Source: Shutterstock
Many organizations are working hard to break down internal data silos between discrete applications and services. At the same time, the bunker mentality of many enterprise-level businesses is changing too — sharing data with other entities, partners and customers is proving massively effective in establishing a company’s or organization’s position in markets of goods and services.
Even at the developer end of the equation, where new apps and services are created, there’s been much interest in and pursuit of containers and microservices. Data interchange between containers is reflected in data interchange between internal applications, and with third parties.
At all levels, then, we are an industry increasingly using APIs – either internally between systems that were once monolithic, closed box affairs, or between companies, partners, suppliers, brokers and intermediaries.
The importance of API traffic is born out in the makeup of present-day internet traffic – much of it is now API-derived. Getting your API management right, therefore, is of primary concern to enterprise businesses in both the public and private sectors. At Tech HQ, we’re looking at three vendors who can make a significant difference to the way that IT teams are managing the full gamut of APIs, from developers’ access to test systems, right through to full-scale, production systems where communication speed and security literally makes or breaks an application.
After all, a poorly performing app in the hands of an end-user or customer may comprise beautiful, 100 percent bug-free code, but if API gateways are somehow misfiring, then the all-important “customer experience” is third-rate.
Of course, as well as responsive APIs, there are quite a few other key targets to hit with this pivotal aspect of modern digital experiences. The vendors featured below will help you tick all these boxes, and ensure the following are covered off:
Access Management
Granting access to key systems, even for internal-only use, is a complex affair. There is no single authentication method, certification, or security policy that works everywhere, for every user and every application. Your APIs need to be able to handle X.509 alongside Kerberos and Active Directory schema, OAuth, and many others.
Transform and Route
Header transformation, or parsing XML to JSON, may be relatively trivial, but done at scale, it becomes a significant overhead. Separating out this facility from the target application makes sense, as does the ability to switch to failover from an offline API. And for high-use, mission-critical APIs, load-balancing and clustering may be appropriate.
The three D’s: discovery, describe and document
Publishing APIs and providing relevant information is an iterative process and one that often plays second fiddle to more important-seeming activities. But providing accurate code samples and metadata, written appropriately and with privilege sensitivity, is of paramount importance.
Monitor, alert and contractual concerns
Many discrete API solutions provide real-time insight into how APIs across the enterprise are performing. That ability can allow administrators time to see problems before they might arise. Additionally, service level agreements not only have to be adhered to but, importantly, must be seen to be observed. That’s where the platforms featured below could help.
Security and governance
While many enterprises invest big money in internal threat security and worry about ex-employees walking out of the organization with privileged information, those same businesses also leave API access points open, grant access privileges too high (perhaps during API debugging), and don’t properly manage time-dependent access rights. Discovering and closing such gaps can be time-consuming and rarely effective when done without appropriate tools.
Furthermore, adherence to local edicts around data protection and personal data governance are increasingly stringent. While API “back doors” need to be shut, it’s usually incumbent of the enterprise to prove its own policies and protocols. The platforms on these pages can, to varying extents, cover this off and even automate many of the processes.
Conclusion
Application programming interfaces are the omniscient workhorses of the digital enterprise. Prioritization of their management and upkeep may be a difficult “sell” to those decision-makers not technologically conversant with the issues. But every IT professional working today knows full well the power of APIs and the central role they now play. For the best support in these regards, we recommend one (or more) of the following three providers.
The Nevatech Sentinet platform was designed with today’s topologies in mind, with on-premises, cloud and hybrid use as part of a single offering. For Microsoft-focused use, especially, there are significant benefits available with Sentinet, whether you are running Azure or localized Microsoft applications and services.
But naturally, the platform also handles all security protocols and methods (including any bespoke combinations that might be in play), and manages RESTful APIs and SOAP services to the fullest extent.
Governance and management of APIs are first-rate, with powerful, dedicated transformation at any level of API traffic, routing, failover, and one-to-many distribution if required. Backing it all is an easy-to-use interface that a drag-and-drop approach to building up even the most complex and fluid of API structures, internally and internet-facing.
The Sentinet platform seamlessly catalogs and can publish API metadata in a variety of formats and ensures maximum security and data governance compliance at every point in the API lifecycle.
You can read a more in-depth look at Sentinet as a platform here on Tech HQ.
Mulesoft’s position as the de facto provider of both RPA and its effective underpinnings, the API layer between applications is presented in its Anypoint platform, which manages, distributes, governs, and optimizes APIs.
The platform covers off the complete API lifecycle, providing an environment where APIs can be formulated and designed, published, distributed, and collaborated on.
As well as multiple API management tools and techniques (both baked-in and third-party), the global business that is Mulesoft ensures that differing geographic governances over data protection are always adhered to, even in internationally distributed networks.
The Mulesoft Anypoint Management Center provides an active monitor for API oversight, providing in-the-moment alerts if API routines get overstretched or start to back up. Policies can be formulated for most eventualities, meaning responses can be automated, too.
Managing and hosting APIs in mixed cloud and hybrid networks are covered, and the API management facility plays nicely with the rest of the Anypoint platform. This is an end-to-end solution for organizations that wish to outsource (to technology) much of the technical complexity of API management.
The Cloud Mashery API management platform provides fine-grained control over all elements making up a modern API-centered infrastructure, capable of performing at microservice-level in concord with Kubernetes orchestration, through modern, agile DevOps processes and methods, through to production-grade APIs that interact thousands of time per second with external applications.
Traffic can be effectively shaped and controlled at the API level, ensuring that SLAs for access to any discrete service can be monitored and controlled, either manually or according to pre-set policies.
The Cloud Mashery framework is cloud-agnostic (in terms of your choice of vendors), well suits multi-cloud setups, and can also be run on-premise as a container-based PaaS. But the overriding ethos of the TIBCO Cloud Mashery API management platform is one of re-usability. The platform can be used as the basis for a library of APIs, and of course, their associated schema and documentation.
For a deeper analysis of the API environment (over and above the very capable, built-in analytics platform), power users may wish to consider the TIBCO Spotfire platform, details about which can easily be found on these pages.
* Some of the companies mentioned in this article are commercial partners of Tech HQ
6 March 2024