API management as a trendsetter
The importance of API-based integration is growing, and with it the number of APIs used in the company. Maintaining an overview here at all times, knowing which APIs exist in the company and who uses them, ensuring that APIs implemented once are reused, and monitoring and controlling the API data traffic itself - API management helps with all of this. API integration and API management form a single unit.
The following application example is intended to illustrate the immense importance and significance of API management in the age of digitization: Logistics service providers are under pressure to deliver faster, better and more securely.
This is only possible if the data required to control this flow of goods is available at the right time, in the right place and in the right form: for example, the exact announcement of delivery dates based on current route information, the tracking of goods transports, the availability of goods in the logistics warehouse, the prices of individual services or even the choice of dates for the delivery or collection of goods.
The raw data required for this often comes from different systems. Users, such as customers, warehouse staff, and drivers, however, need the data in a processed, consistent, and timely form on their respective end devices.
Be it in a portal website or in an application for mobile devices. To make this possible, all parties involved in the logistics process must be networked in real time.
This networking takes place via the provision of suitable API interfaces (for example, tracking API, ordering API, availability API, price API), which can be queried via the users' end devices. For this purpose, the raw data from the data-carrying systems must be converted into the data format that can be queried via the API interface by means of API integration.
In addition, the security, availability and transparency of the APIs must be ensured through sophisticated API management. After all, it would be fatal if one user were able to access another user's data via an API call. In the future, virtually all logistics service providers will need such API-based services if they want to keep pace with the digital world.
Mobile and cloud solutions
API interfaces have experienced a vehement push due to mobile and cloud solutions, which continues. Modern web APIs are based on the http protocol and are thus Internet-compatible.
This means that they can be easily tunneled through firewalls and thus a loose coupling can be quickly established - which can also be quickly released if required, i.e. without intervention in the applications involved.
Their openness and flexibility make APIs indispensable in the age of digitalization, freely following the motto: "Data access via API - always and from anywhere".
SAP is also pursuing this strategy and specifies with S/4 Hana that application and function integration should take place via APIs in the future. The range of functions of these APIs is currently not yet comparable with the IDoc and BAPI integration interfaces common today, but new APIs are added with each release.
The primary task of APIs is to enable real-time access to data and selected system functions. There are always two parties involved in such a scenario: the one who has the data and grants access to it (provider), and the one who retrieves and consumes the data (consumer).
For such real-time access, the provider needs the ability to provide the data available in its system via an API interface, and the consumer needs to be able to call the API interface from within its system and process the returned data - that's API integration!
API integration is required because not all systems have this API capability by default. For example, in the logistics service provider scenario described at the beginning, warehouse management does not have direct API capability.
This is established via the BIS API integration solution (see figure on the following page). It is obvious that the provision and use of APIs must be organized or controlled in a suitable manner. This also concerns both sides, provider and consumer.
Knowing which APIs are offered, which APIs are used, which third-party API consumers use which of your own APIs, when and how often, and being able to control which API user is allowed to use which API at all - all this counts as API management!
API and hybrid integration
What a company can do to be well positioned for dealing with APIs is demonstrated by Seeburger with its Business Integration Suite (BIS). With its BIS integration platform, Seeburger is pursuing the idea of the "Hybrid Integration Platform" (HIP) coined by analyst Gartner.
In line with the Gartner approach, BIS also masters the API topic and offers a full-fledged solution for full-lifecycle API management with the BIS API Integration and BIS API Management solution components.
BIS API Integration helps companies open up data silos and make data available via APIs. It also enables BIS users to consume third-party APIs and integrate them into their own applications.
BIS API Management ensures transparency and control in API data traffic. Both solution components - BIS API Integration and BIS API Management - can be used in combination or separately, in case a customer is already using one or the other component from another vendor.
Seeburger received an award in 2019 for the inclusion of its complete API solution in the well-known Gartner Magic Quadrant. In particular, the "Ability to Execute" with the capabilities of a "Full-Lifecycle API Management" was recognized.
This success is based in part on Seeburger's extensive integration experience, which is evident in the wealth of other application areas Seeburger addresses with the Business Integration Suite (BIS): B2B/EDI, MFT, IoT, EAI, e-invoicing and ERP integration in general, but also with a special focus on SAP integration.
This functional breadth and the associated ability to combine modern API requirements with classic integration methods are special features of the Seeburger HIP platform.
The BIS API management solution consists of the two "ingredients" BIS API Portal for managing the APIs and the BIS API Gateway for monitoring the data traffic exchanged via the APIs.
The BIS API Portal includes an API catalog in which all relevant information about the APIs is stored by the provider and can be researched by the consumer.
This ranges from a textual description and metadata, such as the lifecycle status of the API, to shared resources such as Swagger files (language-neutral and machine-readable description format for web interfaces).
API portal and API gateway
The API consumer can use the latter directly to integrate the API into its calling application. The possibility to "test live" the APIs published in the catalog rounds off the range of functions.
Before an application can effectively use an API published in the catalog, it must register in the API Client Registry and receive a unique API key that can later be used to assign API calls according to the originator principle.
When assigning API keys, workflow functions can be used to implement a dual control principle for key assignment, for example.
Transparency and control
The BIS API Gateway represents a kind of gatekeeper. All API traffic flows through the API Gateway. For this reason, it can also exist multiple times and thus be highly available and highly scalable.
The API gateway records when which API consumer calls which API, whether the request was accepted or rejected, and how long the response took (API monitoring).
In this way, the API gateway creates transparency about API usage. The information recorded by the API gateway about API usage can also be used for billing.
API monetization can be used for intra-company activity allocation, but also for billing in a customer-supplier relationship, where the data exchanged via API is the commodity.
The API gateway is the place where rules, so-called API policies, are set and enforced (API policy enforcement), for example, who has access to a certain API in the first place or how many API calls a certain API consumer is allowed to send (API traffic management).
With these features, the API gateway protects both data from unauthorized access and applications from overload. No company will be able to refuse API-based initiatives in the long term. This makes it all the more important to be well positioned for this topic.
API management can make an important contribution to coping with the dynamics that digitization also brings in terms of API use.