API Publisher Portal

Our API Management product, DigitMarket^TM API Manager (DM-APIM) is a complete package to help manage your APIs and turn them into tools that propel your business forward. It has four components that work in unison to provide the following basic runtime functionality:

The API Publisher Portal

The API publisher portal allows API publishers to configure the APIs, API packs, usage plans, usage policies, etc. Key features include:

• Create secure API proxies
• Create API packs from multiple APIs
• Advanced Policy library with the facility to share policies across multiple APIs
• Workflow/approval cycles on policy lifecycle
• Configure transformations at API and resource levels
• Ability to create multiple usage plans with a different set of runtime policies for each plan. For instance, Basic, Gold, Silver, Platinum, etc.
• Ability to selectively deploy and manage plans on different gateway runtime instances from a single screen
• Near-real-time statistics visualization
• Advanced and highly granular role-based access control for all features - API visibility, management, publishing, and consuming

The API Developer Portal

The Developer Portal helps developers discover, explore, try out and subscribe to the publishers’ APIs. The publisher can tailor the appearance of the developer portal as per their needs. Key features include:

• Developer self-registration
• Ability to search and navigate the portal with the same user experience of an online store; with a clear listing of most popular APIs, What's new, API price, description, etc.
• Facility to manage the subscriptions through an easy-to-use interface
• The ability for internal and external developers and API providers to quickly view statistics of their API usage
• Facility for API providers to easily expose/create APIs by proxying existing endpoints and attaching policy templates
• Help/support ticket system built-in for API developers to report issues, bugs, etc.

The API Gateway

The API gateway enforces the policies defined by the publishers, validates the subscriptions, collects metrics, and enforces quotas. The gateway is configured and managed using the publisher portal. No coding or customization is required. Key features include:

• The event-driven paradigm used to implement the gateway, easily achieving high concurrencies
• Policy enforcement (details of each policy is described in our answer to the next question)
• Cluster-wide policy enforcement
• Quota overrun alerts with configurable threshold
• Transaction recording for analytics
• Multi-gateway runtime architecture to support isolation of high-traffic, high-volume APIs. Configuration and management is central though
• Subscription validation and auto-renewal facility

OAuth Authentication Server

The OAuth authorization server is a software system that implements network protocol flows that allow a client software application to act on behalf of a user. Key features include:

• Token management
• Supports OAuth custom grant types

Multiple types of consumers like internal developers, B2B Partners, and external developers like apptrepreneurs and the general public can have features tailored for them in the developer portal. The configurable HTML files of the developer portal enable the publisher to tailor its appearance if the default appearance is not appropriate.

• a. Features applicable for Open API Economy model (External developers like Apptrepreneurs and the general public)
  • AppStore-like interface for easy discovery and subscription to APIs
  • Explicit pricing information for public consumers with the ability to hide pricing if required
  • Automatic subscription renewal feature, if enabled for specific developers
  • Workflow driven public developer verification to protect publishers from malicious developers
• Features applicable for B2B Partners
  • The ability for API Publishers to onboard and provide access to partners on their behalf
  • Can share the developer portal to B2B users as a partner portal
• Features for internal developers
  • Each API supports a visibility option, so the developer portal can support a mix of internal and external APIs that are fully isolated from each other
  • The ability for publishers to configure different usage plans/policies for the same API, one for internal and the other for external developers
• Common features that are applicable for all types of consumers
  • Integrated sandbox capability that allows API publishers to easily create a playground for APIs, allowing developers to try out the API
  • Integrated API documentation using hybrid approaches - static documentation and OpenAPI (Swagger) test client. Documentation can be uploaded in the form of HTML, therefore the appearance can be tailored as per the publisher’s wish
  • Statistics for API usage
  • Quota usage in real-time

• DigitMarket^TM API developer portal is fully customizable. All the capabilities of the developer portal are available as APIs and a revamped developer portal can be published via the CMS feature in the API publisher portal. The users can choose to rebrand the developer portal or change flows on the portal using this capability. The default developer portal template is provided as part of the product that can be used as a reference to customize the new set of navigation flows.
• Documentation can also be uploaded in customized templates while defining an API
• API categorization and organization is built into the developer portal, and is administered via the API publisher portal
• An integrated discussion forum that allows developers to ask questions, raise bugs, suggest features, etc.
• Integrated Sandbox environment and “Try It” for quick exploration
• Ability to generate client code for different technologies based on the Swagger (OpenAPI) specification

Yes, we offer an innovative multi-tenant architecture for API management publisher portal and developer portal. Large, geographically distributed enterprises have different business units that would like to provide APIs to their community of consumers. DigitMarketTM API Manager supports multi-tenancy where one installation of the product supports a feature wherein different API provider sub-organizations and consumer sub-organizations can be created.

Each provider sub-organization has its own exclusive publisher portal and associated developer portal for its consumers. The APIs, look and feel of the portal, etc. can be customized by each tenant independent of other tenants.

We also provide isolated environments for customers who are hesitant to share the application instance with others. In such cases, we provide a separately managed instance on the cloud, at a separate cost.

DigitMarket^TM API Manager Developer and API Publisher Portal are driven by workflows. Every new artifact, policy, or configuration change in the publisher portal goes through an approval cycle for governing and moderating the changes.

Once the artifacts such as API proxies, packs, policies are configured on the API publisher portal, it is submitted to the business user for approval. Once the configuration is approved and synced with the gateway, the API publisher portal automatically publishes the APIs to the developer portal. The price plans and usage plans are explicitly shown to make the subscription process easier. Alternatively, API publishers can choose to have hidden/private plans exclusively for B2B developers.

Private B2B APIs between trading partners are common and must be managed. These APIs could be a part of a supply chain in manufacturing, in commerce between suppliers and retailers, or in healthcare or life sciences ecosystems.

Specific APIs and/or specific API features can be hidden from the general public by API publishers on the Developer Portal. Each API usage plan has visibility settings that allow the granular configuration of APIs. For some B2B scenarios, we configure two-way SSL with mutual authentication where both the parties are known to each other. Also, as both the provider and consumer endpoints are known to each other, we configure additional security policies such as IP whitelisting.

Some of our clients prefer to deploy an instance of API gateway in a separate VPN-enabled network over the Internet, which is not visible to the general public. Others prefer to combine partner-specific APIs with the Open API developer portal.

An extensible adapter SDK is also provided that allows the creation of a custom adapter for any B2B specific applications/protocols. Though the adapter for specific B2B protocol does not exist now, such as EDI, RosettaNet, etc, the one-time activity of adapter development as part of a project will help us re-use it across other instances where there is a need for those protocols.

If the API is configured to use the documentation, the viewer is available inside the Developer Portal. Documentation is automatically uploaded when the page is loaded. The API Manager that configures the documentation must have the right user account. However, anyone can have access to the documentation.