State of Application Programming Interfaces (API) Management and Security – Q3 2019

Authors

Archie Reed – Principal Consulting Analyst

Abstract

At TechVision Research, we see the management and security of Application Programming Interfaces (APIs) as a core and strategic competence supporting the evolution towards the Digital Enterprise.

APIs are used as part of the glue across almost all types of application development environments supporting the integration of cloud-native, mobile, enterprise, line of business and consumer applications. Done right, API management and security support a well-managed Digital Enterprise and enable the rapid delivery of scalable, integrated and flexible applications. It further allows an enterprise to offer internal and external developers consistent, efficient and secure access to a growing suite of digital capabilities.

This report is an Enterprise level-set on how APIs are used, managed, and secured within, across, and outside organizational and technology boundaries. This report is not a vendor review, focusing rather on the core elements of API management and security as applicable to the enterprise. While traditionally considered a highly technical discipline supporting developers, APIs can now support almost functional requirement or role in an organization, with many useful APIs now widely available.

The movement from monolithic applications to distributed and modular component-based services and the need to integrate/orchestrate these services through APIs, creates large operational and security challenges. These new points of access, controls, real-time signals/metrics, and rapid feedback loops are just a few of the requirements that security teams face in cloud-native environments and the focus of this emerging category of API management and security

This report starts by looking at the basic components and use cases for APIs and then discusses the basics of API management and security. We then describe a reference architecture approach and highlight solutions for common enterprise use cases. Finally, we look at the future of API management and security concluding with a set of recommendations for best practices and next steps.