APIs are everywhere and virtually everyone today is using APIs, whether that is for internal or external engagements. The creation and deployment of APIs is easier than ever before. This leads to new challenges and questions. What APIs do I have? Who is the owner of this API and manages the access? Who is using them? What is my security posture and risk? What am I getting in return for my API investments?
Here’s an overview of the Amplify Platform roadmap and how it helps you answer these questions and more in a shifting API ecosystem.
Success with APIs has created new problems
We call it the “multiples problem.”
- Internal APIs are quickly moving to external consumption
- APIs are being built in multiple development centers throughout the enterprise – various divisions, different business units, multiple initiative teams…
- Each organization or business unit has their own favorite products and tools, whether for the gateway, development, or adoption and engagement with users.
- Adoption of newer API styles beyond just REST or SOAP continues with AsyncAPI, gRPC, GraphQL, microservices, and more.
Add to that the exponential growth of APIs, with 26% of companies seeing more than 100% growth in number of APIs according to Salt Security’s State of API Security Report, and you can see why today’s enterprises face challenges in securing and governing their APIs, much less productizing or monetizing them.
Another struggle is that everyone has a cloud strategy, but most companies don't have a single cloud strategy. They may have something on Azure, some things are running on AWS and others may still be running on your own premises. These applications, even though they're not in the same place, need to somehow be integrated, but this also means new challenges around cost, compliance, and security.
Solving the API “multiples” challenge with Amplify Platform
Our Amplify roadmap is based on the needs we see in the market. For all the reasons cited above, we are choosing to continue investing primarily in the following six areas:
API provider experience. We want to make it as easy as possible for a developer to get an API out there by reducing friction. This translates into discovery, curation, and lifecycle management for assets distributed across heterogeneous platforms.
API consumer experience. We need to make it as easy as possible to consume an API. We envision this as an internal/external marketplace of business capabilities exposed as API products/plans.
Analytics and insights. We want to give you the necessary insights to make smarter and better decisions. This means business/consumer insights dashboards with metrics, usage reporting, and traceability, and well as operational insights leveraging industry-standard tooling.
You can see this in action in this excerpt from a demo of Amplify Enterprise Marketplace, where Arun Dorairajan, Senior Solution Architect at Axway, gives us a glimpse of the Business Insights component of the API marketplace.
Policy and security. Our focus is unrelenting on security, with policy definition and enforcement in API Gateway and Amplify Integration, certified for mission-critical security.
Connectivity and integration. Connect, broker, integrate and orchestrate assets to add business value in Amplify Integration. Learn more about Amplify Integration here.
Deployment and operations. Simply put, we want to install and run where you are. That means infrastructure deployment, automation, and operations must go across multiple form factors and platforms.
These six missions are realized in our Amplify portfolio overview, which includes three main elements: our API Gateway/API Management solution (mainly focused on API security), Amplify Enterprise Marketplace (focused on consumer engagement, productization and consumption of APIs), and Amplify Integration, our iPaaS capability for connectivity and integration.
This evolution of our portfolio is best described as a streamlining: some of the capabilities that were previously isolated capabilities (such as our Streams offering, which was focused on asynchronous API patterns, or Application Integration, which was an OEM-type offering) have all been bundled into a new offering called Amplify Integration, which is a full-fledged iPaaS offering.
In 2024 and forward, we are realizing a single control plane experience for both the API Management/Gateway and Amplify Integration products. This will allow users to configure and define everything in a very holistic way.
Here’s a closer look at how these areas of focus translate to ongoing enhancement to each of the products in our Amplify portfolio.
Enhancing CX with Amplify Enterprise Marketplace
You can find more detailed summaries of recent feature updates for Amplify Enterprise Marketplace in our documentation portal, but here’s a quick overview of how we’ve been building on top of our innovation:
- Social Login Support (Google / GitHub / Gitlab)
- Product Ratings & Reviews
- Improved Try-it-now (with OAuth2 support)
- Consumer Engagement Dashboard
- Resource Stage and State Management
- Multilevel Categories
- Full-text Search / Search Operators
- Time-restricted subscriptions (non-recurring)
Agents have also seen significant expansion to help us enable truly universal (or federated) API management, with the recent addition / update of the following:
- Embedded Azure Agent
- Kafka Agent
- Kong Agents
- GitHub and Gitlab Agent
- SwaggerHub Agent
- Graylog Agent (more on this below)
Looking forward to 2024 and beyond, the Amplify Enterprise Marketplace roadmap keeps a strong focus on performance through the following enhancements:
Expanded reach – Unmanaged APIs, extended environment support, API lifecycle management
Time to Value – Mocking Capabilities, Additional Embedded Agents
Compliance – Internationalization
Community Features – Third-party community tooling integration
Productivity – AI-support, Refactored Subscription Experience
What all of this comes down to is that we are trying to make this as easy as possible for your developers, API platform team members and Product Managers. Get the API sprawl under control, drive standardization and compliance, and facilitate consumption and adoption. We want to cut out all the individual steps that lead to fragmentation in your organization, while allowing a user to use his or her favorite tools and products. The aim is to get the produced APIs as early in the hands of the consumer in the most convenient way possible, while delivering the best possible end-user experience, throughout the lifecycle of the API.
