At Gravitee Edge 2024, a three-day virtual event from June 25-27, attendees will get answers to these questions and learn first-hand how an API-first strategy has been working for global organizations. This is the second year that Gravitee is producing the conference.

Securing Kafka streams, trends in API management and understanding API security threats are among the topics to be covered by expert speakers, such as Forrester Principal Analyst Emily Pfeiffer and Rory Blundell, CEO of Gravitee.

“The world is moving to asynchronous, so we thought, ‘Why can we not be a gateway that does the same thing for synchronous and asynchronous APIs?’ So you might have Kafka in the back end, and you want to expose it as a WebSocket to the front end,” explained Chris du Toit, CMO at Gravitee. “But you want to apply the same things like rate limiting, security, traffic shaping, those same concepts in an asynchronous world. We coined the term Event-Native API Management. And what we mean by that is supporting synchronous APIs (think traditional APIs and protocols such as REST-based APIs) and asynchronous protocols such as event streaming, natively within the API Gateway.”

Gravitee Edge will also dive into API governance and federation. “If you’re taking an API-first strategy, and you’re streaming your back-end data now that you weren’t previously, the governance becomes pretty complicated,” du Toit said. “So how do you do API governance in big enterprises, with multiple gateways, synchronous/asynchronous event brokers, multiprotocol – someone has some WebSockets, someone has SSE – so we talk about multi-gateway, multi-broker, multi-protocol in these complex worlds. There are Kafka silos, all these different back-end streams, REST, Web services, gRPC, all of it, so it’s a trifecta of complexity that’s hitting the market.”

With all that complexity, Gravitee sees the future of API management in federation, which is the keynote for the event. du Toit said Gravitee is working on creating an independent gateway that can sit in front of all the organization’s API gateways and publish everything into a single developer portal, managing complexity on the back end so it’s possible, for example, to manage the same key being passed to five different APIs across five different gateways.

Meanwhile, security is a big concern for organizations, as APIs are becoming the largest attack vector because, as du Toit put it, “it’s almost like this backdoor into an organization.” The event will offer sessions on security. 

To learn more about Gravitee Edge 2024 and to register, visit the website.

The post Gravitee Edge 2024: The future of API management appeared first on SD Times.

Customers will now be able to create and expose a number of types of APIs from the Gravitee API creation wizard. These include REST APIs, WebSocket APIs, Webhook subscriptions, gRPC APIs, SSE APIs, GraphQL APIs, Kafka topics, MQTT topics and Solace event APIs.

The creation wizard can also now “expose Kafka, MQTT and Solace resources as REST APIs, WebSocket APIs, Webhook subscriptions and SSE APIs,” Gravitee explained.

Customers can also now enforce policies at the message level. These policies can be created in the Gravitee Policy Design studio, which is also new. 

In addition, the company added support for serialization and deserializatiron of information, with validation against target schemas that are stored in specific registries. 

“Our vision for API management is that it becomes a healthy, competitive space where companies can choose from API and protocol-agnostic API gateways and solutions,” said Rory Blundell, CEO of Gravitee. “Today we are advancing the category in a way that gives customers the tools they need to respond to significant business opportunities in real time.”

The post Gravitee adds new API management tools in latest update appeared first on SD Times.

These API management capabilities are built directly on the AnyPoint Platform, MuleSoft’s platform for integration, API management, and automation. This combination transforms MuleSoft’s platform into a more open, flexible, and scalable solution so that businesses can create high quality digital experiences with additional speed.

These universal API management capabilities on AnyPoint Platform can be used to design, build, deploy, operate, and discover all of an organization’s APIs from anywhere in one unified location. This serves the current working world, where teams are spread out and operating in hybrid environments.

In addition, MuleSoft’s new capabilities will enable organizations to:

• Adapt to any architecture with AnyPoint Flex Gateway, a flexible, lightweight gateway to manage and secure any service 
• Deploy and monitor services across any cloud or environment from one single place
• Accelerate time to market by discovering APIs built anywhere in the enterprise or composing new APIs in any language with API Designer 
• Find, explore, and consume APIs designed anywhere in a single location with API Experience Hub
• Build trust without sacrificing agility by defining central governance rules and applying them to any API at scale with API Governance

Vasil Valkov, director of software development ande DevOps at the medical technology company Hologic, said, “With new universal API management capabilities on MuleSoft’s Anypoint Platform, Hologic can centralize data from disparate systems across different environments to create a 360-degree view of the customer. As a result, we’re able to scale our customer support and be flexible in any situation to quickly respond to our customers’ needs for critical replacement parts and machine maintenance.”

API Manager is generally available now and Anypoint Flex Gateway, API Experience Hub, and API Governance will become generally available in the first quarter of 2022.

The post MuleSoft announces new universal API management capabilities appeared first on SD Times.

Currently most companies view API management as an access problem, but Avadhoot Kulkarni, product manager at Progress, recommends they shift their mindset and view it as a data problem instead. 

According to Kulkarni, APIs are nothing but “just ways to expose your data in user consumable ways.” 

As such, managing APIs leads to a number of data management challenges, including how to maintain data quality, data profiling, and data ownership. API developers and maintainers are concerned about data integrity and data consistency across their APIs, but the emergence of microservices architectures have helped in breaking down monolith applications into smaller services, which creates data silos. 

“Information, which is critical for organizations for their decision making, is locked behind different services. And it’s not easily accessible to the tooling that helps them integrate that data and get a business decision out of those,” said Kulkarni. 

RELATED CONTENT:
A guide to API management tools
How these vendors help companies with API management

One way to address that challenge is to give access to back end data directly, but that comes with its own set of new challenges, according to Kulkarni. It can create issues with data ownership as the user role access constraints put in place as a security measure into the API logic might not be accessible. This can be fixed for a small number of APIs by implementing custom integrations, but as the number of connections needed grows, it becomes less manageable.  

