Shulou(Shulou.com)06/02 Report--

This article mainly explains "what is the meaning of API management". The content of the explanation in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn what API management means.

Like many of our customers, you may find the concepts and terminology of API solutions quite daunting. In this blog, we will discuss key API concepts and explore the relationship between API management and API gateways.

We analyze it in the following aspects

Internal interface-Internal APIs

Internal interfaces are exposed only to other applications within the enterprise (and their developers), not to external users. Internal interfaces help unlock data and facilitate collaboration between functional units within the enterprise. Here is an example: before providing assistance to the customer, the enterprise's technical support team needs to determine whether the customer has a valid support contract. This information is already stored in the enterprise's customer relationship management (CRM) systems, such as Salesforce. The customer's application invokes CRM's internal API instead of replicating information in its own database.

External interface-External APIs

The external interface is exposed to users outside the enterprise. They provide a way to build partnerships with third-party developers, as well as the entire business ecosystem of your suppliers, distributors, distributors, and even customers. The external interface also enables enterprises to use innovative business models to generate new sources of revenue. Google is a case in point. Many third-party websites and applications embed Google Maps to help end users locate or get directions. It doesn't cost anything for the end user to access the map, but after a certain number of clicks, Google charges the site or application for each interface call.

Define and publish-Definition and publication

Interface management solutions provide an intuitive interface to define meaningful interfaces, including basic paths (URL), resources, and endpoints.

Resources are the basis of any interface definition, and they are abstractions of the information on which the interface performs operations. The sample resources are documentation and customer id. Call API to retrieve this information. The endpoint specifies the location of the resource. The interface has a base URL with an additional endpoint path. All interface points are relative to the basic URL. For example, in the interface endpoint https://open.wuxiongwei.com/v1/inventory/, / v1 is the basic path and / inventory is the resource.

Interface management solutions enable interfaces to be published to various environments, such as production, testing, or development. This ensures the consistency of each environment and prevents misconfiguration. These solutions also automatically create new interfaces and modify existing interfaces.

Interface Gateway-API gateway

As mentioned earlier, the interface gateway protects communication between the back end and the interface consumer. Interface gateway functions include verifying interface calls, routing requests to the appropriate backend, applying rate limiting to prevent system overload or mitigate DDoS attacks, offloading SSL/TLS traffic to improve performance, and handling errors and exceptions.

Micro Gateway-Microgateway

Many solutions have a centralized, tightly coupled data plane (interface gateway) and control plane (interface management tool). All interface calls must pass through the control plane, which increases latency. The interface gateway in this architectural approach is inefficient in handling traffic in a distributed environment (such as in-service traffic in a microservice environment or handling Internet of things traffic to support real-time analysis). Therefore, in order to manage traffic that is very close to the interface consumer and provider, the solution vendor introduces an additional software component called a micro-gateway to handle interface calls.

Interface Analysis-API analytics

As your interfaces become popular, you need to ensure that they provide value to your interface consumers while meeting your business goals. This is where interface analysis becomes critical. Interface management solutions provide key insights into interface metrics and usage through visualization, such as dashboards and reports, and inform you (as examples) which interfaces are most and least used, how interface traffic changes over time, and which developers are the main consumers of the interface. Interface analysis enables the interface business owner (interface product manager) to have an in-depth understanding of the performance of the interface program.

Analysis is also important for troubleshooting. Interface management solutions provide in-depth visibility into operational metrics on a per-interface basis. These metrics enable infrastructure and operations teams to monitor and troubleshoot performance and security issues. Here are some questions that analysis can help answer:

What is the status and uptime of all my interface gateway instances? When will the interface slow down? When did an HTTP error occur on the interface?

Interface Security-API security

Security is a key aspect of the interface infrastructure. Without robust security, anyone can access your interface and data and introduce malicious behavior by calling calls to insecure interfaces. Interface security requires the following elements:

Authentication

Authentication is the process of reliably identifying the caller. The interface authorization code is a standard mechanism for verifying and identifying callers who want to access the interface. The interface management solution provides an interface for the interface provider to generate interface keys, which can then be shared with third-party developers for use when invoking the interface. OAuth is a widely used authentication mechanism.

Authorization

Authorization is the process of determining which privileges or access levels are granted to the user. One way to authorize users is through a JSON Web token (JWTs). JWTs is an access token declared by an assertion (a term in JWT for personal privilege). For example, the JWT displayed by a client application might contain a declaration that allows access to a specific resource. If the client application attempts to access any other resources, a HTTP 403 forbidden error will be returned.

Role-based access control (RBAC)

RBAC refers to defining user roles with certain privileges. For example, infrastructure and operators are usually not responsible for creating and publishing interfaces, but only for monitoring and troubleshooting. As a result, they are assigned roles with only these privileges. Similarly, only the interface product manager is assigned the role of accessing interface analysis.

Rate limit

A rate limit is a limit on the number of requests that a caller can make within a specified period of time (for example, 10000 requests per second). Rate limiting prevents back-end system overload and helps mitigate DDoS attacks. The interface management solution provides an interface that defines the rate limit, which is then enforced by the interface gateway. Rate limiting also enables you to provide a hierarchical service level (for example, the Gold client can issue 10000 requests per second, while the Silver client can issue 5000 requests per second).

Developer Portal-developer Center-Developer portal

The developer portal is an online URL where you can publish resources to facilitate quick browsing by interface users, such as external interface directories, comprehensive documentation, and sample code. The developer portal also allows third-party developers to register their applications and obtain interface keys. Some solutions also provide a mechanism for interaction between developers who use your interface. A well-designed developer portal is critical to the success of the interface program.

In fact, if the design is an open platform, this management interface is enough, but we are in an environment where many enterprises have their own interface management system, some may be maintained in rap, some may be maintained in yapi, and some functions have no maintenance interface at all, only code. In this case, the capabilities of the above general open platforms are limited if you want to help similar enterprise management interfaces, so let's discuss the points that may be extended.

Unified management interface

Enterprises maintain interfaces in platforms such as rap,ypai,postman, which need to be easily entered or imported into our interface management platform.

There is no management interface, only code

In this case, there is no way once and for all. At least the interfaces you want to manage in the existing system should be sorted out and maintained in file media such as excel or markdown. Our interface management platform needs to be able to import and maintain these interfaces quickly and efficiently.

Swagger- new Internet company, swagger maintenance interface

Nowadays, many Internet companies use swagger maintenance interface, and swagger is really a good tool. As long as open personnel enter some comments in the code, they can generate interface documents with one click, which is very convenient.

Soap- enterprises mainly provide interfaces through wsdl

Looking forward for five or 10 years, most companies connect interfaces in the way of wsdl, and wsdl has its unique security capabilities. So when it comes to such an enterprise, how to maintain the interface? the answer is that we have to convert wsdl into rest in order to be unified into the interface management platform for maintenance.

-the Internet of things.-Yeah.

IOT is the trend of the times. CoAP and MQTT are commonly used forms of protocol. How can we maintain them together? Yes, you are right, just like the soap interface, it is uniformly connected to the management platform after conversion. Of course, after the conversion, the efficiency will definitely get worse, and CoAP and MQTT are designed to improve performance and response speed. In fact, as long as the existing interfaces are maintained uniformly, there is a chance to convert CoAP- > rest to CoAP- > rest- > CoAP (MQTT) and finally to CoAP- > CoAP (MQTT).

Thank you for your reading, the above is the content of "what is the meaning of API management", after the study of this article, I believe you have a deeper understanding of what API management means, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.