Application programming interfaces — you know them as APIs — are the glue that holds together the profound digital experiences many of us take for granted every day. Like digital translators, they connect the code between disparate applications to give us everything from street directions on a dash display to the chime of a smartwatch alert telling us our prescription is ready.
APIs are also the building blocks of today’s lightning-paced digital
businesses. Real-time partner collaboration on our laptops and tablets,
on-time financial payments, and just-in-time delivery of critical parts
would be challenging, if not impossible, without APIs.
But how does everything in API-land come together? What boundaries
and security protocols keep APIs protected, compliant, and under control?
Where are APIs designed, built, tested, managed, and analyzed? If you said
an API management platform, you’re right.
Why an API management platform?
Given the exploding number of APIs circulating far and wide, it can be
difficult for companies to manage API complexity at scale, pinpoint exactly
where an API is, identify who’s using it (if it’s being used at all), or keep it
secure and within governance policies. What’s needed is a cohesive set
of tools that allow IT departments to create, find, manage, secure, and
track the usage of APIs throughout every aspect of an organization’s digital
ecosystem — infrastructure, devices, apps, partners, customers, regulatory
agencies, and others. These tools generally make up the components of an
API management platform:
An API gateway manages all traffic to and from an API. Historically, securing
the API by only allowing authorized access was the most important function
of a gateway. But they also add convenience functions such as switching
between various data formats, so that an API limited to one format is
available to support other formats, with the gateway transforming all traffic
between the formats.
Gateways follow an inside-out mindset: An API exposed to consumers
should also be secured. This means that a gateway is put in front of the
API to provide the required functionality and security.
One of the main values of APIs is to serve as interfaces between teams.
But to do that, teams must be able to find existing APIs for consumption,
and gateways thus were extended to provide User Interfaces (UIs) that
allow API consumers to browse and navigate APIs.
Portals help to make APIs easier to find and consume. They’re created and
architected on top of the gateway, which is fine if all APIs are managed with
a single gateway. But the growing size and complexity of API landscapes
mean instances where only one gateway is used is no longer a future-proof
API complexity makes it necessary to separate technical API management
factors from the more business-oriented aspects of APIs. API catalogs are
independent of where an API is technically managed and therefore can readily
manage APIs that are provided for example through different gateways.
This open approach means that, with the right architecture, APIs can still
be published and found in a timely manner, as long as the API catalog
automatically populated. But a catalog populated with just an organization’s
own APIs is still missing a critical piece — namely, the ability to see and
manage APIs that are not provided by an organization but are consumed
by it. This is where an API marketplace comes in.
API marketplaces are commonly thought of as public marketplaces that
make public APIs easier to find and use. But the paradigm has shifted to
a more enterprise-oriented perspective, where the marketplace provides
a unified view of all APIs that are relevant to an organization.
The marketplace extends the catalog idea by also allowing APIs to be added
that are not managed by an organization. Just as catalogs extend the scope
beyond just a single gateway, marketplaces further extend that scope to
contain all APIs that matter for an organization.
With a single API management platform — especially one characterized
as an “open” platform — application developers, IT leaders, and business
stakeholders gain visibility into, and control over, all APIs across multiple
API gateways, vendor solutions, cloud environments, and integration
patterns such as B2B/EDI and MFT.
Download the white paper to learn more about what an API management platform does.