In addition, being able to write those custom integrations for data warehouses, data lakes, or business intelligence tools requires a deep knowledge of the API itself. This is another reason why this solution isn’t scalable, according to Kulkarni. 

“You sort of waste your engineering capacity on that instead of putting it on your business. You  start spending on this side project, which is, most likely not the best avenue for spending your resources,” said Kulkarni. 

Progress’ Kulkarni predicts that more and more of the industry will soon accept this idea of API management being a data management concern. AI and machine learning have permeated so much of what is done in the tech space, and data-driven or data-aware decision making is becoming more of the norm. 

“API management will be treated more like a data management problem in the near future. So the question about data quality, data profiling, how data gets moved between the different components, who has access to this data was also what privileges that particular person has on that data like who can modify versus who can only read how that data integrates with different solutions, that would be not only considered, but it will be also baked into the API architecture going forward,” said Kulkarni.

Data mesh emerges

According to Eric Madariaga, chief marketing officer at CData, data mesh is a technology that is emerging to help companies with this challenge. A data mesh helps to decouple data entry points. 

Data mesh was included in ThoughtWorks’ Technology Radar, first in November 2019 in the “Assess” category, and then moving into the “Trial” category in the October 2020 Radar. 

ThoughtWorks defines data mesh as “an architectural and organizational paradigm that challenges the age-old assumption that we must centralize big analytical data to use it, have data all in one place or be managed by a centralized data team to deliver value.”

According to ThoughtWorks, the concept is built on four principles:

1. Decentralized data ownership and architecture
2. Domain-oriented data served as a product
3. Self-serve data infrastructure
4. Federated governance, enabling interoperability between systems

“Different data assets within an organization become surfaced through a mesh-like architecture, so that they can be consumed and integrated from a variety of different resources,” said Madariaga. 

The concept isn’t that far off from the original concept of APIs, Madariaga explained. The data mesh provides a common interface for communication between different data resources, much like how API infrastructures help applications communicate with each other. 

“It becomes kind of an entire architectural paradigm,” said Madariaga. “It’s something that large organizations are using when they have multiple data warehouses and things. Conceptually, you know, it’s the idea of having a common interface for communicating with these resources, and solving the distributed dispersed data asset issues that organizations are facing and dealing with today. In API infrastructure, people are having applications that are trying to communicate with each other. They’re trying to do that in a common and consistent way. Data mesh, similarly, is solving that problem.”

Event streams also gaining popularity

According to David Mooter, senior analyst at research firm Forrester, event-driven architecture is another technology that is coming into play in the API management equation, specifically event streams. 

Mooter described a number of vendors already playing in this space of applying event streams to API management, such as IBM and Solace, and there is demand from clients. REST APIs have opened the doors for a lot of business innovation, but they do have their limitations, and event streams are helping to fill in some of those gaps. 

“It’s growing in popularity, but I’ve seen a lot more growth in demand for event streams as not an alternative to REST, but as an additional pool set that complements REST,” said Mooter. 

According to CData’s Madariaga, standardization of APIs is important, yet there are many different API frameworks that are in use today, such as REST and SOAP. 

“So there’s this huge landscape of how applications are talking to one another, and all kinds of different API interface standards,” said Madariaga. 

Madariaga believes it’s important to have a common language for these APIs to communicate through. 

Democratizing data management

“It enables citizen immigration and citizen developers and citizen integrators to use their tooling to work with APIs and data … If you want to increase adoption of your APIs of which you as a developer worked hard to build, providing tooling that gets all the way down to the end user is a very popular way, it’s a very important way to enable the broadest usage of your APIs,” said Madariaga. 

The beauty of low-code is that it allows non-developers to build applications through a drag-and-drop UI interface, but according to Forrester’s Mooter, those UI portals aren’t very useful unless they’re able to talk to IT systems. Therefore it’s important that citizen developers are able to connect via a robust suite of APIs. 

According to Madariaga, there can be a lot of complexity in the way citizen developers connect to APIs. If they want to integrate with an API, they must first define inputs and outputs, and may also have to configure the authentication settings. 

This can be a barrier to entry for those without the technical knowledge needed.  “By abstracting that into, say, a common database standard interface, you literally just drop in a driver and start working with back end APIs, like you would a standard traditional database, and every low-code and no-code application knows how to work with a traditional RDBMS database,” said Madariaga.

This abstraction not only benefits citizen developers, but saves traditional developers time as well. 

“Because really, ultimately, what happens is you’re submitting queries and getting back tables of data, and those tables are self describing,” said Madariaga. “So they come back, and they provide the columns of data that are there that are exposing underlying APIs. You can do things like joins and aggregates, and you could do all that in in way less code than it would be to go connect to an API itself, get data, do the transformations, do the integration, or anything else on the back end, it is a lot more complex when you are not using one of these API standards.”

Best practices for API creation

According to Forrester’s Mooter, it’s best to develop APIs by looking “outside in” rather than “inside out.” What this means is that rather than looking inwards at how the IT systems are already implemented, API developers should look outwards towards who will actually be using the API and what their needs are. 

He explained that further down this planning process it might be necessary to start considering your internal IT constraints due to factors like cost, but the process “should always begin and largely be driven by end user need, not what’s already in your IT system.”

Another important consideration for API management is governance. Mooter explained that sometimes companies tend to either under-govern or over-govern, neither of which are ideal. Over-governing could result in things getting slowed down too much, while not having enough governance can result in targets not being met. “Finding that sweet spot is rather challenging for organizations,” said Mooter. 

The post API management is a data integration problem appeared first on SD Times.

