API Management/Gateway

API Management/Gateway has gained lot of attention and interest in past year. I thought of writing a small blog to explain briefly what it is and compare two major contenders in this space.

API Management/Gateway:

API Management as the name suggests, is used to manage all the APIs within an organization with well defined policies, rules and restrictions in a single accessible location. Below are some of the features of a typical API Management:

1. Provide single point of entry to all or groups of internal/external APIs
2. Control and expose private APIs to only desired audience
3. Add functionality to existing APIs like caching, authentication, transformation of message format
4. Protect APIs being over used or misused with help of rate limiting policies and authentication
5. Provide portal for developers to subscribe/manage subscriptions to APIs
6. Provide API usage analytics and notifications

Although there are lot of available options for API Management, I have compared two products of my interest – Azure API Management and Mule API Manager. The comparison was based on some of the features I was looking for in a typical API Management product:

Below are some terms which you may need to be aware of:

1. Publisher Portal: This is the portal used by publishers who are managing APIs. This portal generally has ability to set policies, products, alerts, add/manage/delete APIs, add/modify pages for developer portal
2. Developer Portal: This is a public portal which can be used by developers/anyone who want to view available APIs, subscribe to APIs/Products and view any associated documentation
3. Products: These represent the type of products/subscriptions available for accessing the API. For example, microsoft exposes APIs for cognitive services like Face API in two different plans – Free, Standard. Any user subscribed to Free plan gets 30K calls per month and user subscribed to Standard plan gets 10TPS
4. Policies: These are set of rules which are generally applied when a request is received on the API. These rules are helpful to limit/transform/authorize API calls. If you want to limit number of calls being made to API , you can set a rate limit policy which can differ by the product/subscription level of the user. For example, you can limit 1 call/minute to someone who is accessing API at Free Level and 10calls/minute for someone at Basic Level and 100/minute for someone at Gold Level. Similarly there are lot of other policies which can be set like authenticating requests, rewriting urls etc
5. Analytics: This provides usage report of the APIs which would give overview of how many calls are being made by consumer(s), success/failure rate, geographical location from where the calls are originated etc
6. Automation: This is to address automation of policies to be applied on the APIs. This will help in manage, maintain and version control the policies

Below are my findings for these two based on my research as of 01/17.

Azure API Management from Microsoft by default would be a preferred choice by anyone who is completely Microsoft oriented. Having said that, it may not be the only reasoning behind choosing it. I felt it was more user friendly when compared to Mule API Manager in terms of a non-developer who is trying to onboard and manage APIs. Also, as with any Microsoft product, it has tons and tons of documentation, free video tutorials, blogs on how to use it which makes it very convenient for a newbie. Some of the features I liked were,

1. Importing existing API from a file – This option currently supports for Swagger/WSDL/WADL formats
2. Try API: The portal by default comes with option to try the API which makes it lot easier to see the real response for different inputs instead of having user to switch to a tool like fiddler to try out the API.
3. Report Issues – This allows developer consuming the API to report issues on the API which can be viewed from the Admin portal. It would have been great if there was auto forward notification for the owner of API itself and not just the API Manager
4. LockResource – which would completely shutdown modifying/managing/importing of APIs into the portal for Admins. However developers can still browse and onboard to the APIs which are automatically managed.
5. Subscribe to a Product instead of just an API – This feature may be good/bad depending on how you want to expose APIs. If you are selling set of products then the user can subscribe to the entire set and get access to the set instead of subscribing to individual APIs. The downside of this is what if user wants to get one single API from the list, user would still have to subscribe to the entire products as there is no option for subscribe to single API. This can be overcome by having a single API in the product

Mule API Manager is one of the popular products for those who are not completely vested in Microsoft technologies. Some of the cool features about Mule API Manager were:

1. API Designer has ability to create and mock APIs using the RAML designer and API Notebook. RAML is developed by MuleSoft which helps in designing/managing APIs in very human friendly way. Personally using RAML was lot easier to write and read an API.
2. API Notebook – This tool helps in adding a code and documentation examples for the API and also has ability to run the code from the portal
3. Download Proxy – This gives ability for the users to download the proxy(gateway) which then can be used to deploy the gateway On Prem machines with Mule runtime
4. Runtime Manager – This gives clear overview of health of CPU/Memory, applications deployed, logs, schedules, queues in one place
5. Subscribe to API – Mule API Manager has option to subscribe to single API which makes it easier for users rather than subscribing to entire product like Azure API Management. However, as noted it can be seen as both advantageous/disadvantageous based on the need
6. Mule as an ESB, has an advantage of adding additional workflow components into the gateway itself via downloading the proxy and modifying it. This means developer has option to customize the proxy code itself. Although Mule doesnt provide as many policies as available in Azure API Manager this can be a an option to add custom policy. This may not seem like an advantage from someone like a business user but for developer it just opens lot of doors

To summarize, thought of picking a API Management/Gateway product would be based on the organization technology roadmap and both of these products are good and provide features which serve the need effectively.