API Management in five questions
December 2022 by Simon Griffon & Gregory Eve, Smile
API Management is not an IT subject, but a discipline at the crossroads of business, IT, and coporate strategy.The notion of API Governance is at the heart. Discover API Management in 5 key questions.
API MANAGER VERSUS DATA BUS?
To put it simply, a data bus (ESB) is integrated like a backbone in an IS, so that different applications communicate with each other. Messages are transported as half streams to the bus. They are then transformed and routed to their destination (downstream half stream). An API Manager references, documents, exposes, and secures access to services in the form of APIs. It stands between a producer and a consumer. It is not there to transform or orchestrate messages but to ensure that the various API “communication” services are open and accessible to authorized applications or persons. If necessary, it can also measure the consumption, the usage, of each API for a given user.
API MANAGEMENT AND IDENTITY MANAGEMENT: WHY DO THESE TWO TOPICS OFTEN GO HAND IN HAND?
One of the functionalities of an API Manager is to handle access and authorizations to APIs. To do this, it relies on one or more directories that list all the identities of authorized third-party persons or
services: this is identity management (or IAM: Identity and Access Management). For external customers, it is then called CIAM (Customer Identity and Access Management).
ARE OPEN-SOURCE SOLUTIONS AS COMPETITIVE AS PROPRIETARY SOLUTIONS?
And to answer the other question, in this area, open-source (or semi-open-source) solutions are leaders in terms of functionality and innovation. However, be advised: open source does not mean “free”. Open-source editors all have a revenue model based on paid services (support, additional features, expertise, exclusive versions for companies, etc.).
WE OFTEN ASSOCIATE API MANAGEMENT WITH MONETIZATION: IS THIS ALWAYS TRUE?
The primary purpose of an API Manager is not monetization – here, it would be charging for access to APIs. It is meant to be a sort of “control tower” for the interactions between API services, most of which are internal to a company or an organization. It can also help in the provision of services on different channels (web, mobile, agencies, etc.) and the profitability can be indirect. Finally, there is a growing push for Open API – which facilitates access to data in an open way in different domains (Open Data, Open Banking).
SHOULD I CHOOSE MY API MANAGER AS AN ON-PREMISE SOLUTION OR VIA A MANAGED SERVICE (CLOUD)?
The question is context-dependent, really. If the desire is to address purely internal needs, a local installation might better suit your needs in that situation. If the IS is already in the cloud, a managed offer makes sense – hosted on the same cloud provider (“portable” API services to be used independently with different cloud providers). For specialized uses, you need to consider the location of API service providers and consumers to optimize the management of flows, security, regulations, and the needs you wish to address.