Selecting the best API management tools is critical to supporting your digital initiatives, platforms, and transformation. But what correlates to success?
As we walk through some of the key criteria to look for in an API management vendor, we’ll provide a top vendor list to help further guide you in the right direction.
Industry shifts: look through the lens of what’s new
The biggest industry shift in API management today is the move from single-vendor centralized gateways to federated, multi-gateway control planes. Enterprises now run 3-4 different API management vendors at once (AWS, Azure, Apigee, Kong, MuleSoft, Axway) because of acquisitions, hybrid-cloud needs, and team autonomy. The vendor selection question is no longer which gateway to buy but which federation layer can govern all of them.
In an ever-evolving market, it’s essential to pause and consider what’s changed in the last year or so. Reflecting on these industry shifts can help you identify ways to extend your enterprise’s coverage, use more automation, or achieve a broader reach , or perhaps a combination of these elements.
Let’s pull back the curtain on some of the most significant industry shifts and how they factor into the choice of an API management vendor.
The shift toward cloud-based environments
Where do your applications and systems live?
For many modern enterprises, the answer to this question includes the cloud. 77% of enterprises have at least one application or part of their computing infrastructure in the cloud, and 82% of IT leaders reported adopting a hybrid cloud where applications are split between public cloud, private cloud, and on-prem environments.
Amid this shift in API activity, many enterprises are faced with a balancing act where they need to create API facades that support legacy tech while supporting a new wave of hybrid architectures that straddle multiple environments.
API management tools must enable deployment across these environments (present day and in the future). Yet, it’s even more critical to ensure an API management platform can provide the same level of rich security, successfully address complex workflows, and capture all API traffic across these various environments.
The shift toward automated security measures
Considering the assets, data, and digital experiences at stake, API security is a top priority , and its importance has only grown in light of the growing API sprawl.
In a 2022 survey of IT experts from 350 companies, 41% reported their organization had an API security incident in the past year. Of those companies that experienced an incident, 63% dealt with a data breach or data loss.
Does your API management tool have security in its DNA?
While backed by industry-level security best practices and data protection regulations, the modern API management tool you choose should feature real-time monitoring tools, so vulnerabilities are automatically detected and businesses can shore up weak points.
The use of an open API management platform further supports these efforts. With a centralized view and governance over data flow across multiple environments and teams apt to change over time, you’ll have the flexibility to strengthen your existing technologies and replace outdated ones to maintain a strong security posture.
The shift to APIs as products
The way enterprises think about APIs has evolved from the idea of projects to products. And for good reason: the API economy is booming.
Businesses worldwide are leveraging the power of existing products and services to help scale their business initiatives in a fraction of the time. We can see this integration in travel websites like Expedia that pull in airline and hotel information and ride-share services like Uber that pull web mapping platforms into their interface.
Who will drive the consumption and adoption of your APIs as you scale?
There are some reliable platforms for developers on the market, offering features and functions focused on rich design or continuous integration. Others may fall under the category of enterprise serial bus (ESB) platforms with API facades that serve to address business needs but can take years to launch and are expensive to learn.
The API management platform you choose should cater to both parties. Developers should have the means to efficiently build and scale, while digital product managers should be able to innovate quickly and launch new offerings.
To this end, API management platforms need to enable the discovery, management, and control of integrations and APIs , in conjunction with other integration patterns , in a multi-vendor manner. A complete view and control of enterprise assets set the foundation for helping you execute faster and differentiate yourself in the market.
While these efforts support an API product-driven strategy, it’s also essential to think about how audiences will find these APIs in the first place. A user-friendly API marketplace that caters to both developers and digital product managers supports API consumption and boosts monetization opportunities.
Meet the top API management vendors
The top API management vendors fall into three buckets: cloud-native gateways tightly coupled to a single cloud (AWS API Gateway, Azure API Management), full-platform vendors with portal and analytics included (Axway Amplify, Apigee, MuleSoft Anypoint, IBM API Connect, Kong Konnect), and federated platforms that govern multiple vendor gateways at once (Axway Amplify Fusion, Gravitee). Picking depends less on raw gateway features and more on whether you need to govern multiple gateway runtimes.
With these key market trends in mind, you’re ready to evaluate potential API management vendors. Here are some leading API management platforms to consider.
1. Apigee
Apigee API Management is cloud-native but works on-premises. The platform supports enterprise-grade application flows and has a strong set of industry API accelerators. However, it is increasingly reliant on the company’s broader Google Cloud Platform for advanced capabilities.
2. Axway
Axway Amplify Platform offers a secure, open design that empowers organizations to tap into the full value of the digital ecosystem and use the IT infrastructure they already have in place. The platform provides a single-pane-of-glass view to control APIs and integrations across all environments and repositories. The launch of Amplify Enterprise Marketplace confirms a strong emphasis on generating business value, making it easy to productize and package APIs for consumption.
3. Kong
Kong is an open-source company that creates, manages, and extends your APIs and microservices. They have invested heavily in development and testing, and are centered on developers as opposed to offering reliable tools for product managers or governance.
4. MuleSoft, a Salesforce company
The API platform from MuleSoft creates an application network of apps, data, and devices, both on-premises and in the cloud. This hybrid integration platform includes iPaaS, ESB, and a unified solution for API management, design, and publishing, but its vision for universal API management requires the use of the vendor’s own flex gateway to truly be realized.
