API management is more important than ever for delivering a secure and consistent data strategy that can evolve with emerging requirements.
But, as APIs take an increasingly critical role in digital interactions inside and outside your enterprise, you may be reexamining existing – and considering new – vendor solutions for managing them.
The market has been traditionally shaped by the larger vendors that provide comprehensive API management. Now, smaller companies or startups, which are tackling aspects like testing, security, marketplaces, etc. (some with open-sourced solutions), are entering the market. With all these young and exciting companies coming into the picture, it is a good time to ask: Is API management still relevant?
To answer this question, let’s look at essential API management capabilities today, and the trends in the market that will shape API management in the next few years.
WHERE IS API MANAGEMENT NOW?
IT architects are tasked with supporting and delivering APIs in a world where there are malicious attackers on the outside, multiple stakeholders on the inside, and new technologies popping up every day. API management can play a central role in ensuring APIs and the data they share is secure, helping you gain more value from your APIs, and delivering stable operations. But your API management platform needs to include several core capabilities.
API mediation: Mediation is a layer of logic between the application providing the service and the API consumer. One common capability in this category is protocol translation. Say you have a legacy SOAP application that you want to expose as REST; the API gateway enables bridging these two different API styles. You can also mash up multiple APIs to expose their data as a single API. This includes reducing the number of calls by chaining up the APIs to invoke them in sequence, or bundling multiple APIs, including third party APIs, to enhance the exposed data. API gateways let you unlock many more mediation capabilities that would take additional coding with the click of a few buttons.
Threat protection: APIs expose data that includes your trade secrets to the wider public. You want to protect them as if the life of your business depends on it – in fact, it does… Lately, several data breaches caused by improperly securing APIs cost big brands some big bucks. API gateways provide out-of-the-box protection against bot attacks, unauthorized usage, viruses that may corrupt your backend systems, and other malicious software.
Analytics and reporting: Just like anything you invest money in, you want to measure the return on your API investments. API portals and gateways enable organizations analyze API programs with advanced analytics capabilities. API traffic, the number of users, the availability of APIs, the most popular APIs, the APIs that generate the most revenue are only a few of the metrics that you can analyze with an API management solution.
API Monetization: Maybe you want to generate direct revenue from APIs, in addition to the revenue they generate, by making your data available for wider access. Leading API management solutions enable API subscriptions that provide additional revenue streams by exposing APIs that some would pay to use.
Access management: You want a standardized workflow in your organization to manage those users who can access your APIs. API management lets you take advantage of various standards such as SAML, OpenID Connect, LDAP, OAuth, JWT, Kerberos to keep a tight grip on who accesses what.
API marketplaces: API management vendors provide portals that you can open as a storefront for your APIs. You can customize the look and feel of your marketplace, add APIs wherever they are hosted, and manage who can see which APIs on these marketplaces. API management vendors provide all these capabilities and more to create a unique and compelling developer experience to attract as many users as possible to your platforms.
Documentation: One of the biggest obstacles to API adoption is the lack of good documentation. A good API gateway and portal lets you share your API definition file in different formats. Moreover, they let you share additional documentation in the form of PDF, PowerPoint, XLSX, TXT, JPEG and other file formats to provide additional instruction, charts, or copyright documents.
Hybrid and multi-cloud deployment: If your enterprise has many customers, branches, business units, and spans a wide range of geographies, you need to operate in different mediums. You may have legacy on-premises infrastructures and complement those with a multi-cloud deployment or server-less architectures to meet your customers’ demands, wherever they are and whatever their needs may be. A hybrid API management solution lets you deliver your APIs in a consistent and portable manner and provide a standardized user interface.
Self-service: API gateways provide ways to ease the jobs of your IT managers by enabling automated workflows. This includes user onboarding, global policies that you can set up so that you don’t have repeat the same settings for each API, or application approval flows. This frees up capacity in your organization to spend the time you saved from these mundane tasks to better use.