CData: Connect, Integrate, and Automate your enterprise data.  At CData, we simplify connectivity between all of the applications and data sources that power business operations, making it easier to unlock the strategic value of your data.   By focusing on established standards for data access, our solutions plug into all of the business applications that you use today (like BI, Reporting, ETL, & Integration) and connect them with live data from just about anywhere. 

The Progress DataDirect Autonomous REST Connector offers intelligent data connectivity to API sourced data from SQL based applications such as BI, Analytics, and ETL tools

With Autonomous REST Connector organizations can expect:

• Reduced time/effort to adopt APIs and services 
• Continued value from existing analytic and reporting tools when moving to APIs and services
• Reduced risk of vendor lock-in and poor data quality
• The ability to simplify and accelerate the adoption of your own APIs.

RELATED CONTENT:
API management is a data integration problem
How these vendors help companies with API management

Apigee is an API management platform for modernizing IT infrastructure, building microservices and managing applications. The platform was acquired by Google in 2016 and added to the Google Cloud. It includes gateway, security, analytics, developer portal, and operations capabilities.

Akana by Perforce provides an end-to-end API management solution for designing, implementing, securing, managing, monitoring, and publishing APIs. The Akana API Platform helps you create and publish secure, reliable APIs that are elegant, easy to consume, built the right way, and running as they should be to improve the customer experience and drive growth in your business.

Boomi’s API management solution provides a unified and scalable, cloud-based platform to centrally manage and enrich API interactions through their entire life cycle. With Boomi, users can rapidly configure any endpoint as an API, publish APIs on-premises or in the cloud, manage APIs with traffic control and usage dashboards.

CA Technologies, a Broadcom company, helps customers create an agile business by modernizing application architectures with APIs and microservices. Layer7 API Management provides the most trusted and complete capabilities across the API life cycle for development, orchestration, security, management, monitoring, deployment, discovery and consumption.”

Cloud Elements delivers an API integration platform on three pillars: “Elements” unify APIs with enhanced capabilities for authentication, discovery, search, error handling and API maintenance. “Formulas” combine those Elements to automate business processes across applications. “Virtual Data Hubs” provide a normalized view of data objects.

IBM API Connect on IBM Cloud is an API life cycle management offering that allows any organization to secure, manage and share APIs across cloud environments — including multi-cloud and hybrid environments. 

Kong delivers a next-generation API and service life cycle management platform designed for modern architectures, including microservices, containers, cloud and serverless. Kong is building the future of service control platforms to intelligently broker information across services.

Microsoft’s Azure API Management solution enables users to publish, manage, secure and analyze APIs in minutes. It features the ability to create an API gateway and developer portal quickly, ability to manage all APIs in one place, provides insights into APIs, and connects to back-end services. 

MuleSoft’s Anypoint API Manager is designed to help users manage, monitor, analyze and secure APIs in a few simple steps. The manager enables users to proxy existing services or secure APIs with an API management gateway; add or remove pre-built or custom policies; deliver access management; provision access; and set alerts so users can respond proactively.

Nevatech Sentinet is an enterprise class API management platform written in .NET that is available for on-premises, cloud and hybrid environments. Sentinet supports industry SOAP and REST standards as well as Microsoft-specific technologies and includes an API Repository for API Governance, API versioning, auto-discovery, description, publishing and Lifecycle Management.

Oracle‘s API Platform Cloud Service provides an end-to-end service for designing, prototyping, documenting, testing and managing the proliferation of critical APIs.

Postman is the leading collaboration platform for API development, used by more than 7 million developers and 300,000+ companies worldwide. Postman allows users to design, mock, debug, test, document, monitor, and publish APIs – all from one place. 

Red Hat 3scale API Management gives control, visibility and flexibility to organizations seeking to create and deploy an API program. It features comprehensive security, monetization, rate limiting, and community features that businesses seek backed by Red Hat’s solid scalability and performance.

SmartBear Software empowers users to thrive in the API economy with tools to accelerate every phase of the API life cycle. SmartBear is behind some of the biggest names in the API market, including Swagger, SoapUI and ReadyAPI With Swagger’s easy-to-use API development tools, SoapUI’s automated testing proficiency, AlertSite’s API-monitoring and ReadyAPI’s mocking and virtualization capabilities, users can build, test, share and manage the best performing APIs.

SnapLogic Lifecycle API Management is an end-to-end solution designed for managing, scaling and controlling API consumption quickly, seamlessly and securely. Features include request/response transformations, API traffic control and productization, OAuth2 authentication support, advanced API analytics, threat detection, and the developer portal.

TIBCO Cloud Mashery is a cloud-native API management platform that can be deployed anywhere, either as a SaaS service or containerized in cloud-native and on-premise environments. Mashery delivers market-leading full life cycle API management capabilities for enterprises adopting cloud-native development, and its capabilities includes API creation, productization, security, and analytics of an API program and community of developers.

The post A guide to API management tools appeared first on SD Times.

Apigee is an API management platform for modernizing IT infrastructure, building microservices and managing applications. The platform was acquired by Google in 2016 and added to the Google Cloud. It includes gateway, security, analytics, developer portal, and operations capabilities.

Axway AMPLIFY API Management combines API life cycle management with agile API development for a modern and adaptable approach. The API management features enable users to create custom APIs; control access to APIs at runtime; and discover, understand and use APIs through the API manager portal. 

Boomi’s API management solution provides a unified and scalable, cloud-based platform to centrally manage and enrich API interactions through their entire life cycle. With Boomi, users can rapidly configure any endpoint as an API, publish APIs on-premise or in the cloud, and manage APIs with traffic control and usage dashboards.

Broadcom: Layer7 API Management includes the industry’s most innovative solution for microservices, and provides the most trusted and complete capabilities across the API life cycle for development, orchestration, security, management, monitoring, deployment, discovery and consumption.

