At the API Conference that took place in Berlin from September 24-26, 2018, three lessons were discussed. We now come to lesson 2: API Management.
As you may remember from Lesson 1, Axway’s Cedric Monier, a VP for the API Product Line, presented a gripping seminar on “Lessons Learned and How to Succeed” on three waves of topics: SOA, API Management and Microservice Management.
In wave one, we summarized the pros and the cons for SOA. Today we learn about API Management lessons.
What is API Management?
According to Wikipedia, API Management is “the process of creating and publishing web APIs, enforcing their usage policies, controlling access, nurturing the subscriber community, collecting and analyzing usage statistics, and reporting on performance.”
Per Cedric’s presentation, “what we are trying to do is enable digital initiatives.” By exposing services to transform the consumer experience, you “make your services available to consume on any device.” This is applicable to tablets, phones, bots, etc., and allows for a better customer experience.
Keep in mind that it’s also about exposing your APIs to microservices so you can address the markets. This allows you to differentiate between the user experience for a better experience.
Two sides of the API Management coin
With this concept comes two sides of the coin. On one side, you will have an explosion of APIs that need to be managed, secured and monitored.
By having API Management, you have a consumer registry, as well as having security and threat protection at your fingertips.
Nowadays, there are loads of threats that come from around the world. Thanks to API Management, you’re able to protect your APIs.
Further, with API Management, you can provide a higher value and level of complexity. Also, with a layer of analytics, you can get alerts if you reach your SLA. This also allows you to better understand your consumer and their behavior.
Key API Management lessons
Years ago, APIs were not everywhere. Organizations had a small API team around to manage APIs. Teams were well trained to handle small amounts at the time. Yet, with time, the needs of building APIs has exploded beyond what people anticipated. So, you need to address all the people who develop the APIs.
What you need is an “API Management Self-Service team.” At this level, they pick and choose all the capabilities that they need to manage your APIs. In today’s world, you are at a higher level for API Management. This allows them to run the service as quickly as possible.
What does API Management self-service mean?
According to Cedric, “there are two sides of the coin. The first side is the consumer side. Provide self-service for the consumer.”
This is at the very heart of the API Management solution. Further, you need a portal/API discovery. You also can have a rich API doc, usage plans for billing, partner management, delegated admission, as well as having snippets and SDK Generator.
This sums up the consumer side if you want to scale and have a great experience for the developers.
At the heart of what a developer does, they should not worry about security. They should have a simple way to register their APIs in a catalog. Once they are registered, they automatically apply security policies to authorize the app, the user, etc. This needs to be done automatically so there are no errors.
With this concept, you will need Dynamic Security policy enforcement to be able to authenticate the user. This works differently for those working internally vs. externally. It’s about being able to expose your APIs all over and rely on security.
DevOps friendliness: It’s super easy to make the developer be able to have a test environment and to develop the API. This is essential to make it work easily.
Also, keep in mind that “Delegated Administration” allows you to have full-on control, so you can manage who sees your APIs, so you don’t have to rely on a central team.
Further, “Delegated Monitoring” allows you to monitor the API for the developer who deploys the APIs. All these elements are key to have a scaled API platform.
If you want to be successful with API Management, it needs to run smoothly so you can deploy APIs into production. This helps things run seamlessly you don’t have to call a central team to solve the problem.
Listen to the entire presentation here.