Selecting the best API management solution for your organization -10 Critical factors in the selection process.

Figure 01: Basic components of API Management Solution

API management is the process of publishing web application programming interfaces( API), enforcing their usage policies, controlling access, nurturing the subscriber community, collecting and analyzing usage statistics, and reporting on performance. With the latest technology initiative, most organizations required API management solutions in their digital transformation journey to fulfill the above requirement. Also in the latest trend to make investments in mobile, IoT, and big data as most demanding investment APIs become the core of their digital strategy.

On the other hand, the value of the global Global API Management industry is expanding rapidly due to the above initiatives. According to Kenneth research “The Global API Management Industry was valued at USD 1.6 Billion in the year 2019 and it further estimated to grow at a CAGR of 33.2% from 2019 to reach USD 9.04 Billion by the year 2025.” This indicates the importance of selecting the best API management solution in the digital ecosystem in your organization.

This article is going to discuss how to select the best API management solution and critical factors in the selection process. Also in this discussion, it is going to discuss the possible approaches to select the best API management solution for your organization.

In your selection process first, you have to have a generic idea about the APIM solutions. Then you have to plan some comparisons about different products. The Forrester Wave API Management Solutions, Q3 2020 is always a good place to start. But it can be costly if you just try to download it from Forrester. By reaching out directly to the API Management leaders you’re considering, you may get a free reprint as part of their sales pitch. Please refer to the Forrester analysis comparison below I download from the WSO2 website

Figure 02: Forrester Wave™: API Management Solutions, Q3 2020

Also, you can get some features comparison from API Management Solutions Scorecard, Q3 2020 below once you download the full report.

Figure 3: Forrester Wave™: API Management Solutions Scorecard, Q3 2020

Since you have some information about different API management solutions, let’s try to list down some important features for your organization’s requirements. So I would like to discuss some important features in API management solutions. You can select features required to your organization from the list below and I will explain each feature separately.

1. support for full lifecycle API management
2. Security features available in the solution
3. Hosting model with CI/CD process support
4. What is the performance requirement for your organization and does it satisfy your requirement?
5. User/ Identity management Capabilities.
6. Support for customization, Extension, or White labeling
7. Support API monetization
8. Support hybrid API management
9. Support model and SLAs.
10. Pricing of the solution.

1. Support for full lifecycle API management

When we consider fully API lifecycle management feature it includes the following sub functionality

• Create and publish API — Every product should support creating and publishing API in a very user-friendly manner. It should include options like Strat the process with importing an open API definition file, importing WSDL definition for SOAP API, Defining GraphQL API by importing GraphQL SDL definition, etc.
• Facilitate API consumers — Once the APIs are published by the owners, API consumers (mainly the application developers who want to integrate the APIs into their application code) need a place to discover the APIs, subscribe, generate tokens and try them out, read the API documentation, etc. This is usually done via a developer portal.
• Access control and rate limit APIs — Access control applies in different ways including API publisher level, API developer portal level as well as role-based access control for accessing APIs and API resources. Also on the other hand rate-limiting helps to protect your backend as well as allocating different access tiers for subscribers.
• Management of life cycle of APIs — The lifecycle of an API starts at its design and ends when the API is retired. In between, there are concepts such as prototyping, versioning. All these are important for a successful API rollout
• API analytics — Ensuring the proper functioning of the APIs, getting feedback and appropriate Alerts on the performance, accessibility information, and any latency-related information from APIs is becoming equally important.

2. Security features available in the solution.

One of the main reasons to select API management solutions is to protect the organization’s API layer with proper security. The authentication and authorization requirements need to be handled under this.

• Authentication- API authentication is a way of protecting API access from unidentified or anonymous access. Support for OAuth2 access token with JWT support is the main requirement under authentication and other authentication techniques like API keys, Mutual SSL, API basic authentication is provided by API management solutions
• Authorization- Under authorization the product should support limiting the API access to make sure that only the authorized parties have access to respective resources/services. So API management solutions should support fine gain access control using scopes or XACML.

3. Hosting model with CI/CD process support.

The selected product should support organization hosting requirements. Still, some large organizations like to maintain API management solutions at on-Premise data centers or private cloud environments due to some security requirements as well as customization requirements. But these days most people like to maintain API management platforms as SAAS / iPAAS solutions. Also with regards to hosting infrastructure now people like to maintain solution hosting with cloud-native deployments. Sometimes still you may prefer VM-based deployment. But it is better to evaluate selected solution support for containerized deployment with container-orchestration systems like K8S support.

