Best of Breed API Management Platforms
Whichever deployment model is chosen (cloud, ground, or hybrid), the benefits of licensing a best of breed platform will soon become indisputable.
Join the DZone community and get the full member experience.
Join For FreeIn this follow-up to my previous blog, Why Invest in API Management?, I will highlight the need for very mature API ecosystems. With this blog about the best breed of API management platforms, I discuss questions such as:
What responsibilities are held by such an ecosystem?
What capabilities should it provide?
Why should the make-or-buy decision indisputably result in off-the-shelf solutions?
Platform Responsibilities
From an agnostic perspective, the best breed of API management platforms is comprised of three base building blocks. Assembled together, these will ensure that all APIs exposed by the platform are secured and governed and that there is full visibility on their consumption.
API gateway. Generally positioned as the first line of defense for exposed APIs, the gateway is a valuable security enforcing component. It acts as a single point of entry for all consumers, insulating them from multiple service providers, geographical locations, etc.
API manager. The API manager enables API producers to engage partners and developers and help them onboard, manage, and test their Apps. API providers can publish, document, promote, and support their APIs, and app developers can easily find, consume, and get support.
API analytics. API analytics provide real-time insights into the business and optimize the delivery and value of APIs. They leverage the collected API data to generate predictive analytics dashboards analyzing trends and outliers.
This does not mean all API Management software vendors implement components matching the blocks. The capabilities made available by each block should, however, be provided.
Platform Capabilities
The complexity of today’s IT systems coupled with the need for Lean and Agile enterprises is demanding very mature API ecosystems. Looking at building block capabilities, it is crucial that organizations enable API Management platforms catering for consumer-grade digital services.
API Gateway
Authentication and authorization: Basic authentication; cookie-based authentication; SAML-based authentication; Kerberos-based authentication; digital signature; AppId/Secret management; OAuth 2.0; OpenID Connect; authentication and authorization caching; and integration with third-party Identity and Access Management providers, and OpenID Connect Providers.
Message security: SSL, TLS, encryption, decryption, and WS-Security.
Threat protection: Prevention of DDoS attacks, malformed messages, or excessive XML/JSON depth and breadth; detection and prevention of SQL, JavaScript, or XPath/XQuery injection attacks; validation of message content (XML/JSON structure, form and query parameters); virus detection; and CORS protection.
API Mediation: API composition; routing; transformation; protocol bridging; API aggregation; caching; and API anonymization.
API Manager
API Lifecycle: From Design to Retirement, supporting versioning and coexistence of multiple parallel versions.
Document and Test: Swagger; RAML; WADL; WSDL; document upload; and test console for developers and partners.
Engage and onboard. Community portal, enabling a self-service platform for API developers and app developers.
Package and license. Brings APIs and apps together through formal consumption contracts; creates different packages for different business needs; enforces quotas and service levels based on the type of license; and API monetization.
API Analytics
API usage trends: Segment the audience by top developers and apps; understand usage by API method to know where to invest; create custom reports on business or operational-level information.
Real-time monitoring: All the information is gathered, analyzed, and provided immediately.
Analytics answered questions: Which API methods are most popular? How much API capacity will be needed next year? Why is the API down?
Predictive analytics: Understand customer behavior across all digital channels; combine both profile and behavioral data to predict the next best action; and turn prediction into action with batch and real-time APIs for all digital channels
What Is COTS API Management?
A COTS (Commercial Off the Shelf) management solution is the most efficient path to achieving API ecosystem maturity. Mobile experience, digital economy, cloud adoption, and IoT are exponentially increasing the number of organizations’ exposed APIs. Securing them and their underlying systems against external threats and improper consumption has become essential.
The enablement of these new and complex API ecosystems will demand very efficient API lifecycle management and visibility on API insights and health trends. Only API management can augment the effectiveness of the software development lifecycle, contributing to increased business agility.
The most straightforward path for a rapid API ecosystem enablement is the procurement of one of the many API management platforms available on the market. The offering of such platforms has gone beyond traditional Integration and ESB vendors (such as Oracle, TIBCO, IBM, etc.) and nowadays, multiple other market players offer reliable and scalable solutions.
A recently observed trend is the offering of SaaS-centric platforms, which pave the road to hybrid integration platforms. In these offers, the manager and the analytics components are hosted in the cloud, and the Gateway truly portrays the hybrid model. For cloud integration patterns, the gateway sits on the SaaS close to the manager and analytics components. For ground integration patterns, a Gateway software appliance is offered, which can be deployed on-premise and is tightly integrated with the SaaS components.
Whichever deployment model is chosen (cloud, ground, or hybrid), the benefits of licensing a best of breed platform will become indisputable.
Published at DZone with permission of Manuel Xavier. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments