API Management Platforms – What you should know

By Bharath Kumar
July 20, 2021
5 min read
In recent years, every digital transformation has been API-led. In today’s enterprise world, be it for internal or external apps, API traffic goes through the enterprise’s API platform. A full lifecycle API management layer is both mission and business critical, thus, having a full lifecycle API platform is a necessity.

This is the first part of a blog series that is aimed to help the technology leaders, who have taken the first step towards an API-led model and are looking for answers on “what to look for when investing in an API management platform?”.

Let’s start with the basic understanding of what an API management platform does well:

Easy development: Enterprises can focus on building meaningful products and APIs that add to the top-line. Developers can focus on developing innovative outcomes and not spend a lot of time on gateway operations. For instance, keeping the API ecosystem bug free, fixing constant errors and spending less time managing issues like OAuth, traffic, user access control, token authorization or scaling within their application can get complex for any digital business.

Increased security: Gartner predicts that “by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications. Most API platforms are usually stacked with all the security layers and policy based security configurations, which prevents malicious attacks by acting as an additional layer of protection from attack vectors like SQL injection and DDoS attack.

Powerful insights: API gateways come out of the box with monitoring and analytics tools that help API developers, app teams, DevOps teams and business owners collect, analyze and visualize mission critical information. Some of the powerful insights like monitoring API performance, latency, API retention, response time, etc. will help make informed technical and business decisions.



The list of benefits keeps increasing as the API platforms keep evolving with technology. But it is not always rosy for the enterprises as there are some challenging battles that come with API platforms. While these are not absolute challenges everyone would face, these definitely can act as impeding factors in achieving business goals faster.

Here are some ground level factors that need focus:

Complex setup: Most API Platform on-premises versions come with a set of complexities in setting up, managing infrastructure, maintenance and gateway version upgrades. Choosing the right balance of running on-prem and SaaS offerings of API platform providers is crucial decisions for all the enterprise tech leaders of running and moving majority APIs and microservices workloads. Also, the APIs and applications will need to be configured to interact via an API gateway, requiring orchestration and management. This will add a layer of complexity for developers and hence prevent them from building further on the product and integrate with other systems, essential for better growth and efficiency.

Scaling issues: Increase in number of APIs and API traffic, calls for scaling the API platform architecture. When an API gateway isn’t designed for high availability and scalability, it will eventually degrade performance, and can become a single point of failure.

Before considering any API platforms, here are some of the key elements to evaluate in advance:
  • Easy on-boarding of APIs
  • Ease of migration scripts of APIs from one API platform to another
  • Configuring API security (OAuth, SSL)
  • Rate limiting
  • REST to SOAP, SOAP to REST transformation
  • Message transformation
  • Error handling and validation, etc.

  • Keeping it Light: Enterprise should aim to keep API management layer light with API security, message encryption policies (OAuth, SSL JWS, JWE), configuration, etc. They should also try and keep it code-free or limit to smaller/micro scripts (JavaScript, Python). With this, enterprises can have a well-organized multi-gateway setup and avoid vendor lock-in.

    Unified Insights: API platforms collect insights about API runtime and provide API analytics dashboards and views. Having a consolidated view of enterprise-wide API analytics on a single dashboard will become critical. Especially when enterprises are looking to leverage multi-API gateway connectivity, APIs deployed on various platforms, etc. This is one of the key ideas on our product roadmap for One API product line-up — “A unified API Analytics for any platform across cloud/on-prem”.

    Single Control Plane: Google-Anthos follows this idea and has a unified Google-Managed control plane for running Kubernetes workloads on any cloud or on-premises. A single control plane should oversee all API gateway policies, which is a key idea and will be a staple in all future products in DigitalAPICraft’s One API product portfolio.

    Here’s what we have learned over the years:

    Within our first few years, we have installed over 25+ Apigee instances on-premises, with the majority of them in APAC. Because of the strict regulations, it remains one of the markets that consume a lot of on-premise software licenses, especially API platforms. We have seen enterprises with their own DevOps and operations teams take over infrastructure once it is set up. Several large telecommunications companies in the US and EU have built high-performance teams for managing on-prem API platform deployments. Additionally, we’ve seen enterprises running large scale mission-critical APIs and have created extremely complex API runtimes. This has led to some of them running on older release versions of API gateways for years which could become bottleneck or a security overhead if the timely upgrade of API platforms is not done.

    Telecos, retail, and media companies were the early adopters of APIs and have continued to live in complex API platforms. Banks are embarking on AP-led transformations and are set to face scaling challenges in the near future too. Most enterprises in the above mentioned domains will most likely be struggling to manage multiple vendor’s API platform deployments on both combinations of on-premise and SaaS . Having a common management control plane across API platforms and leveraging a SaaS model/engagement is the best way for them to focus on business and overcome most API Platform challenges and complexities.

    With our One API product line up, we are focused on helping enterprises build an effective API Ecosystem and realise the ROIs on their API program investments. Available on SaaS, on-prem or hybrid models, our products can help convert your digital challenges to competitive advantages.

    For more information check our products out!

    ABOUT THE AUTHOR

    Bharath Kumar
    Founder & CEO - DigitalApiCraft
    Bharath is a Product Evangelist with strong technology and business experience at leading cloud computing companies, including Apigee. At Apigee, he was part of Customer Success, Pre-sales, Engineering and Product Support. Played a key role in early API Platform consulting days. Led many successful API Programs for Fortune 100 customers, on Apigee.

    Subscribe to Our Newsletter

    Stay updated on the latest in the API space

     

    Loading

    Related Article