API oriented architecture is proving to be the foundation for digital transformation. It introduces significant benefits; for example, it allows building future-ready solutions, has controls over data exposure, can secure data, maintains consistency and simplifies the delivery of services to an ever-expanding variety of devices, which enables business owners to quickly add new features and minimises time to market.
When the subject is related with APIs, you would wish to have an API management platform to secure, configure, analyse and manage your APIs efficiently. Google’s Apigee – an intelligent platform used for developing and managing API proxies – manages the entire API lifecycle. It enables effective and secure delivery of APIs that are easy to use by your app developers.
Understanding the API Management Lifecycle is the best approach to completely understand all the steps involved to effectively manage your APIs.
Let’s first try to understand what we mean by API Management Lifecycle and how Apigee in particular helps businesses to manage it.
API Management Lifecycle steps/phases
As shown in the image above, the API management Lifecycle is a multi-step process which allows API teams to manage APIs in an efficient and successful way.
Let’g go a bit more in detail, starting by recognizing the artefacts that will effectively make part in the API management lifecycle.
It is the first step taken and should be very well thought through and defined. Mainly the keynote is how to give real expected value to consumers, thinking of interface/contract to attend business requirements. It is important to create APIs that will match the consumer needs and not just interfaces in front of your backend with a pass through assumption. A wrong definition will lead to rework in next steps. This raises the question: how to avoid such rework?
More time available for design might mean less cascade changes for further cycle phases. The initial design can be built in partnership by technical architecture, app developers and business analysts followed by a sub-cycle process enclosing simulation, validation, feedback and refinement.
In this phase you should think of how the URL will be designed, the schema, base URLS, restful communication between the parts, method/verbs, request/response parameters, request/response body, authentication mechanism, message format (JSON). Apigee supports OpenAPI specification (formerly known as Swagger) – a sophisticated way to design APIs.
“The benefit of having the API design first is that it gives a clear idea about the API, how will it look in the end and how the API consumer will interact to it, before even writing a single line of code. It is cost effective, since it is much easier to change the design than a working code. In addition to that, it also enables collaboration and parallel development, for e.g. until your backend API is ready, you might mock the API and share it with your API consumers already so they can start building apps, meanwhile you work on connecting with the backend. When it is ready you can connect it with Apigee and perform a seamless deployment without any impact on any apps.”
With Apigee, you can also store the API design as a spec on Apigee Edge. Of course you can also store it in of your preferred repository, like Git.
In this section we will show how we can use the API specification and generate an API proxy. The development and maintenance is configured on Edge. It has all the needed features to support the API Management platform. Edge is the platform where the developer can create, configure, and maintain the APIs. It’s a browser based interface. You can create API proxies by editing code and tracing the flow of requests through your proxies, add/modify the set of many out-of-the-box policies, deal with messages, logging, rate limiting, security, analytics, configure environments, deploy, test, and so on.
Apigee allows you to create an API proxy using an Open API Specification. This saves the time of having to create an API from scratch. Since you have defined a basepath andmethods (verbs) in your specification, Apigee is able to read those details and create an API in just a few clicks.
You must have realised that only the OpenAPI specification does not solve the development phase, as it only describes certain properties. But what about implementing Apigee specific policies, like Traffic Management, SOAP/JSON Transformation, etc? Our recommendation is, next to the design, and a supported document, to have an Integration Pattern document defined. This document should help your API developer at Apigee side to build/configure the API fully based on the pattern and API design.
Although the development is done using Edge, it is extremely important that a source control and proper branching strategy are adopted. Especially when you have a large team, have multi-environments and in case of any need of recover of lost data. This will also make it easier when implementing CI/CD features for branch/push automated builds, performing a static code quality analysis, unit testing, integration testing and updating API documentation.
One of the core strengths of an API management is to secure the APIs. Apigee provides several security feature out of the box: APIs with OAuth 2.0, API key validation, Access control, Basic authentication, JSON and XML thread protection, JWT, LDAP, and SAML. In addition to that, it supports traffic management policies such as Spike Arrest and Quota to prevent DDoS attacks (Denial-of-service attack).
Apigee has a one-click deployment feature (out of the box) via its user interface, which makes it easier to manage deployments.
The automation of the process for deployment, version control, and automated testing are a benefit that must be taken into consideration. They have become essential for efficient releases from environments to other environments. The options for automating the CI/CD pipeline are plentiful and must be smartly chosen. Apigee offers a build-deploy script, with which you can automate the deployment including the environment configurations like cache, KVM, target server, etc.
Next to API deployment, there is a sophisticated way to also publish the APIs to a dedicated portal, which comes together with Apigee Edge – Apigee Developer (drupal based portal) which provides you with Developer Services that you can use to build and launch your own customized website to list APIs, onboard your app developers and provide all of these services to your development community like forums, blogs, FAQs, etc. This makes it easy to administer your APIs, educate developers about your APIs, sign up developers, and set up a developer onboarding workflow.
The capacity for scaling is a very important point which will handle the growing amount of work and make sure that the API will not interpose the success of the calls. Peaks in the workload can be expected. Apigee cloud handles the scalability regarding these peaks in processing with auto scaling groups. So as customer you do not have to worry about capacity.
Environment monitoring should be non-disrupted. It is critical to guarantee the availability of your application. Apigee Edge has recently introduced monitoring dashboard, which means your operations teams can now continuously monitor the health of APIs and receive alerts about any anomalies so API teams can quickly restore API service levels.
When analytics comes to play. The power for analysing reports how your systems, processes, and calls are performing. Those reports/charts are an indispensable way to extract the seeds from managerial areas and improvements. Apigee has an extensive set of out of the box analytics reports, including proxy performance, target performance, cache performance, and developer engagements. You can analyse the proxy/target error code and check latency.
Although monetising is an approach for making API calls profitable, not all companies go in this direction. Most of the time the choice to have APIs monetised is left for business decision makers. Monetisation control supplied by Apigee is quite flexible, it can be enforced by a developer, by groups of developers, pre or post plans, variable or fixed rates, etc.
Based on the points mentioned in this blog; for any API to become a reality, there are certain sets of steps that need to be taken to ensure the success of it. With Apigee, this journey becomes effective and efficient with all the features the platform provides. It also clarifies the importance to deeply understand and implement these steps from the beginning of the journey (or as soon as possible) to ensure a stable lifecycle process. The actors and roles are just as important as the lifecycle phases. In our experience, if each team member performs their tasks in a prudent way, the API Management platform runs smoothly, and rapidly shows the gains for the business by becoming a successful organism for the company as a whole. “Don’t be just one more, be the example to be followed.”
More about API Management
The digital ecosystem is evolving in many directions. Organizations are adopting multiple channels to drive newer sales channels, trigger new business models and generate more and more revenue. This triggers the need of unlocking business assets to the outside world in a secure manner. The increasing demand from Internet Business Models, IoT, social media and Cloud Adoption will exponentially increase the need to expose the business assets to the outside world by means of API.