API sprawl is a real problem for modern organizations. Enterprises are managing tens of thousands of APIs across their applications and services. Layered on top are several API gateways such as Amazon API Gateway or Google Apigee, as well as event brokers such as Solace, which are limited in their ability to see across other gateways. There needs to be a central place where all APIs are secured, discoverable and governable, regardless of where they are, or which API gateway is being used. We have seen trends around creating a “single pane of glass” in other areas of modern development — observability being a category that comes to mind — but API management is still a siloed, complex mess. This has significant implications for API governance.
This is where federated API management comes into play.
Unlike the more traditional approach — where most API management functionality was inextricably tied to the specific API gateway being used — federated API management abstracts much of the management and governance of your APIs away from the API gateway. To be clear, the API gateway is still a crucial component of infrastructure, but teams should be empowered to use whatever API gateway best fits their use case while being able to achieve proper governance.
This federated approach enables central platform teams to govern every API without having to context switch between different tools. It is one management layer that sits on top of the underlying gateways as a governance “wrapper.” Platform teams should be able to do everything from API discovery and inventory, measure spec compliance, design subscription flows and publish APIs to a developer portal for consumer-side self-service discovery and consumption — all with a single platform.
And this can’t just stop at synchronous APIs. API management must begin to treat event streams and event APIs as first-class citizens on par with synchronous APIs, as more and more organizations introduce and/or reinvigorate event streaming initiatives. This will enable teams to get more ROI from their initial investment in streaming. And of course, any modern API management system you are considering should be AI-forward to keep up with industry standards.
To be concise, here are the three pillars any API management solution must cover.
The Three Pillars
Multi-Gateway and Multi-Broker: API management, as a practice, must support the ability of API publishers to manage, secure and govern APIs and services from multiple different API gateways and event brokers.
Event-Native: API management must treat event streams and event APIs as first-class citizens on par with synchronous APIs, as more and more organizations introduce event streaming. This will enable teams to get more ROI out of their initial investment in streaming.
AI-Forward: API management vendors must find ways to both improve their API management offerings through AI and better enable organizations to leverage AI as a force multiplier.
If your company’s API management solution is multi-gateway, event-native and AI-forward, then you will be ahead of the competition in productivity and security. In today’s era, where thousands of APIs are being leveraged throughout an organization, it is a no-brainer to have a single source of truth where these APIs are discoverable and adequately managed. By having more transparency and visibility, developers can move faster while the platform and security teams can feel more confident about their security posture. It’s a win-win.
