Those who know what API Management platforms are and what they can do tend to always use them when developing APIs. It’s one of those tools that just becomes essential for developing, securing, publishing, and supporting your APIs. Now, if you’re reading this, then you probably do not know what API Management is or you have a very vague idea and want to know more. You’ve come to the right place!
Regardless of what you’ve been working on, if it involves an API then you are likely to already be familiar with some functions that API management can perform or augment. If I were to summarise in a single sentence what API Management is from my experience, it would be: a group of functions or features that help with the building, securing, monitoring, and supporting of APIs and the services which power them. An API Management platform is simply a system that has all of this functionality available in one place!
In the following article, we will cover a few of the key components of what API management does, why you would want to use it, and give a few examples of when using an API Management platform becomes extremely beneficial!
What does an API management platform do?
When we think about APIs we usually describe them based on the service they provide. For instance, if I have an API that retrieves details about a user and their account, then I may refer to this API as the “user details” API. What we often forget about is that behind the scenes of this API are many moving pieces that don’t necessarily play a direct role in “retrieving user and account details” but are still necessary in a modern API. What kind of moving pieces am I talking about? These moving pieces may include:
- Authentication and authorisation
- Making sure that the user accessing the API is who they say they are and that they are authorised to use the API
- Logging
- Keeping a detailed log of who accessed the API, what their request contained, and what the response looked like come from the API
- Transformations
- Sometimes data in a request or response needs to be transformed or manipulated in order to be processed by an upstream service
- Rate limiting and quotas
- Enforcing usage rules to ensure that users accessing the API are not exceeding their allowable limits in terms of how many times they invoke the API
- Developer access
- How will users be onboarded so they can actually use the API?
- Monitoring and alerts
- The ability to monitor API traffic and errors as your APIs are being consumed and alert administrators when a certain event occurs
- Reporting
- Creating reports to inspect API performance, usage, and much more.
An API Management platform allows you to solve and enforce all the concerns outlined above and much more. This can all be done within one spot without a need to actually configure and code all these requirements directly within your service code.
What is an API Management platform comprised of?
The primary hub of an API Management platform is an API Gateway. This component does all the heavy lifting and is where all the above functionality actually executes! Tyk’s API Management platform includes a gateway and also includes a few other components to help configure the gateway and manage your APIs more easily. These components include:
- Dashboard UI
- This is where you can configure your gateway to use the features mentioned above, like rate-limiting, transformations, etc. The Dashboard provides an easy-to-use interface that eliminates the need to write your own configuration files (even though you totally can do that if that’s what you prefer!).
- Developer portal
- Here you can expose your APIs where developers can subscribe to your APIs so that they can use them. The developer portal can assist with a bunch of developer self-service tasks, including allowing developers to register, to generate their own API access tokens, and much more.
Now, these are not the only three components that make up a solution but are definitely the most important. The platform itself may also use some other underlying technologies to support the features encompassed within the API Management platform which need to be considered as well. With Tyk this would include our Tyk Pump component as well. Here is a better breakdown of each individual component with Tyk’s solution.
Why use an API Management platform?
Why you would want to use an API Management platform is likely a question that comes to mind at this point. Hopefully, you look above and see many features that would be of use to you, your organisation, and your APIs. There are plenty of good reasons to adopt an API Management solution which may include:
The simplification of code and services
When using an APIM solution, you can build your services to do only what is needed and leave the management of those services outside of that codebase. No need to bake security, rate limiting, or transformations into the code. This means that the services become easier to manage because they are simpler and also means that the management of the API is easier to configure and is also very easily applied to new and existing APIs easily and uniformly. Developers working on services can now more rapidly build the functionality needed to power the organisation without having to configure all the details that don’t contribute to the core functionality of the components they are making. Those responsibilities can be offloaded to the API Management platform more easily and efficiently than doing it within each individual service. This obviously really shines when applied to microservice development, where numerous services need to be secured and maintained.
Easier implementation and maintenance of security concerns
Security is something that becomes more complex as more APIs are built. As more services are built, the security mechanisms that are used may vary depending on the developer, team, or area of the organisation. This puts added pressure on developers to try to stick within the bounds of current organisational standards, but also puts pressure on support and maintenance teams that then may have to have knowledge of all the individual implementations. By abstracting this security layer from the API service itself and moving it into the APIM layer these concerns become less and implementing robust and uniform security across the API portfolio is much easier, less costly, and less likely to lead to security breaches because of developer errors.
Better insight into API usage
Metrics, reporting, and monitoring are another area which can become increasingly complex as more APIs are built. Not having an accurate measure of this crucial data can affect things such as:
- Customer/user satisfaction because of latency affecting user experience
- Awareness of current system issues
- Insufficient support budgets due to not knowing the actual amount of traffic/errors APIs are experiencing
- Amongst many other side effects of poor metric collection and reporting
When trying to bring together logs, alerts, and metrics from many individual API resources, it can be very difficult to ensure that you have all the data that is needed and the right tools to interpret that data. Using an API Management platform to collect and manage this data is a surefire way to ensure that all the data you need is available, correct, and easy to find.
These are just a few examples, but there is a multitude of other reasons why using these technologies improves your API experience in every way possible.
How to get started!
If the above has made you realise the importance of using an API Management platform then your next step is to get started! With Tyk you can easily get going in minutes by using our Tyk Cloud or if you require a self-managed, on-premise solution you can deploy Tyk API gateway in minutes on your favourite cloud platform or even on your own private infrastructure! For more details on how to get started, visit us here!
