API Academy

Sponsored by Layer7

API Management 103: Choosing a Solution

By Ronnie MitraPosted on

In Lesson 102: Architectural Components, we explain the key technology components required for a full-featured API Management solution. There are various solutions currently on the market, a number of which meet these basic requirements. In this lesson, we provide more practical advice on how to choose between specific solutions.

A large enterprise with extensive IT resources may create its own custom API Management solutions in-house. However, there are multiple solutions on the market that offer technology components versatile enough to fit a wide range of use cases, empowering just about any organization to be quick to market with a secure, high-functioning API infrastructure.

With various solutions available that are able to offer the core technology components necessary for enterprise-grade API Management, choosing a vendor is a matter of identifying who is offering the technology that best addresses the specific business and technical requirements of your API program. Every organization’s API program will be unique and no two will have the same requirements, which is precisely why some organizations will opt for in-house solutions. However, there are certain functional and operational characteristics that will allow a solution to meet the business and technical needs of most enterprise-level API programs. These characteristics may not all be important to smaller organizations. However, for large enterprises, the risks involved in exposing backend systems via APIs can be considerable and the negative effects of an improperly managed API program can highly significant in terms of data security, customer privacy, integration costs, backend availability and more. Furthermore, while various API Management solutions will fulfil the core requirements, there are certain functional and operational characteristics that differentiate the most full-functioned solutions on the market. Below, we outline the most important differentiating characteristics of truly enterprise-grade API Management solutions. Functional Characteristics for Business Requirements

  • API Security In enterprise scenarios, API publishing requires the highest possible level of security to protect the often valuable or sensitive data and application resources they expose, in order to prevent misuse or unauthorized access.
  • Lifecycle Management It is essential to ensure that the process of moving new APIs and API updates through the development lifecycle (from dev, to testing, to production) does not break the interfaces themselves or the client applications these interfaces support.
  • Governance To maintain service-level agreements, ensure APIs remain available and comply with regulatory requirements, enterprises need ways to control and track the health, performance and usage of their APIs.
  • Developer Experience In order to empower developers to create client apps that generate real business value, while maintaining governance over API usage and permissions, an API Portal component must deliver the full range of developer engagement and management features.
  • Monetization Many enterprise use cases will additionally require that an API Management solution includes functionality that simplifies the process of generating revenue directly from APIs (e.g. by charging developers for interface access).

Operational Characteristics for Technical Requirements

  • Solution Security Since any API Gateway will be deployed in the DMZ, between the public Internet and the trusted zone on premise, it must be able to satisfy enterprise-class security requirements such PCI compliance and FIPS.
  • Manageability A typical enterprise will have dev, test and production environments that span geographical locations and the cloud. It will therefore need a solution with centralized components for managing Gateway clusters and interface development processes.
  • Reliability Enterprises need to maximize API uptime and cannot afford interface outages that stop client apps from functioning. So, API Management infrastructure must allow for clustering and scaling, in order to ensure failover and availability.

So, while it is important to select an API Management solution that delivers all the key functionality for enterprise use cases, it is also vital to choose a solution that is technically capable of supporting enterprise-scale deployment. Crucially, a solution must also be flexible enough to adapt to the unique needs of the specific API program and enterprise architecture.