In version 5.0.0.1 of IBM API Connect there is support for SOAP and REST APIs, as there was in v4. But how can you manage, control and govern your APIs using API Connect, if a little bit of control is needed?
Developer organization level
You can set controls on a developer organization to indicate if anyone can join, or if they have to be invited. You can also create multiple developer organizations on a single catalog portal, and only publish APIs to certain developer organizations. This allows you to control which application developers can see an API.
You can also set if developers can invite others, and if so, what level of access they get.
Approvals for subscriptions
You can control whether the API owner has to approve a subscription to a plan within a product, at the level of the plan (inside the product).
If Require subscription approval is enabled, the app developer can sign up but must wait until the API owner approves before the developer can invoke the API.
Catalog publishing controls
You can set which API developers are able to stage, publish and view APIs in each catalog, at a catalog level. You can set whether approvals are required to stage, publish, or other life cycle actions, for an API.

You can also set who can manage policies in a certain catalog.
This lets you set that users in certain roles can view APIs in the catalog, but they cannot stage or publish. You can allow users to stage or publish an API to the catalog, but require those with permissions to approve before the staging or publishing happens. You can also require approval for other life cycle changes, such as Retire or Deprecate.
Role based access
You can define roles, or use existing roles, to define what users can do in the API Manager.
Each role has a variety of permissions which can be toggled, for view and edit/manage permissions.
This is just for version 5.0.0.1, and future versions have added more features.