Over the past couple of years, we have witnessed the uprising of API Management. Many reference authorities were stating that API Management would become very important in an enterprise IT landscape and well… they were right! More and more organizations are getting aboard the API Management train, introducing API Management Platforms for a variety of reasons. These API Management Platforms provide a wide range of capabilities such as Management, Mediation, Measurement, Security and so much more.
We must admit, the supported capabilities all looked very promising! But we were wondering:
- Are the API Management Platforms stepping up to the plate, providing the promised capabilities with high quality?
- Which of these API Management capabilities are actually used by organizations?
- Is there a difference between the organization's initial intentions and how they are actually used?
In this blog, we will evaluate measurement, security and mediation, as they are positioned as KEY capabilities of API Management Platforms by vendors and are often requested by our customers.
Measurement (Logging & Monitoring)
A capability that is often requested, beside core management capabilities, is measurement in the form of logging and monitoring. Gaining insights into APIs is important for a variety of reasons and API Management Platforms enable these insights by providing measurement capabilities with high quality. They typically support both an internal solution and the possibility to connect to a centrally deployed system, such as an ELK-stack solution.
Organizations often like to gain insights into their APIs, it can provide better support to the end user and gain business value out of these operational insights. In reality, we see logging and monitoring mostly used for support and debugging purposes only. This can be achieved by simply enabling the measurement capability of the API Gateway. It’s a very useful tool, mainly for the technical teams who are occupied with the APIs. However, simply looking at all the APIs separately does not suffice to achieve their goal to gain business value out of these operational insights, as it requires a broader strategy.
Security (Authentication & Authorization)
The second capability we want to highlight is Security in the form of Authentication & Authorization. It's important to keep focus on API security to prevent business/reputation loss, competitor’s gains and so much more. The API Management Platform vendors recognized this, which motivated them to support the latest industry standards for API security like OAuth 2 for example. The variety of industry standards they support makes the API Management Platform well-suited to secure APIs from a central position in IT-landscapes.
However, for an organization, security was often not the main concern nor driver for the introduction of an API Management Platform. It gained importance over the years, as APIs establish an important channel to enterprise’s systems, data, and services. We see an evolution where organizations are starting to make use of the security capability of an API Management Platform. This makes their API implementations less complex. There’s no need to implement complex authentication and authorization logic on the API itself, because the API Gateway supports this out-of-the-box. This does not mean that security logic must not be foreseen on implementation level!
You can learn more about the security aspect of API Management Platforms in one of our previous blogs.
Mediation (Transformation & Orchestration)
The last API Management key capability we want to evaluate is mediation in the form of transformation and orchestration. Looking into the initial selling point of some API Management Platform vendors, we sometimes saw the API Management Platform being positioned as a possible replacement of ESB platforms. It’s more lightweight and often cheaper as well. Their general idea was that the gateway could completely replace the ESB, but in reality we see the API Management Platform only having basic transformation and orchestration.
In reality, organizations typically don’t position the API Management Platform for this capability. For more complex transformation and orchestration capabilities, they are relying on an ESB or other implementation layer as the preferred option. Over time, some of them are allowing basic mediation on the API Management Platform. However, the most common setup is an API management Platform alongside an ESB to achieve this capability to the fullest.
You can learn more about the mediation aspect of API Management Platforms in one of our previous blogs.
We walked you through a couple API Management key capabilities and evaluated the theory vs reality. We are happy to see that the API Management Platforms did step up to the plate and are providing most of the promised capabilities with high quality! The adoption rate within organizations can be considered high. However, we witness a difference between organizations their initial intentions vs the actual use and added value they achieve.
- Measurement: API Management Platforms are providing measurement capabilities with high quality. We see its mostly used for support and debugging purposes only, but not to achieve business value out of these operational insights.
- Security: Even though security was often not a main concern nor driver for the introduction of an API Management Platform, it gained importance throughout the years. API Management Platforms typically support the latest industry standards.
- Mediation: In reality we see that API Management Platforms only have basic transformation and orchestration capabilities. The most common setup is an API Management Platform alongside an ESB to achieve this capability to the fullest.
There is still a lot more potential value that these API Management capabilities can achieve for organizations. Wondering how?