The last few years have seen a dramatic increase in Application Programming Interface (API) development, especially within corporate IT circles. This has been a welcomed success. In fact, taking an API approach provides the ability to keep the code base focused on the need(s) being serviced - not having to worry about aspects, such as a user interface. Additionally, the use of routes (which are the ways in which API end-points are accessed) gives other systems an easier way to communicate. Since APIs have standardized using protocols like REST and SOAP, they are cross-platform as well.
The biggest challenge with APIs is the management of the APIs themselves. This becomes more complicated when the decision is made to share API end-points outside your private network. There are three key challenges that fall onto the radar of API management: security, scalability and support.
The idea of exposing your API end-points publically should not only raise the attention of your security team, but everyone from the development team, to the business owner, to the executive-level staff guiding the initiative. You are basically providing an open path to your business and data. Imagine the consequences that would happen if you were to expose something like your customer list without the proper security in place:
The advantage your competitor's would have with this information
The advantage hacker's might obtain with information that could be sensitive
The risk to your business once the public becomes aware of this exposure
Regardless of the expected demand, management of your API has to account for being able to handle the demand for your end-points. In a private network, there is far more control in knowing who and when your end-points are being requested. When your API is exposed to the public, there is less insight into this information. So, your API management solution needs to have the ability to cache and throttle requests as needed.
In order to manage your APIs, common support tasks should be kept in mind as well. Since the API will continue to evolve over time, there needs to be an easy way to register new end-points. Giving developers an easy way to provide documentation is also important so that users have a clear understanding for each end-point. There should also be a reporting mechanism to give insight into errors and statistics regarding API usage.
API Management Solutions
There are a number of products that provide the security, scalability and support for API management. In fact, in 2013 Gartner created the Application Services Governance Magic Quadrant for this very reason. While API Management solutions exist from 3Scale, Apigee, Axway, CA Technologies, and MuleSoft, the Mashery solution (formerly an Intel product and now a TIBCO product) has been the clear market leader.
Prior to the Intel acquisition in 2013, Mashery was at the forefront of API management. After becoming an Intel product, Mashery's cloud-centric solution has expanded considerably. What further helped was the fact that Intel was able to retain a majority of Mashery's original team. Part of the TIBCO product line since September 2015, API Exchange customers (TIBCO's competitor to Mashery) should benefit from Mashery's success. Additionally, TIBCO plans to make the Mashery product part of their integration portfolio.
"By strengthening TIBCO's leading integration technologies with Mashery's leading API management, we enable customers to build, scale, and monetize a new class of applications. Our advanced software solutions help companies rapidly transform into digital businesses that are omni-channel, hyper-connected, and real time. We're excited to have Mashery as part of TIBCO and welcome its customers to the TIBCO family."
- TIBCO CEO Murray Rode
While Mashery is currently the market leader, solutions from Apigee, Axway, CA Technologies and MuleSoft are not too far behind. In fact, all are listed in the Leaders quadrant of the (April) 2015 Magic Quadrant for Application Services Governance. So, if your Proof of Concept (POC) for API Management includes one of these products, you will likely be pleased with the results you receive. The key is to make sure the security, scalability and support needs are always a priority.
Have a really great day!