Welcome!

From The Leader in Software Quality Tools

SmartBear Blog

Subscribe to SmartBear Blog: eMailAlertsEmail Alerts
Get SmartBear Blog via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: API Testing, DevOps Journal

Blog Feed Post

Your API Management Strategy By @PaulSBruce | @DevOpsSummit #API #DevOps

When you have a great idea for an API, just like a great blog series, you often need a way to publish, promote, & administer it

How Amazon API Gateway Shakes Up Your API Management Strategy
By Paul Bruce

As if a space jam-packed with the likes of 3scale, WSO2, Axway, Intel / Mashery, Apigee, Akana, CA, IBM, Oracle, Mulesoft, and HP isn't competitive enough, Amazon recently decided to get into the business of APIs-in-the-cloud. But Amazon brings something to API PaaS ( Platform As A Service) that no one else has in an API gateway solution: a cohesive DevOps pipeline.

API Management vs. API Gateway
When you have a great idea for an API, just like a great blog series, you often need a way to publish, promote, and administer it. This is the fundamental idea behind API management. API gateways on the other hand simply front an existing system with open API formats (like REST and JSON), possibly authorization and authentication semantics, but definitely to make it easier for software to be built on top of an existing system.

In contrast to simple gateways, API management portals often go far beyond these basic areas to include API ground-up design capabilities (like Apiary's API-Blueprint), gateway / brokering options, monetization, and consumer subscription throttling. But mostly, it's about how to scale, control, and version your APIs when you don't know exactly who is going to be accessing it before they sign up and start hurling requests at your most treasured and meticulously crafted APIs.

Companies like 3scale and Mashery have been on the leading edge for almost a decade, truly fleshing out what people need in an API management solution. Gartner has been predicting the growth of the API management space for a while now, even though their predictions have taken time to really prove correct. A whole new layer of competition has only recently been introduced in the past few years come in the form of big businesses getting into the API management game: IBM, HP, and Oracle. Many of these providers include the basic API gateway functionality, but wrap it with other really important aspects of the API-as-a-product lifecycle.

Why Amazon Isn't Quite in the API Management Game...Yet.
What Amazon API Gateway provides is exactly what it states: a gateway, a way to front another technology with an API. What technology are they fronting? At a high level, the answer is their existing cloud-based compute and request handling capabilities like Lambda, networking, and CloudWatch for metrics reporting. But API gateways are considerably different than API management. Gateways simply expose and handle requests to services; API management provides value-add around that core functionality, like caching, rate-limiting, billing, reporting, key/credential administration, and real-time diagnostics.

"As a PaaS solution, Amazon API Gateway will provide the greatest competitive pressure on companies that only offer cloud-based API management offerings" says Isabelle Mauny, VP of Product Management at WSO2. "By contrast, many of our global enterprise customers rely our cloud-enabled WSO2 API Manager software and cloud services to provide the flexibility for deploying on the cloud, on servers, and in hybrid environments."

The API management space has exploded in the past 5 years to become one of the most lucrative and strategic offerings to add to a company's API solutions portfolios. Estimates say that the space will quadruple to over $600 million by 2020, but people must expect that Amazon has so much more than API gateway functionality up their sleeves with this move.

As different as API gateways are from the larger API management offerings, Amazon comes awfully close to paving the way for a full API management contender. At AWS re:Invent 2014, Amazon rolled out a litany of DevOps tools, namely CodeCommit, CodeDeploy, and CodePipeline to onboard developers directly to the AWS, where many of their operations folks already are for virtualization and mass storage. It's only natural in a world where a growing segment of developers build APIs in order to have a solution that lets them get to their tasks solely in the Amazon cloud ecosystem. Perks like AWS Device Farm further sweeten the deal when mobile developers need a quick path to lots of cheap device time for testing or greenfield development purposes.

Frankly, it's a bit late to get into the API management game...unless you have a ten-fold advantage over any other cloud provider on the market, such is the case is with AWS. If it comes down to a market-share grabbing, strong armed competition, Amazon could quickly win a majority of the API DevOps market share. But how many APIs can be built and coded overnight that need immediate access to the Amazon Cloud? Not an earth shattering amount, and this is where Amazon, with all its might, doesn't present that big of a challenge to the current thought-leaders in the API management space.

