Let’s go through the features of open source API architecture, and take a look at a few API management platforms to see how open source APIs help an organisation in its digital transformation journey.
An application programming interface or API enables a software or application to utilise features or services of another application, platform, or device. It is a service delivered over the internet, which is:
- A network accessible function
- Available using standard web protocols
- A well-defined interface
- Designed for access by third parties
An API defines the software component in terms of the protocol, data format, and the endpoint for two computer applications to communicate with each other over a network. It integrates databases, applications and devices, making the interaction between data sets and agencies a seamless, automatic process. It empowers a mobile application or platform to share its data with other applications/platforms and eases the user experience. APIs eliminate the need to build a similar program or platform from scratch.
In simple terms, APIs are a set of requirements that govern how two applications can talk to each other.
The characteristics of APIs are:
- Easy to learn
- Easy to use even without documentation
- Hard to misuse
- Easy to read and maintain code that uses them
- Easy to extend
Industry adoption of API
According to Google’s State of the API Economy in 2021, “Companies report that their key priorities for 2021 included a focus on API security and governance (50%), growth and management of API adoption (41%), investment in building a developer community (38%), generating revenue by monetizing APIs (31%), making more services and data publicly available (31%), and growing their investment in API operations and monitoring (20%)”
Postman’s 2022 State of the API Report projects that “investments in APIs will increase or stay the same over the next 12 months.”
According to Precedence Research, the Asia-Pacific region will lead the global API management market between 2022 and 2030. The size of this market was US$ 5.37 billion in 2022 and is expected to reach around US$ 46.74 billion by 2030.
According to Markets and Markets, the API management market is projected to be worth US$ 5.1 billion by 2023, at a CAGR of 32.9 per cent.
The top API trends are shown in Figure 1.
What’s driving open source API management?
An API management platform is a tool used to access, distribute, control, and analyse APIs used by developers in an organisation. This platform is secure, user-friendly, scalable, testable and reliable. It manages API integrations centrally, performs well and offers better security integration standards.
The key factors driving API management are:
- Application interconnection and the data flow between these applications
- Phasing out of applications
- Point of failure due to higher number of interfaces
- Current interface landscape compared to future state
- Security of the application landscape
The choice of an API management platform depends on the following design principles.
- Simple: The APIs should be designed with least complexity and offer ease of delivery.
- Flexible: The APIs should be flexible enough to be used in various contexts, providing optional controls to improve their usability.
- Usable: APIs should be developed across the system, process and experience layers with usability in mind. They need to follow consistent naming with minimal inputs to deliver functionality.
- Secure: API security should adhere to global confidentiality, data integrity, as well as regulatory and compliance principles. It should adopt encryption mechanisms as required and deemed fit, and comply with the global standards for authentication and authorisation. Fail-safe mechanisms such as ‘deny by default’ are to be followed while creating the API.
Transformable: The APIs should be transformable in terms of output, capable of transforming and delivering the results in JSON, XML and other data formats. - Reusable: APIs should be designed for maximum reusability. This helps to avoid reinventing them, reduce the development time, adapt faster to the changing market requirements, and thus the time to market.
Figure 2 depicts the building blocks of an open source API.
API architecture and open source API management
API management needs to ensure that the APIs are secure, user-friendly, scalable, testable and reliable.
API management:
- Helps in packaging and deployment of the APIs
- Publishes the APIs to developers and other consumers
- Provides documentation and sample requests/responses for developers to understand the APIs
- Provides an API console to test the API operations (most API management tools provide mock endpoints to test before testing the actual endpoints)
- Acts as a proxy or facade for existing backend services
- Provides a reliability and analytics dashboard of the service
The different components/blocks of an API management platform are listed below.
API portal: This enables developers to navigate interactive docs, tutorials, code snippets and examples. The API portal provides a best practices framework for rapidly delivering tools to successfully use APIs.
API gateway: The core component of API management is an API gateway. This acts as a proxy so that APIs do not have to directly interact with client applications. The gateway represents a central point where all the abstracted API functionality is located and managed via a set of governance policies. Its features are:
- Provides a lightweight API gateway for securing and managing APIs
- Connects mobile devices to existing systems
- Significantly lowers integration costs and decreases total cost of ownership
- Offers rich integration with identity and access management (IAM) platforms
- Streamlines regulatory compliance through authentication, authorisation, and audit capabilities
API publisher: This is an organisation that uses APIs to expose its backend systems to internal, partner or third-party developers of client applications.
Web API: This API exposes backend systems over the web, using the HTTP protocol specifically to facilitate the creation of web, mobile and cloud applications.
API security: This provides secured access across all the layers including authentication, authorisation and auditing, threat protection, message checking/validation, SSL, logging/non-repudiation, and the capability to integrate with industry defined security frameworks like OAuth identity provider.
Key open source platforms for API management
Open source API management platforms are designed and developed using open source technologies. They:
- Provide transparency to stakeholders and participants
- Help teams to work together, anywhere and anytime
- Increase responsiveness and visibility
- Ensure service uptime and optimal performance
- Provide high quality
- Improve time to market
A few key open source API management platforms are briefly described below.
Gravitee.io: This is an open source platform for managing APIs that are flexible and lightweight. It offers out-of-the-box features such as rate limiting, IP filtering, cross-origin resource sharing, plug-and-play options, open source API developer portal with OAuth2 and JSON web tokens policies, load balancing, etc.
