This guest post comes from Mark O’Neill who is CTO with Vordel, a provider of Application Gateways to link all enterprise applications, users, and devices across Cloud, mobile, and on-premise environments.
Cloud, mobile and social media are now mainstream computing concepts. Today, consumer and business users all demand access to applications and data from multiple devices, inside and outside of enterprises, on a continuous basis. As a result, users interact with an enterprise through many different interfaces which all converge at the API layer. A well-executed enterprise API strategy will ensure API usage is tracked and security is achieved, enabling enterprises to create more selling channels, improve engagement with customers and prospects and offer more value to partners.
While API adoption has snowballed in recent times and the API economy is thriving API management as both an IT and business discipline is still playing catch-up, especially around the area of enterprise API management. The huge popularity of consumer-oriented APIs, which are typically used to transmit information for public consumption has meant that most related API management practices focus on developer enablement portals which provide self-service options for an open community of developers consuming public-facing APIs.
However, change is rapidly happening within the area of enterprise APIs as organizations increasingly adopt enterprise APIs for their ability to transmit sensitive information and execute business transactions.
A key difference between consumer oriented and enterprise APIs, is that enterprise APIs typically handle confidential information, with higher value business transactions and demand a stricter level of regulatory compliance. This means that enterprise APIs require a robust management strategy to monitor for inappropriate usage, as breaches could result in monetary loss and/or raise compliance issues. As such, designing an API delivery strategy for enterprise APIs demands a higher level of operational requirements than designing a more consumer focused one. Furthermore, the development of an enterprise class API management platform introduces new technology parts to the existing business application infrastructure – which can cause potential integration issues. Additionally, the secure and scalable delivery of enterprise APIs requires advanced security, integration and runtime middleware.
API Management Lifecycle
To effectively design an enterprise API delivery strategy, IT managers need to understand the API management lifecycle. Within this context, API management could be considered the next evolution of Service Oriented Architecture (SOA), but extended beyond the enterprise with web-centric architecture. Figure 1 below shows the 5 phases of API management and the technologies required at each stage to build out a comprehensive API management platform.
An enterprise’s choice of API management platform architecture will be driven by three factors; the type of APIs the enterprise needs to deliver, the readiness of its source APIs and integration requirements. It is worth noting that integration into existing systems can be the most challenging and complex aspect of enterprise API delivery.
Typically, enterprises will require a flexible API management platform offering a high level of security, integrity and integration capabilities. While there are several architectural patterns to choose from, the two-tier API delivery platform detailed below is perhaps the most common for the scalable delivery of enterprise APIs.
Two-Tier API Delivery Platform
The two-tier API delivery platform provides flexible and scalable solution by separating the portal tier from an additional API gateway tier. The two-tier API delivery platform provides an enterprise with the flexibility to manage enterprise APIs, backend APIs requiring non-trivial transformation and orchestration and situations where a standalone identity repository for API management is not acceptable. It is also useful in scenarios where support is required for existing trusted relationships, security protocols and certificates, as well as non-trivial access federation scenarios.
Depending on the extent of the integrations, many scenarios will require the API gateway to be situated on-premise. The two-tier architecture offers the options of being deployed locally, in the cloud or in a hybrid model. The portals can be deployed either on-premise or in the cloud, independent of the API gateway deployment location. While there are strong reasons to deploy partner and provider portals in the Cloud, an internal developer portal is probably best suited to an on-site deployment.
An enterprise needs to understand the type of APIs it will deliver and consume as part of its overall API management strategy and plan its architectural approach accordingly. A successful enterprise API management strategy is developed as part of an overall integration strategy that incorporates existing on-premise infrastructure and new Cloud and Mobile environments. To achieve success, enterprises should consider an API container to control the administration, monitoring, security and transformation of all API traffic.