API management strategies allow you to monitor and manage APIs in a secure and scalable way
What is API management?
Application Programming Interface management, or API management, consists of a set of tools and services that enable developers and companies to build, analyze, operate, and scale APIs in secure environments. API management can be delivered on-premises, through the cloud, or using a hybrid on-premises – SaaS (Software as a Service) approach.
At their simplest level, Application Programming Interfaces (APIs) enable communication between disparate software applications. Developers can connect APIs from different companies and services to achieve specific results. Popular API uses include enabling the implementation of libraries and frameworks across languages, specifying the interface between an application and an operating system, manipulating remote resources through protocols, and defining the interface through which interactions happen between a third-party and the applications that use its assets. From independent mobile developers and web developers to large enterprises and governmental agencies, APIs are increasingly leveraged across industries and use cases.
Today, developers, enterprises, and organizations often create open APIs that allow others to integrate with their products and services. Hundreds of thousands of APIs designed to facilitate the exchange of information exist across industries. As the number of APIs continues to grow, the need for developers and enterprises to monitor and manage them in a secure and scalable way increases.
Many API use cases don't require API management
There are a variety of options for building a commonly used API type, a RESTful API. Some RESTful APIs, such as REST APIs from Amazon API Gateway, offer API proxy functionality and API management features, such as usage plans and API keys, in a single API solution.
Other RESTful API options, such as HTTP APIs from Amazon API Gateway, are simpler to build, offer reduced latency, and are extremely cost effective. HTTP APIs are optimized for building APIs that proxy to AWS Lambda functions or HTTP backends, making them ideal for serverless workloads. They are the best way to build APIs that do not require API management functionality.
Common API examples
At the simplest level, APIs from an external client hit an API endpoint. That endpoint connects to business logic, such as message processing or user management capabilities, which can then read or persist data in data stores. Two common examples are illustrated below.
How developers use API management tools
All kinds of developers, including mobile developers, web developers, and backend developers, create their own APIs and often leverage others’ APIs in the products and services they build. APIs allow users to complete an action without having to leave the mobile app or website they’re on—this means that a customer can spend more time with the product or service they were initially interested in instead of having to visit multiple sites to achieve their desired action. It’s also common for teams across an organization to segment their internal work into separate applications across multiple servers that communicate with each other through APIs.
Businesses large and small increasingly need to offer their customers seamless browse, search, and check-out experiences that span sites and platforms. To create smooth end-to-end user experiences, developers use API management tools that make it easy to create, secure, deploy, and operate APIs that enable users to accomplish their goals without needing to navigate to multiple sites or services. With the proliferation of APIs, developers also utilize API management tools that allow them to monitor performance, manage traffic, and control who can access their APIs.
Building and using APIs allows developers to save time, avoid redundant work, accelerate their pace of development, and help others use their products and services seamlessly.
Important features of API management tools
Building, deploying, and managing APIs should be quick and easy. Allowing others to leverage your APIs means that maintaining security across APIs should also be easy. In addition to facilitating simple application development and paramount security, APIs should be able to scale in real-time, offer visibility into their operations, and help you manage the third-party developers and companies that access them. Mature API management platforms offer a robust set of capabilities, including:
API Access Control
APIs should be built using access controls, commonly known as authentication and authorization, that grant users permission to access certain systems, resources, or information.
API protections include API keys for identification, API secrets, and application authorization tokens that can be verified.
API Creation and Design
APIs allow web applications to interact with other applications. You can create and define different types of APIs such as RESTful APIs and WebSocket APIs.
Support for Hybrid Models
A RESTful API is a group of resources and methods, or endpoints, that leverage an HTTP request type. A WebSocket API maintains a persistent connection between connected clients.
Highly performant APIs depend on code, the separation of functionalities, and on underlying data structure and data architecture.
Customizable Developer Portal
API developer portals connect API publishers with API subscribers. They enable self-service API publishing and allow potential API customers to easily discover APIs they can use.
The API lifecycle
API management tools on AWS
AWS offers a comprehensive platform for API management called Amazon API Gateway. Used across businesses and organizations, from enterprises to startups, API Gateway makes it easy to define, secure, deploy, share, and operate APIs at any scale. It also makes API monitoring simple and fast. API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. API Gateway also offers a serverless developer portal that enables API publishers to easily connect with API subscribers, as well as easily monitor, manage, and update their APIs.
Amazon API Gateway benefits
A Security-First Approach for API Management
Amazon API Gateway allows you to leverage the same technology AWS uses to run its own services, Signature Version 4. Using Signature Version 4 authentication, you can use Identity and Access Management (IAM) and access policies to authorize access to your APIs and all other AWS resources.
API Management Tools for Building and Deploying APIs
Amazon API Gateway can execute AWS Lambda code in your account, start AWS Step Functions state machines, or make calls to AWS Elastic Beanstalk, Amazon EC2, Amazon ECS, or web services outside of AWS with publicly accessible HTTP endpoints, like Docker. Using the Amazon API Gateway console, you can define your REST API and its associated resources and methods, manage your API lifecycle, generate your client SDKs, and view API metrics.
API Management Tools for Hands-Off Scaling and Complete Operational Visibility
Amazon API Gateway handles any level of traffic received by an API, so you are free to focus on your business logic and services rather than maintaining infrastructure. Amazon API Gateway also provides you with a dashboard to visually monitor calls to the services. The Amazon API Gateway console is integrated with Amazon CloudWatch, so you have full visibility into backend performance metrics, such as API calls, latency, and error rates.
API Management Tools for Third-Party Access
Amazon API Gateway lets you create API keys, set fine-grained access permissions on each API key, and distribute them to third-party developers to access your APIs. You can also define plans that set throttling and request quota limits for each individual API key.
Reference architectures for common API use cases
These reference architectures provide the architectural guidance you need to build an application that takes full advantage of Amazon API Gateway and the AWS Cloud.
API management on AWS: Customer case studies
From enterprises like Fox to government agencies like the UK Driver and Vehicle Licensing Agency, organizations increasingly leverage APIs across all industries and use cases. To learn more about more how companies use API management tools through Amazon API Gateway, see the full list of case studies.
Featured API management partners
Amazon API Gateway partners provide tools and services to help customers create, publish, maintain, monitor, and secure their APIs at any scale. Learn more about all AWS API management partners on the AWS Amazon API Gateway Partners page.
Blog posts, talks, and resources
To get started with API management using API Gateway, check out the following blog posts from popular blogs such as the AWS News Blog and the AWS Compute Blog. You can also watch recordings from past speaking sessions and webinars. For more helpful resources, including documentation and developer guides, visit the API Gateway resources page.