Cloud Elements delivers an API integration platform that allows APIs to work uniformly across hundreds of applications while sharing common data models. “Elements” unify APIs with enhanced capabilities for authentication, discovery, search, error handling and API maintenance. “Formulas” combine those Elements to automate business processes across applications. “Virtual Data Hubs” provide a normalized view of data objects, such as “accounts” or “payments.”

IBM’s API Connect is designed for organizations looking to streamline and accelerate their journey into digital transformation; API Connect on IBM Cloud is an API lifecycle management offering which allows any organization to secure, manage and share APIs across cloud environments — including multi-cloud and hybrid environments. This makes API Connect an ideal, scalable solution for those that have, and need to expose APIs without fear of cloud-specific vendor lock-in.

Kong Enterprise, built on Kong’s core open-source technology, is a cloud-native, end-to-end service connectivity platform that enables organizations to manage the full life cycle of APIs and services. Kong’s platform intelligently secures, connects and orchestrates all of a company’s APIs and services, making it easy for developer teams to create scalable, microservice-driven applications that drive business growth.

Microsoft’s Azure API Management solution enables users to publish, manage, secure and analyze APIs in minutes. It features the ability to create an API gateway and developer portal quickly, ability to manage all APIs in one place, provides insights into APIs, and connects to back-end services. 

MuleSoft’s Anypoint API Manager, part of its Anypoint Platform, is designed to help users manage, monitor, analyze and secure APIs in a few simple steps. The manager enables users to proxy existing services or secure APIs with an API management gateway; add or remove pre-built or custom policies; deliver access management; provision access; and set alerts so users can respond proactively.

Nevatech Sentinet is an enterprise-class API Management platform written in .NET that is available for on-premise, cloud and hybrid environments. It connects, mediates and manages interactions between providers and consumers of services across enterprises for businesses or end-customers. Sentinet supports industry SOAP and REST standards as well as Microsoft specific technologies and includes an API Repository for API Governance, API versioning, auto-discovery, description, publishing and Lifecycle Management.

Oracle’s API Platform Cloud Service was developed with the API-first design and governance features from the company’s acquisition of Apiary as well as Oracle’s own API management capabilities. The service provides an end-to-end method for designing, prototyping, documenting, testing and managing the proliferation of critical APIs.

Postman is the leading collaboration platform for API development, used by more than 7 million developers and 300,000+ companies worldwide. Postman allows users to design, mock, debug, test, document, monitor, and publish APIs – all from one place. Postman’s native apps for macOS, Windows, and Linux provide advanced features and a variety of tools that can be used to extend Postman including Newman, Postman’s command-line tool, the Postman API, the API Network, and integrations.

Red Hat Integration is an agile, distributed, containerized, and API-centric solution. According to the company, it provides service composition and orchestration, application connectivity and data transformation, real-time message streaming, change data capture, and API management. Other features include: over 200 pluggable connectors; ability to create, deploy, monitor and control APIs; a container-native infrastructure; real-time messaging, data capture and state streaming; and self-service for business users. 

SmartBear Software empowers users to thrive in the API economy with tools to accelerate every phase of the API lifecycle. SmartBear is behind some of the biggest names in the API market, including Swagger, SoapUI and ServiceV. With Swagger’s easy-to-use API development tools, SoapUI’s automated testing proficiency, AlertSite’s API-monitoring and ServiceV’s mocking and virtualization capabilities, users can build, test, share and manage the best performing APIs.

SnapLogic Lifecycle API Management is an end-to-end solution designed for managing, scaling and controlling API consumption quickly, seamlessly and securely. Features include request/response transformations, API traffic control and productization, OAuth2 authentication support, advanced API analytics, threat detection, and the developer portal.

Software AG: The webMethods API management solution provides end-to-end API management capabilities for accelerating API programs and building an API ecosystem. It enables users to create and publish to the web; to use, access, govern and provide feedback on APIs; and manage and monitor the full life cycle. Features include an API catalog, gateway, consumption capabilities, and portal. The company also provides a cloud version for securing, managing and exposing APIs. 

TIBCO Cloud Mashery is a cloud-native API management platform that can be deployed anywhere, either as a SaaS service or containerized in cloud-native and on-premise environments. Mashery delivers market-leading full life-cycle API management capabilities for enterprises adopting cloud-native development and deployment practices, such as DevOps, microservices, and containers. Its capabilities include API creation, productization, security, and analytics of an API program and community of developers. 

Tyk Technologies offers an API gateway, API management platform, an API portal as well as analytics. The API gateway helps users manage and secure API transactions as well as access control and expose REST endpoints. The API dashboard allows users to design, maintain, manage, promote and protect APIs as well as get a handle on the whole API life cycle in one glance. The API portal provides documentation, self-service signup and reporting capabilities.

WSO2 API Manager is an open-source hybrid API management platform that can be run anywhere. It includes a cloud-native API gateway and provides a Kubernetes operator for converting raw microservices into managed APIs. In addition, it integrates with service meshes and provides a management plane and control plane for managing, monitoring and monetizing APIs and API products. 

The post A guide to API management solutions appeared first on SD Times.

This is worrisome because in order for APIs to drive businesses forward, they need to be properly maintained and managed, according to Randy Heffner, an analyst at the research firm Forrester. “By opening access to digital business capabilities, APIs drive agility to optimize customer experiences, create dynamic digital ecosystems, achieve operational excellence, and build platform business models,” he wrote in the Forrester Wave: API Management Solutions, Q3 2020.

RELATED CONTENT: 
APIs are turbo-charging ‘snail mail’ for businesses
A guide to API management solutions

But businesses need a formal way to create, secure, manage, and optimize APIs at scale, in addition to making sure all stakeholders have access to the tools and information necessary to do their jobs. 

