What is APIM?
API Management, often abbreviated as APIM, is a method used to create modern and consistent API gateways for existing back-end services. One of the well-known platforms that provide this service is Azure API Management (APIM). It’s a platform-as-a-service that supports the complete lifecycle of an API and is designed to help organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
Azure API Management is composed of three main components: an API gateway, a management plane, and a developer portal. The API gateway acts as a facade for the backend services, allowing API providers to abstract API implementations and evolve backend architecture without impacting API consumers.
This platform is commonly used in scenarios such as unlocking legacy assets, API-centric app integration, creating multi-channel user experiences, and B2B integration. It also provides features like API protection, API discoverability, and transforming existing services.
Key Features
API Management (APIM) is a platform that enables organizations to manage their APIs throughout their lifecycle. Here are some key features of APIM:
API Lifecycle Management: This feature allows you to manage all stages of an API’s lifecycle, from creation to deprecation. This includes designing, building, testing, securing, deploying, publishing, versioning, and monitoring the API.
API Gateway: The API Gateway is the entry point for all client applications. It receives API requests, enforces throttling and security policies, passes requests to the appropriate backend service, and then passes the response back to the requester.
Management Plane: This is where API providers can define and manage their APIs. It allows them to abstract the underlying implementation details of the API, so they can change the backend services without affecting the API consumers.
Developer Portal: This is a self-service portal for developers. It provides API documentation, allows developers to test APIs, and provides other resources to help developers use the APIs effectively.
Policies: Policies are a set of configurable behaviors that can be applied to APIs. For example, you can set up rate limiting to protect your APIs from abuse, or you can transform the data format of the request or response.
Analytics: This feature provides insights into the usage and performance of your APIs. You can see which APIs are used most frequently, monitor for errors, and track other important metrics.
User Management: This feature allows you to manage who can access your APIs. You can set up roles and permissions, and manage users and their access to the APIs.
Integration: APIM can manage APIs that exist anywhere, not just in the cloud where the APIM solution is hosted. This means you can manage APIs that are hosted on-premises, in other clouds, or in a hybrid environment.
Different tiers of Azure API Management offer different sets of features and capacities. For example, the Developer tier is designed for testing and development, while the Premium tier offers more advanced features for production use cases.
Benefits of APIM
API Management (APIM) offers several benefits:
Independent Development and Technology Choice: This means that different teams can work on different parts (microservices) of a larger system at the same time. They can also choose the best technology for their specific task, without being constrained by what the rest of the teams are using.
Independent Deployment and Release Cycle: Each microservice can be updated or improved individually, without having to wait for the entire system to be updated. This allows for faster and more frequent updates.
Granular Scaling: If a particular microservice is experiencing high demand, you can increase resources for that specific service instead of the entire system. This can save costs and improve reliability.
Simplicity: Smaller services are easier to understand and manage. This can speed up development, testing, debugging, and launching a product.
Fault Isolation: If one microservice fails, it doesn’t have to affect the rest of the services. This can make the overall system more reliable.
Abstract Backend Architecture: APIM allows the backend services to evolve and change without impacting the users of the API. This means you can improve your backend services without disrupting your users.
Security: APIM provides features to secure your APIs. This can help protect your services from unauthorized access.
API Discovery and Consumption: APIM makes it easier for users (both internal and external) to find and use your APIs.
In the context of Azure, APIM allows you to manage your APIs in a centralized way. It provides features to secure your APIs, apply policies, and document your APIs. It also simplifies the API URLs by hosting them under the same domain.
Drawbacks of APIM
API Management (APIM) platforms, such as Azure API Management, offer numerous benefits but they also have some drawbacks:
Cost: APIM platforms often require a significant initial investment. This cost can be prohibitive for smaller organizations or projects with limited budgets.
Scaling: While APIM platforms are designed to scale with your needs, the cost associated with scaling can increase rapidly. This means that as your needs grow, so too will your costs.
User Interface: Some users have reported that the user interface of certain APIM platforms could be more intuitive or user-friendly.
