APIs are revolutionizing IT across industries by enabling enterprises to expose their backend applications, databases, and other information assets for reuse in new Web, mobile, and cloud apps. In this way, APIs help enterprises to quickly, easily, and economically create powerful applications that open new revenue streams and add value to existing offerings.
While conventional Web security proved unable to address the security requirements for APIs, many organizations had already deployed middleware gateways to secure IT assets exposed to partners and customers via service oriented architecture (SOA). Architecturally, these SOA gateways were ideally placed to centrally secure the flow of data to and from Web APIs.
APIs provide an inherent value to the application development process. Designing APIs that externalize enterprise data and services allows businesses and IT departments to decouple the development efforts for backend applications from client-side applications.
APIs and developers each follow a lifecycle with stages of maturity that require proper management. APIs need to be managed like products and developers need to be managed like customers. The right API management solution enables organizations to manage both lifecycles independently and successfully.
New mobile and cloud technologies are creating opportunities for lines of business to expose information assets to a broader audience via APIs in order to open new revenue streams and provide better user experiences. This open enterprise model ensures that partners, customers, employees, and developers can gain access to relevant data from whatever location, device, or application they require.
Identity management in the open enterprise requires an API management solution able to deal with every aspect of credential validation, authorization, mapping, and brokering. This solution must support the latest identity specifications, be flexible enough to deal with evolving implementations, integrate with standards-based and proprietary IAM systems, and provide functionality for managing developer and application access.