Over the past couple of years, we have witnessed the uprising of API Management. Many reference authorities were stating that API Management would become very important in an enterprise IT landscape and well… they were right! More and more organizations are getting aboard the API Management train, introducing API Management Platforms for a variety of reasons. These API Management Platforms provide a wide range of capabilities such as Management, Mediation, Measurement, Security and so much more.
We must admit, the supported capabilities all looked very promising! But we were wondering:
- Are the API Management Platforms stepping up to the plate, providing the promised capabilities with high quality?
- Which of these API Management capabilities are actually used by organizations?
- Is there a difference between the organization’s initial intentions and how they are actually used?
In this blog, we will evaluate measurement, security and mediation, as they are positioned as KEY capabilities of API Management Platforms by vendors and are often requested by our customers.
Measurement (Logging & Monitoring)
A capability that is often requested, beside core management capabilities, is measurement in the form of logging and monitoring. Gaining insights into APIs is important for a variety of reasons and API Management Platforms enable these insights by providing measurement capabilities with high quality. They typically support both an internal solution and the possibility to connect to a centrally deployed system, such as an ELK-stack solution.
Organizations often like to gain insights into their APIs, it can provide better support to the end user and gain business value out of these operational insights. In reality, we see logging and monitoring mostly used for support and debugging purposes only. This can be achieved by simply enabling the measurement capability of the API Gateway. It’s a very useful tool, mainly for the technical teams who are occupied with the APIs. However, simply looking at all the APIs separately does not suffice to achieve their goal to gain business value out of these operational insights, as it requires a broader strategy.
Security (Authentication & Authorization)
The second capability we want to highlight is Security in the form of Authentication & Authorization. It’s important to keep focus on API security to prevent business/reputation loss, competitor’s gains and so much more. The API Management Platform vendors recognized this, which motivated them to support the latest industry standards for API security like OAuth 2 for example. The variety of industry standards they support makes the API Management Platform well-suited to secure APIs from a central position in IT-landscapes.
However, for an organization, security was often not the main concern nor driver for the introduction of an API Management Platform. It gained importance over the years, as APIs establish an important channel to enterprise’s systems, data, and services. We see an evolution where organizations are starting to make use of the security capability of an API Management Platform. This makes their API implementations less complex. There’s no need to implement complex authentication and authorization logic on the API itself, because the API Gateway supports this out-of-the-box. This does not mean that security logic must not be foreseen on implementation level!
You can learn more about the security aspect of API Management Platforms in one of our previous blogs.
Mediation (Transformation & Orchestration)
The last API Management key capability we want to evaluate is mediation in the form of transformation and orchestration. Looking into the initial selling point of some API Management Platform vendors, we sometimes saw the API Management Platform being positioned as a possible replacement of ESB platforms. It’s more lightweight and often cheaper as well. Their general idea was that the gateway could completely replace the ESB, but in reality we see the API Management Platform only having basic transformation and orchestration.
In reality, organizations typically don’t position the API Management Platform for this capability. For more complex transformation and orchestration capabilities, they are relying on an ESB or other implementation layer as the preferred option. Over time, some of them are allowing basic mediation on the API Management Platform. However, the most common setup is an API management Platform alongside an ESB to achieve this capability to the fullest.
You can learn more about the mediation aspect of API Management Platforms in one of our previous blogs.
Morbi sed imperdiet in ipsum, adipiscing elit dui lectus. Tellus id scelerisque est ultricies ultricies. Duis est sit sed leo nisl, blandit elit sagittis. Quisque tristique consequat quam sed. Nisl at scelerisque amet nulla purus habitasse.
Nunc sed faucibus bibendum feugiat sed interdum. Ipsum egestas condimentum mi massa. In tincidunt pharetra consectetur sed duis facilisis metus. Etiam egestas in nec sed et. Quis lobortis at sit dictum eget nibh tortor commodo cursus.
Odio felis sagittis, morbi feugiat tortor vitae feugiat fusce aliquet. Nam elementum urna nisi aliquet erat dolor enim. Ornare id morbi eget ipsum. Aliquam senectus neque ut id eget consectetur dictum. Donec posuere pharetra odio consequat scelerisque et, nunc tortor.
Nulla adipiscing erat a erat. Condimentum lorem posuere gravida enim posuere cursus diam.
Some more integration blogs for you
Event Driven Architecture: Event Types
“In my previous blog, I delved deeper into the meaning of Event-Driven Architecture. This blog marks the second part of a series dedicated to exploring Event-Driven Architecture. It is important to note that the viewpoints expressed in these blogs are my own and are subject to ongoing discussions within our community”. Our Integration Architect Joost sets the scene!
ALWAYS LOOKING FORWARD TO CONNECTING WITH YOU!
We’ll be happy to get to know you.