You need API management help: 11 open-source tools to consider

There is a lot to consider when providing an API. From how the service is managed to style governance, the developer portal, security, gateway, and monetization, API owners have many features to maintain and support.

Throw analytics and monitoring in the mix, and you arrive at the need for a full-fledged API management back end. Thus, as microservices and APIs thrive, the need to streamline the management side grows exponentially.

While there are plenty of commercial API management options out there, from providers such as 3Scale, Kong, and Axway, among others, some API providers may desire to build upon open-source components.

The argument for open-source software has been made many times: It's forkable, customizable, and distanced from vendor lock-in. So, what open-source options are out there for API management?

Here's a rundown on the major open-source API management solutions and platforms and how they compare.

World Quality Report 2018-19: The State of QA and Testing

1. API Umbrella

API Umbrella is an open-source proxy for APIs and microservices. Acting as an entry point for microservices, the proxy provides rate limiting, caching, API keys, and analytics. It also generates an admin web interface that can be initiated using the tool's own API.

Using API Umbrella, multiple organizations can operate under the same "umbrella," simply by allowing varying admin permissions for different domains. Check the API Umbrella documentation, or fork it on Github.

2. Gravitee.io

Designed to be lightweight, Gravitee.io is an open-source API management platform that you can download here. It offers many features out of the box, including rate limiting, cross-origin resource sharing, IP filtering, load balancing, and a developer portal with OAuth2 and JSON web token policies.

A nice feature is the ability to create fine-grained reports to decipher your API's usage data. The vendor also open-sourced the authorization gateway and management portal separately, which could offer plug-and-play abilities.

3. APIman.io

Red Hat provides an open-source API management tool called APIman.io that you can download from the GitHub repository. APIman.io provides a configuration layer that emphasizes quick runtimes, offering policy-based governance with a detachable policy engine, a REST API for management, asynchronous capability, rate limiting, and more.

With billing and analytics options too, APIman.io covers the basic necessities for API management. Red Hat also supports APIcurio, an API design suite that is also open source.

4. WSO2 API Manager

WSO2 provides API Manager (download), an open-source option for handling elements along the API lifecycle. Features include design and prototyping for SOAP- or REST-style APIs, governance policies, access control with OAuth2, monetization, and more.

It accepts OpenAPI (Swagger) definitions. With varying levels of gateways and developer portal options, the WSO2 API Manager seems like a good fit for enterprise environments.

5. Kong Community Edition 

The Kong Community Edition (CE) package, downloadable here or on GitHub, is a "popular open source microservices API gateway," according to the project's backers. Platform-agnostic, Kong installs easily in multiple operating environments, including Docker, Kubernetes, CentOS, and OSX.

Kong offers a breadth of API and microservices management features. Some unique ones include WebSockets, common language infrastructure capability, and great visualizations for monitoring. Kong has good support, with an active changelog, and has wide enterprise adoption. 

6. Tyk.io

Written in Go, the Tyk open-source gateway (download it here) can be used for on-premises API management. Tyk generates a dashboard for API analytics, and includes a developer portal with documentation, rate limiting for APIs, authentication, and other features designed with an emphasis on microservices environments and containerization.

One downside is Tyk's disclaimer that commercial services must upgrade to paid versions. Nonprofit projects can benefit from a pure open-source gateway from Tyk.

7. Swagger 

Smartbear, the owners of Swagger—the precursor to the OpenAPI Spec—provides open-source components to help with API development and maintenance. These come in the form of the Swagger Editor for design, Swagger CodeGen for SDK generation, and Swagger UI for documentation generation. All tools can be forked on GitHub.

Although the for-fee Swagger Hub is the more holistic management option, its open-source tools are often baked into API management environments. One example is the widespread use of Swagger UI within many developer portals across the industry. A benefit is ongoing project maintenance from Smartbear, which has a strong foothold within the API developer community.

8. Apigility

Built and maintained by Zend framework, Apigility is an open-source framework for developing APIs. Apigility helps create and expose JSON representations for your code. It allows REST and RPC API styles, offers JSON using the HAL hypermedia type, and provides different versioning options. It also provides authentication with OAuth2 and documentation that supports the OpenAPI Spec as well as the API Blueprint.

You can download it here, or initiate a startup from your terminal as follows:

curl -sS https://apigility.org/install | php # or if you do not have curl installed php -r "readfile('https://apigility.org/install');" | php # open your browser to http://localhost:8080

9. Fusio

Fusio is another open-source option for managing APIs; it allows API construction from various data types. Fusio comes with lifecycle management features such as a back-end dashboard for admin control. It also includes developer portals, documentation, JSON validation for incoming requests, rate limiting, and scope handling to match user permissions.

One unique ability is subscription; Fusio can be used to implement pub/sub-style subscription services. Download Fusio on GitHub.

10. API Axle 

API Axle, open-sourced by Exicon, is a simple proxy that sits on the outskirts of an API. It provides functionality like rate limiting, analytics, and authentication. API Axle logs API traffic for statistics and reporting, and it can be used to create and assign API keys. It supports REST API design, and there are Node.js, Go, and PHP community libraries available to access the API.

API Axle is a lightweight alternative to some of the more verbose packages on this comparison list.

11. Repose

Similarly, Repose is another lightweight middleware offering helpful API management features. It can rate limit, authenticate, validate requests, and log requests for monitoring purposes. View the documentation for instructions on deploying from any environment.

The end goal of Repose is to "enable downstream services to trust incoming requests as validated and well-formed." View the GitHub repository for more information on this programmable API middleware platform.

API management: It's important

For public-facing services, partner integrations, and even internal services within organizations, streamlining the management side of web APIs is a smart move to save effort and avoid reinventing the wheel.

Building upon open source can safeguard the longevity of an API management solution, since the tools are free from lock-in. This helps empower API owners with security and the ability to evolve the software long term. Avoiding subscription fees, open source can also help make startups leaner, or help enterprises cut costs.

Sure, some of these organizations have enterprise upgrades and consulting that go beyond their community editions, as has become the open-source business model in recent years. Therefore, compare these services and their features with a careful eye.

For more opinions on API management with open-source tools, API Evangelist has also summarized some of the tools named above. There is also a semi-active Quora forum on the subject.

Topics: Dev & Test