Fiorano API Management

Exposing interfaces to unique corporate data creates value that many companies have difficulty unlocking on their own. By exposing internal enterprise data and application functionality to external applications on mobile devices, consoles and affiliate Web sites, an organization can transform its business into an extensible platform. Enterprises require ways to publish APIs to external developers, to interact with customers over new mobility and social channels, innovative and evolve ways to reach new customers through partner and third party applications and exploit the exponential explosion of client end-points to drive end-user business, among others.


Integration approach to API Management: Fiorano API Management is particularly well-suited for enterprises that need deep integration capabilities to build APIs on top of existing applications. The system offers a range of capabilities, including protocol transformation, mobile backend-as-a-service (MBaaS), standards-based access management, version management, API rate limiting, and metering (analytics). Backend and third-party web services can be transformed into easily consumable APIs, governed by self-service policies.

Fiorano API Management also provides contextual analysis and visibility into API initiatives and associated digital assets to help drive developer and user engagement. The system is available both as an on-premise platform and as a cloud service.

Fiorano API Management platform comprises server technology that provides:

Security: Security descriptors provide the enterprise fine-grained control over which end-users and user-groups can access an API.

Metering: For each API, a count is maintained of the number of times the API has been called, together with a list of which applications have made the calls. IT is possible to set metering limits as well as charges on a per-call (or other) basis for all API calls.

Monitoring: This allows system administrators to track which APIs are using the most resources (CPU, memory etc.) and to graph the related information to identify hotspots and contention. Using this information, system administrators may decide, for instance, to split API call-load over multiple API Management servers (provided the underlying solution allows for this scaling-out process).

Management: A high level view of the overall implement of API Management across the enterprise, including a synopsis of the security, metering and monitoring processes running across multiple servers within and outside the enterprise firewall.

Developer Support and Socialization: Exposed APIs need to be marketed or socialized to third-party developers; this is typically done via developer portals, either within or external to the API management platform, where available APIs are published.


API Management Server
  • This is the central server which acts as the repository for the API Projects created by users and deploys them to API Gateway Servers.
  • Hosts the API dashboard
  • Incorporates an Analytics engine and performs various aggregation/ingestion functions.
  • Manages Role Based Access Control
API Gateway Server
  • Acts as a reverse proxy server for the backend REST/SOAP based web services that are to be exposed as APIs
  • Receives client requests and performs Caching, Traffic Control, Quota Management, Authentication and Authorization before letting the request pass to a back end server.
  • Provides load balancing capabilities in case the target service is hosted on multiple servers.
API Dashboard

The dashboard, hosted in the API Management server, provides interfaces to

  • Create API projects with zero coding
  • Define various API products, Developers and Subscriptions
  • Analyze API trends, investigate spikes, define various roles, environments, partners and more.
Developer Portal

The developer portal allows enterprises to publish and socialize their APIs. Support is included for

  • Self signup of developers, allowing automatic subscription to public APIs
  • Viewing API documentation related to various public and protected APIs.
  • Expose-To-All APIs (Public)
  • APIs open to all developers
  • Apps typically targeted towards consumers outside the enterprise
  • Goals : engaging customers through external developers

  • Expose-To-selected APIs (Partners)
  • APIs open to select business partners only
  • Apps targeted towards both consumers and business users
  • Goals : specific to the business of the enterprise

  • Expose to Enterprise APIs (Internal)
  • APIs exposed only to developers within the enterprise
  • Apps targeted towards employees and/or enterprise systems
  • Goals: driving employee productivity and internal system efficiencies



Industry best security and integration in one solution
  • Based on Fiorano market leading ESB and SOA platform
  • Download and install in 30 mins and begin deploying your APIs
Rapid, Configuration-based API Development - Zero Coding
  • Create and deploy new APIs in minutes
  • Easily create portals to socialize your APIs
  • Visible ROI in days, not month
Out of the box business analytics and operation insight
  • Pinpoint key market fluctuations and correlations related to your business
  • Sophisticated inspection and debugging tools to identify bottlenecks and reduce development/deployment times
Support for continuous iterative development
  • API updates with minimal interruption
  • Integrated debug/test/rollout to rapidly fix production issues
  • Point-and-click snapshot restoration to previous versions
  • API Gateway: Fiorano provides a linearly scalable, agent-based API gateway. Agents (i.e. exposed APIs) have the inbuilt capability to handle policies to detect threshold overruns and exceptions/error conditions, with the generated events being monitored via a central Fiorano Enterprise Server that may be hosted either in the cloud or within the Enterprise firewall.

  • API Development: The Fiorano platform allows developers to create APIs using a visual drag-drop-configure approach. Fiorano supports WebService and REST-based API development.

  • Mediation: The platform includes a powerful set of prebuilt mediation components for data transformation, routing, protocol transformation and more.

  • API Repository: Fiorano includes an API Repository allowing developers to manage and test deployed APIs from a web based console.

  • Monitoring: Deployed APIs can be monitored for performance throughput, errors and overloads. Alerts can be configured for these conditions.

  • API Security: Deployed APIs can be secured using WS-Security standards for webservice-based APIs and HTTP-based authentication for REST based APIs.