Introduction
It’s time to start taking your API seriously. You have plans to expand functionality, change the pricing plan, and implement a new marketing strategy. However, you start to feel lost the more research you do. Reading about new topics, tools, and strategies becomes overwhelming. What happened to your simple APIs?
The popularity of APIs created a large environment of new terms, strategies, and technologies. In this article, we will distinguish between two of the terms that cause confusion: API management and API gateway.
What is an API?
Depending on your technical knowledge level, it may be beneficial to define what an API is.
API stands for Application Programming Interface. You have probably heard of a user interface (UI) or graphical user interface (GUI). This how a human interacts with software and data. There are buttons, arrows, graphs, pictures, and layouts.
Programs don’t need all of that. They need the code to make transactions. APIs are where applications interact with other applications using code and data.
What people often mean when they talk about APIs is web-based APIs. These are APIs that are accessed over a network with HTTP requests. In this article, we are concerned with web-based APIs.
API Management
What is API Management?
API Management is a set of processes, policies, principles, and practices that allow owners to control their API.
An API management system comprises different components that help distinguish the different sets of processes taking place. API management aims to efficiently and effectively facilitate the requirements to fulfill the API’s purpose.
Therefore, different APIs may focus more on monetization than an API portal. Or, they make be less concerned with the gateway and more concerned with analytics. That said, the components overlap in ways that create a web of dependence. Next, let’s explore a list of common API management components.
Related: Browse Top API Management Platforms
Key Components
API Design
The most common design for APIs is REST. Before the introduction of RESTful architecture, there was SOAP APIs.
API design informs the users, developers, and managers:
- What the API can do
- How to use the API
- Where it can scale
The design also includes versioning, authorization, supported data formats (i.e., JSON, XML), and specifications.
API Gateway
Here, we make our first distinction between API management and API gateways. An API gateway is a component or tool of an API management approach. Gateways are used as the entry point for client requests. This allows them to facilitate requests, combine results, and handle things like authentication.
We’ll take a closer look at API Gateways in a later section.
API Analytics
Analytics are data collected about the API during usage. Useful analytics include the total amount of API requests, locations of requests, size of the response objects, and other statistics like date, HTTP status code, and endpoint.
API Portal
An API portal (sometimes API marketplace) allows developers and managers to see their APIs policies, usage, specification, endpoint definitions, and handle team access.
API Lifecycle Management
Like any product, an API has a typical lifecycle. It goes through the stages of design, development, test, secure, deploy, analyze, and monetize. Subsequently, the size of the steps changes depending on the age of the API.
API Monetization
Your API may be internal or external. If it’s external, what are the pricing plans associated with its use? APIs set quotas to limit requests per user or sometimes offer pay-per-use pricing plans.
API Security
Most APIs have some data that needs to be kept private. This is often user-specific. Security is how the API handles authentication and authorization to the API’s resources.
Next, let’s take a closer look at an API gateway.
API Gateway
What is an API Gateway?
The API gateway is a server, application, or resource that acts as a proxy for API resources. It controls, facilitates, and manages incoming traffic. It is used for processes like authorization, rate limiting, and aggregating API results.
When to Use an API Gateway
Having an API gateway for just one API does not utilize the capability of the gateway. Conversely, multiple APIs or microservices increase the likelihood that an API gateway is advantageous. But, why?
Gateways act as proxies for a wide range of incoming API requests. Therefore, a gateway provides a layer of abstraction on top of the APIs or microservices that an organization has. With the new layer, developers and managers can reduce redundant tasks across all the APIs and perform them in one place.
Managing the Gateway
It’s important to remember that an API gateway is a tool. It can be part of the strategy for other API management components like security and analytics, so it plays an active role. Understandably, inputs to the API like IP addresses, client domains, and API keys are not static. A gateway has to be continually managed. In some circumstances, it’s the most vital part of a management approach.
API Gateway Example
For example, let’s imagine you have ten different API functions, servers, or services. Depending on your cloud service, this could be function apps, web APIs, or databases.
Security
First, your team had one application that accessed all the services. When the resources were set up, all were configured for this one application.
Then, another application—or client—needed to use the same service. Now, all the services need to allow access to this new second application, so your team adds the new application’s credentials to the APIs.
What happens if a third app needs access? Or, a fourth? The credentials and access stack up. Furthermore, if a new service is added, you need to safely transfer all the information for access and remember which services actually need access.
Analytics & Logging
Following the lead from the prior section, this redundant task must be repeated for collecting analytics on all the services. Additionally, we need to add the logging for each new service to check for errors and determine what server it came from.
At some point in the process, someone may think, what if we could do all the security, analytics, and logging in one place?
API Gateway Solution
Finally, your team partitions an API gateway to help manage authentication, analytics, and logging. This allows you to:
- send client requests to only one server
- manage authentication for client access at one access point
- easily switch out, add, or remove APIs as service providers
- aggregate logging and analytics through the API gateway for all resources
With the advantages listed above, it’s easy to see why API gateways are becoming one of the most popular tools for API management solutions.
Conclusion: API Management vs API Gateway
In this article, we discussed the differences between API management and API gateways. We began by defining what an API is and why API management is important.
Then, we introduced the key components in API management. One of the components in the list was an API gateway. This helped us start distinguishing API gateways from API management.
Next, we defined what an API gateway is and why someone might want to use one. Finally, I provided a hypothetical scenario where a team switched to using a gateway instead of implementing common API components on each server for each application they had.
I hope this helped to clarify the difference between these two aspects of API management!
FAQs
What is the difference between API and API gateway?
API is an acronym for Application Programming Interface. It is a set of definitions and protocols that allow technology products and services to communicate with each other via the internet. An API Gateway is used as the entry point for client requests to an API. This allows them to facilitate requests, combine results, and handle things like authentication, analytics, and logging.
Is a microservice and API the same thing?
Trying to compare the difference between APIs and microservices is a bit misleading because APIs are part of a microservice architecture. A microservice architectural pattern is a modular application development technique that organizes loosely coupled services. Microservice architecture is like an assembly line, where every service has a specialized role. Together, the services create a complete application. Each microservice in the architecture will have its own API.
What is HTTP API vs REST API
HTTP stands for Hypertext Transfer Protocol. HTTP is a protocol for using a network, typically to access resources. There are HTTP methods, like GET, POST, and PATCH. Also, there are HTTP status codes like 404, 500, and 200. REST APIs follow the REST API paradigm. Both use the same underlying technology: HTTP. However, a REST API follows a different paradigm for design, implementation and execution.
What is swagger API?
Swagger is used for describing REST APIs. Originally, it was created to define APIs programmatically. Swagger APIs follow the REST paradigm and can be described programmatically with the OpenAPI specification. This helps with automatic API documentation, testing, and development.
parawaa says
I need the possible high level usecases for apigateway