Integration: While APIM platforms are designed to work with a variety of API gateways, some users have found that the integration capabilities could be improved. This could mean making it easier to connect with different API gateways or improving the functionality when connected.
Deployment: The process of deploying versions, particularly in Oryx, has been identified as an area that could be improved. Some users have found that the process of moving from a development to a production instance is not as smooth as it could be.
Automation: Automation can save time and reduce the potential for errors. However, some users have reported that Azure API Management lacks sufficient automation capabilities.
How does APIM Work?
API Management (APIM) is a platform that helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services. It supports the complete API lifecycle and is used to create consistent and modern API gateways for existing back-end services:
API Gateway: This is like a doorkeeper for your APIs. When an API call is made, it first reaches the API Gateway. The gateway checks if the call has the correct ‘keys’ (like API keys or tokens). It also checks if the call is within the allowed usage limits. If everything checks out, the gateway then sends the call to the correct backend service. It can also modify the API response without changing the code and cache responses to improve performance.
Management Plane: Think of this as the control room for your APIs. Here, you can define your API (what it does, what data it needs, etc.), group APIs into products, set up rules for the APIs (like usage quotas), and analyze how your APIs are being used.
Developer Portal: This is like a library or resource center for developers who use your APIs. They can find documentation about the APIs, try them out, get API keys, and see how much they’ve used the APIs.
In simple terms, APIM is a tool that helps you manage your APIs effectively. It makes sure that the right people have access to your APIs, that they’re using them correctly, and that you have the information you need to keep improving your APIs.
Difference Between API and APIM
An API (Application Programming Interface) and APIM (API Management) are two different concepts that work together for data exchange and integration.
An API, or Application Programming Interface, is like a menu at a restaurant. It lists all the services that are available and how you can request them. But just like when you order food, you don’t need to know how the kitchen prepares your meal. Similarly, an API lists out all the services a software provides and how another software can request them, without needing to know how the services are implemented.
On the other hand, API Management, or APIM, is like the restaurant manager. The manager doesn’t cook the food but ensures everything runs smoothly. Similarly, APIM doesn’t implement the services but manages them. It keeps track of who is using the APIs, and how they’re being used, and ensures they’re secure and performing well.
So, in essence, an API is a set of rules for how software applications should interact with each other, and APIM is a tool that oversees and manages these interactions. It’s like the difference between the menu (API) and the restaurant manager (APIM).
Some Popular APIM Solutions
Here are some popular API Management (APIM) solutions:
SwaggerHub by SmartBear: It integrates with Azure API Management. It allows you to design your APIs on SwaggerHub and then deploy your API design to your Azure API Management instance from SwaggerHub. This keeps the APIs updated with any changes made to the design.
Astera API Management: It is a no-code solution that empowers your team to build, manage, test, consume, publish, monitor, and make data more accessible. It also allows users to monitor live metrics for all deployed APIs using a Visualization Dashboard.
Apigee by Google Cloud: It is a full lifecycle API management solution that helps consistently create, manage, secure, socialize, and monetize APIs. It promotes digital transformation on premises and across clouds.
3scale by Red Hat: It allows you to share, secure, distribute, control, and monetize your APIs on an infrastructure platform built for performance, customer control, and future growth.
IBM API Connect: It is a full lifecycle API management solution that uses an intuitive experience to help consistently create, manage, secure, socialize, and monetize APIs, promoting digital transformation on premises and across clouds.
Akana API Management: It enables you to manage the full API lifecycle, deploy across multiple clouds, support digital transformation, and ensure compliance.
Kong Enterprise: It delivers robust, secure API management for enterprises. It maximizes the value of APIs and microservices with a scalable, flexible platform.
Dell Boomi API Management: It provides capabilities for publishing, monitoring, securing, and analyzing APIs. It also offers the ability to import a Swagger 2.0 API in a wizard-driven approach.
Mashery by TIBCO: It provides the tools and services for publishing, monitoring, securing, and analyzing APIs. It supports the full lifecycle of APIs in any environment.
