APIs are the basis of modern software development, according to Abhinav Asthana, founder and CEO of Postman. “APIs define how data and services are shared, updated and managed across millions of programs, apps and companies.”
“API management refers to a portfolio of tools used to create, secure, monitor and govern the application programming interfaces (APIs) that connect individual software components, microservices, data sources and endpoints within a modern application architecture,” said David Chiu, director of API management product marketing at CA Technologies.
Related content: A guide to API management tools
“API management is a technology set that helps organizations do three things,” said Ian Goldsmith, VP of product management for Akana by Rogue Wave Software. “It helps them build the right APIs, build those APIs correctly, and then make sure that those APIs are running as expected.
Why is API management so important?
The importance of API management is directly tied to the importance of APIs said Goldsmith. “APIs are becoming more and more important as a mechanism for all sorts of things from internal integration through developing partner ecosystems through direct business transformation,” he said.
“A lot of companies understand their business really well, but they don’t necessarily understand the technology behind APIs,” said Goldsmith. API management platforms make sure that you are delivering the right API, that it’s working properly, and that you are not introducing security vulnerabilities, he said. It also allows companies to correct identify the proper use of the API, he explained. “As the API becomes more important, the requirements for API become more important.”
APIs are beneficial to the development process in a number of ways, Asthana explained. “APIs support the creation of microservices, helping to define and govern interactions between smaller, more manageable packages of code; and the creation of an API allows content (data or services) to be created once, and shared across many channels. The content can be maintained and updated in parallel with its use, which is determined by the API,” said Asthana.
Asthana explained that since APIs help streamline the development process, they are very important to companies with a significant investment in developers.
“We all expect world-class customer experiences to be convenient, secure and integrated with the rest of our digital lives,” said Chiu. “To accomplish this, enterprises must deliver the right data to the right endpoint at the right time, and many are doing so by modernizing their application architectures to integrate traditional monolithic applications with public or private cloud services, partners, third-party data providers, mobile apps and IoT devices.”
Chiu explained that this architectural model is “reliant on APIs to provide the secure and consistent connectivity needed between endpoints.” Large organizations might need thousands of APIs and each one “is a potential point of failure in terms of security, stability, and scalability,” he said.
“API management brings order to this pattern by establishing a foundation for enterprises to create, secure, monitor and govern hundreds or thousands of APIs consistently across their entire lifecycle,” said Chiu.
According to Chiu, a robust API management solution provides a foundation for a modern application architecture with APIs and microservices, thus creating an agile business. “It reduces critical barriers to innovation and digital transformation, allowing enterprises to respond more quickly to competitive, regulatory and consumer demands for new apps, integrations, business models and technology innovations.”
What makes a good API management solution?
Goldsmith believes that good API management solutions have to have really strong security capabilities. Modern APIs should have OpenID Connect with JWT (JSON Web Tokens) and JKS (Java KeyStore). He noted that there are some newer token types that allow for standalone authentication, skipping the need to verify the token with a server, which is more efficient.
Goldsmith said that having OAuth 2.0 with JWT is critical so having it integrated in a data solution is good. It is also important to be able to manage these certificates and use things such as SNI (Server Name Identification), Goldsmith said.
Related content: What benefits does your company bring to API management?
Traffic management and throttling are also important in an API management tool, said Goldsmith. Being able to “protect backend infrastructure from high-traffic loads and being able to apportion quota capacity across different applications” is needed.
Monitoring is also important, as you need to know real time use of traffic and be able to see historical analysis. In addition to these latter-stage runtime needs, the early stage of building APIs is also important to keep in mind, Goldsmith said.
Asthana believes that it is important for API management solutions to have a breadth of services. According to him, the ecosystem should include key API tools such as API Development Environments, API Integration platforms, and API directories.
“At its core, API management is about speed, security and scale,” said Chiu. Beyond those three qualities, API management solutions should be evaluated from its breadth of functionality and deployment flexibility.
Because the full API lifecycle consists of numerous steps, having robust capabilities spanning those steps “extends both the benefits and value of an API management solution,” said Chiu. He also said that good API management solutions are available in multiple different form factors and deployment options.
As with many solutions, API management is not without its challenges
An API needs support and development throughout its entire lifecycle, said Asthana. He explained that a complete toolchain for API developers will make API development easier.
According to Chiu there are eight key challenges that an API management solution will address.
- “Integrating and modernizing existing systems and services to create a viable application architecture for mobile, cloud and IoT.
- Providing self-service management for API publishers and consumers that can scale to a program with thousands of individual APIs.
- Designing and building APIs and microservices quickly and consistently from a range of new or legacy data sources.
- Building or refactoring an application architecture with the speed, scale and safety needed for a particular enterprise or industry vertical.
- Protecting an enterprise against threats to apps, APIs and services consistently across the application architecture.
- Gaining powerful, actionable insights from monitoring and analysis of API and app performance.
- Incorporating API development and deployment into existing governance and DevOps automation processes.
- Accelerating mobile and IoT development by making it easier for app developers to discover, consume and optimize available APIs.”