More than a gateway: Modern API management platforms

30 November 2020 | 112 Shares

Take a random sample of internet traffic or traffic flowing across the average enterprise network, and you will probably find that the majority (some estimates put the figure as high as 70%) of packets are destined for, coming from, or are related in some way to API activity.

Even applications that could be described as monolithic usually comprise discrete modules, services, microservices, and so on, which function internally by means of APIs. Regardless of design, even an individual application’s topology often spans multiple public clouds, on-premise resources, edge-based facilities, leased real estate in data centers, and so on. Multiply the complexity of a single application or service by a large number, and the predominance of API-related traffic is explained.

Therefore, machine-to-machine data can be regarded as comprising critical traffic, and managing such traffic comprises essential activity for IT departments. As well as handling structural issues, there are also considerations of security, traffic prioritization, routing issues, API call SLAs, and much, much more. Little wonder that products that rather modestly describe themselves as “API gateways” or “API management suites” are now considered pivotal parts of the entire IT stack.

Here at TechHQ, we consider three vendors of API Management systems that go beyond monitoring and maintaining APIs. Each is capable of deployment across hybrid environments and offers scalability and elasticity that will fit in with teams’ agile approach to providing the services demanded of them.

Simplifying and securing API estate needs to be a short- to medium-term goal, and with the products we feature here, achieving this alone should provide a return on investment.

Furthermore, because data/information is now rightfully regarded as the most valuable commodity an organization can access, each of the featured vendors also goes beyond providing the basics of reliability and security. Examples include API change audits that correspond with the business’s change management procedures in ITIL workflows or consolidate data from multiple gateways.

There is also a case for leveraging these platforms for analysis to discover use trends across APIs to allocate attention and resources better. The same metrics can be used by BI and reporting suites to create viable SLAs for internal stakeholders and external partners alike. And as organizations make deeper forays into microservices as part of their development activities, there will be a greater need for dependency tracking to keep applications running (obviously) and ensure continuing compliance with data regulations.

It’s sometimes difficult to take a step back from the technical complexities of the solutions we feature below and try to look more objectively at the desired outcomes for enterprise IT decision-makers considering their options. Keeping a business-first mentality that’s focused on outcomes required by the greater enterprise is the end goal, but we feel the vendors covered here are beyond the point of pushing a product for its technical “smarts.” Each is conversant with the pressures on corporate-level IT today and offers answers to the questions being posed to IT professionals in boardrooms across the world. Given the immense importance of APIs in today’s technology-driven world, finding long-term partners for this area of the IT stack is probably one of the more important decisions you will take in your career.

NEVATECH

Since its first offering, the Sentinet API Management platform has been designed to offer a unified solution in very diverse networks.

Any Sentinet component works the same way regardless of where they are deployed: on-premise, in hybrid environments, and cloud settings. Deployments are not limited by their particular subnet, so an on-premise Sentinent can oversee APIs in the DMZ, or highly-restricted testing environments, or full production settings, using the same interface and the same toolset.

Use-case aggregation includes providing the same utility to all areas of the wider network so that production systems can be monitored for SLA violations. At the same time, alerts are given to DevOps teams to help them manage APIs actively and pro-actively to anticipate and remedy operational malfunctions. Sentinet also supports microservice-based applications by offering aggregated access and central view on the isolated microservices.

Nevatech aims to simplify API infrastructure and reduce the number of vendors on which the IT department depends for this mission-critical area of the enterprise. That has obvious security and reliability plus-es while reducing overheads and resource-drain. The Sentinet platform’s interoperability gives decision-makers the ability to migrate environments without massive reconfiguration of API management nodes creating roadblocks, and the same ability also ensures an unchanging security posture.

Traffic flow monitoring and predictive analysis mean procurement and resource planning for expansion or new projects becomes simpler. At the same time, security standards remain high thanks to granular access, security tokens and key management systems.

You can read a more in-depth article on Nevatech here on the pages of TechHQ.

AXWAY

The AMPLIFY API Management platform helps teams create and publish APIs from the cloud or on-premise server instances and then provides management frameworks to monitor and control all APIs across the enterprise.

There are built-in analysis tools in AMPLIFY so that users can see live operational data or even developer uptake metrics (API “popularity contests,” if you will).

The analysis routines can flag anomalies and report on overall API stack health, or users can use “traditional” logfile analysis, Splunk, and so on — the AMPLIFY API Management system is as extensible as an API.

Axway is a heavily business-focused outfit, and the AMPLIFY platform can be used to monetize API use easily, making APIs reusable: develop once, deploy (and charge) multiple times. That facility is via AMPLIFY Central Service, which centralizes monetary issues like charges and subscriptions of every and any API across the enterprise.

Axway is building a complete developer and user community for its products, with an internal marketplace available to all subscribers where code and methodologies can be shared, thus vastly improving time to market for new services’ APIs.

To learn more about Axway, click here.

TYK

Tyk’s engineers, support staff, and to a certain extent, its sales force are all drawn from the community of professionals who created the Tyk platform. The company’s API gateway remains a free and open-source product, so developers are permitted — indeed, encouraged — to trial, configure, use, and deploy the platform.

The company monetizes by offering support and its own SaaS platform, but organizations can install their instances as they see fit, on-premise or cloud. But the support the company offers is its real USP, which is entirely done by the company’s engineers, regardless of whether the users are students playing with API management or huge enterprises with a sharding or cluster issue for mission-critical API traffic.

That developer-led focus means that the API gateway is highly configurable to individual companies’ uses. From creation and testing of APIs (perhaps importing from Swagger blueprints or other legacy sources) to deployment in production, to extending capabilities via plugins (Splunk for example), managing web tokens, certificate policies, and monitoring, the Tyk platform helps companies expose their APIs and services in a controlled, safe, reliable and orderly manner, using the types of protocols and language that DevOps functions are familiar with.

You can read plenty more about this fantastic API gateway platform here.