A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13.
Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach.
Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies.
Key topics include:
- The current challenges in API governance and how federated management addresses these.
- The principles and architecture of Federated API Management, distinguishing it from traditional models.
- Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses.
- Strategies for implementing Federated API Management, focusing on best practices for seamless integration.
- The future outlook of API governance, anticipating emerging trends and technologies.
2. 2
THE API MANAGEMENT EXPERTS
Empower Companies to Fully Leverage The
Potential of Modern API Management even
in complex API landscapes.
Hi, I‘m
Markus!
SOME OF OUR CUSTOMERS
CTO @ APIIDA
3. 3
The Critical Role of APIs
“APIs are the critical
building blocks for business
innovation”
Roey Eliyahu, Forbes Councils Member
“APIs hold systems together. We would be
left with isolated data and applications
that can’t communicate. Without APIs, the
technologies we rely on won’t work.”
apiworx
“APIs are also enabling companies to
innovate their business models. The
product has become the service delivered
via APIs, allowing companies to scale and
monetize their new capabilities.”
Cloudflare
“APIs account for more than half
of the total traffic generated
[…], and they’re growing twice
as fast as traditional web
traffic.”
Cloudflare
4. 4
What’s to come?
The number of APIs within your
companies will grow!
The number of consumers of
these APIs will grow as well.
You need to stay on top of it!
You need to manage your
APIs!
Business is increasingly driven
by machine-to-machine
communication:
• AI Agents
• Embedded Products
• “Go where your customers
are”
By using GenAI APIs will be
easier to create than ever.
9. 9
API Gateway
API Gateway
API Gateway
API Gateway
API Gateway
API Gateway
API Gateway
API Gateway
API Gateway
API Gateway
API Gateway
API Gateway
A Single API Management System
Vendor
Lock-in
One size does
not fit all
Limited
Innovation
Centralized
Control
Unified
Processes
PROS
CONS
Easy
Governance
10. 10
API Gateway
API Gateway
API
Gateway
API Gateway
API Gateway
API
Gatewa
y
API Gateway
API Gateway
API
Gatewa
y
API Gateway
API Gateway
API
Gatewa
y
Multiple API Management Systems
11. 11
Multiple API Management Systems
No centralized
Control
Multiple
Processes
No Vendor
Lock-in
Separation of
Concerns
Easy
Innovation
API Gateway
API Gateway
API
Gateway
API Gateway
API Gateway
API
Gateway
API Gateway
API Gateway
API
Gateway
API Gateway
API Gateway
API
Gateway
PROS
CONS
Governance
is Hard
12. We need a model that
balances centralized
control with
decentralized
flexibility!
13. 13
The Federated Future – Bring your own Gateway
API Gateway API Gateway
API Gateway
API Gateway
PROCESSES AND WORKFLOWS
MANAGEMENT TOOLING
Don‘t manage
your gateways,
manage your
APIs!
14. 14
We go from this…
Data Plane
API Consumers /
Applications
Infrastructur
e
API Gateway A
Enforce Policies
15. 15
…to this
Data Plane
API Consumers /
Applications
Infrastructur
e
API Gateway A
Enforce Policies
Data Plane
API Consumers /
Applications
Infrastructur
e
API Gateway B
Enforce Policies
Data Plane
API Consumers /
Applications
Infrastructur
e
API Gateway C
Enforce Policies
16. 16
Federated API Management
Control Plane
Developer Portal
Admin Portal
Define Policies
Manage Consumers
Data Plane
API Consumers /
Applications
Infrastructur
e
API Gateway A
Enforce Policies
Data Plane
API Consumers /
Applications
Infrastructur
e
API Gateway B
Enforce Policies
Data Plane
API Consumers /
Applications
Infrastructur
e
API Gateway C
Enforce Policies
17. 17
Key Principles of Federated API Management
Scalability Innovation Collaboration
Decentralize aspects of API Management, allowing
different teams to manage their APIs on multiple
tech stacks while maintaining a unified governance
framework.
18. 18
Is it really this common?
APIM
Hybrid Strategies
CLOU
D
APIM
ON-PREM
APIM
Types of APIs
SYNCHRONOUS
APIM
EVENTS
APIM
Audience
INTERNAL
APIM
EXTERNAL
All of these scenarios benefit greatly from
Federated API Management!
20. 20
• Broadcom Layer7 API Gateway
• AWS API Gateway
Unified developer portal
Unified governance model
One platform to control access to all APIs
Building a combined CI/CD toolchain
21. 21
Benefits of Federated API Management
Better
Compliance
and Control
Improved
Innovation
Enhanced
Efficiency
22. 22
Benefits of Federated API Management
Better
Compliance
and Control
Improved
Innovation
Enhanced
Efficiency
API
Governance
23. 23
Core Capabilities of API Governance
Inventory of all
APIs
Design
Consistency
Security
Quality
Assurance
Compliance
and Insights
Usage Montoring
and Control
24. 24
Inventory of all APIs
• Build the inventory using
automated discovery instead of
manual processes
• Bring in additional metadata like
specs
• Answer “What have we published”
with a push of a button
• A solid base for everything else like
Developer Portals
25. 25
Design Consistency
• Apply the same style guide to all
APIs
• Configure the style guide in one
central place instead of n pipelines
• Facilitate shift left by using the
results as a gatekeeper
• TIP: Don’t use raw linting
results, use a derived metric!
