Requirements Checklist

What Is API Management?

Learn what API management is and what to look for in a software solution to
support your business’s needs.

2019
Table of Contents

API Management Checklist............................................................................ 3

What Is API Management? ............................................................................ 4

API Management Software Requirements .................................................. 5

General Architecture ................................................................................................. 5

Platform ..................................................................................................................... 6

Gateway .................................................................................................................... 7

Integration ................................................................................................................. 8

Analytics ................................................................................................................... 9

Security ..................................................................................................................... 10

Developer Portal ....................................................................................................... 11

Monetization .............................................................................................................. 12

Evaluating Vendors ................................................................................................... 13

Conclusion ……………………………………………………………………….... 14
API Management Software Key Components
When looking for a new API management system, it’s important to
understand the benefits of each of the main components of API
software in order to prioritize your needs.

© SelectHub. All Rights Reserved. 3

What Is API Management?
Many companies are quickly realizing the potential of APIs (application programming
interfaces) to better serve their business objectives. APIs enable the sharing of large
amounts of data in a quick and efficient way. For example, healthcare organizations have
begun to use APIs to share patient information across departments while complying with
HIPAA.

Another good example is travel websites, which use APIs to aggregate data from airlines.
Whatever the business, the need is the same — to share large amounts of data in a
secure and efficient manner.

But without tightly-led API management, APIs can cause more problems than they solve.
Poor management can lead to security breaches, unnecessary downtime and lost
opportunities for revenue.

So what exactly is API management, and how can businesses effectively implement it?

API Management Definition

API management is the process of creating, publishing, maintaining and analyzing your
application program interfaces. That’s somewhat vague, but basically API management
ensures publishers have a high level of visibility into their APIs throughout the entire
lifecycle. This allows them to build communities between consumers, report on API
success, and secure the transfer of information by keeping a close eye on who has
access to what.

API management software makes all this possible in a single, centralized location and
often includes additional features to help you best serve your internal and external
consumers. To determine which features you should look for, it’s best practice to create a
list of API management software requirements.

© SelectHub. All Rights Reserved. 4

API Management Software Requirements
Your business is unique, and therefore, not every platform will serve your needs in the
same way. When you begin looking for API management software, you will first need to
determine a list of features and functionality (what is typically referred to as a list of
requirements) that you want to be included in a prospective system.

Below, you’ll find a list of criteria to consider as you shop for your next system along with
an explanation of how each feature can benefit your organization.

General Architecture

General architecture refers to the attributes of the software that meet your technical and
operational requirements. You want to make sure the system supports the deployments
utilized by your team, whether that’s hybrid, SaaS or customer-managed. Possibly, you
need a solution that can integrate with microservice architectures. Whatever your needs
are, it’s important to focus closely on them to ensure you don’t choose a system that
ends up being incompatible with your current processes.

⬜ SaaS, customer-managed and hybrid deployments

⬜ Private cloud efficacy without having to make external calls
⬜ Consistent codebase across offerings
⬜ Multi-tenancy support across various deployment methods
⬜ Runtime isolation
⬜ Multi-gateway management
⬜ Microservice architecture integration

© SelectHub. All Rights Reserved. 5

API Management Software Requirements

Platforms like Apigee allow you to provision multiple

developer portals

Platform

This grouping refers to the functions of the platform which can affect your existing
operations. For instance, you should ask a vendor how their solution handles patches
and updates, and how much downtime, if any, is required. On the same note, you could
ask if the vendor utilizes blue-green or canary deployments to reduce downtime. You
may also wish to investigate the tools used to design the APIs as well as document them
to make sure they support the approaches and workflows you prefer..

⬜ Support for continuous integration

⬜ Patch and update management
⬜ API design tools
⬜ Integrated logging investigation
⬜ Blue-green deployment
⬜ Canary deployment
⬜ OpenAPI/Swagger support
© SelectHub. All Rights Reserved. 6
API Management Software Requirements

Gateway

Your API gateway is the programming that sends the client calls to the appropriate place
in order to fulfill the necessary service. API management software provides users with
tools that help manage the flow of these requests. For instance, many platforms have
measures in place to prevent traffic spikes. Part of this relies on defining quotas, which
limits the consumption of your APIs accordingly. This feature is also used when it comes
to monetizing your APIs, which we’ll discuss later on.

You may also need a solution that can handle multiple versions of an API and control
which consumers can access them. For instance, you might want your internal
consumers to have access to all versions, but give your external clients access to just
the latest version. If this level of access needs to change frequently, you should also
make sure your software provides an agile means of enabling and revoking access to
APIs.

Additionally, many systems provide messaging and notifications to help subscribers and
API developers communicate throughout the API lifecycle.

⬜ Traffic spike prevention

⬜ API consumption management via quotas
⬜ HTTP/HTTPS support
⬜ API versioning
⬜ Federated identity
⬜ Push notifications
⬜ API lifecycle management
⬜ API access configuration

© SelectHub. All Rights Reserved. 7

API Management Software Requirements

Integration

The software you choose may have an integration layer that works behind the API
gateway. This integration layer is where several functions take place, such as
transformations, schema validation, API virtualization and more. All these capabilities
help ensure that your APIs are uniform and consistent no matter how the original
backend systems were built.

⬜ Standard transformations (XML ↔ JSON and SOAP ↔ REST)

⬜ Schema validation tools support
⬜ API virtualization support
⬜ Compression support
⬜ JMS-based system support
⬜ Dynamic routing
⬜ Various protocol support (JMS, WS, MQTT, etc.)
⬜ File storage platform integration

© SelectHub. All Rights Reserved. 8

API Management Software Requirements

Red Hat 3scale provides visuals that enable users to better

understand the performance of their APIs.

