Jump to section

What is API management?

Copy URL

API management refers to the processes for distributing, controlling, and analyzing the application programming interfaces (APIs) that connect applications and data across the enterprise and across clouds. An API is how 2 apps share data in real time. This communication occurs via a set of tools, definitions, and protocols for integrating application software and services.

The goal of API management is to allow organizations that create APIs or use others’ APIs to monitor activity and ensure the needs of the developers and applications using the API are being met. API management tools enable organizations to share API configurations, control access, collect and analyze usage statistics, and enforce security policies across their network and API consumers.

Organizations are implementing strategies to manage their APIs so they can respond to rapid changes in customer demands. In most cases, these organizations adopt a microservices architecture in order to meet demands by speeding up software development.

HTTP-based APIs have become the preferred method for synchronous interaction among microservices architectures while REST APIs facilitate API keys, per-client throttling, request validation, and private API endpoints. These APIs are the glue that connects all of the microservices together. Managing these APIs allows an organization to make sure the APIs are used in compliance with corporate policies and allows governance by appropriate levels of security, as some services may require different security policies than others.

Set your API team up for success

API management is largely about centralizing control of your API program—including analytics, access control, monetization, and developer workflows. An API management solution, like Red Hat 3scale API Management, provides dependability, flexibility, quality, and speed. To achieve these goals, and ensure that both public and internal APIs are consumable and secure, an API management solution should provide access control, rate limits, and usage policies at the minimum. Most API management solutions generally also include the following capabilities:

  • A developer portal. A developer portal is a common best-practice for API management. Developer portals typically provide API documentation along with developer onboarding processes like signup and account administration.

  • An API gateway. The API gateway is the single point-of-entry for all clients. The gateway also determines how clients interact with APIs through the use of policies.

  • API lifecycle management. APIs should be manageable from design, through implementation, until retirement. Red Hat 3scale API Management is a leader in API lifecycle management.
  • Analytics. It’s important to know what’s going on with your APIs—which consumer or app is calling which API and how often. It’s also essential to know how many APIs have failed and why.

  • Support for API monetization. Monetize access to the microservices behind the APIs through usage contracts. API management allows you to define usage contracts based on metrics, like the number of API calls. Consumers can be segmented and differentiated access tiers, and service quality can be offered to different segments.

These capabilities are considered during the API’s design so that the API can use self-managed or cloud components to provide traffic control, security, and access policy enforcement. Well designed APIs can be shared, secured, distributed, controlled, and monetized on an infrastructure platform built for performance, customer control, and future growth.

Microservices and APIs are the foundation for rapidly developing innovative application components to meet new business needs—an approach known as cloud-native application development. This approach is not without its challenges, though.

The key technical challenge to forming microservices is breaking up larger systems into their smaller components. APIs allow these smaller components to connect with data sources and each other.

Another challenge presented by a microservices architecture is how to coordinate the many frequently changing microservices. Service discovery makes this easier. API management services provide the necessary discovery mechanisms to ensure that available microservices can be found and documentation on how to use them is shared through the developer portal.

Microservices require an integrated approach to security. Security mechanisms differ depending on the type of API: external-facing services require different security mechanisms than internal ones. For less mission-critical APIs, simple protection with API keys is usually sufficient. For external or critical APIs, a more secure approach, like OAuth, will be required.

API management platforms are made of several key components that provide end-to-end services to facilitate application integration, management, security, and monitoring of APIs.

An API gateway intercepts all incoming client requests and sends them through the API management system to connect to backend services.

A developer portal is a web-based dashboard that provides developers with self-service access to API documentation, code samples, software development kits (SDKs), and other resources for API developers.

Part of API management is providing an easy way to manage and monitor the entire API lifecycle. API lifecycle management tools include features for designing APIs using industry-standard specifications, versioning APIs, managing change control processes, and tracking API usage and performance over time.

API management platforms contain security and access control components to enforce authentication, authorization, and security policies to protect APIs and sensitive data from unauthorized access and abuse. They include features such as OAuth and OpenID for identity and access management.

A complete API management platform also includes analytics and monitoring tools to provide insights into API usage, performance, and behavior. These tools monitor API traffic volume, response times, error rates, and popular endpoints in real-time. They also provide historical data and trend analysis to identify performance bottlenecks, optimize API usage, and measure the impact of APIs on business objectives.

A successful API management solution should also allow for ecosystem expansion to integrate externally with other systems or partners or internally with systems in their organization’s network. 

Ask yourself these critical questions:

  1. How do we control access to our API?
  2. How do we capture metrics and handle alerts?
  3. How should spikes in usage be managed?
  4. Who is responsible for API uptime?
  5. How do we feel about undesired API usage?

Without measuring the effects of our efforts we have no way of evaluating our success. Analytics provides data about API activities but we still must provide a definition of success. When defining success in your organization consider these 5 key performance objectives for APIs:

  1. Dependability. Dependability is the availability of the API to developers. A useful metric for measuring dependability is downtime. Is the API always available for use? Another metric is quota which defines how many API calls can be made by a developer within a certain time frame. A quota protects an API from abuse and makes its management more predictable. Some API providers’ business models and price plans are based on quotas.
  2. Flexibility. Flexibility refers to the options developers have when adopting APIs. Greater flexibility in an API means greater effort (and cost) for the organization managing the API.
  3. Quality. Quality is the consistent conformance of the API’s behavior to developer’s expectations. It is a way of measuring developer’s satisfaction with the API.
  4. Speed. Speed can be measured by access latency and throughput. Speed can be influenced by techniques like throttling or caching.
  5. Cost. The goal of measuring cost is to provide developers with the best value for your money. All of the other 4 objectives contribute, in one way or another, to the cost objective.

Red Hat® OpenShift®, the industry's leading hybrid cloud application platform powered by Kubernetes, brings together tested and trusted services to reduce the friction of developing, modernizing, deploying, running, and managing applications. Whether deployed on premises, in a hybrid cloud, multicloud, or natively on popular cloud services, Red Hat OpenShift supports the most demanding workloads including AI/ML, edge, as well as the ability to automate deployment and life-cycle management with our vast ecosystem of technology partners.

Based on the open source Istio project, Red Hat® OpenShift® Service Mesh provides a uniform way to connect, manage, and observe microservices-based applications. It is designed to deliver a more efficient, end-to-end developer experience around microservices-based application architectures. This helps to free developer teams from the complex tasks of having to implement bespoke networking services for their applications and business logic.

Red Hat Application Foundations provides organizations with a comprehensive set of tools and technologies needed to build, deploy, and operate applications with security in mind and at scale across the hybrid cloud. With Red Hat Application Foundations, teams can share, secure, distribute, and control APIs across their entire lifecycle. Key capabilities include centralized management, access control, rate limiting, analytics, and usage reporting.

Keep reading


What is an API?

API stands for application programming interface—a set of definitions and protocols to build and integrate application software.


What does an API gateway do?

An API gateway is an application programming interface (API) management tool that sits between a client and a collection of backend services.


Why Red Hat for APIs?

Our API solutions focus on reusability, IT agility, and a management interface that helps you measure, monitor, and scale.

More about APIs


An infrastructure platform that lets you share, distribute, control, and monetize your application programming interfaces (APIs).



Open APIs in Financial Services for Dummies


Command Line Heroes Season 2, Episode 6:

"The data explosion"


The API owner's manual