animind - Fotolia
Organizations continue to develop distributed application ecosystems that send massive populations of containers and microservices into production environments. This means that IT operations teams must find a reliable way to monitor and manage the plethora of APIs that keep these components connected.
If the challenge of just managing APIs in production wasn't hard enough, it's compounded by the fact that IT shops now also face new, potentially unfamiliar types of APIs. With SaaS apps hosted on public cloud platforms, many APIs are not under the direct control of the organization that depends on them. There is also the continued growth of IoT, which has led to more nonstandard APIs associated with event-driven devices.
It does seem likely that the IT industry will eventually find a way to standardize APIs over time, but no organization should count on this. Instead, plan for API chaos, and apply tools that can help you weather the storm.
The challenge of APIs in production
API management is typically considered during development, but proven techniques to manage APIs in production are still not widely adopted. Lots of problems can occur in production, such as when a vendor unexpectedly makes changes to how its API operates. This can easily break the connections between the API and an organization's in-house applications and services. It's also common for these third-party API connections to be the focus of software breaches and attacks.
IT operations teams must diligently monitor and maintain reports on API security and performance. For example, when a new attack vector emerges, all of the organization's APIs should be tested for vulnerability. Also, IT should always investigate APIs that don't work as expected or exhibit unusual call/response behaviors.
In addition to automated monitoring and reporting, IT organizations should also automate API maintenance. Attempting to manage APIs manually nearly always guarantees problems. For instance, a change in one API environment can create problems all along the API chain due to dependencies. Without some sort of automated monitoring or change management system in place, failures will cascade.
API management tools
There's an emerging market of tools to manage APIs designed to help IT departments tasked with managing distributed collections of APIs in production. This market sector is maturing rapidly, and there are plenty of options that can help enhance API management, monitoring, reporting, analysis and more.
Some of the most popular tools for API management include the following:
- Akana by Perforce;
- Apigee, part of Google Cloud;
- Dell Boomi integration PaaS;
- Kong for microservices;
- Mashery, a Tibco company;
- SwaggerHub for design and documentation; and
Many major application platform vendors, such as Oracle and SAP, also include API management capabilities as part of their larger development and application suites. AWS, Azure and other public cloud platforms particularly focus on providing management capabilities for cloud-based APIs.
AI and APIs
There's a great deal of complexity in API management. Some tools use AI to identify where problems occur and help adapt the IT approach to handle them. For example, when a service changes its API, the API management tool's AI technology detects this change and provides an adaptation automatically to calling services. API calls continue to work as expected.
Assessing API management platforms
When organizations set out to choose an API management platform, the main goal is to support the interoperability of the APIs spread across an IT platform. As such, it's a good idea to look for vendors that offer out-of-the box methods to rapidly interrogate, assess and control existing API integrations. After this initial assessment, it will be easier to introduce new APIs to the overall IT environment, with the API management platform controlling integrations.
The other key part of API management in production environments is providing overall data security coverage. API security is difficult, especially when the APIs are designed to interact with external services in the most open and latency-free manner possible. The platform vendor should provide authentication services that ensure only authorized users and services can access a responding application's back end.
Look for tools that can help identify and remediate any potential attacks made against an API, such as a denial-of-service attack made through call overloads. These tools should monitor and report in real time. Some platform products will even advise a course of action that can minimize the effects of a particular incident. A quality tool should also maintain a strong audit trail based on monitoring data, which helps IT admins perform full forensic investigations into API issues.
Finally, simplicity should be another top focus of any API management tool assessment. Some vendors, such as Linx, take a "code as little as possible" approach. This usually means that API connections are available out of the box or provide extensive drag-and-drop capabilities. This kind of simplicity can definitely help IT teams with limited staffing or expertise.