Many companies are creating an API and they like to have a developer community.
Apart from the API Design & Development there is another important activity
API Management. As of this Writing the Three major companies in the API Management are
1. Mashery
2. apiGee
3. SONOA
Almost the business model of all the above mentioned companies are very similar.
like providing the below API Management Capabilities
Throttling, alerts , Usage graphs,API key provisioning and Management ,a dedicated portal to host the documentation,blogs,forums etc..
There is no doubt these are very essential features for a corporate to support their API's and developers.
SO does all the companies who have an API are dependent on a separate vendor for API Management?
Let's forget about the cost involved for having a dedicated Managment Vendor. Apart from the Cost there is also a significant impact on the security
API's which deals with Payments/credit card information/restricted Data(restriction levels are classified by the company which exposes an API). are not considering a dedicated vendor for API Management
eg: Paypal,Master card Payment Gateway,Amazon s3,e bay
As long as the Data produced and Consumed by the API are not required to be very secure this API Management Model seems to be very good.
eg: Bestbuy API which exposes the catlogs,products etc..Netflix,NYTimes are exposing their API through a separate API management vendor.
Not To say that Security is compromised when we have an API Management vendor outside the Network.
But it does have an impact on the security Design of the API being Exposed through the API Management Vendor.
eg: https (point to point connection are not enough to secure when you have a management proxy.So security has to be end to end.)
XML Encryption is an option to Provide the End to end Security.
Engaging an API Management vendor outside the corporate network should also depend on the 'Security of the Data flowing through the API'.
While Architecting a solution for this model surely Architect will have to take a critical decision by listing the tradeoffs .
Please let me know if i am not correct in my Views.
Thanks
Prem
