Many companies are quickly realizing the potential of APIs (application programming interfaces) to better serve their business objectives. APIs enable the sharing of large amounts of data in a quick and efficient way. For example, healthcare organizations have begun to use APIs to share patient information across departments while complying with HIPAA. Another good example is travel websites, which use APIs to aggregate data from airlines. Whatever the business, the need is the same — to share large amounts of data in a secure and efficient manner.
But without tightly-led API management, they can cause more problems than they solve. Poor management can lead to security breaches, unnecessary downtime and lost opportunities for revenue.
So what is API management exactly, and how can businesses effectively implement it?
Get the Complete Primer on API Management
Overview
API management is the process of creating, publishing, maintaining and analyzing your application program interfaces. That’s somewhat vague, but basically it ensures publishers have a high level of visibility into their APIs throughout the entire lifecycle. This allows them to build communities between consumers, report on success, and secure the transfer of information by keeping a close eye on who has access to what.
Get the Complete Primer on API Management
Specialized software makes all this possible in a single, centralized location and often includes additional features to help you best serve your internal and external consumers. To determine which features you should look for, it’s best practice to create a list of software requirements.
Software Requirements
Your business is unique, and therefore, not every platform will serve your needs in the same way. When you begin looking for API management software, you will first need to determine a list of features and functionality (what is typically referred to as a list of requirements) that you want to be included in a prospective system.
Below, you’ll find a list of criteria to consider as you shop for your next system along with an explanation of how each feature can benefit your organization.
General Architecture
General architecture refers to the attributes of the software that meet your technical and operational requirements. You want to make sure the system supports the deployments utilized by your team, whether that’s hybrid, SaaS or customer-managed. Possibly, you need a solution that can integrate with microservice architectures. Whatever your needs are, it’s important to focus closely on them to ensure you don’t choose a system that ends up being incompatible with your current processes.
SaaS, customer-managed and hybrid deployments
Private cloud efficacy without having to make external calls
Consistent codebase across offerings
Multi-tenancy support across various deployment methods
Runtime isolation
Multi-gateway management
Microservice architecture integration
Platform
This grouping refers to the functions of the platform which can affect your existing operations. For instance, you should ask a vendor how their solution handles patches and updates, and how much downtime, if any, is required. On the same note, you could ask if the vendor utilizes blue-green or canary deployments to reduce downtime. You may also wish to investigate the tools used to design the APIs as well as document them to make sure they support the approaches and workflows you prefer.
Apigee’s product lets users publish and manage APIs.
Support for continuous integration
Patch and update management
Design tools
Integrated logging investigation
Blue-green deployment
Canary deployment
OpenAPI/Swagger support
API Gateway
Your API gateway is the programming that sends the client calls to the appropriate place in order to fulfill the necessary service. Software provides users with tools that help manage the flow of these requests. For instance, many platforms have measures in place to prevent traffic spikes. Part of this relies on defining quotas, which limits the consumption of your APIs accordingly. This feature is also used when it comes to monetizing, which we’ll discuss later on.
You may also need a solution that can handle multiple versions of an API and control which consumers can access them. For instance, you might want your internal consumers to have access to all versions, but give your external clients access to just the latest version. If this level of access needs to change frequently, you should also make sure your software provides an agile means of enabling and revoking access to APIs.
Additionally, many systems provide messaging and notifications to help subscribers and API developers communicate throughout the API lifecycle.
Traffic spike prevention
Consumption management via quotas
HTTP/HTTPS support
Versioning
Federated identity
Push notifications
Lifecycle management
Access configuration
Integration
The software you choose may have an integration layer that works behind the API gateway. This integration layer is where several functions take place, such as transformations, schema validation, virtualization and more. All these capabilities help ensure that your APIs are uniform and consistent no matter how the original backend systems were built.
Standard transformations (XML ↔ JSON and SOAP ↔ REST)
Schema validation tools support
Virtualization support
Compression support
JMS-based system support
Dynamic routing
Various protocol support (JMS, WS, MQTT, etc.)
File storage platform integration
Analytics
Analytics provide visibility into how your APIs are being used, allowing you to make critical decisions to improve your business. Analytics are often available in real time, but some systems only offer scheduled reports, so be sure to double-check with your vendor what they offer.
