API management refers to the tools and processes an organization uses to oversee and publish APIs. In certain environments, it is specifically the control plane that manages APIs in production, which defines policies, pushes configurations, generates reports and alerts, and has visibility over all API gateways.
Today, most modern apps are built using APIs – software interfaces that enable two applications to communicate and allow for interactivity between products and services in the form of requests and responses.
Infrastructure and Use Cases
API management solutions provide a few key tools and capabilities that simplify the process of publishing and sharing APIs among development teams. Below are the components and use cases that make for a strong API management.
- API manager – The management plane, sometimes referred to as an API manager, provides a single interface to administer all aspects of the API lifecycle including publishing APIs, monitoring API performance, and applying access control policies.
- API developer portal – A developer portal is an online location where you publish resources that facilitate rapid onboarding of your API consumers, such as a catalog of your external APIs, comprehensive documentation, and sample code. A developer portal also allows thirdparty developers to register their apps and obtain API and JWT keys.
- API gateway – Secures and mediates traffic between your backend and the consumers of your APIs. API gateway functionality includes authenticating API calls, routing requests to appropriate backends, applying rate limits to prevent overloading of your systems or to mitigate DDoS attacks, offloading SSL/TLS traffic to improve performance, and handling errors and exceptions.
- API analytics – API management solutions provide critical insights via visualizations like dashboards and reports. API analytics give the API owner deep visibility into operational aspects such as API metrics, usage, traffic trends, and which developers are the top API consumers.
- API security – Security is a critical aspect of API management: without robust security, anyone can access your APIs and data and introduce malicious behavior by invoking a call to an unsecured API. API security includes authentication, authorization, role-based access control (RBAC), and rate limiting.
- API governance – Refers to applying rules and guardrails across your APIs and API gateway. Implementing a flexible API governance model helps balance global policies like logging, error response codes, and TLS configuration.
- Definition and publication – API management solutions provide an intuitive interface for defining meaningful APIs, including the base path (URL), resources, and endpoints.
The primary goal of API management is to enable organizations to monitor API activity. This allows for quick response to any changes, depending on current developer or application requirements.
API Management vs. API Connectivity
In API management, the focus is on managing the lifecycle of individual APIs (design, publication, operation, monitoring, and deprecation). To learn about governing and managing APIs in cloud-native environments, see API connectivity.
How Can NGINX Help?
API Connectivity Manager, part of F5 NGINX Management Suite, was designed with the API developer experience at its core. It is a lightweight, cloud-native API management solution with seamless integration for publishing APIs to the developer portal and API gateway.
API Connectivity Manager is a key part of the NGINX Secure API Connectivity solution, which provides these benefits:
- Scalability – Deliver uncompromised performance, reliability, and security with NGINX Plus as an API gateway
- Observability – Monitor API traffic across teams and environments to identify configuration errors and security threat.
- Governance – Ensure consistent oversight while empowering API developers to manage their APIs with fine-grained controls
- Security – Defend APIs against common and advanced threats with out-of-the-box protection against the OWASP API Security Top 10