Redhat APIman.IO: This platform has the following features:
- Quick runtimes
- Policy-based governance with a detachable policy engine
- Asynchronous capability
- Enhanced billing and analytics options
- Availability of a REST API for management
- Rate limiting
WSO2 API Manager: This open source API management platform can run anywhere and anytime. It helps developers enjoy API distribution and deployment on both on-premises and private clouds. It has the following features:
- Higher customisation
- Ease of governing policies
- Possibility of designing and prototyping for SOAP or RESTful APIs
- Better access control and monetisation facilities
Kong API tool: This open source microservice API tool enables developers to manage everything quickly, easily, and securely. Its features include:
- Availability of open source plugins
- Ease of one-click operations
- Common language infrastructure capability
- Great visualisation for monitoring
- Regular software health checks
- Introspection of OAuth2.0
- Wide community support
SwaggerHub: This platform offers a wide range of options to designers and developers working in the backend development domain. It provides a robust and intuitive editor that delivers high efficiency and speed while preserving design consistency.
Tyk.io: This open source API gateway has been developed in the Go programming language. It provides an open source API developer portal, detailed documentation, a dashboard for API analytics, rate limiting for APIs, authentication, and various other such features that help organisations focus on microservices environments and containerisation.
Fusion: This API management tool has features like backend dashboard for admin control, detailed documentation, JSON validation for incoming requests, and scope handling to meet user permissions.
Akana: This API management platform helps in designing, securing, implementing, monitoring, and publishing APIs.It can be deployed on-premises or in the cloud. Its features include:
- Threat protection
- Microservices management and DevOps
- Helps in traffic management
- Provides application security by detecting vulnerabilities in the code or during run-time
DreamFactory: This integrates with any SQL/NoSQL database, external HTTP/SOAP service, or file storage system. The platform is comprehensive, flexible, fully documented, and ready to use REST API automatically.
It provides access to API parameters for pagination, complex filters, virtual foreign keys, and related table joins. It offers user management, SSO authentication, CORS, JSON web tokens, SAML integration, role-based access control on API endpoints, OAuth, and LDAP.
API Umbrella: This platform for managing APIs and microservices allows multiple organisations to operate under the same umbrella by enabling varying admin permissions for different domains. It provides facilities like rate limiting, API keys, caching, real-time analytics, and availability of an admin web interface.
Ansible: Red Hat owns Ansible. This platform automates various common tasks related to IT operations such as application deployment, configuration management and cloud provisioning. It integrates with numerous DevOps tools including Jenkins, JIRA, and Git. The free and open source version of Ansible is available on GitHub.
GitHub: This collaborative code review tool supports around 200 software languages. It also supports all the version control features of check-ins, commits, branches, merging, labels, task management, wikis, push and pull to/from GitHub etc. Git fits in very well as a popular and distributed version control system for teams located at different geographical locations.
Kubernetes: Kubernetes is free and can be downloaded from its repository on GitHub.
Administrators must build and deploy the Kubernetes release to a local system or cluster, or to a system or cluster in a public cloud, such as AWS, Google Cloud Platform (GCP) or Microsoft Azure.
Puppet: This is a tool for operating and delivering software. It automates deployment to boost auditability, reliability and agility. It provides continuous automation and delivery across the complete software delivery life cycle. The latest version of Puppet features Node Manager and Puppet Apps, which help handle a large number of dynamic, variable systems.
Supergiant: This open source platform for container management is utilised for Kubernetes deployment on multiple clouds in a matter of minutes. The Supergiant API is used for streamlining production deployment.
Benefits of API management platforms
Revenue: For organisations, APIs can be a direct source of revenue. This involves charging developers for access to the APIs, and facilitating the in-house creation of pay-to-play applications or enabling ecommerce.
Reach: APIs provide the ideal solution for organisations that wish to reach new customers or enhance the experience of current customers by offering existing services via new platforms and devices.
Customer engagement: APIs can also help an organisation to market its products and services, without necessarily becoming involved in how these offerings are delivered. They enable the creation of the engaging, immersive functionality that is associated with online marketing best practices.
Better UX:Organisations use APIs to optimise their offerings. API technologies provide data that organisations can use to deliver custom-made experiences.
Better integration: APIs play a key integration role in a variety of internal IT projects that impact core business goals. In these projects, it is vital to consider the business event or need driving the integration. For example, the integration may result from a merger or from a new regulatory requirement.
Better efficiency: With APIs, businesses can automate numerous processes while developing and managing a product.
Enabling innovation: APIs help organisations to develop new systems, offerings and strategies from the inside because they reduce technical barriers to innovation. They empower companies to implement ideas without requiring them to change their backend systems.
API adoption plays a major role in an organisation’s digital transformation journey. Computing becomes more flexible, more accessible, and more efficient with the usage of APIs. Also, adoption of APIs shortens time-to-market and improves product quality.
Acknowledgement
The author would like to thank Santosh Shinde of the BTIS Enterprise Architecture division of HCL Technologies Ltd for giving the required time and support while this article was being written as part of architecture practice efforts.
Disclaimer: The views expressed in this article are that of the author and HCL does not subscribe to the substance, veracity or truthfulness of the said opinion.