Before looking at API Management, let’s start with what is the buzz word of API all about? With the increase of Mobility & SOA and with the advent of MicroServices, it is the need for a comprehensive design to expose services as API and enable better integration, re-use, and agility
So now let’s assume we started designing applications that expose API as services. Take an example of an organization exposing certain services and that are being consumed by some of its Mobile Apps, Web Apps, and other microservices. Below is the typical service consumption integration.
Now this design imposes a lot of problems; a few of the key issues are
- Consumers are vulnerable to dynamic change of service endpoints
- Not flexible on throttling needs of different kind of consumers
- Authentication and Authorization, Security, Policy enforcements are to be managed separately
To solve these problems, we shall apply a pattern called “API Gateway”. An API Gateway provides a single point of entry for all the services exposed as a proxy. This shall provide the design flexibility to handle the below
- Apply Security and Policy enforcement centrally
- Apply Authentication and Authorization
- Not vulnerable to dynamic change of service endpoints
- Monitor service usage
- Route to appropriate service endpoint
- Message transformation as required
Now having known about API and the design pattern of API Gateway implementation, what are the key challenges now in the implementation?
- How the API shall be published and promoted?
- How the API shall be accessed with the required security, access controls, and policy enforcements?
- How the API shall be released and maintained at different versions to support multiple consumers?
- How the API can transform/aggregate the data across different services?
- How the API usage shall be tracked and controlled?
- How the API documentation shall be managed?
- How the API service contract shall be established?
API Management provides features that shall help on solving the above challenges.
A typical API Management provides the below feature set
|
Function |
Features |
|
API Core |
|
|
API Management |
|
|
API Security |
|
|
API Design & Development |
|
|
Endpoint Deployment Support |
|
How does the ESB differ from this API Management?
|
Enterprise Service Bus |
API Management |
|
|
ESB & API Management |
|
|
|
Core Features |
Orchestration, Transformation, Mediation, Transportation, and Security |
Gateway, Security, API Lifecycle Management (Design, Develop, Publish and Manage), Monitor and Monetize, API Chaining, Limited transformation. |
|
ESB and API Management are intended for two different purposes. Though certain functions of API Management overlap with the ESB, it provides the platform that focuses on API Management & Consumption. By letting an Organization expose their API to the external Consumers, it helps the Organization to monetize. |
||
“Most importantly API Management lets Organization expose their API to the external Consumers, and helps Organization monetize”.
Some popular API Management tools:
- CA Layer 7
- IBM API Connect
- Apigee (Google has acquired recently)
- Mulesoft
- Mashery
