Nowadays APIs are omnipresent. In a world of intelligent Virtual assistants (a.k.a. Chatbots), like Google’s Alexa, and a “Connect everything”-mentality this is not surprising. In addition, APIs are essential building blocks of modern software applications build on top of new architectural patterns like Microservices. That’s the technical side.
From a corporate perspective, APIs provide the chance to create new digital business models and economies by exposing services and data to business partners and customers. The challenge: How to ensure Usability, Security, Transparency and Discoverability for the exposed APIs?
Design-Driven API Management
With API Platform Cloud Service (APIP CS), Oracle launched the next big thing today making their Platform as a Service (PaaS) offering even more complete.
APIP CS is a lightweight, cloud-native platform that is capable for covering the complete API Lifecycle from Planning to Retirement.
Having an integration with Apiary.io, which was acquired by Oracle in the beginning of this year, the platform comes with a powerful API Design component and thus supports an API First approach, where API designers, API developers, architects and API consumer developers respectively App developers can consistently work collaboratively to create an appropriate API definition. This results in a consistent, intuitive API, driven by design.
The picture below depicts the platform architecture of APIP CS (Graphic by Luis Weir, Capgemini):
Besides Apiary (1) as the API Design Platform, the graphic depicts the other basic components of APIP CS, which are the Management Service (2) and the API Gateway component (3). For Identity and Access Management purposes APIP CS integrates with the Identity Cloud Service (IDCS), which can connect to different Corporate directories.
As mentioned before Apiary is the API Design environment giving users with different responsibilities the chance to collaboratively work on new Business APIs, defining it in an API First style.
To support the API Lifecycle from the very first beginning, the Design phase, Apiary comes with an intuitive and easy-to-use browser-based UI, supporting API Blueprint and Swagger for describing APIs. In addition, Apiary provides Source Code Management System integration, e.g. with Github, to further collaboration and offers a Mock Server, so that App developers can directly work against newly defined APIs. This ensures short feedback cycles and furthers an efficient API delivery.
The Management Service is the central heart of APIP CS and is used for implementing, managing and discovering APIs. It is a cloud-based component which “lives” in the Oracle Cloud. Out-of-the-box the Management Service provides two UIs: the Management Console and the Developer Portal.
The Management Console is the main tool for API Managers. Using the console, new API implementations can be created, deployed, managed and monitored. In addition, the API Manager can publish a documentation of the API to the Developer Portal. for which simply a link to Apiary can be created.
The Developer Portal is the main UI for App developers that can use the portal to discover the published APIs and to register applications for using those APIs for their app development. If no appropriate API could be found by the App developer, it potentially needs to be created.
Through it’s Platform APIs, the Management Service is customizable and extendable. Basically all functionalities, provided by the Management Portal or the Developer Portal can be also executed using the corresponding REST-based Platform APIs of the Management Service.
A Gateway is the component responsible for executing the Policies defined for the APIs at runtime. APIs are deployed to a Gateway node using either the Management Service or a REST API.
The Gateway as such is a standalone component which can be installed either to Oracle Cloud platform, 3rd party Clouds (Azure or Amazon) or On-Premise. A Gateway periodically reaches out to the Management Service to check for updated API implementations and to send analytics informations to the Management Service.
This “Hollywood”-style communication approach (“Don’t call us, we call you”), makes life much more easier, because there is no need for explicitly opening firewall ports per Gateway, since every Gateway does outbound calls to the Management Service and not the other way around.
Oracle APIP CS has a very strong and clear vision, how API Management should be done today – and how it should not be done, of course. It supports users to ensure Usability, Security, Transparency and Discoverability for the exposed APIs and convinces with it’s API First philosophy, is extendable as well as customizable.
From an User experience (UX) perspective, the implementation of APIs using the Management Console is intuitive and straight-forward; there’s no need for extensive training on how to implement APIs using APIP CS. The same is true for the Developer Portal and also for the Design platform Apiary.
From an infrastructure respectively architecture perspective, the hybrid deployment model of the API Gateway components, allows the creation of flexible, consistent and robust API-based architectures.
To make a long story short: APIP CS is a flexible, scalable and easy-to-use solution to thrive innovation by unleashing the power of APIs.