Microservices, event-driven APIs, hybrid/multicloud, and productized APIs are changing the way APIs are being designed, implemented and governed. Application leaders responsible for managing APIs must choose their API management solution to support these API usage patterns.
Key considerations
APIs are increasingly being delivered by microservices architecture, including using container management platforms that support service mesh. This provides flexibility but complicates design, implementation and governance.
Event-based APIs require support for communication patterns which presents a challenge to API management solutions; which have been primarily designed to support request-response patterns.
API management has traditionally been centered on a single API gateway, but hybrid/multicloud architecture disrupts this model, because it involves multiple API gateways posing deployment and policy management challenges.
APIs are increasingly being packaged as products, complicating governance and monitoring requirements desired in API management solutions in providing a consistent experience to users and in achieving business goals.
API management trends
API management solutions are used to publish, secure, and monitor APIs. They do so use API gateways (for security and traffic management) and API developer portals (for API publication), with centralized policy management and analytics. According to 2019 API Strategy and Usage Survey, 66% of surveyed organizations either use, or plan to use, an API management solution to publish and secure their APIs.
With the rapid adoption of modern application architectures such as microservices, event-driven architecture (EDA), and hybrid/multicloud, APIs are becoming more complex in design, implementation, and governance. Simultaneously, APIs are increasingly being packaged as products, requiring the need to support API product managers in providing ecosystem participants a consistent experience, and achieving business goals.
Application leaders are finding it increasingly challenging to establish a technically robust and operationally flexible API management capability, to effectively manage these multifaceted APIs. As a result, finding the API management solution best suited to meet these complex requirements has become difficult.
Application leaders must consider these new trends when evaluating their current or future API management provider capabilities. Figure 1 shows the key trends and their impact on API management solutions.
Trends Impacting API Management
Figure 1. Trends Impacting API Management
Prioritize API Management Solutions Which Support Microservices Architecture
2019 API Strategy and Usage Survey found that 45% of surveyed organizations reported using microservices architecture (MSA) to build APIs. Developing microservices often involves using a container-based approach. Container management platforms, including those using Kubernetes, may use service mesh to govern service-to-service communication by providing capabilities such as service discovery, service configuration, authentication and authorization. Service-to-service traffic is termed “east-west” traffic, to distinguish it from the “north-south” traffic through edge API gateways.
API management capabilities within an organization need to evolve to mediate “east-west” traffic, along with “north-south” (API to consumer) traffic in a microservices environment by:
Providing lightweight/low footprint API gateways that govern internal communication for APIs exposing microservices.
Integrating with service mesh technologies such as Istio, Linkerd, or Envoy in cases where services are deployed in a containerized environment such as using Kubernetes, Cloud Foundry or Docker.
Supporting emerging non-REST protocols such as gRPC and protocol buffers (protobuf).
Microservices and service mesh also bring security requirements to API management solutions. This includes using JSON Web Tokens (JWTs) to propagate security information with API calls, from the edge API gateway through to services in a service mesh.
Robust DevOps and automation capabilities are a prerequisite to adopt MSA. This DevOps and automation requirement extends to API management products. Some vendors, such as Kong, Gravitee, IBM, and Tyk, have added specific DevOps and automation capabilities to their API management solutions.
Strengthen Your API Management Approach by Including Support for Event-Based APIs
Event-driven architectures are rapidly gaining momentum with Internet of Things (IoT) telemetry data, real-time reactive user interfaces, invocation of multiple microservices based on an event, push notifications sent to users based on events, and stream analytics as top use cases.
However, most APIs remain synchronous request-response, rather than event-driven. This creates a request-response layer in between user interfaces (UI) which are event-driven, and back-end infrastructure which is also event-driven, as shown in Figure 2 below.
Request-Response APIs Between Event-Driven Front-ends and Back-ends
Figure 2. Request-Response APIs Between Event-Driven Front End and Back Ends
This situation has driven the need for event-based APIs. Rather than the synchronous request-response pattern followed by the RESTful APIs, event-based APIs facilitate asynchronous communication between the client and back-end. Using publish-subscribe semantics, event-driven APIs allow clients to subscribe to an API and receive events as they happen within the service they are using. This helps propagate events in real time without polling the client or the server. Event brokers such as Apache Kafka and RabbitMQ are often used as a mechanism to allow a consumer to subscribe (this can be user controlled or programmatic) and as the means to deliver events to consumers that are subscribed.
