Why do Organizations Expose APIs?
Organizations often lack the resources to support mobile Bring Your Own Device (BYOD), supply chain, or eCommerce initiatives. By opening a set of APIs to external developers, organizations can reduce costs, expand the reach of their products or services, and create new channels of revenue in the following ways:
- Mobile application developers can create mashups and apps that satisfy a particular user niche and are optimized for specific mobile device types and platforms.
- Enterprise application developers can leverage APIs to simplify integration with suppliers and B2B partners.
- The involvement of external developers fosters innovation and collaboration throughout the development community. In return, the resulting developed applications offer the organization additional potential revenue as those applications reach new markets or customers in new ways.
Why do APIs Need to be Managed?
The APIs that an organization exposes contain core assets the organization would want to protect. As with the services they support, these APIs have a life cycle, need to be managed and governed, and require mediation and security at run time.
From an API provider’s perspective, an API management tool is needed that enables the provider to do the following:
- Maintain an inventory of APIs and their associated resources.
- Publish, secure, and retire APIs according to defined service level agreements.
- Onboard API developers and give those developers the ability to publish APIs on behalf of the organization.
- Onboard API consumers who use the published APIs in their own applications.
- Provide tiered access to APIs, for example according to authorization level.
- Track key performance indicators (KPIs) to help monitor and interpret API use.
From an API consumer’s perspective, an API management tool should provide the ability to:
- Browse a catalog of APIs and obtain details and code samples for a specific API.
- Sign up and request and manage access tokens to download an API and its associated resources and documentation.
- Test the functionality of an API.
- Collaborate with other API consumers by way of forums or integration with social media.
What is webMethods Developer Portal?
webMethods Developer Portal is a web-based, self-service portal that enables an organization to securely expose APIs to external developers, partners, and other consumers for use in building their own applications on their desired platforms.
webMethods Developer Portal provides the following features:
- Branding and customization. Administrators can customize their portal’s logo, colors, and fonts to match their organization’s corporate identity. Administrators can further customize their portal by modifying pages, incorporating widgets, and changing the appearance and organization of APIs, adding custom pages, components, and labels.
- Support for three types of APIs. Developer Portal supports traditional SOAP-based APIs, REST-based APIs, and OData APIs. This support enables organizations to leverage their current investments in different types of APIs.
- Quick, secured provisioning of access tokens. Approval workflows simplify the provisioning of applications. These workflows enable the API provider to individually approve access token requests that developers submit from Developer Portal. API key, OAuth2, and JWT credentials are supported as part of this feature.
- Easy discovery and testing of APIs. Full text search capabilities help developers quickly find APIs of interest. API descriptions and additional documentation, usage examples, and information about policies enforced at the API level provide more details to help developers decide whether to adopt a particular API. From there, developers can use the provided code samples and expected error and return codes to try out APIs they are interested in, directly from within Developer Portal, to see first-hand how the API works. APIs can be grouped and grouped based on various filters in the gallery for easier discovery. For example, APIs in a large catalog can be grouped by business domain, free versus paid, or public versus B2B partner. APIs can also be flagged based on maturity level (for example, beta versus production or release).
- Quick, secure onboarding of new users. Easy to configure approval workflows in Developer Portal graphical user interface to define how the user onboarding should take place, with or without confirmations.
- Platform to collaborate. Developer Portal provides a collaborative community environment where API consumers can rate APIs and contribute to open discussions with other developers.
- Built-in usage analytics. Developer Portal provides the Dashboard feature that the Developer Portal Administrator, API Providers, and API Consumers can access based on their roles to view Key Performance Indicators (KPIs) based on page views and API views by users, track total number of logins, the success and failure of logins, user registrations, and user audit log, study the API's invocations per user and its performance during runtime, study the API invocation trends by response time, success and failure rates, and track the total API requests over a period of time, requests over time per API, and API request log. This information helps you understand how the APIs are being used, which in turn can help identify ways to improve users’ portal web experience and increase API adoption.
- Support for Localization. Developer Portal supports localizing API information and description.
The webMethods API management suite products include the following:
- webMethods Developer Portal. In Developer Portal, API consumers browse the catalog of APIs that a provider has published. Consumers can sign up and request an access token to test the API.
Users can view the API usage analytics data in the Developer Portal dashboard based on their privileges.
- webMethods API Gateway. API Gateway enables an organization to securely expose APIs to external developers, partners, and other consumers for use in building their own applications on their desired platforms. It provides a dedicated, web-based user interface to perform all the administration and API related tasks from the API creation, policy definition and activation, creation of applications, and API consumption. API Gateway gives you rich dashboard capabilities for API Analytics. APIs created in API Gateway can also be published to Developer Portal for external facing developers' consumption. API Gateway supports REST APIs, SOAP APIs, and WebSocket APIs, provides protection from malicious attacks, provides a complete run-time governance of APIs, and information about gateway-specific events and API-specific events.
The following diagram illustrates the Developer Portal communication flow between API Gateway and Developer Portal.