What is API Management – A Brief Primer

For the past year, leading analysts have said SOA has become a de-facto standard for all new application architectures. Which makes it hard to believe just 5 years ago, most people didn’t understand the value of SOA or how they can use it. A similar shift is unfolding today in the world of APIs. APIs are already driving significant new economic activity. Salesforce.com for instance, generates half of its $2B+ revenue via APIs. Thousands of mobile apps have been built using Twitter, Google and Facebook APIs. Netflix has over 100,000 DVD titles that it exposes through APIs for integration with over 200 devices, including mobile.

But why API’s and why now?

Technically an API (Application Programming Interface) simply defines an immutable contract between API consumers and providers. It is the implementation of the API that actually packages data and/or business logic. What’s changed in the last couple of years is the number of target devices for deploying applications. The options are multiplying rapidly, be it web, smartphones, tablets, laptops, or even cars. By 2020, there would be no less than 10 billion mobile devices in the world.

Which leads to the expectation of  a user experience that now widely varies by the user’s needs, preferred devices, and context. It is becoming increasingly difficult for enterprise IT to serve the needs of such a diverse mix of users. That’s where APIs step in. APIs allow any app development shop out there to create apps that can serve the needs of a specific segment of users. It is a “win-win-win” situation – Users get what they want, app developers monetize the apps they build and enterprise IT gets to serve its diverse end users.

In fact, some of the most popular apps, came out of developer hack-a-thons where developers combined APIs from multiple companies to create a highly innovative app. Without publicly available API’s, this would not have been possible. (See another post in this blog, the API trifecta around the topic of innovation and APIs). APIs therefore, provide a distribution channel for a company’s products and services. Increasingly we are seeing evidence of this in industries across the board but especially in sectors such as media, retail, travel and government. As an IT leader if you decide to provision your APIs externally, you would naturally want to manage them.

So what does that mean in terms of the capabilities you need? 

At the highest level, an API management solution needs to include a –

  • Developer Portal for developers to discover APIs, understand usage and sign up for access
  • API Gateway that secures and mediates the traffic between your APIs and its consumers
  • API Lifecycle Management to manage the process of designing, developing, deploying, versioning and retiring APIs

Of course, the above capabilities may be delivered as-a-service or on-premise or some combination.

If you are with me so far, you are probably now asking –

So how’s API management different from SOA Governance?

There’s quite a bit of confusion out there. You are not alone. That’s because there is significant overlap between the capabilities that are needed to manage APIs and govern an SOA. The key difference lies in the objectives of these two initiatives. API management is concerned with managing external APIs where consumers are unknown. SOA Governance, on the other hand, is about managing services with known consumers.  Note that even for SOA the consumers don’t have to be internal. They could be your business partners who are external but known in advance. (And to be sure, external = outside your firewall.) This distinction leads to design and deployment choices that at times masquerade as differences, adding to the confusion. For instance, REST based APIs are much more popular than SOAP ones, but that’s only because REST services are a lot easier to consume.

Is this helpful in furthering your understanding of API management? Let me know what else you would like to know about API Management.

P.S. What’s common between cowboys, railroads and API management? Stumped? See what my colleague wrote a few months ago on this subject.


About Navdeep Sidhu

Navdeep Sidhu has written 38 posts in this blog.

Navdeep Sidhu is Senior Director of Product Marketing at Software AG, he focuses on webMethods Integration platform. Prior to Software AG, he was with Sterling Commerce (now IBM) where he was Sr. Product Manager focusing on B2B Gateways and Partner Community Management. Prior to joining Sterling Commerce, he spent over 7 years with Deloitte Consulting managing large scale application development and integration projects.


  • A very good introduction to API management. Like you have said, there are too many similarities between SOA governance and API management. I would even say API management is actually SOA governance but only a bit more relaxed. In fact, SOA governance also defines different levels of governance for different type of services (no matter what the implementation technology is), where APIs represent services which require less control in terms of discoverability and consumption. I.e. I wouldn’t consider APIs as something other than SOA services.

  • I think it helps to think about APIs from a business perspective. From that perspective, APIs are a distribution channel for a company’s products and services. And if that’s the case, APIs need be managed just like any other business channel. That’s where API management comes in. Although it is an IT solution, it helps businesses grow by increasing the reach and profitability of their API channel.

  • Good introduction. I guess Analytics should be part of API management solution.

    • Balaji, thanks and yes, analytics is an essential part of the solution. API Gateway instruments the API traffic and then uses the API portal to present the information for actionable insights.

  • We are seeing alot of vendors comming up with the concept called Backend As Service, API management can be more appropriate solution.

    e-commerce also can be part of API management ?

    • Appreciate the comment, Anki. Surely many companies are monetizing their APIs and so, e-commerce is one of the business drivers for exposing APIs. For instance, a credit card company’s reward points can be redeemed by shopping at a retailer that has exposed their API.

  • e-commerce in this case is pricing model and also issuing the license(
    API management mostly appropriate for the public cloud deployments if we consider backend as service use case)

  • Many companies have already monetized their API suites in platforms or solutions. How would you go about moving from Fee to free or exposing additional APIs for monetization?

    • Henry thanks for the question. This falls under having the right API strategy that most vendors in this area seem to miss. Before I answer, can you elaborate a bit on the scenario (maybe with an example) where you want to move from fee->free?

  • The questions here are great and I have received many through other channels. If you would like to learn more about API management, attend the webinar I am planning to do with David Bressler. Learn more.

  • With API management, what are the design considerations in handling errors, either with the API’s themselves or with the interactions across API boundaries?

  • Hi Thatcher, thanks for your question. When the call passes through the mediation layer (e.g. webMethods Mediator) to the API, there can be 2 types of errors: (1) connectivity issues (e.g. endpoint not reachable), and (2) message level errors (the API is not accepting the given input, wrong format, etc.). In the case of wM Mediator, Mediator would catch and log the errors and (if configured to) either (1) pass the error directly to the calling client for handling, (2) wrap the cryptic error in a more friendly, understandable error message, or (3) call the back-end server for the API for custom error processing. Hope this answers your question. Thank you,

Leave a Reply