February 14, 2015 | Written by: Mariusz Lesniak
Share this post:
Web application programming interfaces (APIs) are quickly establishing a mainstream position in the marketplace. As with any other business access route, the web API channel has to be secure and managed to ensure the necessary level of technical and business control. The purpose of this blog post is to provide a brief overview of the IBM API Management capability.
API economy and new open enterprise
The rapid growth in mobile apps, cloud services, Internet of Things and developer communities have driven many enterprises to open up valuable data through APIs. API economy helps companies realize opportunities for new and open enterprise, where they can repurpose their IT and services and expose them to new revenue streams, markets and a much faster pace of innovation. The market pressures driving this activity are caused primarily by the proliferation of new devices and channels, smaller and fast-changing applications, competition within the market, as well as fast forming and changing business alliances and partnerships. Judging by the exponential growth in numbers of publicly registered APIs, companies are more readily opening their boundaries with data and services to partner organizations, the web, mobile apps, smart devices and the cloud.
Web APIs are already driving significant new economic activity. According to this developerWorks article, by the end of 2014, 75 percent of the Fortune 1000 will offer public web APIs. The same article states that by 2016, 50 percent of B2B collaboration will take place through web APIs. According to Mark Carges (eBay CTO), his company already trades about “$7bn worth of items on eBay through APIs” (download source).
Why API management?
APIs provide a distribution channel for a company’s products and services. This can be observed across most of the industries, including the financial services sector. Naturally, IT organizations want to manage the APIs as they are being provisioned externally to be repurposed by business partners and a large community of external developers, not just developers they employ. API management solutions aim to simplify the process of opening the company’s information assets to third parties and developers for even the most security-conscious organizations.
The key API management capabilities required
At the highest level, an API management solution needs to include the following functionality:
• The enterprise information and services have to be exposed in a simple and API-friendly manner as RESTful APIs
• The information systems exposed by APIs must be protected against message-level attacks and hijack
• Strong access control, identity federation and social login functionality must be deployed
• You must maintain the availability of backend systems for APIs, applications and users
• Engage, onboard, educate and manage developers to help them deliver real value.
• Enable business users to monitor and analyze the API usage
The IBM API Management solution and its essential building blocks
IBM API Management provides a complete set of capabilities to help companies expose enterprise assets and services to a wide spectrum of application environments such as web and mobile applications. It offers flexible deployment options, including capabilities for creating, assembling, securing and scaling APIs in full compliance with the above requirements. This is represented in the following simple architecture overview diagram:
The IBM API Management solution includes the following key actors and components:
• IT Operator: creates the original APIs, either as API proxies or composite APIs. The IT Operator may rely on WebSphere Service Registry and Repository (WSRR), z/OS Connect or both to identify and manage the candidate and active backend services.
• App developer: composes apps from existing services and the APIs fronting those services to create new business value.
• Business user: needs to understand how many developers are consuming APIs, which APIs are being utilized, who accesses them and where from. How is this picture changing in time?
• API manager: allows for easy assembly of new APIs. Responsible for securing and management of APIs from an IT Ops perspective.
• Management console: assists with analytics and provides controls to publish APIs, to document APIs, to set quotas, manage communities and monitor service levels.
• Application developer portal: allows for self-service registration and provides hooks into social communities. The portal allows developers to see API documentation, view lists of available APIs, view associated service level agreements (SLAs), subscribe to chargeable APIs, set up their own dev community and enable collaboration.
• API gateway: is a physical or virtual appliance that secures and mediates the traffic between the source APIs and their end consumers.
In addition to the core stack above, there are also few optional components that can be considered. These are represented by IBM WebSphere Registry and Repository and z/OS Connect components as follows:
• WebSphere Registry and Repository. This is an enterprise service catalog that governs all the services behind the APIs and manages their lifecycle. API Manager can rely on WSRR to fetch Web Service Description Language (WSDL) for the required services.
This blog post presents only a brief overview of the relatively complex API management subject. My intention is to continue this discussion in follow up posts by deep diving into more specific web API-related areas. If you found this post useful, let me know what other web API topics are interesting to you. Comment below or contact me on Twitter @mariuslesniak.