Red Hat 3scale API Management allows users to visualize API usage.
Depending on the software you choose, you can take advantage of daily or weekly reports, which can be sent via email as a CSV file for simple integration with your spreadsheets program. Reports may offer insight into things like traffic averages, top APIs, errors and more, for both internal and external consumers.
Out-of-the-box analytics support
Asynchronous analytics collection
Report export
On-demand reports
Alarm/notification system when rate limits are reached
Security
Securing your APIs is one of the most important management components. This is especially true for organizations in healthcare, government, finances and other highly regulated industries. Depending on the type of data, you will have different security needs in order to prevent a breach.
When choosing a software vendor, you need to make sure they support all the security features your business finds necessary. The list below includes many available protocols; however, your business may not need all of them and may need protocols not listed.
Single sign-on (SSO)
OAuth
Standard API keys
OpenID Connect
App-ID key pair
SSL protocol support
IP address filtering
Referrer domain filtering
Message encryption
Rule-based routing
Payload security
Channel security
Defense against XML and JSON attacks
Low- to no-code security configuration
PCI compliance
Developer Portal
While you may be more interested in the development of your APIs, it’s important not to forget about the user experience of consumer developers. Developer portals help increase brand recognition while also saving your team time and resources when it comes to things like onboarding. The better your documentation is, the easier it is for consumers, which is why some vendors have started offering interactive documentation. Through developer portals, consumers may also have access to personalized metrics or a list of their subscribed APIs.
While these benefits may seem most obvious to those wanting to monetize their APIs, it’s still valuable to create a seamless user experience for your internal clients too. It may even be easier. For instance, when working with internal parties, you likely are willing to share more data with them, which can enhance documentation, making it simpler for your internal consumers to use your APIs.
Portal availability across deployment types (on-premise, cloud, etc.)
Interactive documentation
Developer metrics
Developer portal templates
Portal customization (HTML, CSS)
Ability to withdraw developer keys, either temporarily or permanently
Monetization
Software plays two parts in monetizing your APIs. First, the software supports the technical requirements of monetization. For instance, these types of programs help publishers set up payment options for consumers, which dictate how and when a consumer pays for usage. This may depend on quotas or limits dictated by the publisher. You might also wish to set up incentive programs, which pay consumers a share of your revenue in exchange for actions like embedding advertisements in their websites and mobile apps.
The second way these systems enable monetization is by simply making sure your APIs are always up and running so there’s never an interruption in service.
There’s also all the indirect ways in which software can help monetize. Sometimes you might use your APIs to drive traffic to a particular website or to create brand recognition, as we’ve mentioned above.
Billing support
Support for multiple models of revenue generation
Low- to no-code monetization configuration
Third-party payment system integration
Prepay and/or postpay invoicing
Multi-currency support
Tax compliance
Vendor Evaluation Criteria
When shopping for a new solution, make sure to evaluate the software as well as the vendor. Many companies look for vendors with a history of working with clients in the same industry. You might also check for dedication to API management. Does the vendor have a habit of retiring products after just a couple years, or are they committed to maintaining and updating their system to stay on top of market trends? Do they have a long history in APIs, or is this a new venture for the vendor? There’s no one “right” answer to these questions — it all depends on your needs as an organization.
There are various markers of success and expertise, and the ones you value may be different than what someone else values. Below are a few examples of what you can keep an eye out for.
Activity in industry discourse (publications, conferences, etc.)
Online resources, such as a knowledge base or tutorials
Plan of action for their software offerings in the near future
Responsiveness to client suggestions and feedback
Compatible philosophy
List of clients with similar backgrounds and needs as your own
Get the Complete Primer on API Management
Wrapping Up
API management is necessary to maintain consistent policies. The easiest way to implement these practices is to invest in the right platform for your business. This article should’ve helped you get a better sense of what to look for in a solution, but if you want to learn more about the features and benefits of API management software, make sure to check out our extensive primer asset. It goes into more of what it’s all about, as well as how it can benefit both internal and external APIs.
What is your business looking for in your next API management platform? Did we miss any requirements? Let us know by leaving a comment below!