Introduction

What is API Management?

A popular trend in enterprise software development these days is to design client apps to be very decoupled and use APIs to connect them.

This approach provides an excellent way to reuse functionality across various applications and business units.

Another great benefit of API usage in enterprises is the ability to create those APIs using a variety of disparate technologies.

However, this approach also introduces its own pitfalls and disadvantages. Some of those disadvantages include things like:

  • Difficulty discovering or sharing existing APIs

  • Difficulty sharing common functionality across API implementations

  • Tracking of API usage/consumption

API Management is a technology that addresses these and other issues by providing an API Manager to track APIs and configure governance policies, as well as an API Gateway that sits between the API and the client. This API Gateway is responsible for applying the policies configured during management.

Therefore, an API management system tends to provide the following features:

  • Centralized governance policy configuration

  • Tracking of APIs and consumers of those APIs

  • Easy sharing and discovery of APIs

  • Leveraging common policy configuration across different APIs

Project Goals

The goals of Apiman are to provide:

  • An easy-to-use and powerful API Manager, handling user management and human interaction.

  • A low-overhead API Gateway to implement standard API management functionality (runtime enforcement.

  • Flexibility, allowing existing functionality to be adapted and configured to do what users need.

  • Extensibility, allowing new functionality to be added into Apiman via plugins and components.

  • Reuse, allowing existing Java codebases and Java skills to be reused for API Management purposes (without having to rewrite everything).

Typical Use Cases

Some common API management use cases include:

Security

APIs will very often have a security requirement such that clients connecting to the API must authenticate in some fashion.

Authentication can vary greatly both in the protocols used to authenticate and the identity source used for validation.

It can often be convenient to provide authentication at the API management layer to free up the back end API from having to do this work. This approach also has the side benefit of centralizing configuration of authentication for a wide array of disparate APIs.

Therefore, the API management layer must provide authentication capabilities using a wide range of protocols including BASIC, digest, OAuth, etc.

Throttling/Rate Limiting

The API management layer is a convenient place to ensure throttling (also known as rate limiting) to your APIs. Throttling is a way to prevent individual clients from issuing too many requests to an API. Because all requests to an API go through the API Gateway it is an excellent place to do this throttling work.

Metering/Billing

There are a number of reasons why an API provider would be interested in the number of requests made to her API. The most common reason for public facing APIs is to implement billing based on usage per consumer. Metering is the feature that provides this API management capability.