Event-driven architectures: Event-driven architectures have recently gained traction to transform application delivery into more dynamic implementations. API gateways enable proxying event-driven APIs to manage and secure them. In addition, gateways and portals are also enabling event-driven interfaces which generate actionable notifications for API events such as creation or update. This way, you can know what happened as soon as it happened to monitor API management events or kick off workflows on updates.
Service mesh: Perhaps you want to implement your applications in a microservices architecture to enable agility and reusability. Service meshes make the managing and networking of microservices easier by creating a control layer where you define the rules of microservices transactions. A good API management solution vendor will let you integrate your service mesh into the API management layer to create APIs from microservices for wider use and enhance those microservices with industry-tested API security and mediation features.
These are only some of the capabilities that you would get out of the box from a leading API management solution today. You shouldn’t have to do extra coding or cobble together different solutions to have access to these features.
But what’s interesting are some of the exciting trends that are changing the world of API management.
See why Software AG is named a Leader in API management in the 2021 Gartner® Magic Quadrant™ for Full Life Cycle API Management report here.
WHERE IS API MANAGEMENT GOING?
API observability: With distributed multi-cloud application delivery, you might easily lose track of where your applications are hosted. A trend that is gaining traction is a single place to list all your APIs and gateways wherever they are hosted. This will give you centralized control over your API landscape without having to connect to and interact with different solutions.
API supply chain: Many protocols have been created for user authentication to make sure that only authorized users can access your APIs. If you flipped this logic, how do you make sure that your users are calling the APIs that they think they are calling? How can you make sure that some malicious software isn’t imitating your APIs to steal your users’ data? API management vendors are working on ways to ensure that your API supply chain is protected from these types of attacks to ensure the security of your users.
Asset discoverability: Developer portals have great potential to evolve more than providing a storefront for your APIs only. They can also be a storefront for all your assets: B2B integrations, integration connectors, or events. This would improve the developer experience even more by providing a single place for asset discoverability and access so that they only need to interact with a single portal.
Artificial intelligence/machine learning: API management is of course getting its fair share of advances in these technologies and vendors are working on integrating them into their offerings. Some applications that they are considering are around threat detection and predictive analytics for business value reporting. With these additional capabilities, API gateways will be able to provide intelligent analysis on top of the data that it provides currently and be able to take automated actions.
Command query responsibility segregation (CQRS): This is a pattern that separates reading and writing to a datastore. What this means for APIs is making sure that your users are getting the most up-to-date data when an application is concurrently posting to the same database. API management vendors are working on ways to create this segregation that will be especially valuable for banking, retail, and supply chain applications.
WHAT IS THE BEST APPROACH TO COVER ALL THESE REQUIREMENTS?
Many small vendors deliver a few of these capabilities; but it would take a long time and a lot of effort to create something that resembles what the industry-leading API management vendors provide with their tried-and-true gateways and portals.
While the API market has been constantly changing with different standards and specifications, these leading vendors have been enhancing their offerings by listening to customers and building expertise over the years. They have built comprehensive solutions that satisfy wide-ranging industry requirements.
Still, there is a place for niche players in the API management space. They let you tweak your API programs to provide additional testing or security capabilities, or they are loved by your developers for quickly scraping together solutions. But these players are all complementary to API management platforms that come with a comprehensive set of capabilities. A leading API management solution enables your organization to provide access to its data with consistent authentication and authorization schemes, directly or indirectly gain revenue from the data, and analyze usage and evaluate the API strategy.
It also provides a marketplace for application development with well-defined SLAs, clear policies, and detailed documentation in a single and customizable portal. All these sophisticated capabilities enable API providers to set enterprise standards for data access and create clear workflows for API consumers to create applications. As a result, organizations have peace of mind that their API programs have access to the latest and greatest capabilities without having to keep a checklist of features to be implemented and having to implement those.
Coming back to the question we started with: Is API management dead? No, not at all. With new technologies to enhance organizational capabilities, as well as to hack into systems being developed every day, API management is more relevant than ever for delivering a secure and consistent data strategy that can evolve with emerging requirements.
API management vendors like Software AG can help you get miles ahead of the competition with wide-ranging features and expertise.