I’d like to highlight two main areas of focus with these enhancements.
Capture all your unmanaged APIs with Amplify + Graylog
Capturing unmanaged APIs with Amplify especially takes center stage as the next step in securing your API adoption journey.
A major concern for many organizations is the APIs they DON’T know about. The APIs that might be directly exposed by an application or even used externally that aren’t showing up on a radar in your gateway or in any kind of managed environment.
To capture any APIs that may be running loose inside or outside of your organization, we’ve partnered with Graylog, an excellent API security tool that scans your network traffic, allowing you to get insights into all your API calls.
Graylog combines, enriches, correlates, queries, and visualizes all your API log data in one place, and captures real-time traffic to search, visualize, alert and report on operational and security problems.
Combined with Amplify’s single repository of all API assets and automatic discovery of APIs, you can:
- Map your runtime traffic against your managed API infrastructure and identify outliers (unmanaged APIs)
- Prioritize APIs for remediation (based on traffic and risk assessment)
- Continuously monitor, identify and repeat
We look forward to sharing more about how this partnership makes it possible to uncover all unmanaged APIs. In the meantime, you can dive deeper with the following blog: From Zombies to Legacy or Shadow APIs, it’s time to remediate your lost APIs.
Leveraging artificial intelligence in API marketplaces
Again, we are truly laser focused on making developers – the producers, the ones that create the APIs and API products – more proficient and more efficient, while lowering the friction to use an API.
To this end, we are exploring the following ways of leveraging AI within Amplify Marketplace:
- Search enhancements
- API product documentation generation
- API product recommendations
- Security guidance
- Monetization recommendations
For more reading on this, Vincent Belfoure has been exploring some of the ways to leverage AI and otherwise extend Amplify Marketplace capabilities in a blog series, notably diving into possibilities for API product documentation and curating API assets.
What’s next for the evolution of API V7
When it comes to how our Amplify API Management/Gateway solution is evolving, our goal is for all Amplify data planes to be managed through a single control plane. What does this mean for existing V7 customers?
We remain committed to continued compliance and security, but in parallel there is a strong drive towards modernization and integration, to secure our customers’ investment in Axway and to make sure they cannot only address today’s requirements, but that their solution is ready for tomorrow’s asks as well. We are uplifting the control plane experience, and drive data plane optimizations to make the V7 solution as efficient as possible to deploy and run. From within this unified control plane, our customers will be able to leverage new, cloud-native gateway and integration capabilities, allowing them to not only to continue to rely on everything the V7 data plane provides, but also leverage additional API patterns support and advanced integration capabilities.
This V7 evolution will be in 4 milestones
- Integration of API Management into the Amplify Unified Control Plane for a more modern API management experience.
- Deployment simplification / footprint reduction, creating a more lightweight data plane
- Complex flow support for V7 in Amplify Unified Control Plane.
- Migration of existing flows into Amplify Unified Control Plane.
Coming to Amplify Integration in 2024
If you’re not familiar with Amplify Integration, it is a full-fledged, hybrid, iPaaS integration solution that simplifies the integration of applications, data, events, and resources with a low-code/no-code approach.
Read the solution brief for more details here, or take a look at the platform overview diagram below.
We offer Amplify Integration as public SaaS, private SaaS and self-managed. Beyond its existing core capabilities that are ready to integrate applications and different patterns, here are few areas of focus for further investment and development:
Easier deployment. We are simplifying the charts and making optimizations to allow for zero-downtime deployments, expand our platform support, and advance the ways you can share flows/configuration.
Greater Amplify Ecosystem Integration with Axway ID, CLI, and Marketplace.
Enhanced connectivity. Beyond the vast list of existing connectors, we will be adding additional connectors as required for various projects (Connector Studio: Custom Connectors).
Additional patterns. We discussed how we plan to integrate the V7 experience from a Control Plane perspective, but in addition to that the cloud-native gateway we are incorporating will enable “APIfication” by creating an API interface with all the orchestration and mapping capabilities behind every method reaching into the backend, as well as layering on API management capabilities.
The end result is a single control plane with the 3 data planes integrated underneath, offering a single experience for both your traditional existing patterns as well as some of the newer API styles including GraphQL, gRPC, and AsyncAPIs.
We hope you are as excited as we are for all that is coming to Amplify Platform in 2024 and beyond. At the end of the day, it all comes down to an intense focus on providing a complete, holistic API consumer and provider experience.
Amplify helps you make sure all your APIs are secured, governed, productized, and ultimately monetized from a single pane of glass, so you can be sure you’re getting the most out of what your teams have worked so hard to create in both Axway and non-Axway environments.
About the Author
More Content by Bas van den Berg
