What is API Management?

When you have a number of APIs you need to be able to manage them. When you start creating APIs, and the number is low, there is nothing much to manage. You just create them and use them. Over time, as you expand the usage of your existing APIs, and create new business use cases, you need to save time, be efficient, and make sure you do not duplicate efforts.

This is where API management comes in. API Management helps you to manage, control, monitor and analyze the APIs for their usage and usefulness.

API Lifecycle & Governance

When managing APIs, we need to pay attention to the API development lifecycle. When we need a new API, we need to

  1. Design
  2. Develop
  3. Deploy

that API.

In API management, API publishing tools are meant to help with these lifecycle activities.

As the number of APIs being produced by an organization increases, there is a good chance that there will be needs to cut down re-work, manage change requests, discover current APIs that serve similar purposes before developing new ones. For these, we need API management governance tools.

It could be as simple as an API store to help discover current APIs, their purpose, the versions, data formats, authors and governance decision makers.

Reuse rather than build should be the mantra used when it comes to managing API development lifecycle.

API Store and Developer Portal

The API store, in addition to serving lifecycle management governance needs mentioned about, would also serve the purpose of helping API consumers find the APIs that suits their needs.

Once the developers of B2B or B2C applications find their APIs, the API manager will help these API consumers explore, try out, prototype, test and observe the API behaviors through the API store.

API Runtime and Gateway

Once you deploy your API to production for consumption by API developers, you need to be able to manage and monitor the runtime. API manager help achieve these objectives though an API gateway.

An API Gateway is similar to a central bus through which all your PAI requests would be routed to the various APIs being called. You can use the API gateway as the one stop shop point for tracking and monitoring all calls. While you can provide analytics on APIs based on the monitoring done by the API gateway, there are other critical objectives that are served by an API gateway in API management.

  1. Policy enforcement
  2. Key management
  3. Traffic management

Policy Enforcement

When you have a bunch of APIs, and a bunch of consumers interested in consuming those APIs, you need to pay attention to the quality of service (QoS) criteria. Some example for QoS policies includes traffic volume and associated request throttling, throughput and response times and security. Based on the tiers of consumers and the related priorities they get; the policies will govern the request flows and responses though API gateway’s policy enforcement capabilities.

Key Management

When invoking APIs, the way to identify the consumers is to issue them with keys that they can present when invoking the APIs. There are various standards such as OAuth2 that are used in key management. While API gateway acts as the central point responsible to for key validation, it is a common practice in API management to offload key management to separate key manager entity.

Traffic Management

Traffic management is a primary element in throttling requests and enforcing throttling policies. When you have tiered API consumers such as platinum, gold, silver, you cannot let silver consumers to overload and occupy the bandwidth. Hence you need traffic manager who is capable of request policing and serving the right tiers with right priority in the request and response traffic bandwidth.