A mediation layer sits between the APIs you are providing and those who are consuming them. The API mediation layer can deliver a better, more personalised experience for consumers by presenting easily consumable virtual endpoints that meet their needs securely and efficiently.
What is API mediation?
API mediation is the conversion of backend resources and microservices into virtual API endpoints that you can present to consumers. You can do this using a microservices API gateway, such as Tyk, which can provide a unified frontend while mediating between different consumers (such as services, apps and internet of things devices) and different API types.
Benefits of API mediation
API mediation can enable:
- A better integration experience for your consumers, making it easier for developers to interact with your API and setting the stage for higher adoption rates and happier customers.
- Faster time to market for your products, by enabling communication across disparate microservices and making your products easily consumable via virtual endpoints.
- Consistent security, with centralised authentication, authorisation and other security mechanisms.
- Easy scalability, as the architecture of mediation is capable of handling large volumes of API interactions through horizontal scaling and load balancing across multiple instances.
- High availability and optimised performance, without any single point of failure and with rate limiting and throttling mechanisms can manage traffic to prevent overload and deliver optimal performance (caching can also help with this).
Is API mediation the same as API orchestration?
There is some overlap between API orchestration and API mediation. An API gateway can facilitate both, leading to some confusion between API orchestration vs API mediation vs API gateway. In short:
- Orchestration is about using consolidated virtual endpoints to make multiple backend resources (or third-party resources) accessible.
- Mediation takes this idea and runs with it, providing more complex functionality between your API products and your consumers – all managed using an API gateway.
- The API gateway sits at the core of the API mediation architecture. It provides a unified entry point for all API requests, manages traffic, enforces security policies and handles the conversions necessary for seamless communication (amongst other things), for example, by transforming SOAP interfaces into RESTful or GraphQL APIs.
Components of API mediation
The API gateway is the key component in the API mediation layer architecture. API discovery services and catalogues also play an important role.
API gateways enable a wide range of API management architectural and deployment patterns with plenty of associated benefits – including the ability to mediate between API types, microservices and synchronous and asynchronous services, to enable event-driven integration patterns, to handle bulk data operations and more. Multiple gateway instances can ensure high availability. To integrate new APIs easily, look for an API gateway that makes it simple to define API contracts, configure security policies and establish routing rules.
Another important mediation layer component is the discovery service, which acts as a centralised repository of all APIs/services that are up and running, their endpoints, capabilities, documentation and so on. It enables developers to explore the APIs that are available and access information and metadata about them.
The API catalogue enables developers to explore APIs in depth to understand their purpose, access usage guidelines, run tests, understand dependencies and more.
Where do caching and metrics services fit in to API mediation?
- Caching is a key feature of an API mediation layer, enhancing your APIs’ performance and scalability. Using a caching service as part of your mediation layer means you can store and serve frequently requested data, reducing the load on your backend systems while improving response times. Win-win.
- A metrics service provides information and analytics about your APIs’ usage and performance. From API traffic to latency, error rates and other key metrics, it enables you to monitor the health of your APIs and identify any bottlenecks or other issues at an early stage.
Security considerations for API mediation
Security is a critical aspect of API mediation. You can use your API gateway to:
- Implement authentication mechanisms (such as API keys, oAuth or JSON Web Tokens)
- Verify consumers’ identity
- Prevent unauthorised access
- Introduce authorisation mechanisms for role-based access control through fine-grained access policies
- Protect data, employing encryption techniques (TLS, SSL and so on) to keep data secure in transit and at rest
- Implement security measures such as input validation, output encoding and API payload inspection to protect against malicious attacks, complemented by robust logging and monitoring
API mediation can deliver multiple business benefits by converting your backend services into easily consumable virtual endpoints. If you’re ready to implement an API mediation layer, why not read more on API gateways and their uses?
