboard, manage and test their Apps. API providers can publish, document, promote and support their API’s, and App developers can easily find, consume and get support for the API’s their Apps use
  • API Analytics – Provides real-time insights into the business and optimize the delivery and value of API’s. Leverages the collected API data to generate predictive analytics dashboards analyzing trends and outliers.

This does not mean all API Management software vendors implement components matching the blocks – the capabilities made available by each block should however be provided.

2 – Platform capabilities

The complexity of today’s IT systems coupled with the need for lean and agile enterprises is demanding very mature API ecosystems. Looking at building block capabilities, it is crucial organizations enable API Management platforms catering for consumer grade digital services.

The complexity of today’s IT systems coupled with the need for lean and agile enterprises is demanding very mature API ecosystems

  • API Gateway

    1. Authentication and Authorization: basic authentication; cookie based authentication; SAML-based authentication; Kerberos-based authentication; digital signature; AppId/Secret management; OAuth 2.0; OpenID Connect; authentication and authorization caching; integration with 3rd party Identity and Access Management providers, and OpenID Connect Providers
    2. Message Security: SSL, TLS, encryption, decryption, WS-Security
    3. Threat protection: Prevention of DDoS attacks, malformed messages or excessive XML/JSON depth and breadth; detection and prevention of SQL, JavaScript or XPath/XQuery injection attacks; validation of message content (XML/JSON structure, form and query parameters); Virus detection; CORS protection
    4. API Mediation: API Composition; routing; transformation; protocol bridging; API aggregation; caching; API anonymization

  • API Manager

    1. API Lifecycle: from Design to Retirement, supporting versioning and coexistence of multiple parallel versions
    2. Document and Test: Swagger; RAML; WADL; WSDL; document upload; test console for developers and partners
    3. Engage and onboard: community portal, enabling a self-service platform for API developers and App developers
    4. Package and License: brings API’s and Apps together through formal consumption contracts; create different packages for different business needs; enforce quotas and service-levels based on the type of license; API monetization

  • API Analytics

    1. API usage trends: segment the audience by top developers and apps; understand usage by API method to know where to invest; create custom reports on business or operational-level information
    2. Real-time monitoring: all the information is gathered, analyzed, and provided immediately
    3. Analytics answered questions: Which API methods are most popular? How much API capacity will be needed next year? Why is the API down?
    4. Predictive analytics: understand customer behavior across all digital channels; combine both profile and behavioral data to predict the next best action; turn prediction into action with batch and real-time API’s for all digital channels

3 – A COTS API Management solution is the most efficient path to achieve API ecosystem maturity

Mobile experience, Digital Economy, Cloud adoption and IoT are exponentially increasing the number of organizations’ exposed API’s. Securing them and their underlying systems against external threats and improper consumption has become essential.

Securing them and their underlying systems against external threats and improper consumption has become essential.

The enablement of these new and complex API ecosystems will demand very efficient API Lifecycle Management and visibility on API insights and health trends. Only API Management can augment the effectiveness of the Software Development Lifecycle, contributing to increased business agility.

The most straightforward path for a rapid API ecosystem enablement, is the procurement of one of the many API Management platforms available on the market. The offering of such platforms has gone beyond traditional Integration/ESB vendors (Oracle, TIBCO, IBM, etc.) and nowadays multiple other market players offer reliable and scalable solutions.

API management platforms
A recently observed trend is the offering of SaaS centric platforms, which pave the road to hybrid integration platforms. In these offers, the Manager and the Analytics components are hosted in the cloud, and the Gateway truly portrays the hybrid model. – For cloud integration patterns, the Gateway sits on the SaaS close to the Manager and Analytics components; for ground integration patterns, a Gateway software appliance is offered, which can be deployed on premise and is tightly integrated with the SaaS components.

Whichever deployment model is chosen (cloud, ground, hybrid), the benefits of licensing a best of breed platform will become indisputable.