In the current world, every customer anticipates having their favourite services available on the internet. Technology is right at the fingertip, accessed using gadgets such as Desktop computers, Laptops, Mobile phones, and tablets, increasing the mobility of services.
To reach out to more customers and to serve existing customers better, you need to bring your backend services onto the web. You can expose a variety of services ranging from the pricing of a product, stock status, ordering, tracking them and many more, as required by Client Applications. Once the services are made available, it is extremely crucial for those to be available to a large section of the community and simultaneously be protected from wide range of attacks to which your data becomes vulnerable when it is published on the internet.
The exponential explosion of IT Assets and mobile devices provides new opportunities for Enterprises to interact with customers over new mobility and social channels. The imperatives of digital business have created an urgent need for enterprises to innovative and evolve ways to exploit partner channels and third-party channels to reach out to a growing consumer base. API Management is the underlying core technology that enables this change!
API management allows enterprises to selectively externalize their assets, not just via the traditional browser-centric model, but also over mobile devices and other channels.
In the modern digital business, customers require on-demand information on mobile devices, partners need real-time information via web channels, programmatic APIs and other channels and third-party application developers (both independent and business partners) require secure, managed access to internal enterprise information. The enterprise needs to dynamize existing static data as well as internal applications to create new business opportunities.
It is also important to understand the usage and analyze the trends of usage of different APIs to adapt to the changing consumer behaviour.
The essential requirement for API management is to expose selected internal enterprise data and applications to third-parties including end-users and business partners, and to do so in a managed, metered, monitored and secured manner.
In many enterprises, such data exposure is performed in an ‘ad hoc’ manner. Whenever a department needs to expose data/applications to the external world, a custom project is typically created and outsourced to a third party services company. Each project implements a customized method of security, data-access, service-creation and monitoring. Over time, this unstructured approach leads to seriously increasing development and maintenance costs, making the process difficult to scale and manage.
A Structured Approach
Modern enterprises require a Secure, Monitored, Metered and Managed approach to exposing enterprise data and applications. This is done via API Management solutions. API management servers allow enterprise data to be exposed in the form of REST or Web Services. REST is normally preferred because of its inherent flexibility. Each exposed REST Service is referred to as an “API”. The API can expose either enterprise data (from a file, database or other enterprise systems) or an internal enterprise application. In a typical enterprise, there may be tens to hundreds of exposed APIs running on and managed by the API Management platform.
The API Management platform typically comprises server technology that provides:
- Security: Security descriptors provide the enterprise fine-grained control over which end-users and user-groups can access an API.
- Metering: For each API, a count is maintained for the number of times the API has been called, together with a list of which applications have made those calls. It is possible to set metering limits as well as charges on a per-call (or other) basis for all API calls.
- Monitoring: This allows system administrators to track the APIs that use the most number of resources (CPU, memory etc.) and to graphically represent the related information to identify hotspots and contention. Using this information, system administrators may decide, for instance, to split API call-load over multiple API Management servers (provided that the underlying solution allows for this scaling-out process).
- Management: A high-level view of the overall implementation of API Management across the enterprise, including a synopsis of the security, metering and monitoring processes running across multiple servers within and outside the enterprise firewall.
- Developer Support and Socialization: Exposed APIs need to be marketed or socialized to third-party developers; this is typically done via Developer Portals, either within or external to the API management platform, where available APIs are published.
Figure 1: API Management – structured data and application access
A scaled, managed and structured approach to exposing data and applications via API Management brings many benefits to an enterprise including:
- Increased business velocity: By allowing partners and suppliers to directly access relevant information, enterprises drive increased revenue since information flows on-demand, in real-time. Previous batch processes are easily replaced by just-in-time data flows, helping all parties to optimize costs, reduce delays and manage inventories.
- New revenue streams: The metering features of an API Management platform allow the enterprise to charge third-parties of making API calls, leading to new revenue streams. For instance, a financial analysis firm may charge for API calls to allow access to high-value information on hot stock picks for the day or week. Fine-grained control over the charging process allows the enterprise to structure charges for various services as required.
