As APIs become the foundation of the digital economy, CA, SOA Software, and Apigee head the list of API management system vendors, according to Forrester Research.
10 Big Data Online Courses
(Click image for larger view and slideshow.)
API management is an increasing concern for IT as companies wade deeper into the digital economy. Forrester Research has just published a report looking at the leading companies in the field: CA Technologies (which entered API management with its purchase of Layer 7 Technologies in June 2013), SOA Software, and Apigee.
Among the "strong performers" were IBM, Intel Services (which bought the API management firm Mashery in April 2013), WSO2, MuleSoft, Tibco, and Axway. The Forrester report on APIs contains a third category, "contenders," where 3Scale and Informatica reside.
These 11 companies were featured in "The Forrester Wave: API Management Solutions, Q3 2014," which was issued Sept. 29. The Forrester Wave reports work on a principle similar to the Gartner Magic Quadrant reports and contain a graphic that positions all the named companies in a rough ranking. Forrester has been reporting on the API field since early 2013.
API management is a relatively recent IT concern and follows on the heels of IT's rapidly growing dependence on mobile applications as the means for customers to shop for or access a company's goods and services. An API makes available company data or services in the form of software responses to queries. But the access must be granted only to recognized applications and controlled so that queries don't end up trespassing on company data that wasn't meant to be disclosed to the public.
Amazon.com in 2002 decided each of its infrastructure services should be accessed internally through an API, a reorganization of software assets that made them much more accessible to the company's programmers. Amazon Web Services and Amazon dominance of the public cloud soon followed.
But Forrester analysts Randy Heffner, Christopher Mines, and Eric Wheeler say the nature of APIs can vary widely, so they used 40 different criteria in assessing the management services among the leading companies. APIs aimed at granting both speed and ease of access tend to be built using RESTful (Representational State Transfer) principles. Business-to-business APIs, say, between a manufacturer and its suppliers, would be built to offer delegated privileges using SOAP (Simple Object Access Protocol) support. Firms planning to use APIs as a revenue generator need a management system that includes built-in billing, they note.
In general, each vendor is supplying a web portal designed to provide API management, API security through an API authentication method, and the ability to transform various messages coming into the API portal so that the service may yield the right response.
CA's acquisition, Layer 7, was a pioneer in API management and thus gives CA "a head start," the analysts wrote. "CA's solution has among the best API security, message transformation, and integration features," they said. They praised the API gateway product's support for mobile applications as "among the best in our evaluation" and noted its analytics capabilities. Its pricing is in the mid-range of the products evaluated.
SOA Software was "consistently strong across all of our primary evaluation criteria." It stood out for its API lifecycle management features and its ability to federate support for multiple providers of APIs. That means SOA is able to assist in the design and creation of APIs with sound architecture and assist in maintaining them and their security. Some customers sought better documentation for the product.
Apigee doesn't have as many advanced features as CA or SOA, but it does have "full feature sets for three of the added value functions -- billing, hosting, and mobile apps." The analysts said it has "the most consistent across-the-board functionality" of the group. They labeled Apigee's analytics as especially strong and said the company also tries to make them easy to use. The result is the possibility of more intelligent API use and better API control. Some customers said Apigee upgrades to its products cause challenges.
IBM is on the third version of its API management product, API Management Admin and Developer Portal, which is different from its two predecessor versions. It uses a DataPower gateway for security and integration features; its SOAP API design and API plan configuration and portal features make it a solid business-to-business API management product. API hosting and billing are not built in. They can be added through other products, along with mobile management, according to the report.
Intel Services offers options in API deployment, and Forrester inspected its API management for software-as-a-service. Its portal includes a customer-managed gateway with strong security and integration features. It includes API plan configuration support and can be set to provide deep drilldown report analytics on API use. But Intel is still working on full integration of the former Mashery product line, the report noted.
WSO2 was the only open-source API management platform to be reviewed, and the platform includes options to extend its management features. For example, a WSO2 user can add complex event processing, security integration, or business process management to the task of API management. It also has "among the best features for API design and creation, as well as strong transformation and integration," while remaining among the lowest-cost products, the report said. Some customers sought stronger API product manager features.
MuleSoft's API management is meant to connect with its CloudHub integration platform as a service and its Mule enterprise service bus products. The result is "strengths in API design and integration," said the report. It offers an advanced testing or a "try it" feature that allows an API administrator to create a sequence of API calls, including calls to multiple providers, to see if they work. One failed call in a sequence will freeze an application's ability to respond, but long sequences of calls are a known source of API failures. The feature aids collaborative API building, the report noted.
Just when conventional wisdom had converged around the cloud being a software story, there are signs that the server market is poised for an upset, too. Get the 2014 State of Server Technology report today. (Free registration required.)
Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.