API Management

What is Application Programming Interface (API) Management?

Application Program Interface (API) management is the practice an organization implements to manage the APIs they expose. This is done either internally or externally to ensure that their APIs are consumable, secure, and available to consumers in conditions agreed upon in the APIs terms of use. Essential features API management should provide (rather than what specific solutions do) include the following:

  • API management should provide a means for organizations to catalog their APIs, incorporating metadata such as the subject matter, description of the API (including different versions of the API that are currently available), human-friendly documentation, a taxonomy of the types of API available, and runtime capabilities (such as maximum requests per second). The catalog should also register the state of a given API, including metadata such as the currently supported versions;
  • API management should also provide a means to act on the catalog, exposing the APIs therein to internal and/or external developer communities with the ability to enforce security controls, consumption entitlements (in the form of mechanisms such as rate limits or quotas) and surface multiple versions as required. The distance between an API being catalogued and it being exposed as a consumable endpoint should be as short as possible, with the transition being equally seamless;
  • An organization may expose APIs here that do not meet the organization’s API “standards,” or exist in a form that an organization does not want to expose to their consumers (as it closely coupled an external exposed API to an internal system that is sensitive to changes). API management should also provide the ability to transform the inputs and outputs accordingly, exposing a standardized form to the API consumers;
  • Finally, API management should be the system of record for API utilization, embellishing the catalog with information regarding the actual runtime behavior and characteristics of a given API in the form of metrics determined against key performance indicators. This information may include the number of API keys registered, average and peak requests per second, and so on: In fact, any data that is meaningful to the organization allows them to understand API utilization and plan accordingly for future enhancements or capacities. The information will also be used to help both monitor and monetize the APIs exposed, with the ability to make the data captured available to the organization’s operational or billing systems as required.[1]

Scope of API Management[2]
The scope of API Management includes:

  • The process of publishing, promoting, and overseeing APIs in a secure, scalable environment
  • Ensuring that developers and partners are productive
  • Managing, securing, and mediating your API traffic
  • Allowing an organization to grow their API program to meet increasing demands
  • Enabling the monetization of APIs
  • The intersection of technology, business, organization, and integration concerns

An effective API Management solution manages the use of APIs to open up an organization or a system's data so that it can be utilized by other parts of the organization or possibly third-party organizations in new and useful ways. A for-profit organization would use these capabilities to either create new revenue streams of revenue or enhance/optimize existing revenue streams (monetizing APIs); a non-profit organization or government organization may be trying to cover its operational costs while fulfilling its mission to provide benefit (in this case, in the form of data/information) to the public. API Management should provide an easy, effective, and efficient experience for the development community that is supposed to be using those

APIs. API Management also provides a governance and life-cycle framework for APIs. From a business perspective, API Management is a revolution; from a technical perspective, it is an evolution of the earlier Service Oriented Architecture (SOA) paradigm. While API management includes much more than the SOA concepts of the early 2000’s, those concepts are still present. If anything, API management is partly a response to the flaws in early SOA strategies.

Components of API Management[3]
While solutions vary, the following functionality is typically found in API management products:

  • Gateway: servers that act as API front-end, receive API requests, enforce throttling and security policies, pass the calls to the back-end service, and then pass the response back to the invoker. Gateways often include transformation engines to orchestrate and modify the requests and responses on the fly. They can also collect analytics data, provide caching and other functionality.
  • Publishing tools: user interface that API providers use to define the APIs and their access and usage policies, debug execution, manage API lifecycle.
  • Developer portal / API store: community site for API subscribers that is typically branded by API providers and includes documentation, interactive API console to try the APIs, ability to subscribe to the APIs and manage subscription keys, and get support from the API vendor and community.
  • Reporting and analytics: reports on API usage and subscriber behavior that let API publisher optimize their offering.
  • Monetization: ability to charge money for commercial APIs.


  1. Definition of API Management Nordicapis
  2. What is the Scope of API Management? Scope of API Management
  3. Components of API Management Wikipedia

Further Reading

See Also