5. Akana
Acquired by Perforce, the Akana API management platform continues to strongly focus on portal-focused implementations that protect an enterprise’s REST-based APIs and corresponding flows.
6. Broadcom
Broadcom has shifted its focus to mainframe customers and select enterprise API management customers. The platform’s strong security focus has received investments for modernization to support cloud growth. However, the platform does not have a strong emphasis on developer experience or microservices.
7. IBM
IBM API Connect has been around a long time , starting with Data Power appliances, evolving to API Connect, and now navigating the merging of 3scale by RedHat. The platform has a strong focus on digital products that go beyond REST, but lacks interoperability with third-party gateways
8. Boomi
Boomi promotes itself as an “enterprise integration platform-as-a-service , no hardware or software to manage.” Dell Boomi provides on-prem and cloud offerings with lightweight API management functionality that tends to be complemented by other vendors where feature depth and enhanced security are required.
9. Amazon API Gateway (AWS)
Leading cloud provider AWS offers Amazon API Gateway, which is easy to set up and get running, but short on features. That’s because the platform is meant to be a pathway to other AWS services and can only be deployed in AWS environments.
Axway couples its platform with AWS cloud services to instantiate secure and scalable digital integration solutions that provide compliance services for their customers.
10. Azure
A key enterprise cloud provider, Microsoft Azure has added immense value to their cloud stack. The focus for Azure is not API management, but the company offers a simple, lightweight out-of-the-box solution for its cloud clients.
Enterprises requiring enhanced security, complex workloads, and extensibility to other integration patterns prefer to deploy an APIM solution, such as Axway’s Amplify Platform, in the Azure cloud.
Prepare for the future: invest in the right API management tool
Federated vs single-vendor API management
The biggest fork in vendor selection today is whether to standardize on one vendor end to end or run a federated platform that governs multiple vendor gateways.
- Single-vendor approach. Pick one platform (AWS, Apigee, Kong, MuleSoft, Axway Amplify) and route everything through it. Easier to operate, but every new acquisition, partner integration, or cloud expansion that comes with its own gateway becomes a forced migration.
- Federated approach. Run a federation layer (Amplify Fusion, Gravitee, IBM API Connect federated) on top of whatever gateways already exist. Slightly more complex to operate, but acquisitions and new deployments fit in with no re-platforming.
For organizations with a single-cloud strategy and no acquisitions, single-vendor still wins. For everyone else, the federated approach is now the safer bet because it never forces a re-platforming when reality changes.
How to evaluate API management vendors: a 7-criteria scorecard
Score each candidate vendor against these seven criteria. Anything below 4 out of 5 on any criterion is a yellow flag.
| Criterion | What to check | Weight |
|---|---|---|
| Multi-gateway federation | Does it govern AWS, Azure, Apigee, Kong, MuleSoft from one control plane, or only its own gateway? | High |
| Protocol coverage | REST, SOAP, GraphQL, gRPC, AsyncAPI/events, all first-class? | High |
| Developer experience | Self-service portal, key issuance, sandbox, code samples, in-portal testing? | High |
| Security and compliance | OAuth 2.0, OIDC, mTLS, OWASP API Top 10 coverage, audit logging, regulatory certifications | High |
| Analytics depth | Operational, product, security metrics per API per consumer with business KPI overlay | Medium |
| Monetization | Metering, tiered packaging, billing integration, contract enforcement | Medium |
| Deployment flexibility | Public cloud, private cloud, on-premises, hybrid edge, all from one platform | Medium |
Investing in the right API management tool means picking for the next 5 years, not the current quarter. The three forces shaping that horizon are multi-gateway federation (your estate will have more than one gateway), event-driven APIs (Kafka and Solace traffic needs the same governance as REST), and AI-driven discovery (shadow APIs will be found and governed automatically). A vendor that covers all three is positioned for what is coming, not just what is here.
Technology investments and implementations are never easy, and the time allotted to this task continues to shrink. There are a few resources than can help you select an API management vendor:
- Analyst reports: reports from reputable analysts like Gartner and Forrester can help you assess a vendor’s standing and capabilities. Because they are independent, you’ll get an unbiased overview of the market and pros and cons of different solutions.
- Peer customer reviews: hearing what other users have to say about a solution can be a helpful element in the decision process. G2, for example, rates products based on data sourced from product reviews shared on G2 as well as other online sources and social networks.
Demands for faster time-to-market, scalability, and a degree of flexibility to customize solutions are all points of emphasis in current API management initiatives.
This balance of business and technical concepts reflects the current state of API management. It’s time to move beyond simply finding a gateway for APIs. Enterprises need full lifecycle API management alongside a marketplace for effective distribution.
Get complimentary access to the 2024 Gartner® Magic Quadrant™ for API Management for a more in-depth look at vendor pros and cons.
Gartner® Magic Quadrant™ for API Management, Shameen Pillai, John Santoro, Nicholas Carter, Andrew Humphreys, Mark O’Neill, 16 October 2024
The report was published as Magic Quadrant for Application Services Governance for the year 2013 and 2015, as Magic Quadrant for Full Life Cycle API Management for 2016; 2019-2022, Axway was recognized as Axway (Vordel) in 2013.
Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.