API management on Google Cloud
Priyanka Vergadia
Staff Developer Advocate, Google Cloud
APIs are the de facto standard for building and sharing the modern applications that power today’s enterprises. All modern businesses leverage APIs to move fast and stay competitive. But securely delivering, managing, and analyzing APIs, data, and services is complex and critical—and it’s getting more challenging as enterprise ecosystems expand beyond on-premises data centers to include private and public clouds, SaaS, and other IT endpoints. To navigate this complexity, businesses need API management.
What is API Management?
Let's consider a scenario, you've got some backend services including REST/SOAP services, microservices, a service bus and maybe some more third party services. You’ve got some consumers of these services on the other side: partners, employees and customers. They have applications which need to get data from your backend services or trigger an action with an API.
Developers are composing new and compelling applications using APIs to build and participate in ecosystems. Productizing those APIs underscores all of the compelling new business applications we see in the Internet Economy. All of those things it takes to productize APIs - developer portal, API packaging, flexible security options, and turning operational metrics into business analytics - that's what API Management is about and what Apigee offers.
What is Apigee?
Apigee API management helps modernize your applications and monetize your business channels. It helps control an application's access to the backend data and services. It also offers application developers with tools they need to access the API and helps API providers with tools they need to manage and provision the APIs.
API Services: This is the part that routes traffic from the applications to the backend services and acts as an enterprise gateway orchestrating those back-end services and preventing people from abusing them. This is where an API provider can enforce throttling and quotas on the services to protect the backend. You can build a facade over the back-end services and present a set of interfaces to those external applications compared to what's inside. You can even control access so different applications might have access to different services and they might get different results when they call them. You could reformat the request as it comes in and make it appropriate for your back-end services. The response that comes from the back-end services, you could change that around before sending it back to the applications. You can add caching to improve performance by responding directly from cache avoiding a call to the backend.
Developer Portal: Apigee offers a developer portal to serve the API consumer or the application developer. They can sign up to use the API, get credentials to access the service and documentation to learn how to use the API. If there's a need to serve the APIs as products API providers can take all the services and bundle them together into different packages that provide different access. If it is an internal portal you might keep it simple but if it's external facing you can brand it to match the branding of your website.
API Monetization: You can create a variety of monetization plans that charge developers (or pay them through revenue sharing) for the use of your APIs.
API Analytics: Helps your API team measure everything from developer engagement metrics to business and operational metrics. These analytics help API teams improve their APIs and app developers improve their apps. Helps answer questions about traffic patterns, top developers, which API methods are popular, API response times and other such metrics needed to improve the service.
Apigee gives you a choice between configuration or coding; there's a number of out-of-the-box policies that do basic things. You can drop in these policies to request a token or add response caching if you want to do code driven development. You can build your own policies and you can drop those in and mix them with the out-of-the-box policies and that can be done with JavaScript Java or Python.
What's the difference between API Gateway and Apigee API Management Platform?
API Gateway is a small subset of an API management platform. It enables you to provide secure access to and exposure of your services in Google Cloud (Cloud Functions, App Engine, Cloud Run, Compute Engine, GKE), through a well-defined REST API that is consistent across all of your services, regardless of service implementation. A consistent API:
Makes it easy for app developers to consume your services
Enables you to change the backend service implementation without affecting the public API
Enables you to take advantage of the scaling, monitoring, and security features built into the Google Cloud Platform (GCP)
Apigee, on the other hand, includes a gateway, but it helps drive API consumption because it also includes a developer portal, monitoring, monetization, advanced API operations, and other extension possibilities. The gateway itself is more capable, with built-in policies. Apigee can connect to arbitrary backends, including but not limited to upstreams hosted in Google cloud.
For a more in-depth look into Apigee API Management service check out the documentation and the video series.For more #GCPSketchnote, follow the GitHub repo. For similar cloud content follow me on Twitter @pvergadia and keep an eye out on thecloudgirl.dev