Capabilities to Look for in API Management Solutions
API Gateways are becoming an essential cog in the IT landscape. Let us look at the key capabilities that are expected from an API Management solution, for this we will refer to Uber’s API Gateway implementation. Recently Uber published details about the architecture of its internally built API Gateway. Uber is recognized as being one of the earliest Tech Unicorns and a trailblazer in terms of how they leveraged technology to disrupt the taxi/daily commute industry (a highly regulated sector in many countries/cities). In fact, what they did was so impactful that the term “Uberization” became part of everyday tech lexicon to denote commoditization of an existing service-based industry by new participants using computing platforms.
Uber mentions in their blog “API gateways are an integral part of microservices architecture in recent years. An API gateway provides a single point of entry for all our apps and provides an interface to access data, logic, or functionality from back-end microservices. It also provides a centralized place to implement many high-level responsibilities, including routing, protocol conversion, rate limiting, load shedding, header enrichment and propagation, data center affinity enforcement, security auditing, user access blocking, mobile client generation, and others.”
It is clear that API Gateway plays an extremely important role in the IT landscape of many major organizations and is a critical enabler of Digital transformation initiatives for them.
The features of API Gateway can be categorized across four major pillars:
API Development & Lifecycle Management: In this category the focus is on capabilities around API Creation, Modification, Versioning, Testing, Document Generation, Message Transformation and Transport Protocol mediation.
Security: The APIs once built can be exposed to both Internal and External consumers/applications. Securing access to these APIs is an essential feature of any API solution. In this category the expected functions are around Identification, Authentication, Authorization, Rate Limits, Data Encryption, Data Redaction, Client Access Policies, CORS etc.
API Discovery: Once built and secured, APIs need to be discoverable by interested consumers both inside and outside the organization. In this area the key capabilities to look for are API Discovery, Self service onboarding, API subscription, Sand box testing, Communities to share feedback and troubleshoot APIs.
Analytics & Operations: Once APIs are built, published and consumed they can be a source of generating lot of useful dashboards. The major capabilities in focus here are around Tracing, Monitoring Dashboards, Debugging etc.
In case of Uber, they went ahead and built their own API platform in house, but what if we are able to “Uberize” the key capabilities that are expected from an API tooling and make that available as a robust Platform that can be used to build enterprise grade, secure APIs and which can scale to handle millions of transactions. This is what has been done by IBM as part of their IBM API Connect platform. We in GBM have enabled multiple organizations across the GCC to build their API Management capabilities using IBM API Connect platform across industries such as Banking, Telco, Retail, Public Sector Ministries. Please get in touch if you plan to start your API Journey.