Thanks to the good work of my colleagues Eve Maler and Jeffrey Hammond, we have a new Forrester Wave on API Management Platforms, including evaluations of Layer 7, Mashery, WSO2, Intel, IBM, Vordel, and 3Scale. I won't spill the beans on the leaders, but I will share some of their analysis with my own interpretation to explain why you must care. First, let's define API management platforms as:
Middleware that developers use to publish and configure interfaces and that applications use at runtime to connect to the data services they need.
Here's why API management platforms matter:
As you build mobile apps for customers, partners, and employees, you need apps that perform well over the last wireless mile. And that means you need a great, RESTful API that provides design-time and runtime access to data services hosted by your on-premises applications. Think of it as "cloud-connect" technology that lets the data inside your datacenter get out and back (securely) to the mobile app that needs it. As mobile apps get more and more transactional, the need for API management platforms will become even more critical.
You are just getting going on the number, breadth, and complexity of the data service APIs you will need to build and operate. As mobile apps get interesting, with transactions, integrated applications, and more and better content and collaboration, you will need solutions that handle all those integration points. Think of it this way: RESTful interfaces give you the means, but now you need a system to handle the sheer number of APIs you are and will be building.
I’ve previously written about how modern application architectures are shifting toward compositional, service-oriented architectures — “for real” this time. RESTful services using XML or JSON payloads proliferate because they’re easy for developers of omnichannel clients to use on virtually any device they need to support. It doesn’t matter if they’re building native apps in Objective C or hybrid apps with Cordova — if they can get an open web API call, it’s good enough to move forward.
This shift to web APIs and modern applications means that companies have to shift their API management strategy as well. They need to 1) create the web APIs and 2) create a life cycle to manage them. It’s this life-cycle element that’s conceptually distinct from traditional SOA governance solutions. For one thing, the services live on the open bus of the Internet and carrier networks. Another difference is that web APIs are increasingly made availabe to third-party developers. They may be part of a newly formed developer community, or they may support the growing number of digital agencies and mobile specialist firms that your company uses to supplement development projects. Security and access models are different (e.g., OAuth 2), provisioning access to APIs needs to support light-touch approval workflows, sandboxes where developers can test their calls are important, and analytics that detail call volume and how developers are using APIs are must-have capabilities. Above all, a developer portal that provides good documentation, example code, and quick time-to-value are important if you want to attract and keep developers.
Amazon Web Services (AWS) is great, but many of our enterprise clients want those cloud services and values delivered on premise, behind their firewall, which may feel more comfortable for protecting their intellectual property (even if it isn't). AWS isn't very interested in providing an on-premise version of its solution (and I don't blame them). Today's partnership announcement with Eucalyptus Systems doesn't address this customer demand but does give some degree of assurance that your private cloud can be AWS compatible.
This partnership is a key value for organizations who have already seen significant adoption of AWS by their developers, as those empowered employees have established programmatic best practices for using these cloud services — procedures that call AWS' APIs directly. Getting them to switch to your private cloud (or use both) would mean a significant change for them. And winning over your developers to use your cloud is key to a successful private cloud strategy. It also could double your work to design and deploy cloud management solutions that span the two environments.