In legal settings, mediation is a structured process that aids communication between parties who disagree, facilitated by a neutral mediator. In API mediation, a mediation layer sits between the APIs you are providing and those who are consuming them. The API mediation layer can deliver a better, more personalised experience for consumers by presenting easily consumable virtual endpoints that meet their needs securely and efficiently.
Introduction to API mediation
It’s worth starting with a quick API mediation definition to establish what mediation does and doesn’t do. API mediation is the conversion of backend resources and microservices into virtual API endpoints that you can present to consumers. You can do this using an API gateway for microservices, such as Tyk, which can provide a unified frontend while mediating between different consumers (such as services, apps and internet of things devices) and different API types.
There is some overlap between API orchestration and API mediation. Indeed, an API gateway can facilitate both of these, leading to some confusion between API orchestration vs API mediation vs API gateway. In short, orchestration is about using consolidated virtual endpoints to make multiple backend resources (or third-party resources) accessible. Mediation takes this idea and runs with it, providing more complex functionality between your API products and your consumers – all managed using an API gateway.
Benefits of API mediation
We’ll dive into more details about API mediation in a moment. First, let’s look at why you might want a mediation layer. At a headline level, API mediation can enable the following:
- A better integration experience for your consumers
- Faster time to market for your products
- Easy scalability
- Consistent security
- High availability and optimal performance
The API mediation layer means that your APIs can deliver a range of integration experiences to meet the needs of differing consumers. This makes it easier for developers to interact with your API, setting the stage for higher adoption rates and happier customers.
By enabling communication across disparate microservices, irrespective of your chosen access pattern, the mediation layer can also help you get your products to market faster, making them easily consumable via virtual endpoints.
With the API mediation layer acting as a gatekeeper between your frontend and backend, you can also use it to enforce consistent security policies, centralising your authentication, authorisation and other security mechanisms.
An API mediation layer is also inherently scalable, as the architecture of mediation is capable of handling large volumes of API interactions through horizontal scaling and load balancing across multiple instances. This supports high availability as it prevents any single point of failure, while rate limiting and throttling mechanisms can manage traffic to prevent overload and deliver optimal performance (caching can also help with this).
Architecture of API mediation
The API gateway sits at the core of the API mediation architecture. It provides a unified entry point for all API requests, manages traffic, enforces security policies and handles the conversions necessary for seamless communication (amongst other things), for example, by transforming SOAP interfaces into RESTful or GraphQL APIs.
Various components enable the gateway to do this in a way that facilitates seamless interactions. Let’s take a quick look at these.
Components of API mediation
The API gateway is the key component in the API mediation layer architecture. API discovery services and catalogues also play an important role.
API gateways enable a wide range of API management architectural and deployment patterns with plenty of associated benefits – including the ability to mediate between API types, microservices and synchronous and asynchronous services, to enable event-driven integration patterns, to handle bulk data operations and more. Multiple gateway instances can ensure high availability.
Implementing API mediation via an API gateway doesn’t have to be difficult. In fact, one of the many benefits of Tyk is how easy it is to use. With security right out of the box, a superb developer experience, clear, granular analytics and the intuitive Tyk Dashboard for managing everything, it’s the ideal tool for any organisation seeking to implement an API mediation layer.
Another important mediation layer component is the discovery service, which acts as a centralised repository of all APIs/services that are up and running, their endpoints, capabilities, documentation and so on. It enables developers to explore the APIs that are available and access information and metadata about them.
Another centralised repository, the API catalogue, enables developers to explore APIs in depth to understand their purpose, access usage guidelines, run tests, understand dependencies and more.
Onboarding APIs smoothly is a crucial part of a successful API mediation architecture. After all, if you can’t easily integrate new APIs into the system, it very quickly becomes redundant! As such, you’ll need an API gateway that makes it simple to define API contracts, configure security policies and establish routing rules. For any API gateway you’re considering, look at how streamlined the onboarding process is and, thus, how easily you can expose your services.
We mentioned caching briefly above. This is a key feature of an API mediation layer, as it can do much to enhance your APIs’ performance and scalability. Using a caching service as part of your mediation layer means you can store and serve frequently requested data. Doing so reduces the load on your backend systems while improving response times. Win-win.
A metrics service provides information and analytics about your APIs’ usage and performance. From API traffic to latency, error rates and other key metrics, it enables you to monitor the health of your APIs and identify any bottlenecks or other issues at an early stage.
You should be able to gather and analyse metrics via your API gateway. When using the Tyk API Gateway, for example, the Tyk Dashboard provides clear and granular analytics and an easy-to-use management interface. Access to this data puts you in a strong position to make data-driven business decisions that can optimise the performance of your APIs and enhance their overall user experience.
Security considerations for API mediation
Security is, of course, a critical aspect of API mediation. You can use your API gateway to implement authentication mechanisms (such as API keys, oAuth or JSON Web Tokens), to verify consumers’ identity and to prevent unauthorised access. Authorisation mechanisms, meanwhile, can introduce role-based access control through fine-grained access policies.
The API gateway can also protect data, employing encryption techniques (TLS, SSL and so on) to keep data secure in transit and at rest. Furthermore, security measures such as input validation, output encoding and API payload inspection at the gateway level can help protect against malicious attacks, complemented by robust logging and monitoring.
API mediation can deliver multiple business benefits by converting your backend services into easily consumable virtual endpoints. If you’re ready to implement an API mediation layer, why not have a chat with the Tyk team about the merits of our open source API gateway? It could be the start of a beautiful partnership!