Forrester predicts that annual spending on API management solutions will quadruple to $660 million by 2020. Looking at the domestic market alone, their research indicates the next five years will see almost $3 billion spent on API management. The use of APIs has increased as enterprises tackle wide-ranging issues, including a proliferation of connectivity-driven initiatives such as Big Data, the Internet of Things (IoT) and mobility. Efficient and secure API design and deployment provides the foundation for these efforts, so administrators need to understand what the latest API management platforms can accomplish and which features will best support an organization’s needs today and into the future.
Enterprise API management needs have shifted
The past several years have seen some changes when it comes to the enterprise sector’s API management needs. Administrators expect platforms to encompass greater functionality. “It’s now a much more fully fledged piece of infrastructure because you need visibility and control of your APIs,” said Steve Willmott, CEO of 3scale. It’s important to get a broader view of what’s happening within the enterprise. “Who are the users, which servers can they access, what kind of methods can they access, how much can they access?” Willmott asked. Administrators are also increasingly keen to understand glitches and alerts related to unusual behavior on the API.
For enterprises, the use cases for API management have changed. “Different requirements have been added,” said Ed Anuff, senior vice president of product strategy at Apigee, adding, “The people who are involved in building, using and managing the API system have changed as well.” Just three or four years ago or more, much of the API management landscape was focused on supporting mobile application APIs in a secure way. “What we’ve seen more recently is that you’re seeing all sorts of connected products and things that are using APIs, and you’re also seeing that people are trying to use a lot of the techniques that they implemented for exposing APIs externally,” Anuff explained. “They’re trying to use those same techniques for their internal APIs.” He believes administrators are looking at their service-oriented architectures and searching for ways “to treat those services more like APIs and do things in a more lightweight way.”
For an increasing number of enterprises, the use of APIs is now seen as an important factor in the organization’s growth and evolution. “APIs can provide more revenue growth, integration between partners [or] new ventures, and can even be fully-blown products for companies,” said Sumedha Rubasinghe, director of API architecture at WSO2, in a recent e-mail. Successfully managing all the various aspects of API efforts enables administrators to expose APIs while retaining full control. “While going down this path of API economy, enterprises need to maintain the right balance of exposing internal business capabilities versus being exposed too much,” Rubasinghe said.
Developments in the API management marketplace
Just as business’s needs have changed, vendors have also made big strides in features and capabilities. “A lot of the control is much more fine grained than it was,” Willmott said, offering as an example, “Maybe once upon a time you would rate limit particular API endpoints, but now you could do it on a per-user basis.” In a scenario where a mobile application is regularly calling the API, Willmott said it doesn’t make sense to rate limit the application. The more successful it is, the more people will download it. Strong API management platforms can now provide control without reducing usability.
Standards are also emerging which Willmott said are “fledgling but important.” Swagger and JSON are two standards that are becoming more prominent in the API realm. This maturation of the marketplace is “allowing vendors to do more with tooling because you have this kind of stable baseline of definitions that you can work from,” Willmott said. It’s also advantageous for enterprises, as it provides correlations between what the various vendors promise their solutions can do.
The usage of APIs has become something of a horizontal domain in the enterprise space, according to Anuff. Historically, API programs supported people who were part of an integration center of excellence, or those who were focused on getting one application to talk to another. “Now, every developer, whether they’re a senior architect or whether they’re a junior developer right out of school, every developer in your organization is building APIs and they’re using APIs on a daily basis,” Anuff said. Broader use across the enterprise is shaping the functionalities vendors offer and the features enterprises need.
Which API management capabilities does your enterprise need?
Administrators often find themselves balancing scale and security. Together, these challenges present a clear need for a robust feature set. “When you’re looking at API management, you need something that’s very self-service that any developer can simply log into and immediately be productive with,” Anuff said. Deploying the right features without delay can mean the difference between API success and failure. “When building an API that’s used by a mobile application, it’s not too hard to end up in a situation where your APIs are going to be called thousands of times a second,” Anuff said. That sort of scale quickly translates into a need for strong security, making the right API management solution a must.
As enterprise administrators shop around for the right API management solution to meet their needs, a handful of features often rise to the top. To sift through the potential suitors, Willmott encourages administrators to zero in on the big picture problem they’re trying to solve. In addition to a solution that offers wide-ranging, 360-degree control, he said, “We strongly believe you should separate the coordination layer from the traffic control layer.” That means where the policies are set and where analytics, tracking and alerts happen. “That separation of concerns is important because it allows you to cover everything and it allows you accessibility in the future as well,” Willmott explained. “You’re not locked into one technology stack.”
Among the capabilities Rubasinghe believes will be useful to administrators are “performance, configurable authentication and authorization, [and] identity federation,” as well as scalability. The kind of flexibility that can support different environments, including cloud, on-premise and a hybrid implementation that features both, may also prove crucial. Monitoring at the “system and business level” is another functionality many enterprises will want to include on their must-have shopping list. Rubasinghe said a “vendor’s expertise in guiding towards proper best practices” may also factor in how well a particular solution supports the enterprise’s needs today and tomorrow.
Photo courtesy of Shutterstock.