Secure API Manager requires that you have Access Manager deployed and running. You can deploy both Access Manager and Secure API Manager in many different ways. The following graphic depicts a deployment of Secure API Manager with the minimum deployment of Access Manager. The graphic depicts Access Manager on-premises and behind a firewall for the internal network. You can deploy Access Manager in cloud environments as well.
Figure 2-1 Secure API Manager Deployment Scenario
In this deployment, you do not need the Access Gateway from Access Manager. The Identity Server authorizes the API calls. You must ensure that the API Gateway can communicate with the Identity Server. The API developers access and use the Publisher and the Store to create, use, and manage the APIs. The API developers, whether they are inside the firewall or not, must have access to the Publisher and the Store that run on the Administration Console server.
If you do have an Access Gateway, the API communication does not go through the Access Gateway. The API Gateway and the Access Gateway can run in parallel in the DMZ.