API Management: Business-Critical

Networking and/or integration are among the imperatives of digitization projects in order to implement new data-driven business models in real time and ultimately achieve the targeted business benefits.

The integration of people, processes, machines, data and services, both within companies and across company boundaries, is virtually inherent to the system in connection with digitization.

The cornerstones for achieving these goals are, of course, powerful and flexible IT systems.

Be it cloud solutions and services, digital interaction with customers and partners, the use of mobile apps, the use/integration of completely different web services or combinations thereof:

Interfaces, known in IT as APIs, are needed for integration and thus also for quick and easy access to the data and functions of business processes - always and from anywhere.

Significantly increased significance

Although used for decades in IT for system coupling or process interaction, APIs are taking on a kind of key role in the digitization era.

After all, it is the task of APIs to provide selected system functions in real time for use by different applications or functionalities, as well as to ensure the interaction of the most diverse digitization modules with each other.

In particular, API management, including API integration functionality and automation features, becomes the central focus.

This covers the administration/organization, use with management and control of the most varied and diverse APIs. And this on the basis of standard system solutions or API management platforms.

The advantages of such complete solutions or platforms are manifold. Above all, compared to practiced methods/procedures, which still often prevail. Here, interface programming usually takes place on demand - without corresponding quality criteria (keyword: spaghetti programming).

They are also implemented by teams or external service providers on the basis of different technologies. In addition, there is a lack of the necessary complete interface documentation/overview or authorization lists.

API facades help

Complete solutions or platforms for API management per se take into account the integration of a wide variety of IT systems or digitization modules.

However, this also entails opening up companies to the outside world. It is essential to use suitable control mechanisms or functions with seamless authorization management/control.

In addition to the actual interface development and provision including documentation, this requires the management of own and third-party APIs or ensuring appropriate security for data access.

The possible use of Internet-compatible APIs for a specific user group, for example, or the availability of data that is sometimes distributed across numerous different systems must also be included in the calculation.

Ideally, a sophisticated and beneficial complete API management solution includes a so-called API facade. Only the façade is visible to the outside world.

And: Behind the API façade, the data-holding applications or apps and the relevant business logic are hidden and equally protected by it.

A further plus point of this design is: API facades hide the actual complexity of the internal systems and ensure that the various systems are able to communicate easily and securely with the internal applications.

It is important that these facades are specifically designed to meet the requirements and intended capabilities of the API users. They are provided by an integrated API gateway. It is also responsible for controlling and securing access.

This is linked to the following fact: Modern apps or applications communicate exclusively with the facade. This means that the internal systems behind them can be substituted or changed at any time. And without the digital business possibly being on the brink of collapse.

One solution, multiple elements

Other supporting elements of a powerful and at the same time flexibly usable complete solution for API management and API integration, such as those offered by the Seeburger Business Integration Suite (BIS), are the aforementioned API gateway and an API manager.

BIS - which has been proven hundreds of times by numerous companies as a B2B/EDI platform, for example - provides comprehensive functionality for managing the complete API lifecycle: from the creation, publication and use of self-created APIs, to securing them, to managing and integrating the APIs of business partners.

The API Manager used here is a web-based portal application for API management, while the API Gateway acts as an API integration center.

A core feature of the Seeburger API Manager is that it not only handles the actual API management, but it provides customized role-based functionality for both API providers and API users.

This has the beneficial effect of significantly minimizing the effort required for administration and regulations with API users. At the same time, API providers are supported in rolling out and maintaining APIs.

The web-based API Manager, on the other hand, provides API users with all relevant information virtually around the clock and at any location. The API Manager contains numerous functions for API providers and API users.

For example, granting access rights, controlling APIs by role, documenting APIs or publishing them in an API catalog, finding the right APIs, testing API calls, monitoring API usage by your own apps, and much more.

Seeburger's API gateway focuses on the following: receiving API calls, checking the access rights of the caller and forwarding them to the internal services or implementing internal interface calls.

In the process, databases and applications are protected from unauthorized access. In addition, the internal interfaces are separated from a public API.

Of course, an API gateway must support all relevant protocols, such as http, REST, SOAP, XML RPC and JSON RPC. It also has to provide for transport security (SSL/TLS with configurable ciphers), message security (WS Security, PGP, SMIME), user authentication and authorization, user and API rights management (with optional LDAP/AD integration or recording of API usage statistics).

In the case of Seeburger product usage, it is also possible to use complementary BIS tools. For example, Secure Proxy for secure connection to the Internet, the Information Server for analyzing API content or the BIS Adapter for data integration with different backend/legacy systems such as SAP.