API Management

API management strategies allow you to monitor and manage APIs in a secure and scalable way

What is API management?

Application Programming Interface management, or API management, consists of a set of tools and services that enable developers and companies to build, analyze, operate, and scale APIs in secure environments. API management can be delivered on-premises, through the cloud, or using a hybrid on-premises – SaaS (Software as a Service) approach.

At their simplest level, Application Programming Interfaces (APIs) enable communication between disparate software applications. Developers can connect APIs from different companies and services to achieve specific results. Popular API uses include enabling the implementation of libraries and frameworks across languages, specifying the interface between an application and an operating system, manipulating remote resources through protocols, and defining the interface through which interactions happen between a third-party and the applications that use its assets. From independent mobile developers and web developers to large enterprises and governmental agencies, APIs are increasingly leveraged across industries and use cases.

Today, developers, enterprises, and organizations often create open APIs that allow others to integrate with their products and services. Hundreds of thousands of APIs designed to facilitate the exchange of information exist across industries. As the number of APIs continues to grow, the need for developers and enterprises to monitor and manage them in a secure and scalable way increases.

Many API use cases don't require API management

There are a variety of options for building a commonly used API type, a RESTful API. Some RESTful APIs, such as REST APIs from Amazon API Gateway, offer API proxy functionality and API management features, such as usage plans and API keys, in a single API solution.

Other RESTful API options, such as HTTP APIs from Amazon API Gateway, are simpler to build, offer reduced latency, and are extremely cost effective. HTTP APIs are optimized for building APIs that proxy to AWS Lambda functions or HTTP backends, making them ideal for serverless workloads. They are the best way to build APIs that do not require API management functionality.

See all API solutions from Amazon API Gateway

How developers use API management tools

All kinds of developers, including mobile developers, web developers, and backend developers, create their own APIs and often leverage others’ APIs in the products and services they build. APIs allow users to complete an action without having to leave the mobile app or website they’re on—this means that a customer can spend more time with the product or service they were initially interested in instead of having to visit multiple sites to achieve their desired action. It’s also common for teams across an organization to segment their internal work into separate applications across multiple servers that communicate with each other through APIs.

Businesses large and small increasingly need to offer their customers seamless browse, search, and check-out experiences that span sites and platforms. To create smooth end-to-end user experiences, developers use API management tools that make it easy to create, secure, deploy, and operate APIs that enable users to accomplish their goals without needing to navigate to multiple sites or services. With the proliferation of APIs, developers also utilize API management tools that allow them to monitor performance, manage traffic, and control who can access their APIs.

Building and using APIs allows developers to save time, avoid redundant work, accelerate their pace of development, and help others use their products and services seamlessly.

Important features of API management tools

Building, deploying, and managing APIs should be quick and easy. Allowing others to leverage your APIs means that maintaining security across APIs should also be easy. In addition to facilitating simple application development and paramount security, APIs should be able to scale in real-time, offer visibility into their operations, and help you manage the third-party developers and companies that access them. Mature API management platforms offer a robust set of capabilities, including below: 

Page Topics

Features

Features

APIs should be built using access controls, commonly known as authentication and authorization, that grant users permission to access certain systems, resources, or information.

API protections include API keys for identification, API secrets, and application authorization tokens that can be verified. 

APIs allow web applications to interact with other applications. You can create and define different types of APIs such as RESTful APIs and WebSocket APIs. 

A RESTful API is a group of resources and methods, or endpoints, that leverage an HTTP request type. A WebSocket API maintains a persistent connection between connected clients.

Highly performant APIs depend on code, the separation of functionalities, and on underlying data structure and data architecture. 

API developer portals connect API publishers with API subscribers. They enable self-service API publishing and allow potential API customers to easily discover APIs they can use. 

API management tools on AWS

AWS offers a comprehensive platform for API management called Amazon API Gateway. Used across businesses and organizations, from enterprises to startups, API Gateway makes it easy to define, secure, deploy, share, and operate APIs at any scale. It also makes API monitoring simple and fast. API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. API Gateway also offers a serverless developer portal that enables API publishers to easily connect with API subscribers, as well as easily monitor, manage, and update their APIs.

Amazon API Gateway benefits

Amazon API Gateway allows you to leverage the same technology AWS uses to run its own services, Signature Version 4. Using Signature Version 4 authentication, you can use Identity and Access Management (IAM) and access policies to authorize access to your APIs and all other AWS resources.

Amazon API Gateway can execute AWS Lambda code in your account, start AWS Step Functions state machines, or make calls to AWS Elastic Beanstalk, Amazon EC2, Amazon ECS, or web services outside of AWS with publicly accessible HTTP endpoints, like Docker. Using the Amazon API Gateway console, you can define your REST API and its associated resources and methods, manage your API lifecycle, generate your client SDKs, and view API metrics.

Amazon API Gateway handles any level of traffic received by an API, so you are free to focus on your business logic and services rather than maintaining infrastructure. Amazon API Gateway also provides you with a dashboard to visually monitor calls to the services. The Amazon API Gateway console is integrated with Amazon CloudWatch, so you have full visibility into backend performance metrics, such as API calls, latency, and error rates.

Amazon API Gateway lets you create API keys, set fine-grained access permissions on each API key, and distribute them to third-party developers to access your APIs. You can also define plans that set throttling and request quota limits for each individual API key.

Reference architectures for common API use cases

These reference architectures provide the architectural guidance you need to build an application that takes full advantage of Amazon API Gateway and the AWS Cloud.