What is stopping organizations from adopting an API management solution is a misunderstanding of what it can do for the business. According to Heffner, organizations sometimes look at API management solutions as something that can help people sign up or adopt their APIs as well as just something that provides security for their APIs. “It isn’t less than that, but it is much more than that,” he said. “The first way to think about an API management solution is as a business application for managing relationships between API users and API providers. It’s much more than just this technical thing to help people subscribe to APIs.”

He explained that an API management solution is crucial when your API users are organizations. An organization can be doing 12 different things with your API with 12 different teams, so there needs to be a way to manage identities and access, and a way to let users leverage documentation and testing processes. 

“APIs can be used in so many different ways. You have to put context around them before you can say how they add value,” said Heffner. “What’s the ROI of APIs? That’s like asking what’s the ROI of nuts and bolts.” 

As organizations start to realize the important of API management solutions and as vendors start to invest in more features to meet the needs of cloud-native, modern architectures, Heffner sees a few trends taking the space to the next level.

Beyond REST
API management solutions are starting to move beyond REST. According to Heffner, REST was and still is a popular API format because it is supported across the entire web/Internet landscape, but at the root of REST it is just a “request-reply type of message exchange pattern,” and today’s solutions are event-based, data-oriented and include exchange patterns. Forrester refers to this as digital bonding, which encompasses a broader array of interaction models. For instance, webhooks, SOAP and GraphQL are becoming top architectural style choices. “We are seeing more openness to a broader way of thinking about what the scope of an API management solution should be just from a technology point of view,” said Heffner. 

Vendors are starting to put more investment into the way their developer portals are provided with better ability to manage APIs, have different teams use APIs and provide life cycle management. Heffner sometimes sees users having to go off and build their own portals or solutions because tool providers aren’t providing enough. In the State of API report, it found that 16% were using an API management tool built in-house. Vendors are now trying to figure out how to provide a portal that includes configurability options and let users go a good distance with it. 

And lastly, there is a bigger push to understand how microservices and APIs work together. Heffner noted that organizations usually define and treat microservices and APIs as the same thing, but microservices are a deployment approach while APIs are an access approach. The two go together, but they are different things. The State of API Report found that 65% of respondents believe microservices will drive the most API growth over the next couple of years. As service meshes become more popular and advanced, vendors will need to figure out how to include microservices, containers, and service mesh environments as different options and architectures. 

What to look for in an API management tool
According to Heffner, users should align their API management solution with their API strategy. For instance, do they need richer features and more coverage, or a simple strategy with a high level of customization?

The higher-end solutions will provide a breadth of capabilities and features, but organizations might find that a lower-end solution works better because it gives them basic capabilities they need and don’t have to build from the ground up, but also allows them to add in their own custom features. 

Other considerations when looking at an API management solution include how it supports governance and API user engagement needs, and if it supports a cohesive API design process. 

“The central role of an API management solution is to manage relationships between API providers and API users, whether inside or across enterprise boundaries. APIs have widely varying use cases, governance styles, business models, and delivery processes, resulting in a wide array of breadth and depth in API management solution feature-function,” Heffner wrote in the Forrester Wave on API Management solutions. 

The most popular features offered by API management vendors include:

A developer portal: which allows developers to discover, explore, purchase and test APIs as well as supports developer onboarding and collaboration 

API gateways: to secure and manage the traffic between clients and back ends or between APIs and developers, customers, partners or employees

API catalog: that gives users a full view of their API landscape including which assets are available and ready for reuse. An API catalog also can help users view dependencies and analyze changes.

API life cycle management: where developers can design, develop, publish, deploy and version APIs

API policy and security: such as encryption, schema validation, signatures, threat protection, and PII protection

Monetization: capabilities that allow users to package, price and publish APIs for others to access

Analytics: that allow all stakeholders in an organization to view and manage all aspects of their APIs and API programs

How organizations are using APIs to take their business to the next level
After seeing success with its global API partners, the local, national and global weather forecast provider AccuWeather decided it wanted to branch out to new customers — individual developers. In order to do this, the organization needed to tailor its offering to meet the range of needs from developers and monetize those needs. According to the company, an API management solution was able to offer different levels of API offerings; provide flexible billing for API usage; provide a self-service portal for developers to develop; purchase or build APIs; and gain analytics that helped its team understand traffic patterns and how users view weather data. 

“A single developer always has the potential to be working on the next big thing and become our next big enterprise partner. We needed a way to reach them,” said Mark Iannelli, senior technical account manager at AccuWeather.

Within two months of launching its developer portal, the company says it saw more than 6,500 new users sign up; about 2,500 users that created API keys; and 60 users that purchased one of its API packages. 

Beachbody is a home exercise and dietary supplement provider that needed new ways to increase its speed and agility as well as manage its over 400 enterprise APIs. 

“The digital transformation initiative at Beachbody is about consolidating and creating one common platform that can meet the needs of our direct response business, supplement line, our digital customers as well as our coaches,” said Michael Lee, vice president of engineering at Beachbody. “We see thousands of API transactions per day either from the ecommerce pieces, from our content API to our ecommerce API to registration and identity validation.”

After rearchitecting its platform, the company realized that it couldn’t handle its API traffic alone and turned to API management solutions to help internal and external developers create APIs and secure development. Through API gateways, Lee said they were able to address developer concerns and move them into a more central location. Additionally, the API management solution’s portal was able to provide the security, documentation and presentation layer necessary to be successful. “All of these things help us build a lively, evergreen API ecosystem that is going to be easy to consume for both external and internal developers at Beachbody,” said Lee.

PermataBank, a leading Indonesia bank, began a digital and IT modernization transformation three years ago in order to catch up to competitors in the digital banking space and meet the demands of its customers who expected faster and better technology solutions. Previously, PermataBank was made up of legacy systems in dire need of an overhaul. To modernize and re-architect its platform, the bank focused on digital self-service channels and was able to expose products and services to partners outside the bank through the use of APIs. 

