Application programming interfaces, or APIs, as they are more commonly known, have changed the way data is exchanged — period. A lot of us may not even realize it, but we’re constantly using APIs on a daily basis. When you book a cab, order a meal, shop online, or even just check your account balance, what you’re actually doing is communication with the respective APIs for those services, directly from your phone. What we don’t see, however, is an entire support system behind each of those APIs that’s collectively referred to as API management.
API management used to be pretty reactionary before the arrival of microservices and cloud computing where you had a few choice business functionalities sitting behind a firewall. Additionally, these APIs were for internal use only so you didn’t have to worry about problems like load balancing, throttling, authentication, rate limiting, routing, and so on and so forth. Fast-forward to the present and organizations now depend on information being available to customers and partners outside their firewalls.
API platforms and API management
This is where API management comes in, which in its simplest form is an API gateway, a proxy server that sits in front of your API, managing requests, protecting from cyberthreats, routing traffic, load balancing, throttling, and performing overall governance and maintenance. That’s not all — API gateways also serve as a unified interface to link multiple applications together, as well as transform data from consumers to protocols that are internally supported, like SOAP to REST, JSON to XML, JSON to SOAP, etc.
Today, API management is about a lot more than just an API gateway. Most vendors offer management solutions in the form of an API platform. In addition to a gateway, these platforms cover a host of other features, including build and publishing tools, a developer portal or API store, provisions for reporting and analytics, as well as for monetization of commercially available APIs. Some popular API platforms we’re going to take a closer look at later are Apigee, Kong, and Tyk.
As we mentioned earlier, before the cloud-native era and the proliferation of microservices, API management was comparatively straightforward. A trend we’re seeing now, however, is one where modern API platforms are evolving in order to meet the requirements of microservice-based applications. Kong, for example, provides routing to multiple microservices out-of-the-box, Tyk.io features a microservice portal called Tyk Identity Broker that helps connect different identity management systems, and Google’s Apigee integrates with Istio to help secure and manage microservices.
API gateways also prevent direct contact between your clients and your microservices, which is known to cause a number of problems. Since microservices exist in ephemeral environments like Docker and Kubernetes, modern API platforms support real-time discovery to keep track of all developments. Other interesting features that have been added to API platforms in order to manage and monitor microservices include traffic management, resilience semantics, load balancing, and ADC (application delivery controller).
What’s harder than managing microservices? Managing the APIs for those microservices that are, well, spread across the planet. Modern API platforms need to deal with APIs that exist across distributed environments, span multiple clouds and on-premise facilities, and can often include APIs exposing legacy systems. Since APIs need to be as close as possible to their corresponding databases, this can cause a number of problems ranging from latency issues to complete outages.
What we’re seeing in response to this situation is the evolution of a new generation of API solutions (sometimes referred to as 3rd-generation API management), that are portable and lightweight enough to be deployed in containers, in the cloud, as well as on-premise. They’re also decoupled from any kind of hardware and are stateless, as well as self-sufficient. To this effect, Kong v2.0 has a new method of deployment called Hybrid Mode, while the Tyk Hybrid Gateway is called Multi-Cloud, and Google has a separate platform called Apigee Hybrid.
While Open Banking is a relatively new concept and was only launched in January 2018, it’s already been named one of the key drivers behind the API boom. Open Banking is a system under which banks make financial information (in the form of APIs) available to fintech developers who can then use that information to build custom third-party products. In the UK and the EU in particular, banks are required by law to have Open Banking APIs that share financial details of opted-in customers to develop better products and enhance the overall user experience.
While a lot of people quite possibly may not have heard about this trend yet, the chances that they’re already using it are pretty high. If you use Google Pay, Amazon Pay, WePay, AliPay, or any other digital wallet that’s connected to your bank account, it means your bank has made its APIs available to those third-party services, which is why they’re able to manage your payments for you. What this does is not only protect banks from digital disruption by fintech firms but also prevent competitive lockout for fintech startups and smaller banks.
Full lifecycle management
Historically, APIs didn’t route to your entire application and were generally considered standalone assets that could be corralled and monitored with a dashboard and a GUI. Not so much today, though typically decoupled and self-sufficient, modern APIs are intrinsically linked to the resources they’re developed on, as well as the applications they’re developed for. This added to the fact that APIs are proliferating at an unprecedented rate makes for an API landscape that can be quite complex and challenging to manage.
What this called for is some kind of standardization or list of best practices that ensure APIs are created in a way that makes them easy to manage at scale. Enter API Full Lifecycle Management, which as the name suggests, entails managing the entire lifespan of an API, right from the design phase to build, publishing, updates, retirement, and everything else in between. What this does is ensure standards and practices are implemented into APIs from the ground up, making the entire landscape a lot easier to manage.
Now since we’re basically “babysitting” APIs from start to finish, wouldn’t it make sense to automate as much of the process as possible? As luck would have it, API management fits well with modern CI/CD approaches, and with it brings a lot of the good stuff, including but not limited to automation. What we’re seeing a lot of now is API vendors like Apigee, Kong, and Tyk integrate with CI/CD tools like Jenkins so that API lifecycle management becomes part of the CI/CD pipeline and in turn, a byproduct of the overall process.
API management and the future: A date with DevOps
APIs are working their way deeper and deeper into almost every industry and in particular, into our lives. It’s not often that technological trends are accompanied by the law requiring organizations to adopt them, but regulations like the CMA in the UK and the PSD2 in the EU are perfect examples of just how revolutionary software disruption can actually be. As time progresses and APIs continue to be a cornerstone and driving factor to digital transformation, expect API management to merge with DevOps to a point where the two are indistinguishable.
Featured image: Shutterstock