In the digital era, most companies expose their APIs to engage with their partners, consumers, users or application developers to expand their businesses. Most of them use an API Management layer to expose APIs. Components like API Manager, API Portal and API Gateway are used in these API management products. These are the high-level capabilities of each component.
- Manage API lifecycle
- Role-based Access Control
- Set up Quota
- Set up security (Authentication, Authorization, CORS, etc.)
- Expose Catalog to a controlled manner like private/public
- Self-service to consume APIs
- Manage their keys
- Provide code snippet
- Manages runtime traffic
- Enforces security, quota, etc.
Companies using API Management
So how are companies using these API Management components on a daily basis? Here are some examples.
A leading information service provider uses API Management to modernize the legacy XML API to REST API to attract new partners. They achieve this goal via the Enterprise edge API gateway which offers a single point of entry for all incoming traffic. Internal, external web and mobile applications and partners are consuming these APIs through a single channel. Additionally, the API Gateway enforces AAA (Authorization, Authentication and Audit), metering and throttling. And this leading information service provider uses a partner/ SaaS access gateway so that all partner calls are routed through an API Management layer to do security mediation like adding an API key or WS—Security.
A leading healthcare service company uses API Management to enforce authentication and thread protection through WAF (Web application firewall). It also helps prevent replay attacks, modernizing the legacy API to REST API and enabling SAML Single Sign-on (SSO) for a web application. The API Gateway exposes Stored procedure as REST API and sends data to the Analytics solution to show end-to-end visibility.
A federal agency uses API Management as an SOA (Service Oriented Architecture) file transfer gateway to enforce WS-Security authentication for SOAP services. They also use message mediation from SOAP to REST and REST to SOAP (transforms SOAP MIME attachment to REST multipart form data and vice versa) and expose custom onboarding API for partners by integrating with their Identity Server.
A leading health insurance provider uses API Management to secure health insurance-related APIs using mutual (2-way) SSL and OAuth 2.0 and Http Basic Authentication. They use APIM as a single entry point to consume Cloud/SaaS API like Google Map, service now and Salesforce. This avoids creating multiple SaaS accounts or scattering accounts in different machines, enforcing time-based throttling and modernizing SOAP API to REST API.
Another health insurance provider uses API Management to secure APIs by validating the JWT (JSON web token) generated by external IDP such as Ping, Okta or ADFS. They expose custom self-service web portal for Internal developers to create APIs through API Management REST APIs to enforce more control and integration with third-party corporate analytics to see the end to end visibility of API.
As you can see, companies from all industries and verticals are using API Management in various ways to digitalize their businesses.
Discover five reasons to use API Management to manage third-party APIs.
Gartner 2019 Magic Quadrant for API Full Life Cycle Management.