Analytics

Analytics provide visibility into how your APIs are being used, allowing you to make
critical decisions to improve your business. Analytics are often available in real time, but
some systems only offer scheduled reports, so be sure to double-check with your vendor
what they offer. Reports may offer insight into things like traffic averages, top APIs,
errors and more, for both internal and external consumers.

⬜ Out-of-the-box analytics support

⬜ Asynchronous analytics collection
⬜ Report export
⬜ On-demand reports
⬜ Alarm/notification system when rate limits are reached

© SelectHub. All Rights Reserved. 9

API Management Software Requirements

Security

Securing your APIs is one of the most important components of API management. This
is especially true for organizations in healthcare, government, finances and other highly
regulated industries. Depending on the type of data your APIs transfer, you will have
different security needs in order to prevent a breach.

The list below includes many available protocols; however, your business may not need
all of them and may need protocols not listed.

⬜ Single sign-on (SSO)

⬜ OAuth
⬜ Standard API keys
⬜ OpenID Connect
⬜ App-ID key pair
⬜ SSL protocol support
⬜ IP address filtering
⬜ Referrer domain filtering
⬜ Message encryption
⬜ Rule-based routing
⬜ Payload security
⬜ Channel security
⬜ XML and JSON attack defense
⬜ Low- to no-code security configuration
⬜ PCI compliance

© SelectHub. All Rights Reserved. 10

API Management Software Requirements

Developer Portal

While you may be more interested in the development of your APIs, it’s important not to
forget about the user experience of consumer developers. Developer portals help
increase brand recognition while also saving your team time and resources when it
comes to things like onboarding. The better your documentation is, the easier it is for
consumers to use your APIs, which is why some vendors have started offering
interactive documentation. Through developer portals, consumers may also have
access to personalized metrics or a list of their subscribed APIs.

While these benefits may seem most obvious to those wanting to monetize their APIs,
it’s still valuable to create a seamless user experience for your internal clients too. It
may even be easier. For instance, when working with internal parties, you likely are
willing to share more data with them, which can enhance documentation, making it
simpler for your internal consumers to use your APIs.

⬜ Portal availability across deployment types (on-premise, cloud, etc.)

⬜ Interactive documentation
⬜ Developer metrics
⬜ Developer portal templates
⬜ Portal customization (HTML, CSS)
⬜ Ability to withdraw developer keys, either temporarily or permanently

© SelectHub. All Rights Reserved. 11

API Management Software Requirements

Monetization

API management software plays two parts in monetizing your APIs. First, the software
supports the technical requirements of monetization. For instance, these types of
programs help publishers set up payment options for consumers, which dictate how
and when a consumer pays for API usage. This may depend on quotas or limits
dictated by the publisher. You might also wish to set up incentive programs, which pay
consumers a share of your API revenue in exchange for actions like embedding
advertisements in their websites and mobile apps.

The second way these systems enable monetization is by simply making sure your
APIs are always up and running so there’s never an interruption in service.

There’s also all the indirect ways in which API management software can help
monetize your APIs. Sometimes you might use your APIs to drive traffic to a particular
website or to create brand recognition, as we’ve mentioned above.

⬜ API billing support

⬜ Support for multiple models of revenue generation
⬜ Low- to no-code monetization configuration
⬜ Third-party payment system integration
⬜ Prepay and/or postpay invoicing
⬜ Multi-currency support
⬜ Tax compliance

© SelectHub. All Rights Reserved. 12

API Management Software Requirements

Evaluating Vendors

When shopping for a new solution, make sure to evaluate the software as well as the
vendor. Many companies look for vendors with a history of working with clients in the
same industry. You might also check for dedication to API management. Does the
vendor have a habit of retiring products after just a couple years, or are they committed
to maintaining and updating their system to stay on top of market trends? Do they have
a long history in APIs, or is this a new venture for the vendor? There’s no one “right”
answer to these questions — it all depends on your needs as an organization.

There are various markers of success and expertise, and the ones you value may be
different than what someone else values. Below are a few examples of what you can
keep an eye out for.

⬜ Activity in industry discourse (publications, conferences, etc.)

⬜ Online resources, such as a knowledge base or tutorials
⬜ Plan of action for their software offerings in the near future
⬜ Responsiveness to client suggestions and feedback
⬜ Compatible philosophy concerning API management
⬜ List of clients with similar backgrounds and needs as your own

© SelectHub. All Rights Reserved. 13

 Wrap Up
API management is necessary to maintain consistent policies
surrounding your APIs. The easiest way to implement these practices
is to invest in the right API management platform for your business.
This asset should’ve helped you get a better sense of what to look for
in a solution, but if you want to learn more about the features and
benefits of API management software, make sure to check out our
“API Management Software: A Primer” asset. It goes into more of what
API management is about, as well as how it can benefit both internal
and external APIs.
About SelectHub
SelectHub is a cloud-based technology selection management platform that streamlines
software selection, making IT sourcing more agile and collaborative. The platform
supports a comprehensive set of evaluation stages such as requirements gathering,
vendor shortlisting, demo use case management, RFI/RFPs and contract negotiation.
The SelectHub user community includes more than 100,000 companies ranging from
SMBs to large enterprises. To learn more, please visit https://selecthub.com.

© SelectHub. All Rights Reserved. 15