What the evolution of API management means for DevOps
With resources stretched and margins getting thinner, application programming interfaces and the API economy will continue to play a critical role in connecting services, applications, and clouds.
"It is clearly an API economy," said Anant Jhingran, co-founder of StepZen, a provider of serverless GraphQL APIs. "Enterprises of all shapes and sizes build and consume APIs."
The shape of the API landscape is changing, however. REST APIs ruled as the dominant pattern for over a decade, Jhingran said. The next decade will be driven by GraphQL APIs. The reason is simple: GraphQL APIs are better from a consumption perspective because they enable front-end and app teams to ask for exactly what they want and get it in the shape they want—something that could never happen with REST APIs.
Changes for API management
API management has also changed over the last five to 10 years, said Stephen Feloney, vice president of continuous-testing products at Perforce Software.
"At first, API management was considered just an API gateway, meaning if you have the gateway, then you have API management," he said.
API management involves designing, deploying, securing, managing, monitoring, and publishing APIs. As such, it speeds up digital transformation efforts. APIs are essential in DevOps, and DevOps processes can help enhance API management.
An API gateway, meanwhile, traditionally represented little more than a way to manage security and scale through APIs. Today, API management involves managing the API from creation through testing, deployment, and deprecation/end-of-life.
Most enterprise companies will have applications and services that run the gamut of API technologies. Accordingly, API management solutions have to be able to support them all, including SOAP, SOA, REST, GraphQL, gRPC, and future such developments, said Feloney.
The increasing importance of communication between enterprise applications has led to improved adoption of industry standards to document, develop, expose, and consume APIs, said Justin Carlson, solution engineer for integrations at Hyland Software.
"Using a standard, such as the OpenAPI Specification, to define the API allows us to leverage third-party tooling to help in many aspects of development," said Carlson, including auto-generating documentation and client libraries, and using mock servers for automated testing.
Additionally, said Carlson, an API gateway can provide a mechanism to help define, control, and monitor what the APIs look like.
All these tools offer ways to automate build processes, increase testing automation, and automate deployment practices, said Carlson—leading to faster development cycles, increased quality, and a better experience. Organizations are often looking for ways to improve processes and/or reduce costs, and continuing to evolve and adapt API management should not be an exception.
Synergy between API management and DevOps is key
API management and DevOps have been "fake friends" for quite a long time, said Dominik Rose, vice president of product management and platform strategy at LeanIX.
APIs and associated technologies are part of developers' daily work. But API management is usually driven by business needs, such as unlocking new business models or complying to regulations (e.g., the EU's revised Payment Services Directive, a.k.a. PSD2) and technological needs, such as connecting SaaS and no-code/low-code solutions.
"Today, successful companies are creating synergies between both disciplines," said Rose. "And acknowledging that there are different ways to approach APIs is the first step of the common journey—which ultimately results in an increased level of agility, a more cohesive understanding of data, and an informed approach to technical debt."
Rose advocates for a modern approach to value stream management that combines an API catalog with a service catalog. According to Rose, this ensures that developers and business stakeholders can rely on updated data when they communicate with each other.
"It is a common architectural pattern these days to have your business applications running behind APIs," said Karl Adriaenssens, who works in the office of the chief technology officer at GCSIT, an engineering consulting firm. "This transformation of your business applications has given your development teams large numbers of APIs to manage over multiple development teams and multiple environments."
API management system no longer optional
There are literally no limits to the number of APIs in service, Adriaenssens said. Depending on its business model, an organization may use dozens, hundreds, or more. Those APIs come in many different forms—such as public/open APIs, private/internal APIs, partner APIs, data APIs, and service APIs. Managing all this activity requires oversight using an API management system and DevSecOps.
For a business with a mature API platform, having a robust API management system in place is no longer optional, said Adriaenssens. DevOps cannot maintain its ever-increasing velocity without dealing with this quickly growing API management workload.
Just as they once became the cornerstone of application development, continuous integration (CI) and continuous deployment (CD) pipelines have now become a crucial component of developing and managing the strategic set of APIs that front-end the applications, Adriaenssens said. These pipelines allow DevOps to automatically deploy API changes without all the error-prone manual steps.
"I would consider it best practice to make sure that all APIs use DevOps CI/CD pipelines and will only be exposed through an API management service," said Adriaenssens. "This is the only method to ensure that every time an application developer releases a new version of their application, the API definition in API management gets updated without manual intervention and without wasting resources."
With the speed of development continuously accelerating, all API management functionality needs to be as seamless as possible, said Perforce's Felony. Less friction will ensure more adoption and getting services to market in a timely fashion.
"The more manual steps and handshakes that occur will slow down the process," said Felony. "Groups will look for shortcuts, and the company will not realize the full potential of their services and the timeframes they are expecting."