On the other hand, it is better to evaluate CI/CD process support from the selected solution. Sometimes that may not be a primary requirement at this stage. But it is very helpful for your future deployment.

4. What is the performance requirement for your organization and does it satisfy your requirement?

In your selection process first, you have to identify the current performance requirement. Then after you have to evaluate expected performance against the selected product. The followings are some performance factors you need to consider

• What is the average response time for your API calls? Is it within the range of your expectations?
• Can it handle your maximum concurrent load/ TPS? This is important if your API traffic has a tendency to spike during certain times of the day, week, or month.

It would be good to conduct a performance test to make sure the solution will not disappoint you later.

5. User/ Identity management Capabilities.

There are three types of users involved in an API management project.

• API administrators who manage the project — They create and publish APIs, manage subscribers, view analytics, etc. These are the employees of your organization.
• API consumers (application developers) — They sign into the developer portal, subscribe to APIs, and generate access keys to integrate APIs into applications. If the applications belong to your organization, API consumers can be employees of your organization. But, if you are planning to expose your APIs to the public, then API consumers can be external people who will sign up to your developer portal.
• End-users of APIs — If your application is generating access keys for each end-user, it means that the APIM solution should be aware of them too, i.e., the APIM solution should be able to authenticate the end-users before issuing access keys for them.

Based on the above types of users you may be required to integrate user stores like Active Directory, Open LDAP, or any RDBMS. Also in some deployment, you need to integrate your key manager component with different IDP solutions like WSO2 Identity server, Key Clock, Octa, Auth0, PIng identity, etc.

6. Support for customization, Extension, and White-labeling

Rich out-of-the-box functionality is great, but only if it exactly covers your current and future needs. Sometimes You need to be able to rapidly expand your integration platform to venture into new opportunities as and when they arise. The power to make necessary customizations allows for architecturally sound solutions that are both adaptable and extensible. So selecting a solution with freedom of vendor lock-in with Open source technologies will be an added advantage for you.

Also If you are selecting a SAAS solution better evaluate it with White labeling support like the possibility to apply organization theme as well as logo into developer portal and publisher portal, Custom URLs with your domains, branding in the emails, etc. It is always better when more rebranding is possible.

7. Support API monetization

Different price models are emerging for the monetization of APIs. Whereas the actual invoicing is not part of your API management solution, it should be able to feed your invoicing system with the necessary information (the parameters for your price plan). The other way around, the invoicing system should be able to terminate an active subscription.

8. Support hybrid API management

A hybrid approach to API management does not apply to all organizations. But organizations with multiple data centers or selecting SAAS API solution as management plane will look into hybrid API management requirements. Hybrid API management solutions help to reduce latency of your API calls while helping to deploy API gateway very closer to backend API. Also, some people select this option due to security reasons, especially people who don’t like to open organization API layers with cloud providers. In that situation, the cloud provider needs to provide an on-premise gateway to support a hybrid scenario.

9. Support model and SLAs.

The available support model is very important due to two reasons.

• During the development phase of your project, you will come across situations where you need the vendor’s help to resolve any issues that you come across.
• When you are in production, you might face issues that affect your production traffic where you need immediate help to resolve.

Therefore, it is important to know about the support of SLA too. For example, how soon do they respond to development-type queries? how soon do they respond to incident-type queries? Do they have different support SLAs at different pricing tiers?, what are the support channels available (chat, email, ticketing system)? etc.

Also on the other hand if you are looking for a SAAS solution you have to evaluate the guaranteed availability as well.

10. Pricing of the solution.

Last but not least, always ask yourself if the solution is worth your money. Will it help you improve business processes and customer intimacy, and will it save out on energy and time in the long run?. Basically you have to evaluate it against different pricing options like one-time fee with annual support fee, Yearly or monthly subscription, notification period to exit especially in SAAS solution, etc.

Conclusion

As discussed above, an analyst opinion like a Forrester report is a good starting point in your selection process. Also, you have to decide your deployment requirement either as an on-premise deployment or cloud deployment. Then after you can finetune the critical factors discussed above according to your organization’s requirements. Also before your final decision, it is advisable to do customer reference checks for the selected product as well as plan for some POC implementation.