According to the bank, with the help of APIs, it was able to increase its account acquisition by 375%, and saw a 275% CAGR growth in transaction volume.

With the use of APIs, the bank also has been able to implement mobile banking, roll out digital capabilities, and use APIs to power new products and services. As a result, it has entered new markets, extended its customer based and increased the size of its transactions. 

“APIs are becoming a core part of our business now because the digital economy is progressing well in Indonesia. We have more than 1,000 partners using our services already, and have 150 APIs published that anyone can use, but we are just getting started,” said Abdy Salimin, CIO and director of technology and operations for PermataBank.  “There are a lot more services in the area of supply chain, payments, transfer, loans origination, account opening, and wealth management we can offer, and next we will be moving into a lot more corporate account services and more back-office APIs that will complement our internet banking services. Everyone across the bank now sees the potential and understands the change to our business models. We can move faster with this different perspective.”

The post How API management can fuel your digital business appeared first on SD Times.

“Very few organizations I speak to are actually directly monetizing their APIs. If you are not going to do that, or don’t have a real plan to do that, don’t put that as one of the criteria you need,” he explained. “You may wind up selecting a product that doesn’t meet your other needs because you are valuing something you are not going to use.” 

RELATED CONTENT: 
The next wave of API management 
A guide to API management solutions

When choosing an API management solution, organizations should start with a baseline of an API gateway, according to Matheny. API gateways are an important piece of the puzzle because it takes API requests and determines the services necessary to carry out that request. Organizations are working in many different environments with some on-premises, in the cloud, in multiple clouds or a mix of both. An API gateway should have the ability to be deployed when and where you need it, he explained.

The problem, however, is that most organizations will need multiple deployed API gateways and that is not something a lot of vendors are currently able to provide, according to Matheny. 

This is one area, however, that David Codelli, senior principal product marketing manager for the software company Red Hat, said the company took into consideration from the very beginning. Red Hat’s 3scale API Management solution provides hybrid cloud support across all components, enabling users to design APIs for on-premises, in the cloud, or any combination of the two, he explained. 

According to Codelli, this is possible through Red Hat Integration, which is an “end-to-end experience for receiving, building, implementing, deploying and even retiring APIs,” he said. “What is different about Red Hat Integration than what we have done before is the hybrid cloud is the platform from the beginning.” 

The company has also made a number of investments in Kubernetes to enable its API management solutions to run on-premises, or on private or public cloud, and capitalize on the high availability and stability Kubernetes offers. 

“You have this seamless experience. This unified identity management for all classes of users, and anything we do is based on deployment by the containers and targets the hybrid cloud by targeting the state-of-the-art container management system, which today is Kubernetes,” said Codelli. 

Red Hat also takes the end-to-end user experience into account to separate itself from the rest of the API management market. “You can design your contract first. You can deliver that contract to different partners on the consumption side and the delivery side so you can test in parallel. You have built-in mock testing. You have sophisticated tools for implementing those services in a user friendly canvas,” he said. “We have some very complicated business challenges that our customers are facing and they want a productive canvas for implementing that complexity. So they have the fulfillment tools, the design tools, collaboration tools, and these are all built on open standards for CI and CD that are essentially demanded by Agile developers today.”

The post What should you look for in an API management solution? appeared first on SD Times.

RELATED CONTENT: 
A guide to API management solutions
What should you look for in an API management solution?

This has been the API status quo for the last couple of years, and API and API management have been steadily moving along. 

“API management is a pretty mature discipline now. When API management companies like 3scale were conceived 10-12 years ago, that was really a response to a real need from Agile developers who were saying our interoperability needs are not met by the ESB (Enterprise Service Bus) model that had dominated for 20 years up until that point,” said David Codelli, senior principal product marketing manager for the open-source software company Red Hat. “Today API management is doing an outstanding job of allowing microservices teams to get the interoperability and the self service they need. It is a well established business for mature companies.” 

But as time has proven again and again, most things in software development don’t stay the same for long. The advent of these modern software techniques has spurred new technologies to support the new techniques, and API management will have to evolve to continue to meet the needs and expectations of users. 

API management and the service mesh
The microservice architecture has introduced a new concept over the last couple of years to help deal with the overall visibility and insight into microservices. A service mesh is “a way to control how different parts of an application share data with one another,” according to Red Hat. While microservices enable developers to easily make changes to their services, a service mesh is used to handle the service-to-service communication.

According to Kevin Matheny, a senior director analyst for Gartner technical professionals, service meshes and API management are related, but also very different. Over time, developers are going to start, and some have already started, to combine service meshes into their API management initiatives. 

“Our customers are engaging with us to try to sort out the landscape and figure out what is complementary and what is overlapping. What are the ways they can build a plan to capitalize on both: advancements in service mesh and advancements in API management,” said Red Hat’s Codelli.

Matheny explained since this is a new emerging space, a lot of users are having trouble understanding how to bring those together. “API management is about gaining access to the APIs that are exposed to an application. Service mesh is about the peer-to-peer connectivity, the API connectivity inside of an application. Many organizations think because they have a service mesh, they don’t need API management, and that is not the case,” he explained. 

A service mesh is necessary to handle the service-to-service communication within independently deployable pieces of software that are loosely coupled. However, a service mesh does not provide the same set of functionality that an API gateway does. API management is necessary for any internally or externally exposed apps, and a service mesh is necessary to handle the side-to-side communications, Matheny explained. 

“The way to think about it is east-west versus north-south communication. Your north-south communications are API gateway-based. Someone from outside the organization wants to get something. In the case of a microservice-based application, it is that another application wants to get something from this application. Then that is mediated by an API gateway. But inside the boundary of your microservices cluster, the peer-to-peer connections — the east-west connections — are handled using the service mesh,” Matheny explained. 

