This document discusses API management. It provides an overview and describes key components like the API gateway, API manager, analytics, and developer portal. It outlines the API lifecycle and roles like the API owner, developer, admin, and consumer. The goals of API management are to securely expose information assets, inspire innovation, and increase revenue. It enables faster relationships through access control and security while exposing APIs.

1. Version 1.0

2. Contents
 Overview
 Key Business Drivers
 Features
 Reference Architecture
 API Management
 API Management – Components
 API Gateway
 API Life Cycle
 API User roles
 Key Service Providers
 References

3. Overview
 Enterprises need to expose their information assets without any
boundaries in a secure and standard way in their digital innovation
and transformation strategy.
 API Management Solutions have the capability of opening up APIs in
a standard way that can be used across the web, digital, IOTs, Social,
Service Oriented Architecture (SOA) and the cloud.
 API management is the process of publishing, documenting and
overseeing application programming interfaces (APIs) in a secure,
scalable environment.
 API management monitoring helps in increasing the availability of
the interfaces.
 Private APIs for Internal usage with in the enterprise applications
thru ESB, Protected APIs can be used for Partners thru API
Management and Open APIs can be used by External API Developer
and create Apps.

4. Key Business Drivers
 Faster relationships thru
developer communities
with the feasibility of
access control mechanism.
 Reduce the risk of exposure
to the open Enterprise with
out compromising on
security.
 Improve Business Agility
 Inspiring towards
Innovation
 Increase revenue
 Easing Integration

5. Features
 Proxying and securing backend service with API Gateway helps to secure the
core systems from direct access by taking care of the standard security
considerations.
 Rate limiting/throttling of API calls helps in prioritization aspect.
 Consumer identification helps in monetization aspects.
 API Analytics help in understanding API consumer behavior.
 Self service for the API developers helps in reducing the integration
complexities.
 Documentation Portals help by reducing dependency on external
documents.
 Different types of built-in transformations reduce development effort( ex:
SOAP <-> REST, XML <-> JSON).
 Minimizing programming effort thru configurations helps save time and
improve quality.
 Caching can help in achieving the better performance.

6. Reference Architecture

7. API Management

8. API Management – Components

9. API Management – Components
 API Gateway : provides functionality that enables security,
protection, and scaling of API calls
 API Manager : is a web interface that enables business or operational
users (API owners) to easily register APIs and apply standard policies to
virtualizes the APIs. It enables organizations and API consumers to
consume APIs, browse the API Catalogue, and monitor their API use. It
also enables business or operational users (API administrators) to
manage API clients and their consumption of APIs.
 Analytics: This has a dashboard to display the usage and behaviour of
all the APIs in the dimensions like time taken, no of calls etc.
 Developer Portal: is a self-service portal that enables API
consumers to consume APIs which are exposed in a standard and
secured way for external consumption using API Manager. API
consumers can register and manage their user profile, register
applications, manage application credentials, browse front-end APIs and
supporting documentation, monitor application API usage, and access
blogs, forums, and so on.

10. API Gateway
DMZ
 Provides a mechanism to
externalize specific APIs using a
standard pattern
 Authentication & Authorization
thru OAuth, LDAP, SSO etc.
 Message Security thru SSL, TLS,
XML-Encryption, PKI
Cryptography
 Threat Protection from DDOS
attacks, SQL/Script Injections etc.
 Throttling thru Rate Limits, traffic
prioritization, limit based on user,
ip, region
 Route based on message content,
headers, identity and other
factors.
 Transform requests from one
form to other like SOAP to REST

11. API Life Cycle

12. API User roles
 API Owner: is typically a person in a managerial role and overlooks a
set of APIs across the enterprise or a business unit, and controls the API
lifecycle and monetization aspects. He also analyzes usage patterns for
APIs and has access to all API statistics.
 API developer (Internal): is a technical programmer who
understands the technical aspects of the API (coding, interfaces,
documentation, versions, how it is exposed by API gateway) and
implement the APIs.
 Admin : Admin is the API management provider, who hosts and
manages the API Gateway. S/he is responsible for creating user roles in
the system, assign users to roles, managing databases, security etc.
 Consumer / APP Developer (External) : A consumer is typically an
application developer who is external to the enterprise and create
applications and searches the API store from internet to discover APIs
and use them. He/she reads the documentation, forums,
rates/comments on APIs.

13. API Management Solutions

14. References
 https://www.ca.com
 http://searchsoa.techtarget.com/definition/API-
management
 http://www.apiacademy.co/resources/api-strategy-
lesson-102-the-business-value-of-apis/
 https://docs.wso2.com/display/AM160/User+Roles
+in+the+API+Manager
 http://www.slideshare.net/KaiWaehner/a-new-
front-for-soa-open-api-and-api-management-as-
game-changer
 http://swagger.io/