API Operations

Ideally you’ve used an API Planning solution to decide which API(s) to build and which enterprise assets it/they will rely on. You’ve then used an API Development solution to make sure that you’ve built your API(s) in such a way that it/they are easy for developers to work with and can meet the needs of the application that will consume them.  Now it’s time to deploy your API and make sure that it’s running as you intended.  It has to be secure, reliable, resilent, robust, and generally meet performance and service-level goals.

This is where your API Operations solution comes in.  Most solutions will involve hosting your API in a purpose built API proxy that can handle all of the non-functional requirements for you.  It’s pretty common for Enterprise APIs to be built using SOAP services inside the firewall, hosted in a DMZ resident proxy that exposes the service functions as RESTful APIs, often using JSON content to facilitate mobile consumption.

Many vendors will refer to their API Operations products as API Management, but an API Management solution is a much broader platform providing a comprehensive set of capabilities that span the entire API lifecycle.

Your API Operations solution needs to deliver a number of key capabilities including:

  • Mediation - the ability to easily create multiple different types of API endpoint from a single internal service.  The most common mediation type for APIs will be to create a single RESTful endpoint supporting XML and JSON content from an internal SOAP service.
  • Security Policy Enforcement & Implementation - this is a huge area covering a massive range of functions, but in a nutshell your API Operations solution needs to protect your API from external attacks and integrate seamlessly with your internal security models and infrastructure.
  • Quota Policy Enforcement - a key role of your API operations solution is to allocate your API’s capacity across the various consumer applications and application classes, while protecting your internal services from intentional or accidental overuse and abuse.

This where SOA Software’s API Manager comes in.  API Manager is a high-performance, multi-protocol messaging intermediary.  It uses a service virtualization model to expose API endpoints that a fully abstracted from the internal enterprise services and applications that provide the business functions being delivered as APIs.  This abstraction includes offering different protocols and standards, security models and tokens, message exchange patterns and more.  API Manager provides comprehensive declarative mediation capabilities leveraging Atmosphere Manager for all of its configuration.  SOA Software’s Community Manager relies heavily on API Manager for operational enforcement of actions and decisions, and for the collection of metrics, usage data and recorded messages.