The confusion comes from traditional architectures such as monolithic applications, where peer-to-peer communications are also handled by an API gateway or micro gateway. “You’re not taking advantage of the greater scope of functionality that API management platforms offer. Monolithic applications really narrow it down to just the gateway portion, so that tends to wind up with people saying this gateway portion can handle service-to-service communications between applications and a service mesh handles that. The implementations are different and the scope of use is different,” said Matheny. 

One way Red Hat tackled bringing the two together was by adding an adapter in the service mesh Istio to provide API management capabilities through Red Hat Integration. These capabilities include developer self-service and on-boarding, API documentation, monetization, and usage analytics. “We also want to make sure our customers understand that the higher level of API management like billing, rate limiting, analytics and developer portals are not addressed by Istio, so we encourage customers to look at the whole picture in planning out their API strategy,” said Red Hat’s Codelli. 

Codelli noted this space is still in its very early days and it will be at least a year until real product manifestations come to fruition. 

API management as code
The next big thing after service mesh for APIs will be APIs as products or API management as code, according to Red Hat’s Codelli.

“There has been a lot of buzz around infrastructure as a service, where you can program your information technology landscape, and we are starting to embrace that in API management efforts so that users have a development pipeline that orchestrates their hardware and software resources as well as API artifacts,” said Codelli.

Codelli went on to explain that things like opening an API contract, mock services, service metadata, configuration of policies, and configuration of other API management aspects such as security, will start to be managed units that undergo the same scrutiny and testing as the code for APIs. 

“This will save overhead, ensuring predictable and lower risk deployment, streamlining deployment cycles, being able to provide better resolution. Those are all the same things we got with infrastructure as a service and we will get even more as we do API management as code,” he said. “APIs are extremely important and the benefits of instrumenting it as code are going to be extremely important.” 

Treating your internal APIs as first class citizens 
While API management for public APIs is very well understood today, organizations are not providing the same treatment for their internal APIs, according to Gartner’s Matheny.

“Clients are aware they need things like endpoint protection, consistent security policy enforcement and traffic management for publicly exposed APIs, but tend to think internal APIs are lower risk because it only has internal connections,” he said. “But if your internal APIs are used by public facing systems, you should be treating them with the same level of rigor you do with your external facing APIs.” 

“You should be thinking about the fact that an internal API services a public facing system. The consequences of an outage could be severe, and organizations should ask themselves if this API is capable of producing an outage in a public system,” he added.

The post The next wave of API management appeared first on SD Times.

“Working software is the only measure of progress, but how to you measure that? You need to integrate and test the software as often as possible and fix errors when and as soon as possible,” said William Holz, senior director analyst at the research firm Gartner.

According to Holz, in order to move faster and be successful in the areas of Agile and DevOps, you need to add Agile technical practices to your software development, such as test-driven development and refactoring. One of the best technical practices out there is to create a continuous integration and continuous delivery (CI/CD) pipeline. According to Gartner, CI and CD are the most widespread Agile practices organizations are currently using or plan to use.

RELATED CONTENT:
How do you add value to the CI/CD pipeline?
A guide to DevOps CI/CD tools
The ultimate guide to a successful continuous delivery pipelines

Continuous integration is the “automation of the software build and validation process driven in a continuous way by running a configured sequence of operations every time a software change is checked into the source code management repository,” according to Gartner. Dan Packer, industry specialist for the software company Plutora, explained the benefits here are testing, issue resolution, phased changeover, improved team morale, increased velocity, improved quality and improved budget. “With CI, the handoff from one stage to the next is fully automated up to the completion of the testing stage. This is starkly different than that of the waterfall methodology, where the handoff between stages is typically fully manual throughout the entire lifecycle and deals primarily with completed applications vs. small code segments,” Packer wrote in a blog post.  

CD is an evolutionary step of CI designed to take automation further, according to Packer. Continuous delivery is the act of releasing reliable software faster through technical delivery and deployment practices like working in small batches and automating repetitive tasks. Benefits include improved velocity, phased progression, always production ready and release control, Packer wrote.

Together, they make up the CI/CD pipeline: A continuous flow of software designed to reduce manual and error-prone work, and result in higher quality software. “This is important because the ninth principle of Agile states attention to technical excellence and design increases your agility. In Agile, rework is waste. The time you spend fixing bugs is time that can be better spent delivering new features and functionality,” said Gartner’s Holz. “You need to be able to do CI and DevOps to achieve continuous delivery. It is no longer about your software. It is about delivering the entire solution.”

According to Holz, this is how you accelerate your Agile and DevOps initiatives successfully, reduce risks and catch bugs. CI/CD enables the ability to build, package, integrate, test and release code with automation.

“Complex operations like CI/CD cannot be accomplished without significant engineering effort. DevOps recognizes the importance of joining tooling and thought throughout the entire process of development and deployment rather than isolating build and production. Rather than having distinct steps when creating a service, DevOps encourages simultaneous development and testing. CI/CD pipelines fit into this perfectly by providing a way to automate the testing portion,” explained Abhinav Asthana, CEO and co-founder of the API development solution provider Postman.

Bringing value stream management into the mix
Once you are delivering working software faster, the next thing to ask yourself is are your processes becoming more efficient? Are you not only working faster, but delivering value?

According to Aaron McCaughan, product owner at the software company Plutora, this is where value stream mapping comes in. Gartner’s William Holz explained a value stream is a collection or series of steps that deliver customer value. For instance, if you buy something on Amazon, the order button is a value stream. You click the button and it goes through a series of steps to get your package to your door. Value stream mapping provides insights into those steps, where the value is, where the value isn’t, and detects areas that can be improved.

