About the Layer7 API Management Solution

This topic describes the Layer7 API Management ecosystem and provides a high-level introduction to its related products and components.

Engaging your Developer Community

For your enterprise API strategy to succeed, you need partner developers to integrate your APIs into their own applications and solutions. When you are publishing your APIs, you need to engage your partner developers and emphasize how easy your APIs are to use and clearly communicate the problem your API product is solving. The API Developer Portal serves this purpose, providing a customizable interface, through which developers access your APIs as well as API documentation, and other useful content to engage your end users. As an API product manager or administrator, the API Developer Portal lets you

Managing Your APIs

After your APIs go live, you’re opening your doors to your customers and prospective customers seeking to benefit from what your APIs have to offer. An open door carries significant risk to the security of your organization’s resources and sensitive information. APIM allows you to control how often that door opens, for how long, and for whom.
The API Portal lets API product managers or administrators maintain control over how your APIs are being consumed by:

Securing your APIs

The API Gateway lets API policy authors and administrators maintain control over how your APIs are consumed and by whom at run time by

Optimizing Design Time and Run Time with APIM

We just discussed the important and unique roles of both the API Gateway and Developer portal in supporting your API strategy. While you may run the API Gateway and API Developer Portal independently, they are best run together as a total API Management solution. Full customer engagement of your APIs is difficult to achieve without fully securing your APIs and back-end services.
Together, the Gateway and the Developer Portal can readily perform the required tasks and produce the key deliverables in both the design and run times of your API deployment strategy.
Design Time
Run Time
  • Dependent on human interaction with the portal application
  • Engage/persuade third-party application developers to use your APIs
  • Provide tools and aids  to increase adoption of your APIs such as swagger, documentation, etc.
  • Develop policies to protect APIs and resources at run time (see next column)
  • Drives and governs inter-application interaction
  • Transform, compose, route, and control traffic for API data and services via policies
  • Offer security protocols or capabilities such as
    • Auth, DLP
    • Attack prevention measures
    • SSO/OAuth/Open
    • ID Connect
Learn how to enrol the Gateway to the Developer Portal as a proxy here.
The following sections describe how to optimize the cohesion between the two solutions in ways that allow your organization to keep up and stay ahead of the curve in its delivery of API products to your customers.
Ensuring Scalability and Evolvability
So you’ve firmly established your organization’s API program and product strategy and the security protocols to protect the digital services you’ve built and designed to serve your select end users. Assume that your business expands its reach, and customer demand for your APIs grow - how do you ensure that your API program responds to that demand quickly and reliably?
The architecture behind the design and delivery of your APIs should anticipate future changes to your business and be able to impose appropriate constraints on how your APIs are to be used. Such changes may require you to horizontally scale your Gateways or Developer Portals, OR evolve by quickly creating new web services, or rapidly deploy a new set of policies to respond to an emerging external threat.
Run-Time Location of your APIM Solution: The Case for Hybrid Deployments
In order to optimize scalability, Layer7 recommends that you run as much of your API infrastructure and management tools as possible in the cloud. This assumes that your organization may be required to keep any sensitive or proprietary data in on-premise database solutions (this is typically the case for finance/banking organizations and government institutions). Possible combinations of APIM run-time locations include:
A hybrid deployment strategy offers clear separation between your design time from run time APIM activities while allowing coordination between APIM-as-a-service and API infrastructure (cloud platforms, Helm Chart deployments, CI/CD, etc.).
This separation also allows you to optimize the use of your run-time system resources. Note that the browser-based Developer Portal (design time) is much more immune to latency or transaction-volume issues (i.e., mouse clicks and human interaction), whereas the performance of the Gateway is much more sensitive to upswings in latency and high volume transactions between the client and the protected backend services. Uptime, high availability and Disaster Recovery is also critical to the run-time phase of APIM deployment.
In the bigger picture of your API program, a hybrid deployment strategy can result in faster time to market, better system performance, increased security, and lower operating costs.
Containerization for Cloud Deployments
Both the API Developer Portal and the API Gateway can be run in the container form factor, and readily deployed to Kubernetes in the cloud. This deployment strategy allows for greater scalability and higher availability.
Learn how to implement the Container Gateway in Kubernetes and the cloud with Layer7’s reference architecture.
Learn how to deploy API Developer Portal to Kubernetes and the cloud here
Applying DevOps Practices to the API Policy Lifecycle
With your APIM solutions deployed in Kubernetes through the cloud, you have the infrastructure needed to scale and evolve. However, you’ll still need a mechanism in place to increase the frequency and quality of your Gateway deployments. Policy authors can rapidly make changes to existing policies and web services or create new ones (performed at ‘design time’) and quickly deliver those changes to running Container Gateways (performed at ‘run time’) via a blue-green or rolling update strategy. One of Layer7’s in-house tools to make this CI/CD pipeline possible is the Policy Plugin.
The Policy Plugin serves as a policy and artifact packager and allows design time outputs to quickly convert to run time operations of the API policy lifecycle. Policy authors can independently develop new policies or web services with the Policy Manager, create policy bundles with the plugin, and then port them over to a CI/CD pipeline and utilize an industry-standard automation DevOps toolchain to test and deploy to multiple environments with preset configurations via Kubernetes.
So how does the Developer Portal, a design-time component of APIM, fit in the delivery and execution of run-time policy? Recall that Gateways enrolled in a Developer Portal can act as proxies, governing client traffic for APIs published by the Portal in lockstep. That means that a Portal administrator, using the Developer Portal, can import Gateway bundles and deploy policies from those bundles to the target API Gateways.
Learn how you can deploy Gateway (policy) bundles with the Developer Portal here.

Evolve from Your API Data Insights

Evolution happens from obtaining data and turning that into actionable knowledge, which in turn positions your organization for growth and greater responsiveness to change.
From the API Portal's perspective, common performance questions include:
  • Which APIs have the most hits?
  • How API traffic is trending over a period of time?
  • What is the average API response time?
  • What is the error rate?
  • What is the average latency time?
  • What are the usage limits of my Account Plan?
The Portal can assist in providing you answers to those questions with its analytics reports. When reporting is enabled, you can monitor and visualize traffic, latency, error rate, and usage trends of APIs by navigating to the corresponding reports.
Similarly, the API Gateway also offers several reports that can answer service metrics-related questions such as:
  • How long does it take for the Gateway to receive a client request?
  • How long does it take for the Gateway to forward the request to the protected web service and then receive a response from that web service?
  • What is the breakdown of messages that failed to route, violated policy, and sent/received successfully?
  • What is the average number of work processes completed by the Gateway over a 60-second period?
System logs, run-time events, and other detailed operational information are also readily available to Gateway administrators.
Ideally, you'll want to adopt a cloud-based methodology to collect and process this Gateway data, as well as a cloud-native dashboard tool to analyze, query, and visualize the data - you can learn more about the available options and other aspects of a cloud-based Container Gateway solution here.

Learn More

The Layer7 API Gateway, API Developer Portal and other mentioned APIM products have their own respective Technical Documentation sites. Readers are encouraged to visit those sites to learn more about those products in greater detail: