Understanding API Management, API Gateway, and API Manager

Working with Development teams throughout the past year, I’ve seen that terms like API management, API gateway, and API manager are often confused. This can generate doubts during the study and use of APIs. So, I performed some research about these three common words from the API industry and made a presentation for our API development teams. Below, we share with you the result of this research and clarify these concepts.

So, What’s API Management?

API management is related to the API lifecycle. We all know that every day, new projects are starting, and APIs are being designed and implemented. But, you need to manage these services. You’ll need metrics, the ability to version APIs, modify data that is exposed, and understand the business value to determine when the API is no longer important for your project.

API management is the process that enables these abilities, allowing you to keep your APIs relevant, improve them, and have a way to scale or retire them.

And, What’s an API Gateway?

An API gateway is a single entry point of access for all clients. An API gateway can handle requests in one of two ways. The most common usage is to simply route the request for redirecting, but as a tool, you can do filtering for third-party traffic.

There are development frameworks that implement this pattern of integration, such as Spring Cloud Gateway, and Netflix OSS Zuul. You also have more productized tools for this purpose, such as the Oracle Gateway, and the Gateway from Nginx.

API gateways are commonly used for microservices architectures, but they can be used to expose APIs deployed on cloud servers, which do not need to have a well-defined endpoint. An API gateway may come as a product; there are several vendors in the market.

Lastly, What’s an API Manager?

An API manager is a specific product that provides a layer for managing your APIs over traffic management (like an API gateway). But, beyond this, an API manager has more functionalities to analyze the requests and control the version of exposed APIs. API managers have a dashboard creation for access and requisitions, the possibility to limit access, and monetize your APIs. Tools to manage APIs often provide mechanisms to support the subscriber and developer community.

Why Should I Use an API Manager?

If your company or project seeks a robust tool to support your APIs, provide a better quality of your services, and also generate engagement for developers and customers, you could likely benefit from an API management solution. Here are some other key reasons why you should use an API manager tool:

Now, I’ll share some details of each listed item upon.

The API Gateway Functionality

An API gateway acts as an API front-end, receives API requests, enforces throttling and security policies, redirects requests to the backend service, and then returns the response to the requester.

Often, an API gateway includes a transformation engine to orchestrate and modify the requests and responses on the fly. For example, say your API produces and consumes a JSON format for communication, and your customer only supports XML as a data exchange format. Using a transformation functionality, you could convert the JSON to XML and the XML to JSON, allowing more types of customers to integrate with your platform.

An API gateway can provide functionality such as collecting analytics data and providing caching, configuring the exposed endpoint, and indicating which data you’d like to view in your reports. Also, it may provide authentication functionality, forcing the authorization, keeping your API secured from bad users.

API Publishing Tools

API managers provide a collection of tools that providers use to define APIs —for instance, using the OpenAPI or RAML specifications. When publishing your API, you will want to release iterations of your product quickly. API publishing tools help generate proper documentation and manage access and usage policies.

Also, API managers may include security testing and automated generation of tests and test suites to help coordinate the overall API lifecycle. These may be deployed into production, staging environments, or quality assurance environments.

Developer Portal for Customers and Third-party Developers

A developer portal is a community site, typically branded by an API provider, that encapsulates API information and functionality for developers in a single, convenient view. This may include documentation, tutorials, sample code, and software development kits.

Many developer portals also have interactive API consoles and sandboxes to trial APIs. A developer portal will enable users to subscribe to the APIs and manage subscription keys, such as OAuth2 Client ID and Client Secret, and obtain support from the API provider and user community. These items are typically provided by your API manager tool, so you don’t need to build it from scratch.

Reports and Analytics Tools

Reporting and analytics are essential functionalities for an API management tool. The capability to monitor API usage generates important metrics. Some critical areas to monitor include:

  • Load capacity
  • Overall hits
  • Completed transactions
  • Number of data objects returned
  • Amount of compute time and other internal resources consumed
  • The volume of data transferred

Based on these metrics, you can find gaps and improve your performance. They may reveal new opportunities to either build a new API or prove one must be retired.

This may include real-time monitoring of the API with alerts being raised directly, or via a higher-level network management system. For instance, API monitors may alert the provider when the load on an API has become too high, monitoring may also provide the functionality to analyze historical data, such as transaction logs, and other methods to detect usage trends.

The information gathered by reporting and analytics functionalities can be used by the API provider to optimize the API offering within an organization’s overall continuous improvement process. Such data can also be used to define software Service-Level Agreements for APIs.

Monetization

Monetization is the functionality to support charging for access to commercial APIs. It can include support for setting up pricing rules based on usage, load, and functionality, issuing invoices, and collecting payments, including multiple types of credit card payments.

Conclusion

After sharing these explanations with our teams, they understood that all three terms are significant for API development and API product support.

You don’t need to build everything from scratch, because there are several options from many vendors in the IT Industry. But, the thing that you need to keep in mind is that, by adding an API manager tool to your infrastructure, you add one more layer of coupling. So, think about whether or not the benefits justify the need for an API Manager.

If you just need to expose your APIs without an endpoint from your backend, sometimes, an API gateway can easily solve your problems. However, if you need something more robust, the Omnichannel is a part of the business of your product, and you have a team engaged and encouraged to discover and use the several options that the API manager can provide, then an API manager is an incredibly helpful tool.