- Leveraging external development teams: Exposed APIs can be used directly by third-party developers to create applications that access enterprise-internal data, reducing development costs and freeing up internal development teams for other projects.
- Increased development team productivity: By using APIs, development teams within the enterprise are more productive since they no longer have to spend time writing data or application access functions within the firewall.
Fiorano API Management
Fiorano API Management resolves the crucial problem of making the data available in the volatile web - to a large number of people you intend to share information with and within yourselves. It provides a user-friendly interface that smartly handles the services, hiding the underlying technical aspects and complexities, thereby catering you with a seamless communication to internal as well as external Web Services.
You may expose your REST/SOAP services as a set of target endpoints for better security and visibility. Depending on the endpoint, the service might then return data, formatted as XML or JSON, back to the requesting app. Fiorano API Management manages all these functions smoothly, no matter what type of data is being sent/received, without letting you worry about or without your direct intervention to the actual functions.
Using Fiorano API Management, you can create customized "API Projects" which encapsulate the various policies/features that have to be applied on top of your existing services.
Fiorano API Architecture
The Fiorano API Management product is built upon the below attributes:
- API Management Server
- API Gateway Servers
- API Dashboard
- Developer Portal
The Fiorano Approach
Fiorano API management implements features such as security, metering, monitoring, management and developer support. The Fiorano API management platform architecture scales linearly, allowing the infrastructure to grow on an as-needed basis. The API Management System appears as in the figure below.
Figure 2: Fiorano API Management System Architecture
The system comprises of a Central ‘API Management server’ which serves to administer and control a network of available API Gateway servers. There may be multiple API Gateway servers, all of which are controlled by a single Management Server. Each API Gateway server may host several hundred APIs in the form of REST or Web-services calls. The Fiorano API Management server works with all REST or Web-services or JMS-based systems that are already implemented within the enterprise; there are no Fiorano-related dependencies on the creation of the REST or Web-service that has to be managed and exposed as an API.
As depicted in the figure above, the Fiorano architecture scales linearly. As the number of APIs to be hosted increases, one deploys additional API Management servers in the form of ‘peers’. This allows distribution of load across multiple servers, enabling a build as you grow strategy.
Features of each attribute in the Fiorano API Management architecture are explained below.
API Management Server
This is the central server which acts as the repository of API Projects created by the customers and deploys them to API Gateway Servers. It also does the following functions:
- Acts as a repository of API Projects, and Server Groups or environments, and controls the life cycle of gateway servers.
- Enables runtime enforcement of policies without downtime.
- Hosts the API dashboard.
- Provides REST API for management of different modules.
- Acts as the Analytics engine and performs various aggregation/ingestion functions.
- Provides Role-based Access Control to various resources.
API Gateway Servers
Gateway server receives requests from users/customers and sends responses after processing the same at different Web Services as configured. The client requests are first received by these servers which act as a reverse proxy server for the backend REST/SOAP-based web services. These servers also perform the below activities:
- Enforces the below functions before letting the request pass to backend server:
- Quota Management
- Traffic Control
- Provides Load balancing capability in case the target service is hosted on multiple servers.
- Gather analytic information asynchronously which is then processed by the Management Server.
It provides the interface to create the API projects with zero or no coding effort. Below are the main functions of API Dashboard:
- Enables to define various API products, Clients, and Client Subscriptions.
- Enables to define various roles, server groups, and partners.
- Helps to quickly analyze API trends and investigate resource utilization.
- Helps to monitor the Fiorano API Management deployment status.
Self Signup support for developers allowing automatic subscription to Public APIs. The developer portal provides support to simplify the process of Developer Onboarding and greatly simplifies the interaction of developers with the services published using API manager. Important functions include
- Support for secure self-signup for developers.
- Automated documentation for the APIs exposed in an engaging manner.
- Support for an automatic subscription of selected API Products.
- Support for OAuth access token generation for registered applications.
- Support to test the APIs exposed.