Sunday, August 24, 2014

Web APIs and API Management


It's a world of APIs. In the beginning only the big technology firms like Google, Twitter that catered to large developer community and mobile apps needed to expose APIs. But now, there can pretty much be no business with out APIs exposed to the outside. There are many reasons a business would want to expose APIs mobile apps being one of the foremost reason. Businesses would want make it easy for their partners, customers, vendors etc. by automating data exchange or transactions. With the advent of IOT APIs are going to become ever more important (machine to machine interaction).

Building RESTful APIs has become extremely easy with most technologies providing inherent frameworks. With ASP.NET Web API .NET developers can convert their old web services or applications into RESTful API in  matter of days if not hours. Similarly Jersey and Restlet among others make it easy to develop WebAPIs in Java. Modern languages such as Ruby on Rails and NodeJS are of course meant to be modern and cater towards WebAPIs and web application development. There are several books on RESTful API design which I believe is very important for technical leads and architects to refer to before building APIs for their organization.

The next step after designing and building the APIs is the API management functionality. We need the ability to manage the developers, monitor and track their activities and control their access. While this functionality can build in house or use of the several API management solution companies. There are many different "types" of providers in this space. One of the popular type of API management is the cloud hosted API gateways. Others types are on-premise software, on-premise appliance. The one I like and implemented is a plug-in or agent based solution which makes it a hybrid on-premise/cloud architecture.

Cloud Solution: Major vendors such as Layer 7, Apigee, Mashery etc. all offer cloud deployment solutions. In this model the cloud API gateway acts as a proxy to the APIs in your data center. API Management aspects such as developer on-boarding, key management, throttling, billing (if you are going to charge for your APIs) are all handled by the solution provider in the cloud. APIs may still stay in your data center. The provider makes the call to the API on behalf of the requests coming from developer applications. Some of the advantages of cloud solutions are easy setup and fast time to market. Some concerns are security and network latency.

On-Premise Solution: Again several of the major vendors also provide an on-premise solution. In this case vendor provides software or an appliance that you need to setup in your data center. The software or appliance will act as a proxy to the underlying WebAPIs. Some advantages are internal only situations, security and network latency. Some disadvantages are additional burden on IT to support hardware/software and cost.

Hybrid Plug-in solution: In this model the requests are made directly to the APIs. A plugin or agent intercepts the calls and checks with cloud based API management application (through API calls of course) before servicing the request. This solution provides ultimate flexibility and takes care of both internal and external situations. In addition to being a low cost solution, since this is a plug in model it is easy to replace if ever needed to replace with a different solution. 3Scale provides this kind of solution. There may be other vendors (Mashery?) providing similar solution, but I am not familiar.

Who are the players in API Management

There were not many players in this space only a couple of years ago. Now it seems like every technology company is a player in this space! Here is a small list:
Apigee
Layer 7
Mashery
3Scale
Oracle
Microsoft
IBM
MuleSoft

Open Source software:
WSO2
ApiAxle
API-Umbrella


No comments: