API Management delivers a cloud gateway and other services to secure and manage a customer’s APIs, and help client developers use the APIs. The service enables an organization to monitor APIs and enforce policies to promote security, reliability, and regulatory compliance, without building and maintaining its own infrastructure for the task.
Roadmap: API Management Roadmap.
Service Overview
API Management provides a cloud gateway and other services to monitor and enforce policy for APIs. Organizations commonly use APIs to integrate systems internally, or with customers and partners. For example, a retailer might provide a shared set of transaction APIs to its online and physical stores, and a manufacturer might provide an API for suppliers to check inventory levels and replenish parts.
API Management’s central components include the following:
Gateways inspect and act on traffic between client applications and APIs. They can authenticate clients, authorize requests, balance load, log activity, and do other security and management tasks. API Management gateways work with multiple API formats and protocols including REST, GraphQL, and gRPC.
The developer portal delivers documentation and other support for teams writing client applications that use a customer’s API.
A monitoring and management interface enables administrators to define policy and review performance and reliability.
API Management helps the customer’s IT architects implement organization-wide standards for APIs to promote security, reliability, and performance. It also can simplify API development by handling generic tasks, enabling developers to focus on code specific to their APIs. Microsoft hosts and manages the platform software and hardware for API Management, which reduces the initial cost of entry for the customer.
Azure API Management competes with Google’s Apigee, Salesforce’s MuleSoft, and others in the API management market. Microsoft’s similarly named API Center overlaps API Management but focuses on design-time developer tasks (such as discovering APIs or registering new ones) rather than managing APIs in operation.
Servicing and Support
Microsoft services and supports Azure API Management like other Azure integration services such as Logic Apps. Customers should receive 30 days’ notice of breaking changes and three years’ notice before Microsoft drops support for the service.
API Management changes come frequently, including breaking changes. Customers have several ways to get advance notice and minimize impact of changes :
- Monitor the service’s “Upcoming breaking changes” page
- Set up test instances of the service and configure them for early updates
- Define update windows to keep changes from arriving at peak times.
Availability guarantees range from 99.5% to 99.9% depending of the service tier licensed. (The Developer non-production tier offers no guarantee.)
Deployment and Management
API Management is primarily a cloud service, but customers can also buy API Management gateway software to deploy in Kubernetes and Docker environments on-premises or in other cloud services (such as Amazon Web Services). Customers who deploy the software can get better security and performance by keeping their gateways close to where APIs are running, but the customers must manage the OS and other platform components running the software.
A feature called Workspaces enables IT architects to carve a single API Management service instance into multiple subunits, each with its own workspace-level APIs, gateways, policies, and administrators. Microsoft’s intent is to enable what it calls federated management, in which IT architects in a large organization centrally establish baseline standards for APIs but delegate API development and management to IT groups of specific regions or business units.
Licensing
The API Management cloud service charges hourly for provisioned capacity, excepting one consumption pricing option (explained below). It offers multiple tiers of service that differ in price, performance, and management capabilities. In some cases, an organization will have to license a higher-performing tier of service than it needs to get a particular capability.
Production use of the gateway software brings additional per-gateway charges.
Cloud Service
The API Management cloud service is available on two service platforms, Classic and v2, each with several tiers of service. Maximum capacity and features differ between tiers, and between service platforms for the same tier. Capacity is measured in abstract “units” that determine the maximum throughput of API requests, the response cache size (which can affect performance), and other performance characteristics.
Some management capabilities that differ between tiers and platforms include the following:
- Deployment in multiple regions or Azure Availability Zones to comply with data residence rules or improve availability
- Private networks to keep service traffic off the Internet
- The Workspaces feature for federated management
- Service-level availability guarantees.
Pricing for most tiers is per provisioned hour. The exception is the Classic Consumption tier, which is free for the first million calls and charged above that limit, making this tier an interesting option for small, internal systems, or systems used for development and test.
Self-Hosted Gateway
The self-hosted gateway software is offered only to customers of the Classic Developer, Classic Premium, and CIassic Isolated tiers. It is free for Developer, but it adds a per-gateway, per-month charge for Classic Premium customers. Classic Isolated pricing is not published.