Universal API Management: The Next Evolution

Introduction

In this article, I’m going to be taking a look at MuleSoft’s new Universal API Management (UAPIM) capability.

I’m going to assume that you are familiar with API Gateway and API Management and how the Anypoint Platform currently achieves this. So, you may be wondering why MuleSoft has a new API Management offering and why they’ve termed it Universal. First, I’ll cover the underlying problem that has required adopting this new approach. Once the problem is understood, we can dive into how MuleSoft’s UAPIM solves it.

The Problem is API Sprawl

What do we mean by API Sprawl?

The average Organization has a multitude of APIs spanning the whole Enterprise – for some, this number may run into the hundreds. For most Organizations, this is also an ever-increasing number as they progress on their journey toward Digital Transformation. With such many APIs (probably having been built to serve multiple Business Units), it shouldn’t be hard to imagine that all those APIs will not be deployed in the same locale and certainly not managed by one single Management tool. 

For example, there may be some APIs written in Java, some written in Python, others written in Mule, some deployed to AWS, some deployed On-Premise, others deployed to Anypoint Platform, etc. 

Most Organisations now have multiple development teams, all working in different technologies, each supporting other Business Areas. The determining factor of how they each develop APIs depends on the skill set of those individual teams.

This overall approach, as it progresses, leads to continually increasing levels of what is termed API Sprawl.

Why is API Sprawl a problem, and should Organisations be concerned? 

There is one fundamental issue here, and that is the lack of central management and governance of APIs. This, in itself, then leads to several further problems. 

• APIs are built to different standards and guidelines – the obvious concern here is lax security.
• Multiple Management consoles are needed for operational control – this results in operational lead times and requires additional training on numerous tools.
• It is difficult to identify and discover and re-use existing APIs, leading to underutilized and/or duplicate functionality being built.

This is the issue that Organisations now face and need to be able to address. Unfortunately, the apparent solution of rebuilding and replacing a technology stack isn’t generally cost-effective or, in many cases, even possible. Therefore, another solution needs to be found.

The Solution is to Unify the API Landscape

MuleSoft’s UAPIM capability is intended to unify the API landscape. It gives an Organisation the ability to manage all its APIs, irrespective of where they’ve been deployed, from one central tool, MuleSoft’s Anypoint Platform. 

At this point, I will say that UAPIM is not a new standalone product. It is simply an extension of the platform’s existing functionality, achieved through the enhancement of existing products and the addition of a small number of new ones.

The below graphic summarises the components of UAPIM.

UAPIM allows for:

• Discoverability of all APIs (via Anypoint CLI)
• Protecting all APIs (via Flex Gateway)
• Managing all APIs (via API Manager)
• Governance of all APIs (via API Governance)
• API marketplaces (via Experience Hub) – note at the time of writing, this is not currently available but is planned for early 2023.

Anypoint Flex Gateway

Arguably at the heart of UAPIM is Anypoint Flex Gateway. MuleSoft describes this as an ultrafast and lightweight orchestration layer acting as an API Gateway. Its primary concern is to manage non-Mule APIs (i.e. those not deployed to a Mule Runtime), but it can also manage Mule APIs. Conceptually, Flex Gateway sits above all these existing APIs, allowing them to be discovered and managed by Anypoint Platform. 

When deploying a Flex Gateway, it can be configured in two modes- Connected Mode or Local Mode. Each of these modes can then be installed onto several major Linux distributions, in a Docker container or in a Kubernetes cluster.

In Connected Mode, the gateway is connected directly to the Anypoint control plane giving access to that gateway from the Anypoint UI. With this access, it provides the ability to see the state of an API in Runtime Manager and apply policies to those APIs via API Manager.

In Local Mode, which can be considered to be more of a standalone gateway, APIs are not accessible through the UI. With no access via API Manager, API policies are applied through locally stored declarative configuration files, accessed directly by the gateway.

One point to note here is that the closer the Flex Gateway is deployed to the APIs it needs to manage, the less latency there is. MuleSoft has also considered this, and multiple gateways can be deployed (running simultaneously) in different locations and onto different platforms. This allows for the management of separate APIs built and deployed across multiple different technologies.

API Governance

The other new component that falls under the UAPIM umbrella is API Governance. This, at its core, is to enable consistency in quality across all your APIs. Effectively, it’s a code analysis tool for API specifications; it allows for the application of governance rules to those specifications. This is done by creating rules and rulesets (or by using out-of-the-box rules already provided by MuleSoft) and applying them through Profiles. This ensures non-compliance is highlighted and allows issues to be trapped early with minimal overhead to the API development team.

As stated above, MuleSoft already provides several rulesets (such as Best Practises and OWASP Security). Still, new rulesets can easily be created and published to Anypoint Exchange for use by the wider team.

Conclusion

MuleSoft’s UAPIM offers a capability many Organisations have long been waiting for. This capability allows them to manage all their APIs through one single tool, providing all the advantages that come with that:

• Build and discover any API
• Ensure governance on all APIs
• Secure APIs with a fast gateway

In summary, with the introduction of UAPIM, all those benefits of Anypoint Platform that were once only available to Mule-built APIs can now be applied to all APIs and Microservices.

To discuss your API approach and learn more about UAPIM, get in touch with Devoteam to learn more.

References

• Flex Gateway documentation: 
  • https://docs.mulesoft.com/gateway/1.1/flex-gateway-getting-started
  • https://docs.mulesoft.com/runtime-manager/flex-gateway-about
  • https://docs.mulesoft.com/release-notes/flex-gateway/flex-gateway-release-notes

• API Governance documentation:
  • https://docs.mulesoft.com/api-governance
  • https://docs.mulesoft.com/release-notes/api-governance/api-governance-release-notes