Long time ago, the Internet was full of proud and secluded applications, that relied on themselves to provide service. However, services were becoming more and more complicated, also technologies and protocols for connecting with other applications became more standardized. It became obvious that collaboration and specialization is required to survive. Applications thus started to be more specialized, talk to each other much more, and the level of digital interconnection skyrocketed. Along with that, did the market of solutions for managing web APIs.
Do I need API?
Most likely you do. Imagine a big corporation that is building HR system. They want the module related to business travel for planning and reporting. Is there a point in writing everything from scratch? If you plan travel, let’s ask someone who is already good at it. If you want to buy a ticket from A to B, there are companies that provide travel meta search service, both via website and API.
Those companies need data, so they ask someone who possess it – bus and train operators, airlines, car rentals and perhaps other travel meta search companies. Maybe, when planning travel, especially the end points, we might want to specify an address. How do we know that address is correct? We should ask someone who can verify it. Maybe some of our business partners requires of us not an address, but latitude and longitude. How to convert it? Ask someone. Maybe we would like to draw a nice map for our users, or show them a street view of arrival? Who is better at drawing maps than Google? Maybe we want to… You see where it is going? If you have a meaningful business, you probably have a lot of data and services in your systems that might be valuable if presented to the outside world. Not only on your web pages, but also via APIs, so other applications can use them and be another revenue stream for your business.
Do I need a tool to manage it?
So, you have a beautifully designed API that presents a lot of useful functionalities and data to your digital clients. Now what? You probably would like to manage it, which might include:
- API analytic – APIs created over time, last accessed, usage, comparisons, quota breaches, faults, latency breakdown, performance, usage across geolocations, user-agents, subscriptions, spikes and drops in traffic, report generators, data endpoints for all that
- Security – SSO, OAuth, OpenID, client credentials, password, implicit authentication, auth codes, SAML, NTLM, JWT, refresh/revoke token, third party oauth management, secret generation, key management
- Access rate control – by requests, bytes, IP address / range, headers, query parameters, quota consumption, limiting by seconds/minutes, flexible policies, back-end throughput configuration
- Alerts – abnormal number of request, resource access pattern change, geolocation change, abnormal token renewal, quota breaches, response times, abnormal usage, health degradation, new API version notifications
- Developer portal – store, themes/customization, self-registering, sandbox environment, SDK generation, easy to use API documentation
- Failover and dynamic endpoints
- Load balancing and caching
- Message mediation and transformation
- Cross-origin resource sharing (CORS)
- API versioning – multiple versions of API, automatic deprecations, show/hide old versions, tagging
- API Migration Across Environments – ability to move APIs from one environment to another (e.g. Dev, QA, Prod), lifecycle management
- Alert registration for users, not only for you
- Blacklisting – APIs, application, users, IP address, tiers, roles
- Threat protection – bot detection, token fraud detection
- API search – by name, provider, tagging, show most recent
- User base management, forums, support, social integration, comments, ratings
- Widgets – embeddable iframes support
- Log analysis – live log viewer, errors, invalid login attempts, deployment details
- Billing engines integration
- Deployment support – clustering, node discovery, tenant isolation, activation, deactivation, artifact synchronization
Oh my, that’s a lot. You probably don’t need all of that at once. But the more serious is your business, the more features might become useful to fine tune your operations. Of course, you might implement all you need by yourself. But, as with everything in development, why reinvent the wheel? Let’s first look at two major players out there.
Apigee – Google’s new acquisition
Google had some idea for API management called Google Endpoints, there was brief hype few years ago, and apparently, it was left in the shed of forgotten things. Seems that recently the company decided to buy something that is already good and popular to fulfill this role – the entire Apigee company and its API management platform, Apigee Edge. The product is often cited as the leading solution in the market, and is used by many big players, it has all the features you would expect, leaving most competition behind in this aspect, and is quite user friendly. There are 737 projects on GitHub referencing Apigee and 1803 results on StackOverflow. API management is the only Apigee product.
WSO2 – Open source alternative
If you are on a budget, you might be interested in a WSO2 API Manager, one of the few big players in the industry that is 100% open source and available on Apache license. Looking at GitHub, the project is exclusively developed by tech team based in Sri Lanka. The company offers the commercial version with setup, development and production support priced quite attractively and flexibly, comparing to competition. When counting bullet points WSO2 offers, to some extent, even more features than Apigee, that is already a very rich and mature platform. If you look for recommendations, WSO2 also has a decent portfolio of leading tech companies using their product. There are 960 projects on GitHub referencing WSO2. There are 15315 results for “WSO2” and 1143 result for “WSO2 API manager” on StackOverflow, since the company has other products too.
Other relevant solutions
There are many players in this area and new ones are joining in, since the market is growing rapidly. I was able to gather a list of further 17 you might want to look into.
- Akana (formely SOA Software)
- Amazon API gateway
- CA Layer7
- IBM API Management
- Mashape Galileo
- Microsoft’s Azure API Management
- MuleSoft API Manager
- Oracle SOA
- RedHat 3scale
Are you lost by now?
So many possibilities to choose from can be daunting. I did a research on the topic as I’m currently in a API-centric project, and arrived at final showdown between Apigee and WSO2, that is still to be made. If you are curious about more information on other solutions, aside from official websites, you may refer to other sources.
First article I recommend is Monitor the Status of APIs with These 4 Tools which mentions: APImetrics, APIscience, Smartbear.
The second article is API Management tools: How to find the one for you which mentions: 3scale, ApiAxle, Apigee, Axway, CA Layer 7, IBM API Management, Mashape, Mashery, Microsoft’s Azure API Management, MuleSoft, Oracle SOA, Akana (formely SOA Software), WSO2.
Third, there is a website to look for alternatives for given software or other things. If you use Apigee or WSO2 as point of reference it will give you: Fusio, Mashape, Apiman, Apibond, Tyk, API umbrella, Axway, 3Scale.
Fourth, if you look at the list in Wikipedia article on API management, you will find: 3scale, Apigee, Axway, CA Technologies, IBM, Informatica, Intel Services, MuleSoft, SOA Software, Tibco Software, WSO2.
Fifth, WSO2 itself has an extensive document with comparison of their platform to competition, and they list the following four there: 3Scale, Amazon API Gateway, Apigee, MuleSoft.
Sixth, there is a professional report Vendor Landscape: API Management Solutions by Forrester, however it costs 2495 USD to access.
APIs are on the rise, and with them API management solutions. If you are developing your own API, it’s probably a good idea to take interest in the topic. I will reiterate: reinventing the wheel does not make economic sense, unless you really need a very custom solution. But I’m 99% certain that it’s not the case. You don’t write your own web framework, but use existing ones and focus on delivering working application that makes user happy. Similarly, you should not write your own API management framework, but focus on designing good API that will make its users happy, be it developers or business. Incorporate existing framework to do the dirty work. If you have any experience with such tools, feel free to share it! See you next week :)