If you’re involved with cloud computing and mobile (and if you’re in IT, hopefully you are), you’ve probably already bumped into the term API Management. If not, now is the time to start getting to know all about it. It will be a crucial part of your hybrid and/or mobile platform.
First, it is important to familiarize you with the term API in this context. API, or Application Programming Interface, is an old term. In the meantime though, this term does not really cover the real meaning anymore. Because what is an application these days? Is that still a valid concept? In modern IT, an API is basically nothing more than the interface of a web service. These web services are most of the times based on SOAP, but more and more exposed as REST services as well. These services provide a piece of functionality (black-box). And they can, if they’re developed with the right principles in mind, be used in many ways and thus used in many different contexts.
The trend is that vendors of standard “applications” have made or are making these solutions available as services by means of the SaaS model. Lots of times, the most important functionalities in these SaaS solutions are exposed as APIs. These are the so called public APIs and they are always based on web services technology. And most of the times these services are RESTful these days, because that’s really easy and has a lower overhead. The SaaS solutions usually make use of these services internally as well, so that everything can be nicely loosely coupled. The vendors have basically “conspired” to finally shove SOA down your throat whether you like it or not, the only difference now is that they don’t call it SOA anymore. But the architecture principles are being followed and that is a great thing!
But, in a SOA or architecture based on APIs, in which a set of services can be called in a certain (configurable) order to create real (parts of) business processes, governance is going to be really important. Otherwise we might as well call it JABOWS (just a bunch of web services). In “traditional” SOA environments, implementing run- and design-time SOA governance is now quite the default. In modern cloud and mobile solutions based on APIs, this is really not yet the case. APIs are being served and consumed like spaghetti. You’ll need a large napkin to cope with that. It is time for a next step in maturity.
Gartner has placed both SOA governance and API management in the Application Services Governance category. And they’ve also introduced a Magic Quadrant for that. I predict that vendors in the SOA governance category and vendors in the API management category will slowly move to a middle ground, providing generic run- and design-time governance solutions and that in the end we will be talking about ASG or something like that.
To keep the focus on API management: The nice thing is that you can expose your (legacy) on-premises APIs towards the cloud and mobile apps and other internal and external consumers. But now you can do it with security, monitor-ability and scalability in mind.
Because API management is about the following topics:
- Service virtualization – you can expose virtual services with for example functions like “retrieve list of articles” and “place order” which in your on-premises back-end systems are handled by completely different applications.
- Protocol conversion – your SOAP based on-premises functions can now be exposed as RESTful services towards consumers.
- Granular security – you can secure your virtual services in a much more granular way, by only exposing those functions towards certain apps or customers that are only important to them and which they can only access with the right certificates. The remaining part of the functions will not be accessible.
- Scalability and performance – API management can also provide caching and load balancing to help improve performance and reduce the risk of overrunning your (back-end) services.
- Runtime monitoring and governance – the runtime calls of services will be recorded, so you can exactly monitor how many times services are consumed and when and who called them.
- Design-time governance – your APIs can be registered in the service catalogue, including their descriptions. This will make re-use of services much easier because now your developers can actually find and check their potential re-use instead of re-inventing the wheel for every function they need.
By implementing API management you can now expose your on-premises or other (tailor made) solutions to cloud and apps in a modern, secure, manageable and scalable way. This will help modernize your solutions and bring you new ways of interacting with your business processes. API management is here to help you realize that. Make sure you get to know and embrace it!