@uv

API management is the process of creating and publishing web application programming interfaces (APIs), enforcing their usage policies, controlling access, nurturing the subscriber community, collecting and analyzing usage statistics, and reporting on performance. 

API Management components provide mechanisms and tools to support developer and subscriber communities.

While solutions vary, components that provide the following functions are typically found in API management products:

Gateway: a server that acts as an API front-end, receives API requests, enforces throttling and security policies, passes requests to the back-end service and then passes the response back to the requester.[2] A gateway often includes a transformation engine to orchestrate and modify the requests and responses on the fly. A gateway can also provide functions such as collecting analytics data and providing caching. The gateway can provide the functionality to support authentication, authorization, security, audit and regulatory compliance.[3]

It can be implemented by a Reverse proxy.

Publishing tools: a collection of tools that API providers use to define APIs, for instance using the OpenAPI or RAML specifications, generate API documentation, govern API usage through access and usage policies for APIs, test and debug the execution of API, including security testing and automated generation of tests and test suites, deploy APIs into production, staging, and quality assurance environments, and coordinate the overall API lifecycle.

Developer portal/API store: community site, typically branded by an API provider, that can encapsulate for API users in a single convenient source information and functionality including documentation, tutorials, sample code, software development kits, an interactive API console and sandbox to trial APIs, the ability to subscribe to the APIs and manage subscription keys such as OAuth2 Client ID and Client Secret, and obtain support from the API provider and user and community.

Reporting and analytics: functionality to monitor API usage and load (overall hits, completed transactions, number of data objects returned, amount of compute time and other internal resources consumed, the volume of data transferred). This can include real-time monitoring of the API with alerts being raised directly or via a higher-level network management system, for instance, if the load on an API has become too great, as well as functionality to analyze historical data, such as transaction logs, to detect usage trends. Functionality can also be provided to create synthetic transactions that can be used to test the performance and behavior of API endpoints. The information gathered by the reporting and analytics functionality can be used by the API provider to optimize the API offering within an organization's overall continuous improvement process and for defining software Service-Level Agreements for APIs.

Monetization: functionality to support charging for access to commercial APIs. This functionality can include support for setting up pricing rules, based on usage, load and functionality, issuing invoices and collecting payments including multiple types of credit card payments.

Developers: A company’s API will typically be written and managed by its developers and development teams, thus developers will be the ones making the most use out of API management solutions. API management software offers full lifecycle control over managing APIs, so developers shouldn’t need to work outside the solution to oversee their published APIs.

Development managers: Development managers can make good use of the reporting and analytics aspects of API management software. The insights offered by these solutions can help managers make more informed decisions, which can drive current and future projects toward greater success.

Software solutions can come with their own set of challenges. 

Security: API management solutions need to either include or be paired with security solutions to verify that there are no security holes with API code, implementation, or use. It is essential to follow API security protocols when implementing an API management solution. Authorization checks must be used when necessary.

Other DevOps integrations: It’s essential to consider API development as a part of a company’s other DevOps efforts. In line with this consideration, API management tools need to be able to integrate with whatever other DevOps software the company uses. It’s important to check if these integrations exist. If they don’t, companies must find a workaround or consider a different solution entirely.

Software development companies: Any software development company that offers access to custom-built APIs benefits from the use of API management software. The number of APIs a company oversees can grow quickly, so the ability to manage them all within a single dashboard ensures proper oversight and efficient monetization. API management software helps software development companies of all sizes by improving operational efficiency and organization. 

Postman, IBM API Connect, Mulesoft Anypoint Platform, WSO2 API Manager, Kong API Gateway, Apigee, AWS Cloud Trail, Azure API Management