Automate by CA Technologies: It provides industry-leading services for managing enterprise-scale APIs. It offers a variety of API tools that speed development while integrating, creating, and securing APIs that help transform business.
When Should You Use APIM?
API Management (APIM) offers several benefits that make it a valuable tool for organizations:
Abstracts Backend Complexity: This means that APIM hides the details of how APIs are implemented. For example, if you have an API that fetches user data from a database, the API consumer doesn’t need to know about the database or how the data is fetched. They just need to know how to use the API. This allows the backend architecture to change without affecting the API consumers.
Security: APIM provides security features that protect your APIs. For instance, it can ensure that only authorized users can access certain APIs, and it can protect against attacks like Denial of Service (DoS).
Lifecycle Management: APIM supports the entire lifecycle of an API, from creation to retirement. This includes designing the API, implementing it, testing it, deploying it, monitoring its usage, and eventually retiring it when it’s no longer needed.
Independent Development and Deployment: With APIM, different teams can work on different APIs at the same time. This allows for faster development and deployment, as teams can work in parallel.
Granular Scaling: APIM allows individual APIs to be scaled up or down based on demand. This can lead to cost savings, as you only need to scale the APIs that are experiencing high demand.
Simplicity and Fault Isolation: Smaller services are easier to understand and manage. If one service fails, it doesn’t affect the others, which increases the overall reliability of your application.
Collaboration: APIM makes it easy to share APIs with other developers, both within your organization and outside it. This can lead to more usage of your APIs, and therefore more value derived from them.
How does APIM Handle Versioning of APIs?
Azure API Management (APIM) provides several options for handling API versioning:
Path-based versioning: This method includes the version identifier directly in the URL path of the API request. For example, if you have two versions (v1 and v2) of a ‘products’ API, the URLs could be https://apis.contoso.com/products/v1 and https://apis.contoso.com/products/v2. This makes it clear in the URL itself which version of the API is being used.
Header-based versioning: In this method, the version identifier is included in the HTTP request header. This means that the version information is sent as part of the metadata of the HTTP request, rather than in the URL.
Query string-based versioning: Here, the version identifier is included in a query string parameter of the API request. This is similar to path-based versioning, but the version information is included as a parameter in the URL, like https://apis.contoso.com/products?version=v1.
These methods allow clients to specify which version of an API they want to use. You can use any string as a version identifier, such as a number, a date, or a name.
Each API version is considered as its own independent API. This means that two different API versions might have different sets of operations and different policies. You can publish multiple versions of your API at the same time, allowing clients to choose to use your new API version when they’re ready while existing clients continue to use an older version.
In addition to versions, APIM also supports revisions of APIs. Each API version can have a set of revisions, but only one revision is considered current and all share the same public URL (and version identifier if used). This allows you to deploy changes to consumers transparently by marking a new revision as current.
How does APIM Handle Authentication and Authorization?
Azure API Management (APIM) handles authentication and authorization in the following ways:
Authentication: This is about verifying who the user or application is. Azure API Management (APIM) can use various methods for this, such as usernames and passwords, certificates, or single sign-on (SSO).
Authorization: This is about checking if the authenticated user or application has the right to access a specific API. APIM often uses a token-based protocol like OAuth 2.0 for this.
Here are some specific methods used by APIM:
OAuth 2.0: This is a popular protocol for API authorization. APIM can use OAuth 2.0 for authorization between the client and the API gateway, between the gateway and the backend API, or both.
Other Mechanisms: APIM also supports other mechanisms for authentication and authorization. These can be used in addition to OAuth 2.0 or when OAuth 2.0 isn’t possible.
Microsoft Entra ID and Azure RBAC: These are used for managing the API Management instance through the Azure control plane.
API Management Developer Portal: This portal provides several options for secure user sign-up and sign-in.
In addition to these, APIM recommends using TLS (Transport Layer Security) to secure the credentials or tokens used for authentication or authorization. This is part of a broader strategy for securing your API Management environment.
