The document discusses API management, emphasizing its importance for usability, security, and business value within organizations. Key components include an API portal, gateway, and monitoring tools, with a focus on developer self-service and secure access. It also reviews various API management solutions, highlighting differences in features and deployment methods among market contenders.

1. API Management @Haufe
Marco Seifried (@marcoseifried)
Martin Danielsson (@donmartin76)
dev.haufe-lexware.com
github.com/Haufe-Lexware
@HaufeDev
-Lexware

2. 1 Intro – API Management
Why would you need and want API Management?

3. APIs @Haufe
Onboarding: First impressioncounts!
• Simplicity
• Self-service
• Low barrier to use
Ways to achieve this:
• Access to something valuable
• Focus on the service - business value

4. Haufe Strategy - Architecture Principles
Business value over technical strategy
Strategic goals over project-specific benefits
Composability over silos
Shared services over specific-purpose implementations
Evolutionary refinement over pursuit of initial perfection
Design for obsoleteness over building for eternity
Good enough over best of breed
Declarative processes over implicit knowledge

5. Design of APIs
API as a
Product…
Hyper-
media
Elements
API
Manage-
ment
Outside-
In
Approach
…
API Styleguide
https://github.com/Haufe-Lexware/api-style-guide

6. API Management – What’s that?
API management is the process of
publishing, promoting and overseeing
application programming interfaces
(APIs) in a secure, scalable
environment.
techtarget.com
Strip off the business features of your API
– API Management is the rest.
Stuff you would do for all APIs
independent of what they do – logging,
monitoring, access, documentation,…Marco Seifried J

7. API Management Key Components
API
Portal
API Owners,
Developers,
Admin
Developer Self-Service
End User
Service
Endpoints
http://www.apiacademy.co/resources/api-management-101-api-management-basics/

8. What does it do?
Provide discoverability
and self-service Access to APIs for developers easily and
automatically
Monitor traffic to provide Usage Insights for individual apps and APIs.
Who is using what how much?
Protect the API from
misuse by providing Security e.g. by wrapping it in security
procedures and policies.
Protect the runtime with Traffic Control e.g., by throttling for mobile
apps
Use API Management to Decouple the inside from the outside,
keeping interfaces (APIs) stable

9. Use Cases
and Scenarios
Mobile
Internal
Public
Don’t search for the
“One to rule them all”
Instead, go for
“Good enough”
And not to forget
“Evolutionary refinement”
Partner

10. Our (API) Approach @Haufe
Don’t centralize
Group APIs by
functionality
Let teams work
independently, as long as
they follow our API
Styleguide
Choose API Management
by use case, not by dogma
Automate
(Build, Test, Deploy,…)

11. 2 API Management Components
I fear it’s not only Gateway and Portal…

12. APIm Solution
Developer
Portal
API Gateway
Admin
Logs
Backend
Service
Analytics
Audit
Consumer
Config
Portal IdP
API IdP

13. 3 Solutions
Who provides APIm solutions?

14. Market Contenders

17. Azure API Management
Developer
Portal
API Gateway
Admin
Logs
Backend
Service
Analytics
Audit
Consumer
Config
Portal IdP
API IdP
Anything pluggable;
e.g. EventHubs
No support OOTB,
but Azure AD has
functionality

18. 100% SaaS solution
Integrated into Microsoft Azure
Full-featured Developer Portal
Rich Policy-driven API Gateway
99.x% SLA
Price point: At least 550€/mo.
Scales on demand (with price)
REST API
Not available on-prem
Closed Source – not freely customizable
Quite high price point
In some cases: “Last mile” missing

20. Mashape Kong
Developer
Portal
API Gateway
Admin
Logs
(Plugin)
Backend
Service
Analytics
Audit
Consumer
Config
Portal IdP
API IdP
(Plugin)
3rd Party Offerings,
e.g. kong-dashboard
3rd Party Offerings,
Mashape’s gelato.io
Mashape’s Galileo
Depends on
Admin UI

21. Open Source solution
Built around nginx/Lua
Deployable wherever you want
Fully dockerizable
Scalable, feature-rich Gateway
Powerful plugin/extension model
Suitable for internal use mostly
Complete REST API
No developer portal out of the box
Actually, there is: gelato.io (closed
source/commercial)
Only 3rd party Admin UIs (of varying quality)
Requires networking know-how to set up
Cassandra currently only configbackend choice (but
PostgreSQL upcoming)

22. • Mostly suitable for backend services on Azure
• No on-prem deployment (only SaaS)
• Good Developer Experience (DX)
• Easy to start with
• Not freely customizable
• Focus on securing backend
• Flexible Deployment (but no SaaS)
• For use cases where the DX is not important*
• DevOps easier, steeper learning curve
• Does basics, everything else is addon
• Quite large software
packages in both cases
• Takes planning and some
effort to set up
• With great functionality
comes largeish footprints

23. 4 Azure APIm Demo

24. Azure APIm Developer Portal

30. Azure APIm Publisher Portal

34. Multumesc