How to choose an API management platform for your business

【51CTO.com Quick Translation】As we all know, API is an interface. You can use such an interface to pass business functions and business data to customers as valuable information. For example, a retail store can sell its products to customers who stay at home through API. Obviously, if you want to grow your business, you need to reach more customers. API can meet this need. With API, you can virtually connect with customers, partners, and even other employees to build a complete supply chain.

[[331977]]

It can be seen that the basic idea of ​​API is to build a business function interface that is exposed to internal and external users. The most common and widely adopted mechanism (or protocol) for exposing services through the Internet (or intranet) is REST over HTTP. You can define the interface as a contract between the client and the system. Such contracts can be defined by using standards such as Swagger, Open API Specification (OAS) or RAML. Once a standard mechanism is used to define the interface (contract), users can prepare their client applications (including mobile and web applications) based on it without having to consider what is happening behind the contract and inside the business application.

Then, the interface component that hosts all these interfaces so that customers can access them is called an API gateway. Next, let's take a look at how the API gateway delivers business functions to users through APIs.

Figure: Using API Gateway to expose business functions to users

As shown in the figure above, users can contact the API gateway to obtain the business functions required by the client application. You can imagine the gateway as a doorman or receptionist, which usually needs to have the following functions:

• Managed APIs based on standard formats (e.g. REST, Swagger, OAS).
• Allow multiple users to access simultaneously.
• Use some form of authentication to authenticate API users.

Of course, as your API program becomes more popular, you may also use or provide many other advanced features.

How to make your API popular?

Now, let’s look at two typical examples of using an API gateway to open specific functions and data to internal and external users to improve business processes.

• An insurance agency exposed a set of APIs to insurance brokers to register new deals and generate quotes for clients, saving brokers and the organization a lot of time and effort.
• A manufacturing organization exposes a set of APIs to dealers to check the availability of certain products in the production line and make order and pickup decisions based on that availability, thereby assisting dealers in planning their sales, orders, and shipping arrangements.

Currently, we have many ways to reach new customers. One of the simpler ways is to develop and publish mobile applications to places such as the Google Play Store or the Apple App Store. Of course, we need to carry out a series of marketing efforts to promote the popular download of the application.

However, with APIs, we can create value by publishing them to the outside world and making them available for people to call. To do this, we need to use an API store or developer portal to make our APIs discoverable and interact with the entire architecture.

Figure: Expand your API usage through the developer portal

As shown in the figure above, the developer portal allows external developers to use your API and build a better experience that integrates with their current applications. For example, a car sales company can use the insurance company's API to allow car buyers to obtain the corresponding insurance directly from the application where they purchased the car. As you can see, the developer portal can provide the following basic functions:

• Provide an API catalog for users to easily search and browse.
• The API and its usage are fully introduced through relevant documents.
• Provides a mechanism for testing the various functions of the API (optional).

To improve overall efficiency when interacting with external developers, some API management products also include advanced features such as:

• Provide API rating and review capabilities for each.
• Ability to share API via social media.
• API usage analysis.
• Fine-grained API security configuration.
• API monetization status.

You can choose an API management platform with the above functions as needed.

How to scale your API strategy within your organization?

Let's consider a situation where the accounting department within an organization is ready to "move in" to an existing API platform. They not only want to become a consumer of the API, but also want to host their own API for use by other internal departments. The simplest way to meet this requirement is to obtain the specific requirements of the API from the accounting department, start developing it, and then publish it under the supervision of the team that manages the API platform. However, this approach is prone to various bottlenecks in the process, and the popular agile development and delivery practices are not suitable. Here, we need to introduce the concept of API Federation. Its basic idea is that we should be able to jointly manage the API platform according to the needs of different departments, rather than having a single team have the final say. Based on this, the platform should be able to provide each department with the necessary independence and agility, and be able to develop and maintain its own set of APIs and security policies.

Of course, this doesn't necessarily mean that you should deploy a separate API platform for each department. Instead, you can use the concept of "multi-tenancy" to share the same API platform between multiple departments. The benefits of this move include: greater flexibility, lower costs, and an API platform that is more easily adopted.

Figure: Expanding the API platform within an organization through Federation

As shown in the figure above, a set of new APIs that are convenient for internal business departments to use are deployed to the API gateway. They are developed by developers from various business departments, so only users in that department can view these APIs in the developer portal and execute them in the gateway.

Of course, we need to have specific role-based or group-based access control capabilities at the gateway level, and corresponding visibility controls at the developer portal level. Currently, most API management vendors are able to support such requirements through "multi-tenancy" capabilities.

How to make your API platform cloud-native?

In order to design the API platform for the future, we often need it to have cloud-native features. In other words, our API platform needs to have the four major advantages of cloud services: high availability, elastic scalability, cost savings, and pay-as-you-go.

Scalability and maintainability are mainly due to modular architecture. If you integrate all functions into a single application, scalability will become quite difficult. Here, we can use concepts such as microservice architecture to achieve this. That is, after dividing functional components into compatible but independent modules, our deployment will become more flexible. Next, let's take a look at how to define a cloud-native architecture for the API platform.

Figure: Modular API platform with micro-gateway

In the previous article, we discussed that the API Gateway and the API Developer Portal are considered as separate components. In the above figure, we also consider the security part of the API Gateway as a separate component and call it API Key Management so that it can independently handle security-related requirements.

Here, we also introduce two additional modules for API analysis and API development. If you want to analyze the usage of APIs based on different parameters and make decisions based on them, then the API analysis component is most suitable for such needs. The API development component is the component that API developers need to interact with when building APIs. It can be based on a GUI interface or tied to a source code management system and a build pipeline like Jenkins for a fully automated process.

Another key point in the above diagram is the separation of internal and external gateways. It ensures that different APIs do not affect each other during execution or runtime. In addition, the gray hexagonal components in the diagram describe micro gateways that can be used in certain use cases. You need to deploy a specific API or a set of APIs that can run independently of other components in an isolated runtime.

Finally, all components with docker icons in the figure can be deployed to cloud-native platforms like docker. You can choose the following infrastructure types based on the actual situation of your company and project:

• Local (Physical/VM)
• IaaS (VM-based)
• Container
• Kubernetes

Platform selection

With the basic introduction of API platforms in the previous article, you must want to know what API management platforms are available. Here are five common providers I have listed for you:

• IBM API Connect(https://www.ibm.com/cloud/api-connect)
• Apigee(https://cloud.google.com/apigee)
• WSO2 API Manager(https://wso2.com/api-management/)
• Kong Enterprise(https://konghq.com/products/kong-enterprise/)
• Mulesoft anypoint platform(https://www.mulesoft.com/platform/enterprise-integration)

Original title: How to Select an API Management Platform for Your Business

[Translated by 51CTO. Please indicate the original translator and source as 51CTO.com when reprinting on partner sites]