APIs represent the leading edge of a new business model, providing innovative ways for companies to expand brand value and routes to market, and create new value chains for intellectual property.

In the past, SOA strategies mostly targeted internal users. Today, APIs target not just internal developers, but also external partners and public users. The term “Open API” is often used to express the release of APIs to the public. So, API management requires developer portals, key management, and metering and billing facilities that SOA management never provided.

figure_1

The usage of APIs in many ways offers several opportunities for enterprises such as increased revenue, reduced costs and improved efficiency. API Management will become important in many areas, whether that be business-to-business (B2B), or business-to-customer (B2C) communication. Big Data, Cloud and Internet of Things increase the need for API Management to become even more of a fixture in the future.

A New Front for SOA – Open API and API Management” explains the term “Open API” in more detail and gives a technical overview about the components of an API Management solution: Gateway, Portal and Analytics.

Use Cases for Open API and API Management

The following shows several real world uses cases, which leverage the use of Open API to hugely increase revenue:

  • Paypal (eCommerce consumer): Pay everything with the same online payment service in a secure, simple way.
  • Amazon Web Services (IT infrastructure): Use Amazon‘s gigantic data centre in a flexible, elastic, but also very cheap way for your changing computation demands.
  • Domino’s Pizza (mobile enablement): Order your next pizza from your smartphone app (includes choosing menu, using coupons, making a payment, etc.).

These use cases make internal interfaces public as “Open API” to be used by consumers. Besides the aforementioned, many other “enterprise scenarios” exist where API Management makes a lot of sense, for example:

  • Partner Gateway: Access control for well known external parties.
  • Mobile App Gateway: Access control for apps deployed externally.
  • Cloud Integration Gateway: Governance and mediation control for SaaS.
  • Internal Gateway – Manage and monitor internal SOA.

Several different monetization models exist to leverage Open API:

  • Free” (e.g. Facebook Login used by other websites).
  • Developer Pays” (e.g. Amazon’s pay-as-you-go cloud infrastructure).
  • Developer Gets Paid” (e.g. Expedia gets a percentage of every journey mediated via their website).
  • Indirect” (e.g. Netflix’ management of its 800 end devices via internal APIs).

See John Musser’s great presentation for more details about API business models.

API Management Products: Apigee, Mashery, MuleSoft, WSO2, TIBCO, IBM, and Many More

No matter if your use case is Big Data, Cloud or Internet of Things. You need a good tool that helps you manage your APIs. Available products differ a lot in functionality and maturity. A more detailed evaluation is required to make the right decision for your use case. The following is just a short overview of different vendors, which offer API Management solutions.

  • Apigee offers a complete API Platform and is focused especially on API Management as of today. The solution is designed to meet the challenges of the new mobile, social, cloud marketplace head-on. Users can start with a (very limited) free version.
  • Mashery (acquired by Intel) is another solution for API Management. It was born out of the Web mashup movement of the 2000’s, hence its name. However, Intel Corporation acquired it in 2013. Mashery offers a very affordable and easy to use cloud solution to publish existing APIs. Thus, it is good for simple scenarios. Users can start with a (limited) free version.
  • Layer7 (acquired by CA Technologies) has deep roots in the market of runtime SOA gateways and offers features such as advanced routing and security enforcement. It has extended its product portfolio to API Management. The solution is very powerful, but therefore very good technical knowledge is required.
  • TIBCO provides a comprehensive operating platform called API Exchange, which lets you build and test APIs, define runtime policies, migrate APIs between environments, and monitor and report on API usage. TIBCO API Exchange leverages other TIBCO products to combine ESB, BPM, CEP, etc. with its API Management solution. TIBCO’s products focus on complex enterprise scenarios.
  • IBM is also focused on complex enterprise scenarios and has different powerful API Management solutions in its portfolio, for example IBM API Management, DataPower XML gateway, Cast Iron Live Web API Services, and others.

Several other vendors also offer API Management solutions. 3scale, Vordel (now acquired by Axway), Apiphany, (acquired by Microsoft, and SOA Software, specialise in API Management. The latter is “the most complete” of these “API Management vendors”, if you believe analysts such as Forrester. Additionally, MuleSoft and WSO2 are two open source Enterprise Service Bus vendors who also include API Management solutions in their portfolio.

Categorization of Products for API Management

The bad news first: This article is no detailed comparison of the available products. The reason is that API Management products change too quickly these days. However, that’s also good news, right? API Management products are getting more and more mature and powerful.

Nevertheless, you can categorize API Management products by different aspects and shorten your long list according to preference:

  • Some focus just on an API Gateway; some focus just on a Portal, many focus on a complete solution (see figure 2).
  • Some focus mostly on API Management (and integration); many offer a complete middleware stack.
  • Some are open source; most are proprietary.
  • Some are small and independent; most are built or acquired by big vendors.
  • Some focus on complex enterprise scenarios; others care about “simple cases” (i.e. cheaper and easier to use, but way less powerful).
  • Some over-promise (be sure to research enterprise features such as scalability as required).figure_2

Comparison and Selection of API Management Products

Besides the above, you should ask yourself some questions about technical details before comparing and selecting an API Management product:

  • What API features do you need? Gateway, Portal, Analytics?
  • How easy to install and use the product? Are the tools mature and powerful (more than just “hello world”)?
  • How many API-specific features are available out-of-the-box (for implementation, integration, testing, logging, deployment, subscription, billing, dashboards, etc.)? Extensibility (connectors, security, reports, etc.)?
  • Do you just want to build a directory for your existing service, or do you want a real infrastructure for building, governing, deploying, and managing your services?
  • Do you just want to use REST services, or do you also want / have to use other service protocols such as SOAP or JMS?
  • Do you need a flexible configuration, routing options and user management using different security standards (e.g. LDAP, SAML, Kerberos, OAuth, WS-*, XACML, etc.)?
  • Do you need an elastic highly scalable architecture for millions of messages (based on event driven architecture instead of synchronous HTTP calls)?
  • What kind of caching and throttling capabilities do you need?
  • Do you need to extend the portal to your needs (regarding topics such as service management, developer portal, analytics)
  • Do you want to leverage other products of the same vendor (e.g. products for integration, mapping, transformation, routing, business processes, complex event processing, etc.)?
  • Do you want to deploy your API Management solution on premise or in the cloud? If in the cloud, is virtualization through VMs fine for you, or do you want a real, i.e. elastic, cloud solution? Is it required to configure your API engine for running in your DMZ on existing servers?

Evaluation is Key; Proof of Concept a Necessity

Plenty of API Management products are available on the market to leverage APIs and the opportunities they present for new business models. These products differ a lot regarding maturity and features, and bear in mind, as I stated earlier, some vendors unfortunately over-promise their offerings. The above categorizations and questions will hopefully help you to create a short list for moving towards a proof of concept with your selected vendors.

About the author

Kai Wähner works as Technical Lead at TIBCO. All opinions are his own and do not necessarily represent his employer. Kai’s main area of expertise lies within the fields of Application Integration, Big Data, SOA, BPM, Cloud Computing, Java EE and Enterprise Architecture Management. He is speaker at international IT conferences such as JavaOne, ApacheCon or OOP, writes articles for professional journals, and shares his experiences with new technologies on his blog (www.kai-waehner.de/blog). Email: kontakt@kai-waehner.de or Twitter: @KaiWaehner. Find more details and references (presentations, articles, blog posts) on his website: www.kai-waehner.de