“With CI/CD, you might be able to react, you might be able to deliver faster, but you also have to factor in am I delivering value faster?,” McCaughan said. “What am I putting into the pipeline that is satisfying my customer so that I am actually keeping everyone happy and increasing the value of the product?”  

Many of the metrics teams are looking at are deployment frequencies, number of check-ins per day, build failure rates, or mean time to recovery. While those are interesting indicators of work, they don’t really measure customer value or help you understand what is flowing through the system, according to Jeffrey Keyes, director of product marketing for Plutora. “The reason people are jumping on the value stream management bandwagon is to answer the question of are we doing better than we did before? Have we improved?” he said. “Value stream mapping and management takes a holistic view of application delivery. You are not trying to fix one point. You are trying to deal with process improvement as a system of pieces and make the most effective switch.”

Value stream management provides a broader view of the entire delivery life cycle long before the software becomes software, McCaughan explained. It goes from ideation to production so you can start tracking your value stream map as soon as you identified your strategic goals for the organization and start identifying bottlenecks. “For instance, if there are three months of planning on average for each change coming through, you can start addressing that,” said McCaughan. “If you are trying to do too much, you are maybe not delivering as fast as you could, whereas if you are focusing on a smaller number of changes or features across your organization, you are more than likely going to be able to deliver them faster. It’s about capturing those dependencies, wait times and overburdens.”

Specific metrics the value stream map brings to light are the average cycle times it takes to deliver a feature, process time, waste time, and actual time spent working on the feature, according to Keyes.

“If you are spending half your time putting out fires, you are not adding value. You are just reacting to production defects or technical debt,” said McCaughan. “You need to identify how much time your delivery teams are spending on just keeping the lights on and fixing defects versus growing your product and expanding and improving the customer experience.”

“Value stream management is the combination of Agile plus DevOps plus the measured outcomes at each phase,” Keyes added. 

Bringing the CI/CD pipeline to your mobile initiatives
With mobile becoming more advanced, the services it offers have to be up to par with users’ increasing demands for it to not only work, but work correctly and work fast. The CI/CD pipeline is an important aspect to any successful mobile initiative because it gives teams immediate insight into any changes happening or problems in an application, enables faster turnaround time and deployment, and provides in-depth reports and status on what is going on within the pipeline, according to Steve Orlando, senior director of product marketing for Mobile Labs.

“QA and dev teams need to know what they are testing, and continuous integration makes it possible to always have the latest app build installed by the build system,” added Michael Ryan, CTO of Mobile Labs. “Continuous integration enables continuous testing. Mobility and real devices introduce additional manual steps, such as Google and Apple tools, to install apps on devices for testing. This is both time consuming and is prone to error. Continuous integration saves the manual labor and eliminates errors.”

To successfully implement a CI/CD pipeline into a mobile development strategy, Orlando explained continuous testing becomes an integral part of the pipeline. “Continuous testing requires automated tests,” he said. “These tests can be run on their own, freeing up testers to focus on making sure the app meets business objectives and has a good user experience.”

By including testing in each stage of the pipeline, mobile developers will be able to find and respond to bugs faster and gain in-depth and real-time knowledge on the source of a problem. Each stage of the pipeline includes testing source code to see if it causes conflicts when it is merged, running unit tests as part of the build process, and enabling full automated regression tests, according to Orlando. He also added that  testing and the pipeline should be paired with a mobile device cloud so teams can run continuous tests on real devices or simulators.

“Testing the right app version on the right mobile OS and the right device type complicates the matter compared to web testing.  CI allows automated installation of the right app on the right device and OS improving engineer efficiency and eliminating errors in the process,” said Ryan.

Why a good API strategy matters
Application programming interfaces (APIs) are increasingly becoming more important to software development as organizations embrace connected services and microservices architectures. “Meaning that APIs are consumed by many different people and are integrated with diverse and complex services,”said Postman CEO and co-founder Abinhav Asthana.

According to Gartner’s William Holz, in order to do effective CI/CD, APIs are important because they create a separation of concerns and enable the ability to test at the unit level, feature level, integration level and performance level. “APIs gives me an idea of where to look for a problem, help me solve that problem sooner, and minimize the amount of waste or rework I need to do,” he said. “I use the example that I can have 100 percent unit test coverage, but I can still break features. I can still break my application because unit tests don’t test the future.”

However, according to Asthana, testing is difficult, and in order for an API strategy to be a powerful tool, dependencies need to be removed. “With connected services, dependencies are a huge concern. If a team updates an API, it could potentially break an API consumer’s service, but a CI/CD pipeline can solve this problem,” Asthana said. “CI/CD pipelines ensure that connected services are healthy by consistently checking for broken dependencies with full system tests at every build. This means that broken dependencies are most often caught in development rather than in production. The later a bug is caught, the more expensive and time-consuming it becomes to fix it.”

Once a CI/CD pipeline is set up, developers can run integration tests as part of their build. According to Asthana, those tests stay with the developer until they pass, which means the production environment remains safe from harm. “A good CI/CD pipeline will have reporting built in, so testers can review their automatically run test results and determine the source of not just errors in their code, but errors in interaction with dependencies,” Asthana said.

Asthana adds that teams should also find a tool or framework that can write tests and maintain a test library for the pipeline. This will ensure a good set of tests that can be used and reused. Tools should also provide the ability to test against live environments, services and data, and have a system of reporting implemented so developers and tests can get access to insights quickly, according to Asthana.

“Implementation of CI/CD greatly simplifies API management. The consistency and reliability of a CI/CD pipeline mean that developers aren’t bothered with manually managing dependencies between versions. Instead of putting out fires, developers can spend their time improving products. CI/CD pipelines catch errors early on, which saves time and money,” he said.

The post Adding value to your CI/CD pipeline appeared first on SD Times.