IBM API Management

IBM API Management

Developer(s)	IBM
Initial release	2.0 [1] 12 July 2013; 11 years ago (2013-07-12)
Stable release	4.0.2 [2] 22 July 2015; 9 years ago (2015-07-22) / 22 July 2015; 9 years ago (2015-07-22)
Written in	Java
Operating system	Virtual Appliance
Available in	English, French, German,Brazilian-Portuguese, Czech, Hungarian, Italian, Japanese, Korean, Polish, Russian, Spanish, Simplified Chinese, Traditional Chinese [3]
Type	Virtual Appliance
License	Commercial
Website	http://www-03.ibm.com/software/products/en/api-management

IBM API Management^[4] (IBM APIM) is an API Management platform for use in the API Economy.

It runs as an appliance on Virtual Machines and uses IBM DataPower Gateways as a gateway.

It provides a developer portal to attract and engage application developers and foster use of published APIs. An administration portal allows you to establish policies for API attributes such as self-registration, quotas, key management and security policies. An analytics engine provides role-based insight for API owners, solution administrators and application developers in order to manage your APIs and ensure your service levels are being achieved.

Swagger and WSDL documents can be loaded and parsed into APIs. APIs can be created by describing the input and output in the API Manager User Interface by configuration. APIs can then be decorated with additional data in the form of tags, binary documentation and URLs. APIs can proxy an existing API or use an assembly where a flow is created. In such an assembly flow it is possible to call out to other services, transform response data, redact information and map response data from external APIs to the response of the API.

Plans can be created which specify rate limits, whether sign ups need to be approved, and a collection of APIs to offer to developers. Plans can be published to a specific environment.

An environment consists of a developer portal and API gateway. Plans published to an environment can be visible in the developer portal, enabling developers to sign up to plans and use the APIs contain within. API business owners can customize their developer portal with their branding to advertise, market, socialize and sell APIs. Plans published to an environment can be invoked on the API gateway, delegating to the API gateway responsibility for rate limits, rejecting unknown users and scalability. The API Gateway is the IBM DataPower Gateway device.

The API gateway collects invocation metrics which are available for analysis in the developer portal and API Manager user interfaces. Example metrics collected are API usage, success and failures.

The product has REST based APIs for accessing and manipulating users, developer organizations, apps, subscriptions. The product has REST based APIs for accessing information about plans, APIs and analytics.

The Advanced Developer Portal can be extended with custom content and themes.

This release added enhanced support for Swagger 2.0:

• Add external documentation to an API
• Deprecate a REST API operation
• Specify the protocol schemes an API supports
• Add Swagger extensions to an API

Additional enhancements:

• Specify the OPTIONS HTTP method.
• Enable cross-origin resource sharing (CORS) support for an API.
• Supports DataPower 7.2.
• The Topology Administrator can manage the IBM API Management infrastructure but cannot invite or administer users.
• When you define an API, you can specify whether the API will be enforced by the IBM API Management gateway or by a third party gateway.
• The configuration of API security has been revised in line the Swagger 2.0 security model. You configure security by creating security schemes that you apply to your API and its operations.
• You can revoke all OAuth tokens, or tokens for a particular user, that were issued before a specific date.
• You can choose to have the case of user names ignored during authentication.
• API analytics data is now displayed in the Advanced Developer Portal user interface.
• When defining a user registry for authenticating access to the Cloud Management Console user interface, LDAP and Authentication URL are now supported.
• You can create your own gateway policies, make them available to an environment, and apply them to REST or SOAP APIs.

You can define a configuration database failover timeout to specify how many seconds a secondary management server should wait before taking over as the primary when the primary server cannot be reached.

• You can add additional information to describe an API; for example, contact and license details. If you download the Swagger file for the API, the additional information is written to the info field.
• You can add tags to your APIs and API operations for ease of grouping by application developers. These tags are labels that can be used by application developers to organize and search for APIs in the Developer Portal. If you download the Swagger file for the API, the additional tag details are written to the tags field.

• You can update the configuration of revision of REST API by uploading a Swagger definition file. For more information, see Updating a REST API from a Swagger definition file.

A user who is assigned the System user role can access all system APIs and can log into the Cloud Management Console, but cannot access the API Manager or Developer Portal user interfaces.

You can create a cluster of Advanced Developer Portal appliances for high availability. For more information, see High availability in the Advanced Developer Portal.

You can use SSL Mutual Authentication to secure the connection between an API client and the API Management gateway that manages the API.

When defining the HTTP method type for an API operation, you can now, in addition to the GET, PUT, POST, and DELETE methods, specify the PATCH and HEAD method types.

The URL path that you specify when composing an API is no longer required to be unique. Furthermore. the full URL path for the operation, which is formed from the base path of the containing API followed by the operation path, does not have to be unique. However, if it is not unique then you must specify that an application is required to identify itself with a client ID when calling the operation.

If you are using the Advanced Developer Portal, you can add further client ID/client secret pairs to an application in addition to the pair that is provided by default when you create the application.

IBM API Management Version 4.0.1 introduced the following terminology changes:

• Previous term -> New term
• Plan version -> Plan revision
• API version -> API revision
• API resource -> API operation
• API tag -> API category

• Swagger based API creation: Allows APIs to be imported from Swagger, deployed, and invoked without requiring any manual configuration steps in the API.
• Co-Publish: Co-publish and supersede plans, and manage plan subscription migrations.
• Promotion Approval: Environment based configuration for approving plan lifecycle changes.
• Enforced: Option to just publish APIs and not gateway enforce them.
• Policy for SOAP: Ability to add and modify policies for SOAP Services.
• Discover: Manage REST & SOAP services from System z and custom registries.

• Error handling: Ability to map SOAP faults returned from a Web Service Invoke call into a Response.

• Analytics API: Ability to extract analytics data with a REST API to integrate with billing, monetization or business analytics systems.

• Mutual Authentication: Out of the box support for custom certificates for back-end endpoints, LDAP, and SMTP servers.

• Multi-factor authentication: Enabled in the developer portal.
• Search: Out of the box support for search and developer management.
• Categorization: Flexible multi-level classification of Plans and APIs.
• CAPTCHA: Support to prevent automated programs from accessing the portal to enroll users.
• Password Lockout

• Cnet
• SAP
• zdnet
• ebizq

• WSRR v8.5 infocenter
• WSRR Support Portal
• WSRR Information Portal

Category:IBM WebSphere