info@yenlo.com
eng
Menu
API Management 6 min

Enhancing API Management with better API Governance

Discover the evolution of integration performance from challenges to triumphs with WSO2's API Manager in our latest blog by Dinusha Dissanayake, integration specialist at Yenlo. Explore the journey from in-depth troubleshooting to advanced performance tuning and monitoring features now!

Dinusha
Dinusha Dissanayake
Integration Consultant
Enhancing API Management with better API Governance

What is API Manager and why is it important?

API Manager is a tool which allows the creation and publishing of APIs by enforcing different policies and standards while enabling services to be exposed to the consumers in a secure and a standard way. API manager allows the consumers to conveniently discover APIs while enabling consumers to try out the functionalities, and evaluate the APIs before incorporating the API into their projects.

What is API Governance?

API Governance defines the rules and guidelines along with standardized methods to ensure that the APIs are secured, managed and in high quality. It further allows business entities to achieve the digital transformation through better and advanced API management strategies.

In this article we will discuss a few important API Governance aspects and how WSO2 API Manager helps to achieve it.

Self Service Portals

Users engage with an API platform in different types of activities. For example, API creators and publishers work on developing the APIs, while the API consumers discover the APIs and their functionalities.
Based on these requirements of each type of users, it is essential to have well defined user-friendly portals to perform the necessary tasks on their own.

WSO2 API Manager provides the following portals to enhance the user experience for each user category to improve their experience in API Governance.

  • API Admin Portal enabled managers to engage with managing overall operations in the API environment such as defining throttling policies, key manager configurations etc.
  • API Publisher Portal enables API creators and API Publishers to engage in developing API and defining the API policies. Further it enables users to manage APIs’ life cycle.
  • API Developer portal enables API consumers to discover the details of the published APIs such as invocation URLs, documentations, functionalities, authentication protocols etc.

API lifecycle management

Enhancing API Management with better API Governance

The APIs have different life cycle stages from the start of the development of an API to the retirement of an API. In each of these states, the API should be able to be clearly recognized of its state and be navigated to another desired life cycle state conveniently.

WSO2 API Manager provides the fully managed lifecycle which makes the API life cycle management convenient for the API maintainers.

API versioning and Default API

APIs should have a version defined to clearly distinguish the functionalities of an API. As the use cases evolve, the API might need some changes. In such occasions, the API needs to be added or removed resources or change existing resources. In that case, versioning enables you to create a new version of the API with the new changes without affecting the existing API.

With the changing of the version, all the clients may have to update their applications in order to update the API URL. As a solution for that, WSO2 API Manager provides the default API capability, which allows the API to be invoked without the API version.

If you create a new version of the API with backward compatible support, you can easily make the new API as the “default API”. Then all the clients would be able to use the new version of the API without any issue.

API rate limiting

API throttling or rate limiting is, limiting the traffic coming to an API. Based on the infrastructure availability, monetization strategy, an API might be needed to limit access for certain users.

WSO2 APIM provides throttling at various levels to ensure the API traffic is regulated in several levels such as API level, API resource level, Application level and subscription level. Further, the option of backend throttling ensures the backend systems are not excessively used by API traffic.

Further, WSO2 APIM provides custom throttling policy to define dynamic policy which can be applied globally for all the tenants

API security

API Security plays a significant role in the API domain. There are certain levels that the API security can be configured in order to achieve the best performance and security.

Transport layer security

APIs can be configured for access via both HTTP and HTTPS protocols using WSO2 API Manager. The configuration options allow to specify which protocols are permissible for calling the API.

Some APIs are specifically designed to be accessed by the system users (i.e., external systems). In such situations, identity verification of both parties is mandatory. To facilitate this, WSO2 API Manager has the capability to set up mutual TLS.

Application security

An API can be invoked by different types of consumers. Each consumer type potentially requires a different security protocol. Hence an API should be exposed with the support of multiple security protocols.

WSO2 API Manager is equipped to handle a variety of security protocols. This includes Basic Authentication, OAuth 2.0, and various grant types.

Backend security

When calling specific endpoints, especially external ones, clients might need credentials to access the backends.

WSO2 provides out-of-the-box support for basic authentication, OAuth 2.0, and digest authentication for backend systems, enabling users to securely access them in a convenient manner.

Scope

Scopes help to achieve the fine grained security at API Resource level. There could be a use case where a certain resource of an API can only be accessed by certain users. This can be achieved with scopes mechanism.
WSO2 API manager allows the use of scopes to enhance the fine grained security of the API resources by ensuring only the privileged users can access the certain API resources.

wp advanced api management guide
Whitepaper Advanced API Management guide

Helping you to select and design your Enterprise API Management platform

Download now

API Visibility

Depending on the nature of the API and company policies, the API visibility might need to be restricted to certain user groups. To comply with that, the WSO2 APIM (API Manager) provides the restriction of API visibility at two levels.

API Publisher visibility

When you are developing the APIs using the publisher portal, it can be seen by other API creators and API publishers. If the APIs in the publisher portal need to be restricted for a certain group, it can be done seamlessly with the publisher access control feature.

API store visibility

Similar to API publisher visibility, an API might not be needed to share with certain users. There might be some APIs which need to be accessed by specific users. In that case, a store visibility feature can be used to achieve that. By enabling this feature, WSO2 APIM makes sure the API can be viewed by only the allowed user groups.

API Mediation

There might be a requirement to add minor mediations such as logging incoming payload attributes or a HTTP header. Maybe to add or remove an HTTP header etc. WSO2 API Manager provides convenient extension points in API manager publisher portal to achieve this objective for the incoming message, outgoing message and for fault messages.

API Environments

In an API management strategy, it is possible to have multiple environments depending on the API traffic. For example, internal gateway to handle internal traffic and external gateway to handle external API traffic.

WSO2 allows the integration of multiple gateway environments to the API Manager and provides the capabilities in the publisher portal to publish APIs selectively to the necessary environments.

API documentation

One of the key factors of a quality API is its well defined documentation. Documentation is an important information source for the API consumers to discover the functionalities of an API and to integrate the API with the client application.
WSO2 APIM provides the capability to manage and publish API documentation for the API developers to ensure API developers can define all the necessary and useful information of the APIs. API consumers can easily find the API documentation through API developer portal to learn the necessary information of the APIs.

Conclusion

API Management is a crucial part of the digital transformation journey. Having an API manager which facilitates a broad set of features and allowing APIs to be governed seamlessly ensures better API Management strategy.

If you are curious about more information on API management and integrations, please get in touch with our experts at Yenlo.

eng
Close