1 Introduction
From what used to be a purely technical concept created to make developers’ lives easier, Application Programming Interfaces (APIs) have evolved into one of the foundations of modern digital business. Today, APIs can be found everywhere – at homes and in mobile devices, in corporate networks and in the cloud, even in industrial environments, to say nothing about the Internet of Things. APIs allow developers to create applications faster by enabling support for modern architectures like microservices. They ensure that applications from different vendors can exchange data seamlessly, orchestrate massive cloud infrastructures and global networks of smart devices. They enable business communications with suppliers, service providers, and customers. APIs can also unlock numerous new business models for companies to offer their core services in innovative ways, to reach new customer bases or to streamline sales and services across multiple channels.
Rapidly growing demand for exposing and consuming APIs, which enables organizations to create new business models and connect with partners and customers, has tipped the industry towards adopting lightweight RESTful APIs, which are commonly used today. The rapid adoption of REST APIs also coincided with the exponential growth of cloud computing and mobile device proliferation, where they were the perfect medium to enable integrations between these heterogeneous systems and facilitate data exchange on a massive scale.
Unfortunately, many organizations tend to underestimate potential security challenges of opening up their APIs without a security strategy and infrastructure in place. Emerging technologies like the Internet of Things or microservices, which rely significantly on API ecosystems, are bringing new security challenges with them. Creating a well-planned strategy and reliable infrastructure to expose their business functionality to be consumed by partners, customers, and developers is a significant challenge that has to be addressed not just at the gateway level, but along the whole information chain from backend systems to endpoint applications.
All these challenges indicate a need for a unified platform that covers the whole API lifecycle, starting with designing a new API long before any code is written, supporting developers throughout the creation stage, ensuring reliable and secure daily operations for API deployment and consumption and, last but not least, providing comprehensive analytics for future improvements of the API.
Apigee is a solution offered by Google Cloud, headquartered in Mountain View, CA. Apigee provides API management and predictive analytics solutions. One of the pioneering players in the API management market, Apigee Corp. was established in 2004 and entered the API management market in 2010. In 2015, Apigee became one of the founding members of the OpenAPI initiative. In late 2016, the company was acquired by Google. Apigee’s flagship product is Apigee Edge – a cloud-based platform for designing, managing and analyzing APIs. It comprises a set of API Services for managing, securing and extending APIs with additional backend functionality; Analytics Services for collecting, analyzing and reporting on various technical, operational and billing statistics; and Developer Services for building a community around APIs. After the company was acquired by Google, it offers its services as a part of Google Cloud Platform but continues to provide an on-premises offering as well.