API Management

Create web application programming interfaces and manage how they're accessed and used with API Management

What are APIs?

Application programming interfaces (APIs) deliver fundamental business value in a digital world—from supporting internal innovation and enabling cross-enterprise agility, to creating new products and revenue streams.

An API is a set of tools, definitions, and protocols for building application software. It lets your product or service communicate with other products and services without having to know how they’re implemented. APIs can simplify app development which saves developers time and companies money. When you’re designing new tools and products—or managing existing ones—APIs give you flexibility, they simplify API design, administration, and use, and they provide opportunities for innovation.

APIs let you open up access to your resources while maintaining security and control. How you open access and to who is up to you. Connecting to APIs, and creating applications that consume the data or functionality exposed by APIs, can be done with a distributed integration platform that connects everything—including legacy systems and the Internet of Things (IoT).

Red Hat 3scale API Management

Red Hat 3scale API Management makes it easy to manage your APIs for internal or external users. Share, secure, distribute, control, and monetize your APIs on an infrastructure platform built with performance, customer control, and future growth in mind. 3scale components can be deployed on-premise, in the cloud, as a managed service, or on any required combination.

API-based Integration

APIs are at the center of a quality integration strategy. Enterprise APIs can be implemented in combination with enterprise integration patterns (EIPs) through one or a combination of the following ways:

Expose legacy applications.
Expose traditional service based applications.
Expose modern microservices architecture, and cloud/containerized applications.

API Management provides the same set of APIs for different audiences through packaging and unique consumption plans. API owners can decide the consumer profile for APIs.

Private

The API is only for internal use. This gives companies the most control over their API.

Partners

The API is shared with specific business partners. This provides additional revenue streams without compromising quality.

Public

The API is available to everyone. This allows third parties to develop apps that interact with your API and serve as a source for innovation.

API life cycle

The stages of an API life cycle are represented in twin interconnected life cycles: the API implementation life cycle and the API management life cycle. Together, these two stages form the complete API life cycle.

API implementation life cycle

Red Hat advocates for an API design-first approach. This involves consulting with stakeholders to collaboratively design an API before determining and developing the various channels and applications that will use the API. The design-first approach advocates for designing the API’s contract before writing any code.

Planning and designing the API - API planning and design involve mapping out the various resources and operations, along with the business case scenarios, before the API is fully implemented. This map includes mocking.
Testing the API - APIs deserve the same first-class treatment that you give to any application. Once you’ve made your API available, you take on a responsibility to ensure that nothing affects the API’s quality and performance.
Implementing the API - The development phase of an API focuses on implementing the API based on the plan and design.
Deploying the API - Deploying the API to an environment for facilitating easy discovery and consumption is essential to the success of your API strategy.

API management life cycle

Creating and exposing APIs as HTTP REST endpoints are just the start. There are other factors to consider in the API management life cycle:

API control - Manage access to APIs and protect the quality of service, via rate-limiting and SLAs. As APIs are a door to the world, you can establish and enforce enterprise policies for security and firewalling.
API consumption - APIs from the API catalog are published into an API developer portal so developers can easily consume them. The API portal is available in self-service. Developers can connect 24 hours a day, seven days a week to experience smooth navigation with documentation, Q and A, and support widgets if help is needed.
API analytics - Most of the time APIs are offered for free, but in some cases, companies monetize their APIs because the underlying data is part of their business. That’s why companies track utilization and apply rate plan policies to generate API revenue.

Kubernetes Patterns

The evolution of microservices and containers in recent years has significantly changed the way we design, develop, and run software. Today’s applications are optimized for scalability, elasticity, failure, and speed of change. Driven by new principles, modern architectures require a different set of patterns and practices.

With this book, you'll learn to:

Create cloud-native applications with Kubernetes as a runtime platform
Manage container and platform interactions
Apply configuration patterns to your Kubernetes-based applications
Build container images directly within the cluster

Download now

API life cycle with Red Hat

API Management Red Hat lifecycle diagram

Red Hat provides a rich stack of products and community tools to assist with the API life cycle for each stage. Here are several products and tools to help with your implementation of an API life cycle:

Red Hat OpenShift is a Kubernetes distribution focused on developer experience and application security that's platform agnostic. OpenShift helps you develop and deploy applications to one or more hosts. These can be public-facing web applications or backend applications, including microservices or databases.
Red Hat Runtimes provides a rich set of frameworks and runtimes to accelerate the development and delivery of applications.
Red Hat JBoss Enterprise Application Platform (EAP) includes everything needed to build, run, deploy, and manage enterprise Java applications in a variety of environments, including on-premise and virtual environments, and in private, public, and hybrid clouds.
Red Hat Fuse is an Apache Camel framework-based, distributed, cloud-native integration solution that enables users to utilize a range of design patterns and connectors to programmatically integrate applications, APIs, and SaaS services.
Red Hat Ansible Automation Platform allows developers to set up automation to provision, deploy, and manage across cloud, virtual, and physical environments. Common use cases for Ansible Automation Platform are end-to-end workflow orchestration, application deployment, continuous delivery, configuration management, infrastructure provisioning, and security threat response.

Red Hat Single Sign-on (RH-SSO) is based on the Keycloak project and enables you to secure your web applications by providing Web single sign-on (SSO) capabilities based on popular standards such as SAML 2.0, OpenID Connect, and OAuth 2.0. The RH-SSO server can act as a SAML or OpenID Connect-based Identity Provider, mediating with your enterprise user directory or third-party SSO provider for identity information and your applications, via standards-based tokens.
Red Hat API Designer is a lightweight implementation of the Apicurio API Design Studio and can be used to create API definitions in OpenAPI (Swagger) format.
Red Hat Service Registry is a datastore for sharing standard schemas and API designs across API and event-driven architectures. You can use service registry to decouple the structure of your data from your client applications and to share and manage your data types and API descriptions at runtime using a REST interface.
Microcks is an open source, community-driven Kubernetes native tool for API mocking and testing.

Full API life cycle management: A primer

With APIs becoming so central, it's essential to deal with full API life cycle management.

API management and service mesh

With the rise in popularity of micro services architecture (MSA), there is an increasing overlap between API Management and service mesh use cases.

API Management

Some of the key functionalities like rate limiting, policy enforcement, access control and security can be provided by both API Management and service mesh.
The key difference is that API Management provides the functionality at the application layer(L7), whereas service mesh implements these at the transport layer (L4).
The benefits of API Management are in providing partner and developer ecosystem; developer portal and signup options; API contracts and documentation; and federated API access control with OIDC (OpenID Connect).
Thus, API Management makes it easier to target API consumers and developers rather than intra-service communication.

Service mesh

A service mesh provides traffic monitoring, access control, discovery, security, resiliency, and other useful things to a group of services.
In addition, the other functionality provided like observability, resiliency, chaos engineering, traffic routing, retries/timeouts and TLS security make it convenient to use service mesh for communication between and across services within a MSA.

In most solutions, it is not a choice of either/or, but using both API Management and service mesh together to provide the right functionality for the architecture.