Securely expose protected resources as ap is with app42 api gateway
- 1. Securely Expose Protected Resources as APIs with App42 API Gateway ShepHertz has been helping enterprises and developers in digitization for the last 7 years and is today processing ~90+ Billion API calls made by thousands of customers spread across 150 countries. It has been quite a journey for us during which we experimented at multiple levels— the underlying technology to be used, security, documentation, pricing, identity management and especially non-functional requirements i.e. performance, high availability & scalability. Last year one of our partners suggested that we should carve out a gateway which sits in front of our App42 API platform as a separate project and we offer it as a separate product. We ourselves always wanted to do so, but because of bandwidth issues, it always stayed on our wish list. Post this discussion we decided to productize our Gateway solution which was tightly integrated with our platform as a separate component. While we had created our first Beta version we already could see a lot of interest from our Enterprise customers. The incumbent solutions in the market were very few and lacked the flexibility & agility that is required to succeed in the API Economy and some of them were prohibitively expensive and unnecessarily complicated. In parallel how new age Apps/Products that were getting developed—the landscape, environment & consumer expectations changed remarkably in the last few years. In today’s day & age, apps are not built in isolation—they either need to integrate with other apps or expose their data/services as APIs for other apps to integrate. In the Enterprise space, they are now being built or already have internal, partner apps as well as customer facing apps. Some of them also want to create a developer community around their app & data, which other partner apps can leverage to realize higher level use cases like a taxi marketplace app opening up their APIs or building an app
- 2. that is built using a mash up of different APIs such as a weekend getaway app integrating travel ticket & hotel booking APIs, Social APIs, Geo-Spatial and Map APIs, deal & offer APIs, etc. Furthermore, with multiple IoT devices coming up in the market, these connected devices had to be exposed as APIs for building other apps or for talking with each other. Opening up these APIs also puts them at risk of exposing their APIs to potential threats of security, denial of service attacks etc. A new term API Economy got coined and making money using your historical data by exposing them as APIs and charging them was fast becoming an option which companies did not want to ignore. There were startups mushrooming all over the world that were launching services as only APIs, in fact, the .io domain became popular for these API companies. Government organizations and various other institutions also started to open up their data as APIs. This development in the market coupled with direct requests that came to us through our multiple interactions with our customers and partners were some of the main driving forces behind the launch of this product. Our vision was to leverage all the learnings that we had as an API provider and come up with a platform that was easy to set up and would configure, build and monitor APIs with minimum time to market and yet sufficed the requirements from simple to complex use cases. We wanted to offer all the features that helped us in our offering of 800+ APIs, 18 SDKs, and 25+ modules. Before we could complete the final release, we already had multiple customers on board that deployed our product in a dedicated cloud setup/On-Premise model. Requirements started to pour in from our existing customer base including primarily indie developers & App Studios that wanted to have the same capability, but at a much lower price as a multi-tenant solution on the public cloud. Let us mention our comprehensive API Management product App42 API Gateway. It is a comprehensive & battle-tested solution that enables companies of all sizes and even individuals to launch APIs in minutes and even expose their protected resources as APIs. Customers can now create APIs for: Standardizing their internal APIs for their Omni-Channel Apps Exposing them to partners for collaboration of data and services Creating & managing a developer community Exposing unstructured data or devices e.g. IoT as APIs Getting generated documentation, SDKs & test APIs Above all, customers can also apply different policies i.e. Traffic, Security, Rules, Metering & Charging on the fly over existing internal APIs or the new ones that are created, manage them and monitor their performance & usage. What does App42 API Gateway do? Securely exposes legacy systems and other protected resources Authenticates and authorizes the protected resources before exposing them as APIs Gives in-depth analytics of what all is happening with your APIs
- 3. Limits burst and rate at which your clients can access APIs to prevent the backend from becoming overloaded Enables caching to limit requests that are being directed toward APIs to make the backend more resilient Takes care of generation of SDKs automatically according to your needs Facilitates work process by extending APIs without having you to customize them with inbuilt pre & post processing rules Empowers you to create identities that can access your APIs in whichever way you want them to Allows you to control who can access your API and who cannot by blacklisting and whitelisting IPs Also Read: The Importance of Traffic Management in Your API Strategy Features overview 1. Build, Deploy, and Manage APIs With App42 API Gateway, custom APIs can be created quickly and easily from any backend along with connecting to multiple data sources such as SOAP, JMS or code your own on the fly. Using the
- 4. App42 API Gateway console—GatewayHQ—you can define your API and its associated resources and methods, manage your API lifecycle, generate your client SDKs as well as view API metrics. 2. Resiliency Control and Governance App42 API Gateway helps manage traffic to the end servers by allowing you to create traffic policies, based on the number of requests per second for each HTTP method in your APIs. Along with this you can also blacklist and whitelist IPs and create IP pools to restrict access from the undesirable audience. You can also set up a cache and time-to-live (in seconds) for your API data to avoid hitting your end services for each request. App42 API Gateway handles any level of traffic received by an API, so you are free to focus on your business logic and services rather than maintaining infrastructure. 3. API Lifecycle Management App42 API Gateway provides versioning of APIs. Version management allows you to easily test new API versions that enhance or add new functionality to previous API releases and ensures backward compatibility as your user communities transition to adopt the latest release. With this, you can manage API lifecycle from creation to end-of-life. You can create your policies to be applied on each API and an interactive API Testing tool. 4. IAM (Identity Access Management) Support IAM support enables you to securely control access to API resources for your users by providing support to attach APIs to IAMs. 5. SDK Generation App42 API Gateway can generate client SDKs for various platforms that you can use to quickly test new APIs from your applications and distribute SDKs to third-party developers. The generated SDKs handle API keys and signatures. 6. API Operations Monitoring Once an API is deployed and in use, App42 API Gateway provides an interactive dashboard for monitoring the analytics of the API calls. The analytics include total requests, total revenue, average response time, no of responses, no of failed calls and etc. 7. Authentication and Authorization To authorize and verify requests to APIs, App42 API Gateway can help leverage signature validation on various parameters. You can also use Identity and Access Management (IAM) and access policies to authorize access to your APIs. Along with this, you can also attach Key based as well as OAuth based authentication policies. 8. Rules Creation & Management of APIs You can create your own custom Pre and Post rules and attach your APIs with them. Using these rules you can change headers, parameters, body and etc. on the fly for each API call. 9. IAM ID and Secret Keys for Third Party Developers App42 API Gateway helps distribute your SDKs to third party developers as well. You can create API keys on App42 API Gateway, set access permissions on each key and distribute them to third party developers to access your APIs. The use of API keys and OAuth access token is completely optional and based on the usage the need can be enabled.
- 5. 10. Scalable and High Availability Multiple instances of App42 API Gateway can be deployed to achieve high availability and scalability. With this App42 API Gateway can be deployed on-premise as well as it can be used as a managed service from App42. It supports all the deployment models, i.e., Public (Multitenant), Dedicated, Hybrid and On-Premise. Also Read: How APIs & API Management are Changing the Banking Industry We will be continuously adding more features in the coming weeks and further enhance our solution to add more value to Indie developers, AppStudios & Enterprises. We encourage you to try this product out. Create an account for a free trial today. Should you need to reach out to us with any general queries, you may do so on our Forum and for any specific query, suggestion or issue feel free to reach out to us at [email protected]. You may also request a demo by clicking here and our API Management expert will get in touch to give you a concise walkthrough of our GatewayHQ—the App42 API Gateway Management Console.