Overview#API Service Delivery involves the operational Service Delivery of the APIs including:
- servicing API calls
- delivering content
- executing transactions.
Consumer APIs tend to be few in number but high in traffic volume, across large geographical areas. The security requirements for consumer APIs maybe simple – typically username and password for user authentication and an API key in the form of a shared secret for client authentication. User and client repositories are usually stored in a standalone database within the delivery platform, as the API consumer population can be very large, unverified, and have a high level of turnover. Consumer APIs usually require just enough throttling and traffic control to ensure that the quality of the API service is not negatively impacted by excessive users.
Enterprise APIs are usually consumed by business partners, and those partners and users are usually managed by an existing partner management system and may need integrate with these partner management databases to make runtime decisions using partner profiles, user roles, and service contracts.
Keep in mind that the management of partner and user information is often handled by sales or support organizations and the user onboarding tools they deploy, not by developers via a API Portal. Both the API consumer and provider organizations generally need to have some level of Identity Management Architecture that is responsible for managing credentials.
API Service Delivery typically must integrate with Identity Management Architecture Access Control and may need to support existing B2B security relationships that include security protocols and certificates such as OAuth 2.0, SAML and X.509 certificates.
Enterprise APIs are often bound by business contracts and SLAs. Therefore, advanced Server-Side Login throttling schemes, API Metrics, and quota management capabilities may be required to enforce contract terms.