- enforce Access Control
- consumption in the form of mechanisms such as rate limits or quotas
- surface multiple versions as required.
An organization may expose APIs here that do not meet the organization’s API “standards,” or exist in a form that an organization does not want to expose to their consumers (as it closely coupled an external exposed API to an internal system that is sensitive to changes). ???
API Management should also provide the ability to transform the inputs and outputs accordingly, exposing a standardized form to the API consumers;API utilization, embellishing the API Registry with information regarding the actual runtime behavior and characteristics of a given API in the form of metrics determined against Key Performance Indicators.
This information may include the number of API keys registered, average and peak requests per second, and so on. This data should be meaningful to the organization allows them to understand API utilization and plan accordingly for future enhancements or capacities. The information will also be used to help both monitoring and monetize the APIs exposed, with the ability to make the data captured available to the organization’s operational or billing systems as required.