What is API Management
API Management covers many different concerns such as:
Provide one place to manage, discover and govern your APIs
Design, create, describe and document your APIs
Create mocks and tests to your customers, allowing them to provide feedback during development process and creation of new APIs.
API Governance and lifecycle
Provide APIs in different environments, e.g. sandbox for testing, prerelease environments and production with different implementations, mocks etc. Manage different versions, deprecate older versions.
Provide API discovery, subscriptions, access to API descriptions and documentation and allow developers to try out APIs using a Developer Portal.
Secure access to APIs, authenticate partners / developers using different methods and authorize their access to individual APIs or operations.
Rate Limiting / Throttling
Put limits on API calls, provide different subscription levels, SLAs etc.
Allows hard limits (denying requests when limits are exceeded) and throttling, slowing down rate of consumption.
Provide insight into who is using APIs, how they are used, how often - provides valuable insight into business and operations level information.
Charge for API usage, revenue-share with partners and track billing.
Ceptor API Management
Ceptor API Management is a full-featured API Management product which enables access to full API management functionality.
Features range from a Service Repository with built-in support for authoring APIs to full support for Ceptor's many proven authentication and authorization methods over full API Gateway functionality to a customizable API Developer Portal supporting self-registration which allows you to expose your APIs to both internal and external consumers.
Ceptor API Management is:
Where other products focus mostly on monetizing APIs, Ceptor API Management is more focused on providing flexibility to enterprising solving complex use cases that go far beyond simply publishing and subscribing to APIs. Built on top of Ceptor's proven flexibility
Within Ceptor API Gateway, we have these concepts:
- An API Group is a container for APIs, it is a way of categorizing APIs
- An API exists inside an API Group - one API can contain many API Versions
- A number of Subscription Plans can be associated with an API
- A Subscription Plan contains a set of Rate Limits, which limits the number of requests which can be made by one API Partner Application in a given time period.
- An API Version contains the API Specification, Implementation, Security restrictions and is published to one or more Environments
- You can have as many Environments as you want, e.g. Sandbox, Production, Preproduction or TestOne, TestTwo and TestTree.
- Ceptor API Gateway serves APIs within one or more Environments. When APIs are called, API Usage information is stored for later analysis.
- Ceptor API Gateway authenticates users using the Session Controller which has Authentication Plugins that looks up Partner Applications based upon client IDs, API keys, SSL client certificates or other credentials.
- One API Partner is an organisation or group that has a number of API Partner Applications registered to it.
- An API Partner and its Partner Applications are registered in the API Developer Portal by API Developers who can self-register in the portal.
- An API Profile can be used to specify common settings for a set of APIs, e.g. security settings, or it can limit which element an API Designer is allowed to use.
- An API Designer use Ceptor Console / to author and design APIs.
- API lifecycle
- OpenAPI, WSDL or Plain HTTP APIs
- Publish APIs to one or more environments
- Optional administrator approvals of API subscription requests
- Mock APIs
- Restrict access to APIs or operations
- Create environment-specific or global implementation
- Template responses created from OpenAPI schema
- Proxy APIs
- Implement API using Drag and drop Pipelines and Tasks (or Policies).
- API Profiles - share common characteristics between APIs or limit API Designers choices.
- API usage/monitoring
- Several datastores including Elasticsearch provided by default, and API to roll-your-own.
- Rate limiting
- Choose from several implementations or use the API to create your own.
- Proxying or implementing APIs
- Mocking APIs
- Complex authentication and authentication - enabling full use of the entire arsenal of authentication options Ceptor has supported for decades.
- Examples of plugins and authentication options:
- Active Directory
- Generic LDAP server
- OpenID Connect / OAuth2
- API key
- Basic Authentication
- SSL client certificates
- SAML / ADFS
- TOTP Authenticator
- SMS OTP authenticator
- SPNEGO / Kerberos
- Fido U2F
- Script based custom authentication makes it possible to build your own.
- Examples of plugins and authentication options:
- Gateway configuration can override security defined on APIs
- Expose published APIs on multiple environments in one or more gateways - based upon hostname, path, restricted IP addresses, GeoIP etc. etc.
- Plugins for API usage datastore, use a prebuilt or create your own
- Consolidate usage information from many sources including Ceptor into your own custom data repository or SIEM product.
- Authentication and authorization
- Use Ceptor's API partner or your own existing user repository.
API Developer Portal
- Exposes APIs to consumers
- Internal or External
- API subscription
- View pending API subscription requests
- Built-in API execution - try invoking APIs from the portal itself.
- API discovery and documentation