The latest from the Apiman Blog

The Apiman blog presents the latest Apiman release news and insights. We also share relevant API and software engineering content that we think you will find interesting.

Version 1.3.0.Final of apiman is released!

Last week we released apiman 1.3.0.Final. It’s been rather a long while coming, but hopefully you’ll be pleased with the improvements.

This release has some important new features, a substantial number of bug-fixes, and marks the official release of the Apiman Vert.x Gateway.

Importantly, this release has a lot of background work which has prepared the ground for the upcoming initial community integration with 3scale, as outlined in previous blogs.

apiman, release

Performance tuning the Apiman Gateway (WildFly, EAP, Tomcat)

In this blog, we’ll outline a few simple tweaks you can make to improve the performance of the Apiman Gateway when running on servlet platforms (WildFly, EAP, Tomcat, etc).

Most of the focus will be on WildFly and EAP, but others will be more broadly applicable.

Naturally, these are very rough pointers and should merely be hints for areas that could prove fruitful. There’s no one-size-fits all approach to tuning, so always profile and keep tweaking to find the best settings for your workloads.

apiman, gateway, performance

3scale and apiman - Part Deux

It’s been almost two months since Red Hat announced it was acquiring 3scale Technologies and turning the 3scale API Management solution into a Red Hat supported product. In that time, we’ve been trying to figure out some stuff for the apiman community. Here some of the things we wanted to suss out:

  • How the apiman development team can best focus its efforts, now that 3scale will be the basis for Red Hat’s API Management technology.

  • How to best support the existing apiman community going forward, given the restrictions on continued development of the apiman API Management solution.

  • How can existing apiman users transition to a Red Hat supported API Management solution.

It doesn’t sound like much, but it actually really is. We’ve made some preliminary decisions, and because we want to be as transparent and upfront as possible, read on to find out what they are!

apiman

Red Hat, 3scale, and apiman?

As some of you have undoubtedly already heard, Red Hat recently announced the acquisition of 3scale, a commercial vendor of API Management software.

Because the apiman project is sponsored primarily by Red Hat, you may be wondering how this impacts the project and its open source community. In today’s blog post, I’ll do my best to answer that question as honestly and transparently as I can.

apiman

Version 1.2.4.Final of apiman is released!

Greetings, earthlings! On Friday of last week we released the absolute best version of apiman ever! This release has a fair number of bugs fixed, as well as a few new things. Read on for the details!

apiman, release

Covering Your Assets: Data Encryption in API Management

In a world where APIs are quickly becoming the standard, most of us understand the importance of following best practices for API security. We authenticate, authorize and throttle requests. We encrypt the data that we share with other applications (hopefully!). But we often neglect one of the most essential components of the API layer: data storage.

security, gateway

Using apiman in a network with limited Internet access

In plenty of enterprises, networks are either locked down or have very limited access to the Internet; often for security, privacy or other practical reasons.

We’ve carefully designed apiman to be fully featured and easily configured when no Internet access is available; providing a great deal of flexibility and eschewing any "off-site only" functionality.

So, if you’re looking for API management in a locked-down network or Internet-free environment, read on!

configuration, production, offline

Apiman 1.2 - Introduction to User Roles in apiman

In this post, we’ll examine apiman user roles. In the apiman data model, all data elements exist in the context of the organization. The same holds true for user memberships as users can be members of multiple organizations. Permissions in apiman are role based. The actions that a user is able to perform are dependent on the roles to which the user is assigned when a user is added as a member of an organization.

apiman, introduction, overview, users, roles

Version 1.2.3.Final of apiman is released!

Greetings, earthlings! Yesterday we released the best version of apiman yet, and I’m not just saying that because the version number (1.2.3.Final) is awesome. This release has a bunch of bug fixes in it, as well as a few targeted new features. Read on for more details!

apiman, release

Import APIs Into Apiman (API Catalog)

One of the less enjoyable aspects of apiman is the manual addition of an API that you wish to manage. And if you have a bunch of APIs you want to manage, you can either use the apiman REST interface to script the creation of them, or else you’re stuck manually entering them into the UI.

However, if you take advantage of the new API Catalog feature, things might get a lot easier!

apiman, 1.2.x, manager, catalog

Storing Your Gateway Config in a Database

One of the strongest features of apiman, in general, is its excellent extensibility. Not only is it easy to add new policies, for example, but many of its core components are also pluggable. This includes, for example, the registry used by the API Gateway to store configuration information published to it by the manager. This blog post will detail a new JDBC based implementation of that registry, explaining how you can store that information in a Database instead of in Elasticsearch (the default setting).

apiman, 1.2.x, gateway, jdbc, registry

Re-Registering Your Client App(s)

In a recent blog post I explained why APIs used to be completely frozen once they were published, and how we have loosened that restriction for Public APIs. Similarly, we did not allow Client Apps to be changed and then re-registered. This was never a good decision, since the Client App does not have anything "connected" to it (the way that an API may). So we should never have restricted the registration of a Client App!

apiman, 1.2.x, gateway