This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
API management is the process of creating and publishing web APIs, enforcing their usage policies, controlling access, nurturing the subscriber community, collecting and analyzing usage statistics, and reporting on performance.
While solutions vary, components that provide the following functionality are typically found in API management products:
- Gateway: a server that act as an API front-end, receives API requests, enforces throttling and security policies, passes requests to the back-end service and then passes the response back to the requester. A gateway often includes a transformation engine to orchestrate and modify the requests and responses on the fly. A gateway can also provide functionality such collecting analytics data and providing caching. The gateway can provide functionality to support authentication, authorization, security, audit and regulatory compliance.
- Publishing tools: a collection of tools that API providers use to define APIs, for instance using the OpenAPI or RAML specifications, generate API documentation, manage access and usage policies for APIs, test and debug the execution of API, including security testing and automated generation of tests and test suites, deploy APIs into production, staging, and quality assurance environments, and coordinate the overall API lifecycle.
- Developer portal/API store: community site, typically branded by an API provider, that can encapsulate for API users in a single convenient source information and functionality including documentation, tutorials, sample code, software development kits, an interactive API console and sandbox to trial APIs, the ability to subscribe to the APIs and manage subscription keys such as OAuth2 Client ID and Client Secret, and obtain support from the API provider and user and community.
- Reporting and analytics: functionality to monitor API usage and load (overall hits, completed transactions, number of data objects returned, amount of compute time and other internal resources consumed, volume of data transferred). This can include real-time monitoring of the API with alerts being raised directly or via a higher-level network management system, for instance, if the load on an API has become too great, as well as functionality to analyse historical data, such as transaction logs, to detect usage trends. Functionality can also be provided to create synthetic transactions that can be used to test the performance and behavior of API endpoints. The information gathered by the reporting and analytics functionality can be used by the API provider to optimize the API offering within an organization's overall continuous improvement process and for defining software Service-Level Agreements for APIs.
- Monetization: functionality to support charging for access to commercial APIs. This functionality can include support for setting up pricing rules, based on usage, load and functionality, issuing invoices and collecting payments including multiple types of credit card payments.
A number of industry analysts have observed that the size of the market for API management solutions has been growing rapidly from the early 2010s. Gartner estimated the size of the market for API management to be $70 million in 2013 and to be growing at 40% a year.
According to Forrester Research, in the US alone, annual spend on API management was $140 million in 2014, expected to grow to $660 million by 2020 with total global sales are predicted to exceed a billion dollars by that year.
The wide adoption of APIs led to the emergence of off-the-shelf API management products, open-source projects, and SaaS offerings. Both Gartner and Forrester Research list a number of API management vendors in their reports. Companies listed by both as being active in API management space and other organizations working this area include
- 3scale (now owned by Red Hat)
- API Fortress
- Apigee (now owned by Google)
- App42 API Gateway
- Asseco (Ceptor API Management)
- Axway (acquired Vordel)
- CA Technologies (acquired Layer 7)
- IBM API Connect
- Intel Services
- Kong Inc.
- Microsoft (Azure API Management)
- New Relic
- Oracle API Platform Cloud Service
- Red Hat
- Rest Secured
- Rogue Wave Software (acquired Akana)
- Sensedia (part of CI&T)
- Software AG
- Tibco (acquired Mashery)
- Tyk Technologies
- Wicket Labs
- Lawson, Loraine. "Gartner: SOA Governance and API Management Markets Merging". IT Business Edge. Retrieved 23 September 2016.
- Heffner, Randy; Yamnitsky, Michael; Mines, Christopher; Fleming, Nate. "Sizing The Market For API Management Solutions". Forrester Research. Retrieved 23 September 2016.
- Yamnitsky, Michael. "The API Management Solutions Market Will Quadruple By 2020 As Business Goes Digital". Forrester Research. Retrieved 23 September 2016.
- "Magic Quadrant for Full Life Cycle API Management". www.gartner.com. Retrieved 2017-06-14.
- "The Forrester Wave™: API Management Solutions, Q4 2016". www.forrester.com. Retrieved 2017-06-14.
- "Comprehensive Solution to Securely Expose Protected Resources as APIs". Retrieved 27 September 2017.
- "Gartner Reprint". www.gartner.com. Retrieved 2018-05-16.
- "Oracle Named a Leader Again in 2018 Gartner Magic Quadrant for Enterprise Integration Platform as a Service". www.oracle.com. Retrieved 2018-05-16.