1.1 How Secure API Manager Solves API Management Issues

As you add APIs to your IT infrastructure, you might run into several management issues as depicted in the following graphic.

Figure 1-1 Issues Managing APIs

  • No single API repository: Not having a single API repository can cause duplicate work, can cause APIs to be lost if a hard drive fails, or can take a lot of time for each person who wants to use an API having to find the API.

  • No life cycle management: Not having a life cycle management system for the APIs can result in APIs with security issues being used. It can cause a lot of confusion if there are multiple administrators and they do not know which APIs to use.

  • Anonymous access: If you do not have a system to manage your APIs, you do not have a way to show who had access to which API for auditing purposes. As security breaches continue, it is important to ensure that access to create and modify the APIs is controlled and that there can be an audit trail of who created or modified the APIs.

  • No security: If you do not have an API management system, you do not have a way to provide an audit trail for who accessed which API. It also means that you must manually add any authorization information in the Header of each API. This takes a lot of time and the authorization information might not meet your organization’s security policies.

  • No throttling: Throttling provides the ability to control the throughput to the API. If you cannot limit the throughput to the API, it can cause performance issues with the system that is hosting the API.

NetIQ solves these issues by providing a system that allows you to manage, create, and control the APIs used in your environment through Secure API Manager. The following graphic depicts the management solutions that Secure API Manager provides.

Figure 1-2 Secure API Manager API Management Solutions

  • Single API repository: Secure API Manager provides a single repository, with fault tolerance, where you can store your APIs securely. You do not have to worry about hard drive failures on your laptop. It also allows you to have internal and external people access and use the APIs without emailing a copy of the API to them.

  • Life cycle management: Secure API Manager automatically versions the APIs and allows you to deprecate the APIs that are no longer in use. By deprecating the APIs, you can keep a historical record of how the APIs have evolved and changed.

  • Authenticated access: Secure API Manager uses the roles and scopes to control who has access to the APIs. When you create an API group, you assign the Access Manager roles and scopes to any APIs that you subscribe to in this group. This provides authenticated access to the APIs and controls who can consume the APIs.

  • Secure authorizations: Secure API Manager secures authorizations to the APIs through Access Manager OAuth clients and through built-in denial-of-service attack protection.

  • Throttling policies: Secure API Manager provides subscription tiers that you select when you create an API. The subscription tiers limit the number of authorizations to the API.