To support event-driven APIs, favor API management solutions with these capabilities:
Support for protocols such as Webhooks (supported in OAS v3.0 as “Callbacks”), HTML5 Websockets, or Server-Side Events (SSEs), MQTT, or AMQP.
Support for emerging specifications to define asynchronous APIs, such as AsyncAPI.
Sample API management vendors supporting event-driven APIs in some form are Mulesoft, Axway, Software AG, Tyk and IBM. Vendors like Solace, Confluent, and open-source solutions like Apache Kafka, and RabbitMQ provide tools such as Event Portals, Message Brokers and Message Queues to support event-driven architectures.
Align Your API Management Architecture to Your Cloud Strategy
Many organizations are either currently using or evaluating more than one cloud platform, resulting in hybrid/multicloud architectures. With APIs being designed and deployed across different environments, it becomes challenging to apply a consistent set of policies such as design conventions and versioning standards. This is compounded by the fact that different API gateways may be used, such as the Amazon Web Services (AWS) API Gateway on AWS, or Azure API Management on Microsoft Azure. This leads to decisions on whether to use one single API management solution across clouds, or use the API gateways provided by each cloud platform.
To provide API management in a hybrid environment, or across multiple cloud providers and/or data centers, prioritize API management solutions which:
Support hybrid deployment of the solutions, such as allowing on-premises API gateways with cloud-based API analytics.
Support a single API developer portal across multiple different API gateways (see Figure 3 below).
Support interoperability of the solution with other vendor solutions including API gateways, API design tooling and API portals.
Hybrid/Multicloud API Management
Figure 3. Hybrid/Multicloud API Management
Choose API Management Solutions That Support the API Product Manager Role
Organizations are treating APIs as products, including measuring and tracking the business benefit of the API to the organization. Treating an API as a product also includes managing a roadmap for the API. Users of the API must be treated as customers whose feature suggestions are weighed and prioritized in the API’s roadmap. This work is done by an API product manager. Sample API management vendors providing support for the API product manager include Axway, Google (Apigee), and Software AG.
As a next step beyond API products, organizations may package APIs as part of packaged business capabilities (PBCs). PBCs are designed to be used as building blocks for application product suites and custom-assembled application experiences.
API products may provide access to data, as “Data as a Service” APIs. These may make use of technologies such as GraphQL to make this exchange fast and efficient. As of March 2020, the volume of client inquiries mentioning GraphQL has increased over 300% year on year.
In some cases, APIs treated as products may be monetized. These APIs may then be provided through API marketplaces.
In order to support APIs managed as products, favor API management solutions which:
Enable the management of the API roadmap, including feature prioritization and provide business value reporting which goes beyond technical metrics on API usage.
Support API monetization schemes including subscriptions, pay-as-you-go, and revenue share.
Sample vendors in the API management ecosystem that provide some GraphQL features include IBM, Kong, Mulesoft, Postman, RapidAPI, Software AG, Sensedia and TIBCO Software. Vendors like Apollo, AWS AppSync, Hasura and Prisma offer tools and services to support GraphQL implementations.
Acronym Key and Glossary Terms
- API: Application programming interface
- EDA: Event-driven architecture
- IoT: Internet of Things
- KPI: Key performance indicator
- MSA: Microservices architecture
- PBC: Packaged business capabilities
- UI: User interface
API-Related Trends in Social Media Conversation
Figure 4 below shows the top trends related to APIs, based on the findings of in-depth analysis of social media conversations around API management and API gateways (see Evidence section above). The results confirm the emergence of usage patterns described above but also reveal the increased use of artificial intelligence (AI) in tackling API security and API analytics. Third-party APIs offering AI capabilities such as Alexa Skill Management API, Google Assistant API, IBM Watson Discovery API and Wit.AI API are gaining popularity.
API Management Social Media Conversation Trends
Figure 4. API-Related Trends in Social Media Conversation