Enterprises normally have a technology estate that helps manage the different intra and interconnections – such as with vendors, clients, intranet systems, CRMs, retailers, payment systems and so on. But these different corporate tools may lack coherence and proper support.

This necessitates a strategy that will drive down dependencies on external software and establish APIs that can be moulded and customized to your business needs. When properly managed, your APIs allow for greater internal flexibility while establishing connectivity both internally (marketing, sales, customer service) and externally (apps, websites, platforms to offer the company's own APIs to third parties).

Such a strategy, among other things, requires a robust API gateway as a single point of entry for identity and access management, and throttling.

The need for an API Gateway

An API gateway provides a single, secure point of entry to access all your APIs. It offers a simple, consistent interface for all clients and partners to access your APIs and plays a key role in full lifecycle API management.

Its key functionalities include:

  • Abstraction and simplification of internal functionality
  • Providing an easy and intuitive mechanism to publish and document APIs
  • Simplifying external/internal developer on-boarding
  • Scalability to securely manage a multitude of APIs
  • Rapid prototyping and development
  • Authentication and authorization through security patterns like TLS, API keys, OAuth, etc.
  • Strong analytics and monitoring of APIs

Working architecture of an API Gateway

Working architecture of an API Gateway
Basic features of an API Gateway

At a bare minimum, an API gateway needs to provide a runtime component. This component is responsible to receive the client request (typically an HTTP JSON request), apply some transformations, aggregate and call the required backend services and provide response back to the client in the format conducive to the front end.


Typically, the API gateway is exposed to the Internet. Hence security is paramount. This is achieved through standard practices like API keys, OAuth and 1-way/2-way TLS. These are bundled in some format on the API gateway, to be easily applied on the APIs, as required, usually as configuration, rather than code.


The incoming requests from the clients may follow a different pattern compared to the protocols under which the internal services operate. Hence, some features are required to translate the external client representation into the patterns and protocols that internal components communicate on. For this, typically some standard features like XML/JSON conversions, protocol manipulations such as changing HTTP GETs to POSTs, modification of headers, query and payload parameters are provided. For more advanced use-cases and requirements, some scripting may be required which can be achieved through JavaScript, GoLang, Java, Python, Node.js etc.


Additional features like request/response caching are supported by API gateways. This saves round trips to the downstream services and re-use the existing responses leading to lower latencies, faster response times and enhanced customer experience.


For the internal management of the API gateway assets, a configuration database is required. This manages assets like API keys, configuration data, routing rules, access tokens, key-value maps, etc. Since throughput is of prime importance; low latency, NoSQL, in-memory databases are popular choices.


Since the APIs need to be exposed and will be used by external developers, we need a mechanism to share them. This is done through a publisher portal. Here we capture the details of APIs, access patterns and documentation. Community forum boards, technical assistance and monetization features and options can also be placed here.


As an API provider, we need to analyse which APIs are being consumed and how they are performing. For this, we need a strong analytics platform, which can measure statistics like transactions per Second (TPS) and error rates. Based on this analysis, we can provide deep and valuable insights to the product teams.

API Monetization

API monetization is a powerful capability to help leverage your digital assets, build a commercial infrastructure and revenue generating streams. With monetization, third-party API developers and other partners that use your assets can be charged for your API products.

Choose Wisely!

Here are some common, non-exhaustive list of criteria to help you select an API Gateway:

Criteria Description
SaaS (Software As A Service) vs On-Premise Due to various compliance needs and regulations, there might be a need to host your own gateway. This is then a critical feature during your evaluation process. Does the API gateway offer SaaS? On-Premise? Hybrid solutions?
Security Does the API Gateway offer industry-standard security policies and features?
Onboarding To increase API adoption, we need an easy to use, self-service on-boarding platform and a sandbox environment where API’s can be tried out. Does the API gateway provide this feature, out of the box?
Performance Typically, depending on workloads, API gateways introduce minor latencies in the API response time. So performance is a critical attribute and is usually measured in TPS and/or IOPS (Input/output operations/second)
Features Apart from security and throttling, certain other features like monetization, ease of development/operations, transformation features, caching, versioning, governance, routing, reporting etc become important in day-to-day management. Are all these features provided out of the box by the API Gateway?
Vendor eco-system Does the API Gateway vendor provide training? Does the vendor provide support and platform maintenance services? How frequently are patches and upgrades provided to the platform?
Management Automation Does the API Gateway vendor provide automation options to configure, manage, and integrate the solution into your operational processes? Vendors that offer APIs that are highly configurable, along with reporting APIs and webhooks for important events, ensure that you can easily automate changes and integrate it into your deployment process.

About the Authors

Related Posts

What to Look for in an iPaaS Vendor - The Top Five Criteria

In 2008, a significant outage in its data center prevented Netflix from sending DVDs to its customers for three days which prompted the company to rethink its IT architecture.

Overcoming Key Integration Platform-as-a-Service Implementation Challenges

Organizations today are confronted with challenges arising from the growing number of applications and managing the volume of data being generated across cloud and on-premise environments.

The Future of Integration Challenges, considerations and trends

Today, as business data increasingly proliferates a multitude of systems, app-integration teams are finding it increasingly difficult to keep pace. While a platform-based approach takes the pain out of integrating and scaling applications, the volume, velocity, and veracity of data are adding to integration complexities.


Whitepaper - Migrating to a hybrid integration platform (HIP) makes your cloud journey easy
Digital transformations tend to focus on the desired high-level benefits such as greater efficiency and profitability, more operational and business agility, and better customer experience.
Whitepaper - Why Governance is the key to ROI in Digital Transformation
It turns out that a major common contributor of almost all transformation flops is poor governance. Digital transformation involves every aspect of an organization and everyone in it. Structured governance is essential to ensure that everyone takes the same approach to common goals, in a coordinated, timely way.
Whitepaper - 7 Steps to Successful RPA Implementation
Intelligent Automation is boosted by the growing demand to digitize and automate business processes at a time when the Covid-19 pandemic requires rapid workplace transformation.

Analyst Speak

THIS recognized as a notable vendor by Forrester in its 2024 report on the API Management Software Landscape.

(THIS) has been cited among notable vendors by Forrester Research in its report ‘The API Management Software Landscape, Q1 2024’. The report recognizes Torry Harris as a provider offering API management solutions with a geographic focus in the EMEA & APAC regions.

Forrester cites Torry Harris- Vendor analysis for application modernization and migration services

Forrester observes that the initial rush to “lift and shift” to the cloud has now been replaced by a focus on modernization and digital transformation. Cloud migration is the first step in a long journey to take advantage of the latest cloud-native technologies and services.

Torry Harris is a Strong Performer in The Forrester Wave™ for API management solutions

Torry Harris is a 'Strong Performer' in The Q3 2022 Forrester Wave™ for API Management Solutions. This report shows how each provider measures up and helps technology architecture and delivery (TAD) professionals select the right one for their needs.

Past Webinars

On-demand webinar
Empowering your SME customers for the new DIGITAL normal: role of APIs and Microservices in the current climate
SMEs in particular, hard hit by physical constraints, acutely need to be digitally connected and empowered towards identifying sales and service opportunities.
On-demand webinar
Microservices Governance: Best practices for CSPs
A well-thought-out governance approach can help offset the costs of implementing Microservices and deliver higher benefits from your investments.
On-demand webinar
Practical use-cases to monetise Open Banking APIs
In this webinar, Thomas Zink – IDC research director for European financial services talked about the revenue potential of API enabled use-cases and how to overcome barriers to adoption.