26. 26
Gain Insights
• With all data available, you can get
insights into how your APIs are
built
• And into how they are consumed
• Identify patterns across teams
This is where Federated API
Management really shines!
27. API Governance is not
bound to any API
technology!
So don‘t try to solve it on the technology level!
28. 28
Take Away
Federated API Management allows you
to decouple your governance from
technology, bringing together data from
all systems and thus allows for a better,
more insightful governance!
29. If you govern only 80% of
your APIs, do you even
govern your APIs at all?
Editor's Notes
02:00
03:00
I think we all agree that API Management has evolved. It is not just a technical necessity anymore but a strategic enabler. A bad API Management can severly affect your digital products. A good API Management on the other hand allows you to speed up your innovation while optimizing operational efficiency at the same time.
So, let‘s look at how API Management was done in the past. Most API Management programs start with the choice of an API Gateway. You choose it based on its feature set, certifications, price, etc etc. It is the core of your API operations.
In order to manage your gateways and the APIs proxied on it every gateway comes with some kind of management tooling. This tooling usually comes from the vendor of the gateway, so it is very well integrated but – of course – limited to this very gateway.
On top of the gateway and the management tools you develop processes and workflows to make use of the tools in a convenient way. Again those processes you develop usually are tied to the gateway you chose at the start of your API Management journey
On top of the gateway and the management tools you develop processes and workflows to make use of the tools in a convenient way. Again those processes you develop usually are tied to the gateway you chose at the start of your API Management journey
On top of the gateway and the management tools you develop processes and workflows to make use of the tools in a convenient way. Again those processes you develop usually are tied to the gateway you chose at the start of your API Management journey
On top of the gateway and the management tools you develop processes and workflows to make use of the tools in a convenient way. Again those processes you develop usually are tied to the gateway you chose at the start of your API Management journey
So, we need to go from this single gateway – or data plane as it is also called …
To multiple data planes, running in parallel. Maybe you want to continue to use the API gateway you use on premis but want to go cloud native as well. Maybe you acquire another company and now have to run to different technologies in parallel. Or maybe you just want to isolate workflows of different criticality. There are numerous reasons why you want to run multiple data planes in parallel.
And the solution to do so is called Federated API Management.
Federated API Management adds a Control Plane that creates one interface to all the different data planes you might run. The control plane takes care of things like API Key Management or Policy Definitions. The enforcement and all the traffic handling is still done directly on the data plane.
There are three key principles in Federated API Management: Scalability, Innovation and Collaboration.
You can scale your API Management operations any way you like. Add more nodes, add different gateways for specialized tasks or any other type of scaling you can imagine.
As you have free choice of technology you can experiment much more. This will strengthen the innovation.
And last bot not least it allows you to collaborate on one single plattform, under one unified governance framework, no matter the technology the teams actually use
07:30
Let‘s look at an example. William Hill is a very well known and probably the largest book keeper in UK with a presence around the globe.
William Hill currently uses two different API Management technologies. They use the Broadcom Layer7 API Gateway, that they moved from their own data centers into their private cloud. Additionally they expose some APIs directly through the API Gateway of AWS.
We helped them to build their management processes and workflows in a federated way, so that they now are able to run a unified developer portal, that gives partners access to all of their APIs no matter on what technology they run. They were able to develop and maintain their APIs under a unified governance model using one platform to control access to all of their APIs.
And of top of that they are currently building fully automated CI/CD pipelines that also run across both of their technologies. All of that was made possible by our API control plane which we will have a look at in a moment.
So, let‘s have a look at the benefits that Federated API Management has. Besides the enhanced efficiency through unified processes and getting rid of context switches, Federated API Management allows us to improve innovation by always being able to use the tool thats best for the job. Unified processed and a unified platform also have better compliance and control across the whole API landscape of an oganization.
So, let‘s have a look at the benefits that Federated API Management has. Besides the enhanced efficiency through unified processes and getting rid of context switches, Federated API Management allows us to improve innovation by always being able to use the tool thats best for the job. Unified processed and a unified platform also have better compliance and control across the whole API landscape of an oganization.
The great thing about API governance is that everyone has a different definition of it. So, let us first establish what we are talking about. In my opinion a good API governance covers this six topics:
- the inventory of all APIs in an organization – the enforcement of design consistency (for example through API style guides) – the definition and enforcement of IT security guidelines. But also things like usage monitoring and control, compliance and quality assurance.