History of APIM
API Management (APIM) has seen a significant evolution over the years. In its early stages, API Management was viewed in a rather narrow sense, focusing on managing one API at a time. This was typically done by a separate management component, not part of the API implementation itself. This component would perform tasks such as authenticating and authorizing access to the API, preventing unauthorized access, and throttling access so that API consumers would not be able to overwhelm an API provider by sending too many requests. This kind of management is usually performed by an API gateway.
As APIs started appearing in greater numbers and had to be updated more frequently due to evolving consumer demands, API Management evolved alongside it. It now covers the entire lifecycle of an API, including the development cycle of releasing, testing, deploying, and updating the API. For this wider scope of API Management, additional components such as testing and monitoring tools entered the picture.
The modern web APIs that we use today began taking shape in the early 2000s. A popular dissertation on REST by Roy Fielding and a handful of emerging technology companies including Salesforce, eBay, and Amazon, led to the definition of these web APIs.
Web APIs got their commercial start by powering the vision of emerging commerce startups looking to change the way we do business on the web. The commerce age of web APIs was dominated by three companies: Salesforce, eBay, and Amazon. In 2004, a shift in the API landscape began to emerge, making the web more social.
Competitors of APIM
There are several competitors of API Management (APIM) in the market. Here are some of them:
RapidAI
RapidAI is a platform that allows developers to easily access and integrate various APIs into their applications. It provides a unified interface for developers to discover, test, and manage APIs from different providers.
Kong
Kong offers a next-generation API platform designed for modern architectures, including microservices, containers, cloud, and serverless. Kong Gateway is a lightweight, fast, and flexible cloud-native API gateway. It is designed to run on decentralized architectures, including hybrid-cloud and multi-cloud deployments.
Apigee
Apigee, now part of Google Cloud, provides a full lifecycle API management platform that enables API providers to design, secure, deploy, monitor, and scale APIs. It allows developers to build API proxies that interact with your services.
MuleSoft’s Anypoint Platform
MuleSoft’s Anypoint Platform™ is a leading solution for API-led connectivity that creates an application network of apps, data, and devices, both on-premises and in the cloud. It provides tools to build connectors, implement integrations, and dramatically simplify API design, reuse, and testing.
AWS API Gateway
Amazon’s API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. It provides a set of tools and services for creating, publishing, and managing APIs, as well as for enforcing security, scaling, and monitoring API usage.
Azure API Management
Microsoft’s Azure API Management is a turnkey solution for publishing APIs to external and internal customers. It provides a set of tools and services for creating, publishing, and managing APIs, as well as for enforcing security, scaling, and monitoring API usage.
How to Setup and Use API Management (APIM) in Microsoft Azure Portal?
Here are the steps to set up and use API Management (APIM) in Microsoft Azure Portal:
Sign in to Azure: You need to log into your Azure account. If you don’t have one, you’ll need to create it.
Create a New Instance: In the Azure portal, you can create a new resource. In this case, you’re creating an API Management service. You can do this from the Azure portal menu or Azure Home page.
Enter Settings: While creating the API Management service, you’ll need to provide some details:
- Subscription: This is your Azure subscription under which the new service instance will be created.
- Resource Group: This is a logical container in Azure where you deploy and manage resources. You can select an existing resource group or create a new one.
- Region: This is the geographic location where your API Management service will be hosted. It is best to choose a location near you.
- Resource Name: This is a unique name for your API Management service.
- Organization Name: This is the name of your organization. It is used in various places like the title of the developer portal and as the sender of notification emails.
- Administrator Email: This is the email address where all notifications from API Management will be sent.
- Pricing Tier: This is the pricing level for your service. For the evaluation process, you can select the ‘Developer tier’. This tier is not meant for production use.
Review and Create: After entering all the details, you can review them and then create the service. It might take some time (around 30 to 40 minutes) for the service to be created and activated.
Go to your API Management instance: Once the service is created, you can go to your API Management instance in the Azure portal and review its properties.
After setting up the API Management service, you can start using it to manage your APIs. This includes tasks like importing APIs into your API Management instance.