API Management provides a cloud gateway and other services to monitor, control, and maintain APIs. AI-driven agents and chat services have created new patterns for APIs to interconnect with one another, and API Management has evolved to manage these as well.
Roadmap: API Management.
Business Purpose
Customers use APIs to integrate applications internally, or with applications of customers and business partners. For example, a retailer might implement central product catalog and order APIs used by applications in both e-commerce sites and physical stores. The advent of Web APIs (also called REST APIs), which use standard Web protocols and infrastructure, has accelerated development and make Web APIs a top technology for integrating applications.
With API Management, architects can enforce organization-wide standards for APIs to promote security, reliability, and performance. API Management can handle authentication, logging, bandwidth throttling, and other generic tasks. enabling API developers to focus more on application logic and less on infrastructure. Microsoft manages the API Management software and hardware for the cloud service. which reduces the initial cost of entry for the customer.
Microsoft Alternatives and Competitor Products
Microsoft has no direct internal competitor to API Management. Some Azure Web infrastructure services (such as Azure Front Door) can perform some of its functions.
Commercial API management products are available from other cloud vendors (Amazon, Google, Salesforce), and from firms focused on API and related infrastructure, including Boomi, Gravitee, and Kong.
Service Description
Gateway. API Management’s central component is the gateway. Gateways inspect and act on traffic between client applications and APIs to do any of the following:
- Authenticate clients
- Authorize requests
- Enforce paywalls for subscription services
- Translate requests among API versions or protocols
- Throttle traffic to enforce limits on throughput
- Route traffic among API host servers to balance load or for other reasons
- Log events.
API Management gateways work with multiple API formats and protocols including Web APIs, Model Context Protocol (MCP), Agent2Agent (A2A), GraphQL, and gRPC.
One task API Management’s gateway does not do is scan for malware and other common Web security threats. For malware protection, customers must add Microsoft Defender for APIs, or a comparable Web security product from another vendor.
Other components include the following:
API Center is a central registry of APIs, versions, and deployments in an organization. It can provide developers, architects, and networking experts a single reference to all of an organization’s APIs and where they are used. Search, database customization, and other tools help locate APIs for a specific purpose, and API Center can update information about an API version from assets in the API’s Git source code. It is bundled with some API Management plans but can also be bought stand-alone.
The developer portal is a predecessor of API Center that delivers documentation and other support for teams writing client applications that use a customer’s API. The developer portal remains useful for customers who don’t get API Center.
A monitoring and management interface enables administrators to define policy enforced by gateways, and review performance and reliability.
Deployment Options
API Management is primarily a cloud service, but customers can buy API Management gateway software to deploy on-premises or in other cloud services (such as Amazon Web Services). Customers who deploy the software can get better security and performance by keeping their gateways close to where APIs are running, but the customers must manage the OS and other platform components running the software. The software runs in Kubernetes and Docker environments.
A feature called Workspaces enables IT architects to carve a single API Management service instance into multiple subunits, each with its own workspace-level APIs, gateways, policies, and administrators. Microsoft’s intent is to enable what it calls federated management, in which IT architects in a large organization centrally establish baseline standards for APIs but delegate API development and management to IT groups of specific regions or business units.
Support Life Cycle
Microsoft services and supports Azure API Management like other Azure integration services such as Logic Apps. Customers should receive 30 days’ notice of breaking changes and three years’ notice before Microsoft drops support for the service.
API Management changes come several times a year. Customers have several ways to get advance notice and minimize impact of changes:
- Monitor the service’s “Upcoming breaking changes” page
- Set up test instances of the service and configure them for early updates
- Define update windows to keep changes from arriving at peak times.
Availability guarantees range from 99.5% to 99.9% depending on the service tier licensed. (The Developer nonproduction tier offers no guarantee.)