API Lifecycle Management

The future of API management By Denis Jannot


Denis Jannot is the Director of Field Engineering at solo.io, based in Paris. In this article, he discusses the future of API Management.

Solo.io is a company based in Cambridge, in the US. They take the best of some popular opensource technologies Envoy, Istio, Kubernetes and create a software stack that people can consume, to expose and connect services and security in a modern way with everything as code.

In the past, people were looking for a solution that managed everything from designing your API, testing your API, exposing your API securely, cataloging your API in the portal, etc.

But now, they are looking at combining different tools, some opensource and some software provided by vendors to create their own API Management stack. This gives people a lot more freedom, because when they want to change just the API gateway, they can keep their existing developer portal or when they want to change the ways that develop, they don’t need to change their gateway.

The great unbundling

Instead of having a full lifecycle API Management stack, we separate that into multiple different areas. For the API gateway, there are a set of capabilities that people expect; having the ability to configure it as code; being able to authenticate the API call with API keys or Job tokens; being able to apply some rate limits; being able to expose not only Rest APIs, but also Graph QL API, etc.

If they have a developer portal and the customers are happy with it, they may not want to change the content itself, but may want to make changes to the backend or make changes to configure the API product in a more modern way, using the same approach as everything as code. Alternately, you may not have a developer portal and may want a solution that gives both, front-end and back-end. So, you want to have content that is flexible to allow maximum possible customization.

If you use a tool like Backstage, you can manage the entire API lifecycle in the tool. You may also want to catalog this API directly in backstage. So that’s where it’s important to have the ability to decouple this developer portal backend and frontend.

Everything as code

Today, if you want to put your application code, you put it to the GitHub repository for versioning. You will then follow an approval process to then submit the code to production. This is a standard pattern that is followed. We want to apply this pattern to everything. So, we want to have a pattern to authenticate the user with API Keys, we want to create rules and a policy. When exposing an application authentication or authorization must be implemented in the application itself. But it’s not ideal, because you want the developers to focus on implementing the business logic, not the security. That’s why the north-south traffic security responsibility was moved to an API gateway. You can use an API gateway, authenticate the API call and then send a request to the different services.

You have multiple micro-services; this requires multiple services to talk to each other. To secure this communication, you cannot have it as part of the code, because of the complexity involved and the lack of visibility. So, you can use a service mesh, like Istio for this. But Istio does not solve the challenge that is posed by north-south traffic because the Gateway that comes with Istio is a basic Ingress.

At solo.io, we have a group platform called Gloo Mesh Core, that is composed of multiple different layers that you can adopt in the way you want. Gloo automates the lifecycle of Istio across clusters and provides insights. These insights tell you if any configuration can be improved to manage traffic.

Gloo provides a simpler API with multi-tenancy built-in. It reduces security risks and management costs.

To conclude, you can use our API Gateway, integrate it with Backstage. You can use Gloo Mesh Core to have everything as code and monitor north-south and east-west traffic.

Denis Jannot
A highly motivated and passionate technologist, with a track record of applying a pragmatic approach to delivering the right technology for the customer whilst keeping an eye on growing the business. Excellent communication skills and strong cross-functional relationships. A keen desire to share knowledge and experience with others.

APIdays | Events | News | Intelligence

Attend APIdays conferences

The Worlds leading API Conferences:

Singapore, Zurich, Helsinki, Amsterdam, San Francisco, Sydney, Barcelona, London, Paris.

Get the API Landscape

The essential 1,000+ companies

Get the API Landscape
Industry Reports

Download our free reports

The State Of Api Documentation: 2017 Edition
  • State of API Documentation
  • The State of Banking APIs
  • GraphQL: all your queries answered
  • APIE Serverless Architecture