Get updates to your emailSubscribe
To architect an effective API Management infrastructure, it is necessary to adopt and deploy some new technology components. In this lesson, we look into specific requirements and features associated with the components of an effective API Management architecture, including security, performance, data transformation and developer management.
In Lesson 101: API Management Basics, we give an overview of two integrated components necessary for a full-featured API Management solution: an API Gateway and an API Portal. Below, we provide a more detailed examination of these technologies.
API Gateway An API Gateway is a networking component (either hardware or virtual) that delivers an effective way to implement the kind of layered API architecture described in API Design Lesson 202: Architectural Layers.
The API Management functionality required of a Gateway will vary depending on the specific architectural layers it supports but is likely to include features for:
- Security – Protecting exposed backend systems against attack and hijack
- Performance – Maximizing API and client app efficiency and minimizing downtime
- Data transformation – Converting backend systems into API and app-friendly formats
- Orchestration – Composing new APIs from multiple backend resources
- Logging – Recording message-based events for analysis and auditing
An API Gateway supports layered API architecture by providing a central point to which these kinds of API Management functionality can be abstracted, away from the interface implementation as such.
Abstracting key API functionality out to the Gateway removes the need to build this functionality into each new API, making the processes of API design, implementation and management considerably simpler and more consistent.
A key advantage of this approach is “loose coupling” between exposed resources and client applications. Each API call must pass through every architectural layer encapsulated by the Gateway before reaching the interface, so resources and apps do not interact directly.
Aside from its security benefits, loose coupling simplifies the entire process of API design, implementation and management by providing a place for data transformation, where messages can be translated between backend, API and app formats and protocols.
Again, centralization is the key – legacy backend systems do not need to be updated and APIs do not need to be designed with every potential client platform in mind. The Gateway provides a central data transformation point through which all traffic is translated to the required protocol or format.
Centralization creates various other benefits for architects managing API programs, including:
- Providing a place for applying a consistent set of API Management policies
- Minimizing the amount of code and infrastructural components to be supported
While an API Gateway will support most of the architectural functionality required for composing, implementing and managing APIs, it cannot entirely satisfy the requirement to engage and enable client app developers.
API publishers also need ways to engage, onboard, educate and manage developers – whether these developers are inside or outside the API-owning organization itself. This will generally mean delivering registration services, documentation, analytics and other resources.
The best way to make these resources available to developers is via a purpose-built Web site – usually referred to as a “developer portal” or “API Portal”. A full-featured portal will offer a range of functionality for developers and API owners, including:
- Discovery – Making it simple for developers to find and learn about APIs
- Onboarding – Allowing developers to sign-up for owner-denied API usage plans
- Education – Providing developers with the information they need to make use of APIs
- Examples – Illustrating functionality with sample applications and code fragments
- Community – Enabling developers to share best practices via forums
- Analytics – Delivering insight into API and app usage and performance
An API Portal may be built entirely in-house or based on one of several available white-label portal solutions. Building a portal in-house allows complete control over site functionality as well as look-and-feel. However, it can also lead to a great deal of development overhead.
These components are powerful individually but are especially useful when they are integrated to work together. For example, this integrated infrastructure empowers developers to self-register on the Portal and immediately begin sending requests to the Gateway.
Together a Gateway and Portal significantly simplify the process of managing APIs and developers in order to minimize integration costs, maintain the secure functioning of backend systems and facilitate the creation of truly valuable client applications.
How weak API terms of service, lack of transparency, and permissive API scopes led to the Facebook-Cambridge Analytica scandal
Mehdi Medjaoui on Aug 8, 2018
Explore the role APIs play in empowering teams and enabling organizations to innovate.
Mike Amundsen on May 24, 2018