Tsahi Levent-Levi

Tsahi Levent-Levi

How Does This Affect the API Landscape?
Steve Willmott, CEO of 3scale and one of the earliest thought-leaders in the API management space, sheds some light on the move by Amazon:

"Amazon's announcement is definitely an important development in the space and shows how important APIs and API Management are becoming. Amazon's focus in the announcement is on typical gateway functionality of key management and rate limiting, whereas we provide a much broader solution that also addresses the business workflows around adoption and measurement of the API. So actually think on AWS our offering will be able to connect up well with Amazon's."

These thoughts reflect an important aspect of the core API community: friendly competition. In discussion with other key API influencers, it's up for debate whether the Amazon API Gateway team connected with anyone in the community about what to build or how to position their solution in the larger ecosystem of API solutions. While other influencers are skeptical of its immediate value as an API gateway as it has been branded by Amazon, its volume pricing and low barrier to entry make it a viable contender for non-enterprise consumers, sort of the bargain basement of API management.

The whole thing gets more interesting with the inclusion of Swagger and other service description languages, in that many companies already invested in their APIs so much that they're also building descriptors could immediately benefit from Amazon API Gateway, provided a strict gateway is all that they're looking for. While there are many API gateway options out there already, existing investment in an API gateway solution by one enterprise group might not present as significant a hurdle to other groups adopting Amazon API gateway in an ad-hoc manner. The price and pipeline points are that compelling.

At APIdays San Francisco, I watched Daniel Jacobson, VP of Edge Engineering at Netflix present how his team delivers front door API functionality through a whole suite of home-grown tools, one that satisfies their gateway needs being Zuul. While Zuul and Amazon API Gateway aren't straight apples-to-apples comparisons, the most obvious difference between them is that the former is posted to Github as open source and the latter is not. It seems that Netflix general attitude towards code is that if you don't know how it works, that's probably going to cause you trouble down the line. Not knowing how Amazon API Gateway works beyond what is stated in the documentation could also represent this same risk.

I briefly chatted with Rob Zazueta, Director of Platform Strategy at Mashery (Intel), too. Since Mashery focuses on providing a complete API management platform and much less on the need for strict gateway functionality, his feeling was that the arrival of Amazon API Gateway doesn't displace Mashery's solutions at all, but rather is likely to compliment them for consumers of both. A positive outlook and confident attitude are generally always a good idea when competing in the API space.

How Does This Affect You?
It simply means that you have more options over basic gateway functionality, especially if you have legacy (full machine, non-componentized) systems in the cloud such as web front-ends and database systems that just beg for middle-tier mediation by APIs. It also means that you need to know your options in the API space better than ever before, since committing to one pipeline strategy can have both positive and negative consequences for your delivery line.

To simplify the process of deciding if diving into Amazon API Gateway is right for you, here's a quick table of pros and cons:

Fits if:

May not fit it:

Your operations or development teams already use AWS You have compliance requirements restricting you from delivering data via SaaS/cloud services
Your developers lack / need a cohesive software delivery pipeline You have anything more than very simple authentication requirements
You need to test from lots of different mobile devices You don't know how to program in HAL or for Lambda
You already have your API defined in Swagger Your existing APIs lack descriptors and you can't automatically generate them via framework
Your API solely uses cloud data storage You need to connect to off-site or on-premise data

This list is by no means exhaustive, and your encouraged to join the conversation below and contribute to what are specific reasons to consider or exclude Amazon API Gateway from your decision making process.

In the end, more API options are good for everyone, especially so when people are doing their own research on how they fit with their actual needs. It's important to build your own list of requirements over an API strategy, but be sure to also consider how your software delivery pipeline, operations scalability and downtime response procedures, and security compliance requirements factor in to your decision making process.

Please, let us know your challenges and thoughts on the matter. Conversation is always a friend.

Related articles:

Read the original blog entry...

More Stories By SmartBear Blog

As the leader in software quality tools for the connected world, SmartBear supports more than two million software professionals and over 25,000 organizations in 90 countries that use its products to build and deliver the world’s greatest applications. With today’s applications deploying on mobile, Web, desktop, Internet of Things (IoT) or even embedded computing platforms, the connected nature of these applications through public and private APIs presents a unique set of challenges for developers, testers and operations teams. SmartBear's software quality tools assist with code review, functional and load testing, API readiness as well as performance monitoring of these modern applications.