API Management

ETL streaming through a data pipeline

An Application Programming Interface (API) provides a method for two software applications to communicate. In the early days of computing, programs ran as monoliths that executed serially as batches, so they did not need interconnection other than internal function and subroutine calls that passed parameters using shared memory structures.

Program-to-program communications can be as simple as invoking a service, routine or method and handling the response, which can indicate success or failure. A more sophisticated program call might invoke a web service, passing it a list of parameters and capturing the results from a transaction.

With the emergence of client-server and three-tier architectures, applications were increasingly encapsulated in code that could be called using remote procedure calls over local area networks (LAN), wide area networks (WAN), and Internet connections. Over time, applications have become increasingly disaggregated, deploying components across distributed networks using APIs to pass data between them.

Modern applications can be architected using a network of microservices which can be built in-house and using third-party components. Containerization has made it possible for applications to become more portable because they can take their software stack with them. This increase in application complexity and interoperability has driven API management solutions’ rise and general adoption. Distributed computing and distributed applications are here to stay.

Image of Woman working at computer screen with graphs and charts overlayed on image representing API Management

What is API Management?

Interaction among microservices architectures favors HTTP-based APIs. These APIs connect microservices to enable distributed applications. Businesses need tools to ensure compliance with corporate policies, allowing governance to grant appropriate levels of security to given services. API management takes a holistic, business-wide approach to the management of application-to-application communications that vets, documents, and enables administration and oversight over all approved APIs. Adopting an API-first approach is popular as applications can be built faster and with greater flexibility than more traditional approaches. However, the use of third-party APIs carries security, financial and potential regulatory risks that API management solutions help to mitigate.

How API Management Works

API management takes a full-lifecycle approach to onboarding, operating, and retiring APIs. APIs are validated by ensuring the responses to calls are delivered as expected and that they cannot be hijacked with malicious code. API documentation is verified. Stress testing ensures that the expected transaction volumes can be handled appropriately. Many API management solutions help businesses create facades to simulate a calling application to facilitate testing.

Once an application has been approved for use, it can be published in a catalog or store. Operational controls such as keeping all approved APIs behind a static IP address with additional authentication keys help developers to find and secure APIs. Administrators can impose quotas on the number of calls permitted for example, in the case of vendors who charge for API calls or impose ceilings to maintain service levels.

Components of API Management

The primary user-facing component of an API management solution is the API portal. The portal is where developers can onboard, deploy and document their APIs. The API policy manager defines how APIs will be used regarding security, usage, performance, and retirement. The API analytics component provides usage information. An API gateway can be used as a middleman to present an external facing interface while hiding internal API capabilities.

What is API Management Used For?

Businesses need API management tools to support their need to build and deploy applications faster while supporting the need to monitor and enforce corporate policies. API management is used to build, secure, test, document, operate and retire APIs. Vendors focus on different technology aspects such as security, ease of use, scalability, caching, or policy management.

Benefits of API Management

The scope of API management is growing as solutions mature. Below are some key benefits of common API management solutions:

  • Enables businesses to be more agile by deploying new services faster using modern microservices-based applications.
  • Complete Lifecycle management, from helping developers build an API through testing, and deployment to eventual retirement.
  • Easing the management of APIs by providing a single pane for assessing usage, administrating policies, and controlling security.
  • Providing fine-grained API usage controls, from limiting IP addresses to governing call volumes.
  • Centralized visibility for API usage internally and by business partners through API gateways.
  • Usage analytics for both producers and API consumers.
  • Reduced business risk through tighter API governance and controls.
  • Faster onboarding of business partners.
  • Support API monetization.
  • Accelerated deployment of microservices architected applications.
  • Enabling self-service for partners and developers through API portals and gateways.
  • Increased speed of delivery for integrations using API first approach.
  • Securing applications against unauthorized access and threats.
  • Protecting sensitive data from cyber threats.

What is API Architecture?

API architecture reflects how the API is built, how architects can share API components with multiple APIs, API exposure, and ongoing maintenance. The API architect needs to prevent inconsistencies between related APIs, control API sprawl and identify off-the-mark designs that fail to meet specific client demands. An API architecture describes the features that will be available, the way in which the design will secure or authenticate those features, and how a given software system will handle and scale API calls for simultaneous interactions.

Actian DataConnect is an easy-to-use, versatile hybrid integration platform that supports a wide range of use cases in every industry.

API Management Platform

An API management platform can provide a broad range of capabilities including:

  • Securing APIs from unauthorized access and threats.
  • Protecting sensitive data from hackers.
  • The ability to limit API invocations to contain costs.
  • Limit call rates to protect called services from being overwhelmed.
  • Mock responses to a defined subset of calls.
  • Set quotas for lifetime call volumes or limit network bandwidth use.
  • Support lifecycle management, helping developers build an API, test, publish and retire APIs.
  • Providing a single management pane for monitoring and administrating APIs.
  • Enabling fine-grained API usage such as limiting IP addresses and call volumes.
  • Creating API gateways for third parties to consume internal services.
  • Monitoring usage analytics.
  • Providing a means to enforce API governance through controls.
  • Caching often uses APIs to support service-level delivery requirements.
Conceptual illustration with Icons representing data and reporting which represent an API Management platform