I’ve previously written about how modern application architectures are shifting toward compositional, service-oriented architectures — “for real” this time. RESTful services using XML or JSON payloads proliferate because they’re easy for developers of omnichannel clients to use on virtually any device they need to support. It doesn’t matter if they’re building native apps in Objective C or hybrid apps with Cordova — if they can get an open web API call, it’s good enough to move forward.

This shift to web APIs and modern applications means that companies have to shift their API management strategy as well. They need to 1) create the web APIs and 2) create a life cycle to manage them. It’s this life-cycle element that’s conceptually distinct from traditional SOA governance solutions. For one thing, the services live on the open bus of the Internet and carrier networks. Another difference is that web APIs are increasingly made availabe to third-party developers. They may be part of a newly formed developer community, or they may support the growing number of digital agencies and mobile specialist firms that your company uses to supplement development projects. Security and access models are different (e.g., OAuth 2), provisioning access to APIs needs to support light-touch approval workflows, sandboxes where developers can test their calls are important, and analytics that detail call volume and how developers are using APIs are must-have capabilities. Above all, a developer portal that provides good documentation, example code, and quick time-to-value are important if you want to attract and keep developers.

It’s in this spirit that we’ve released an emerging market Wave™ on API management platforms  to Forrester clients. We looked at seven platform vendors across 15 different categories, including: developer experience, access management, deployment models, self-service configuration, support for publication of internal and external APIs, integration capabilities, analytics, and monitoring and billing capabilities. We found that there is a range of products out there; some are very well-established, and others are new but are rapidly developing into effective offerings as large ISVs throw their R&D weight behind them in this emerging space.

Forrester clients will find the Wave a useful tool as they match their specific needs to the solutions in this space, as there are a range of solutions availabe to suit different needs. For those who don’t have access to the research, I’d suggest you consider a few key questions as you do your own due diligence:

  • Do you already have a web API ready to go, or do you need help creating one? Some the API management solutions we reviewed already assume you have a RESTful API defined and ready to wrap and manage. If that’s the case, you can get by with a lighter-weight (and less expensive) solution. On the other hand, if you need to convert your SOAP APIs into REST, link into an ESB, or link into enterprise systems for the first time, you’ll want to look at solutions that provide support not just for management, but also for API creation. While web API creation can be separated from API management, we find that many projects tackle both at the same time and therefore find these capabilities to be an important part of their product evaluations.
  • What traffic will you route through your API management product? Some API management poducts take a proxy-based approach, where all API traffic is routed through the service, either on-premises or in the company’s cloud. If you’re using a consumption model, this can affect what you pay. Others only route key provisioning and authorization requests through their services while the actual production load is handled by their own infrastructure — but this means that they need to have (and manage) more of their own infrastructure.
  • What’s your cost profile? Although our Wave evaluation does not rate solutions on their cost, we did find a range of entry points, ranging from pay-as-you-go consumption models to hardware appliances to virtual appliances that you can deploy on public cloud infrastructure like Amazon Web Services. Capital costs with these solution  range from zero for open source products to $100,000 and more when dedicated hardware is involved. 

The vendors we reviewed in this Wave included 3Scale, IBM, Intel, Layer 7, Mashery, Vordel, and WSO2. We thank them for the time and effort on behalf of our clients, including participation in multiple-hour Wave labs as we put their products through their paces.

One last thing: In keeping with the importance of access management and security in this space, I had a wonderful coauthor in Eve Maler (follow @xmlgrrl if you don’t already). If you have questions about how identity is evolving with the open web, drop her a tweet — she’s just about gotten this old client/server dev up to speed.