A popular trend in enterprise software development these days is to design client apps to be very decoupled and use APIs to connect them. This approach provides an excellent way to reuse functionality across various applications and business units. Another great benefit of API usage in enterprises is the ability to create those APIs using a variety of disparate technologies.
However, this approach also introduces its own pitfalls and disadvantages. Some of those disadvantages include things like:
-
Difficulty discovering or sharing existing APIs
-
Difficulty sharing common functionality across API implementations
-
Tracking of API usage/consumption
API Management is a technology that addresses these and other issues by providing an API Manager to track APIs and configure governance policies, as well as an API Gateway that sits between the API and the client. This API Gateway is responsible for applying the policies configured during management.
Therefore an API management system tends to provide the following features:
-
Centralized governance policy configuration
-
Tracking of APIs and consumers of those APIs
-
Easy sharing and discovery of APIs
-
Leveraging common policy configuration across different APIs
The goals of the JBoss API management project are to provide an easy to use and powerful API Manager as well as a small, fast, low-overhead API Gateway to implement standard API management functionality.
Some common API management use cases include:
APIs will very often have a security requirement such that clients connecting to the API must authenticate in some fashion. Authentication can vary greatly both in the protocols used to authenticate and the identity source used for validation.
It can often be convenient to provide authentication at the API management layer to free up the back end API from having to do this work. This approach also has the side benefit of centralizing configuration of authentication for a wide array of disparate APIs.
Therefore the API management layer must provide authentication capabilities using a wide range of protocols including BASIC, digest, OAuth, etc.
The API management layer is a convenient place to ensure throttling (also known as rate limiting) to your APIs. Throttling is a way to prevent individual clients from issuing too many requests to an API. Because all requests to an API go through the API Gateway it is an excellent place to do this throttling work.