APIs are becoming the backbone of mobile and web applications. They enable applications to store and retrieve data, access server-side logic, and enable developers to build new applications by mixing third-party APIs to create something completely new.
If your product requires an API, you will need to ensure that the API doesn’t become overwhelmed with too many requests or exposes endpoints to clients that could pose a security risk. That is where API Management Platforms can help.
What is an API Management Platform?
API Management Platforms act as a proxy between your API and customers, consuming applications, or partners. They are designed to protect your back end services by restricting the customer to a certain number of allowed queries per second or queries per day. Installing an API Management Platform prevents a user from inadvertently performing a Denial of Service (DoS) through poor coding or some form of attack.
How do API Management Platforms work?
API Management Platforms also accelerate the deployment, monitoring, security, versioning, and sharing of APIs. They are often deployed as a reverse proxy, intercepting all incoming API request traffic and applying rules to determine if requests should be routed to the API.
What are the most common features of API Management Platforms?
In addition to traffic management, they commonly offer:
- Token-based authorization support through API-key based authentication and delegated authentication using OAuth 2
- Deployment and versioning support for redirecting incoming requests to the current or newly deployed release of an API
- Rate limiting to reduce the impact of greedy API clients and denial of service (DoS) attacks
- Developer portals for hosted documentation and self-onboarding by developers
- Administrative portals for viewing usage reports
- Billing and payment support
- On-premise and cloud hosting deployment options
Deployment options for API Management Platforms
It is highly recommended to install an API management platform for your API prior to launching your API into production. Often, commercial vendors offer one or more of the following deployment options:
Cloud: Full Hosting
Fully hosted in the cloud, these vendors offer both the proxy, the administration dashboard, and all reporting/analytics using their own hosting solution. Some vendors offer this option only for lower-end solutions to help accelerate adoption, but quickly recommend using a hybrid or on-premise solution. Other vendors will offer medium-to-long term hosting for small to large installation requirements. Check with the specific vendor prior to understand the options available for your API needs.
Cloud: Hybrid Hosting
Hybrid hosting offers the hosting of data, reporting, and analytics via the API Management Platform’s API, while requiring the installation of the proxy within your cloud infrastructure. This allows companies to manage their own scaling and uptime of the proxy, while retaining the data capture and reporting services with the platform vendor. It also removes the need to share sensitive data associated to API keys and OAuth tokens, as authorization checks can be performed within your cloud infrastructure.
For teams that desire full control, some vendors offer a complete installation of all services, including the proxy, data capture, and reporting services. This often requires the installation of highly available resources such as databases, multiple web apps and APIs, messaging queues, and other systems. This is often not an option for most teams, due to time and resource constraints.