What DevOps teams need to know about API management
Managing today's sprawling API ecosystems is increasingly daunting for DevOps teams. Learn what to look for when choosing a tool to reduce the complexity of API management.
Developers today have endless choices when it comes to APIs: Just like standards, if you don't like one, there are many more to choose from.
And therein lies the problem.
Although APIs provide easy and effective ways to link different functional stubs, services and apps, the API world has no clear set of best practices comparable to ITIL for IT service management.
While API structures, such as Simple Object Access Protocol (SOAP) and REST, are fairly standardized, there's so much more to how APIs work. API management has become so complex that no one developer -- or even a group of developers -- can keep on top of the problem.
But in today's world of microservices, the ability to manipulate the APIs needed to run a composite application created from different services is a necessity for DevOps. Without some knowledge of how APIs operate, an optimized microservices-based platform is barely possible.
Where does this leave DevOps teams? Many developers don't use APIs to their full potential, instead opting for hard links between differing services. As time progresses and developers update or change what their own services do, these hard links easily break, whereas if APIs had been used successfully, this would not be the case.
Others take the minimalist approach and use only what they know and avoid the troublesome bits. This is also not a good option, as it confines the overall capabilities of a composite application to the lowest common denominator.
Why should DevOps teams use an API management tool?
For organizations embracing microservices, DevOps and CI/CD, it's essential to use APIs effectively and to their full potential. Relying on developers to keep themselves up to date in such a dynamic environment is infeasible: It's far better to use tools that focus on -- and excel in -- managing APIs across a broad environment.
Development groups as a whole need access to systems that open up the world of APIs, unveiling their capabilities and making them easier to use. API management tools can improve the effectiveness of API implementations and help organizations make the most of their microservices platforms.
When looking for an API management platform, here's what to keep in mind:
- An API store that uses discovery services. This ensures that developers can identify APIs easily and help avoid creating multiple APIs in cases where reusable code already exists.
- Integration with existing DevOps tools. Developers will only make full use of APIs if they are easily accessible and usable. Therefore, developers must be able to access APIs from where they work on a daily basis.
- API gateways. This is an important area within API management. API gateways are the controllers through which APIs interact and are monitored, as well as where issues are identified and can be escalated to developers for resolution. They also apply policies across the API environment.
- Ticketing systems integration. Although the API gateway identifies issues, the API management tool integrates with existing ticketing systems to avoid system duplication.
- API analytics. While analytic capabilities should be tied into the gateway, they should also examine operations to ensure that everything operates as intended. For example, the tool should identify where growing stress on an API is leading to performance issues, where changes to one side of an API pairing are causing issues to the other side and where API use has become orphaned, with one side no longer present.
- Traffic management. When an API becomes overused or suffers from a technical glitch, an API management system must address the issue by throttling or stopping that API or by spinning up another instance of the responsible app or service to balance the load more effectively.
- Authentication and user management. APIs must operate securely. However, individual APIs tend to focus on their own security and are not necessarily aware of another API's security capabilities -- or shortcomings. A good API tool can manage security across an entire platform.
- Awareness of and integration with public cloud systems. Even if you don't currently use a public cloud, it's likely that you will in the future. Ensure that the API management platform works with existing public cloud platforms, either directly or via their built-in API management systems.
Several API management system vendors also include monetization. This makes sense if you plan to make your microservices available as public-facing services, but if you're only concerned with internal use, the capability to monitor use in terms of metrics -- such as throughput and resource requirements -- should suffice.
Most cloud platforms -- including AWS, Microsoft Azure, Google Cloud Platform and IBM -- come with built-in API management tools. Some of these tools are based on specialized commercial offerings from highly focused API management vendors like Apigee, which Google acquired for use on Google Cloud Platform in 2016.
However, not everyone works on a public cloud -- and even those who do sometimes must integrate systems on a private cloud or other IT platform into the public cloud. Consequently, there is a need for effective tools that can be used across the whole DevOps chain to ensure that APIs are fully exploited, monitored and managed.
Examples of API management tools include the following:
- IBM API Connect
- Kong Konnect
- MuleSoft Anypoint Platform
- Red Hat 3scale API Management
4 must-have API management components