API Management


API Management is the practice an organization implements to manage the APIs they expose.

API Management is done either internally or externally to ensure that their APIs are consumable, secure, and available to consumers in conditions agreed upon in the APIs terms of use. Essential features API management should provide (rather than what specific solutions do) include the following:

API Registry#

API Management should provide a API Registry for organizations to catalog their APIs, incorporating metadata such as the subject matter, description of the API (including different versions of the API that are currently available), human-friendly documentation, a taxonomy of the types of API available, and runtime capabilities (such as maximum requests per second). The API Registry should also monitor the state of a given API, including metadata such as the currently supported versions.

Exposing the APIs#

API Management should provide a means to consume the APIs. Exposing the APIs therein to internal and/or external API Portal with the an Access Control Models which provides the ability to:
  • enforce Access Control
  • consumption in the form of mechanisms such as rate limits or quotas
  • surface multiple versions as required.
The distance between the definition of an API in the API Registry and Exposing the API as a consumable endpoint should be as short as possible, with the transition being equally seamless.

An organization may expose APIs here that do not meet the organization’s API “standards,” or exist in a form that an organization does not want to expose to their consumers (as it closely coupled an external exposed API to an internal system that is sensitive to changes). ???

API Management should also provide the ability to transform the inputs and outputs accordingly, exposing a standardized form to the API consumers;

System of record for API utilization#

API Management should be the system of record for API utilization, embellishing the API Registry with information regarding the actual runtime behavior and characteristics of a given API in the form of metrics determined against Key Performance Indicators.

This information may include the number of API keys registered, average and peak requests per second, and so on. This data should be meaningful to the organization allows them to understand API utilization and plan accordingly for future enhancements or capacities. The information will also be used to help both monitoring and monetize the APIs exposed, with the ability to make the data captured available to the organization’s operational or billing systems as required.

More Information#

There might be more information for this subject on one of the following: