DigitMarketTM API Manager (DM-APIM) is a complete package to help manage your APIs and make them into tools that propel your business forward.
With DM-APIM, you’ll arm your business with:
- Mature and marketable APIs, that accelerate your digital transformation program
- Easy third-party collaboration, helping you create and expand your digital business ecosystem
DigitMarketTM API Manager offers you a secure API Gateway, Authentication Server, Developer Portal or API Store and an API Publisher Portal.
DigitMarketTM API Manager
If you’ve got a number of APIs working at the same time, to keep your business running smoothly, you need something that throttles your traffic, monetizes your applications and monitors your security - and that’s exactly what you get with our API Gateway.
Our solution acts as an entry point for all your APIs and:
The best bit? You don’t need coding. You don’t need to customize it. And you manage it all in one place; your Publisher Portal.
API Publisher Portal
Need a single place to develop, publish, monetize and promote your APIs? You’ve got it. Our Publisher Portal encompasses everything you need to manage your API lifecycle activities.
Driven by configurable workflows, it fast tracks your publisher’s actions and supports everything from collaborating over blueprints to developing, versioning and retiring your APIs. Better yet, acting as a central hub for all your management processes, it also:
API Developer Portal
Is your current API set-up a bit unsightly? Are you struggling to get people to really engage with your APIs? Are third-party developers, partners and key stakeholders not able to easily consume the APIs they need?
If your response was a trio of yes’, there are time, money and resource savings to be made; enter our API Developer Portal.
Our custom-built solution combines an integrated API store with a developer portal that’s:
What is DigitMarketTM API Manager (DM-APIM)?
DigitMarketTM API Manager (DM-APIM) is a complete package to help manage your APIs and make them into tools that propel your business forward.
Our API Management product, “DigitMarketTM API Manager” has four components that work in unison to provide the following basic runtime functionality:
The Publisher Portal
The API publishers configure the APIs, API packs, usage plans, usage policies and so on using this portal. Key features:
- Create secure API proxies.
- Create API packs from multiple APIs.
- Advanced Policy library with facility to share policies across multiple APIs.
- Workflow/approval cycles on policy lifecycle.
- Configure transformations at API and resource levels.
- Ability to create multiple usage plans with different set of runtime policies for each plan Ex: Basic, Gold, Silver, Platinum, etc.
- Ability to selectively deploy and manage plans on different gateway runtime instances from a single screen.
- Near-real-time statistics visualisation.
- Advanced and highly granular role-based access control for all features - API Visibility, management, publishing and consuming.
The Developer Portal
The developers discover, explore, try out and subscribe to the publishers’ APIs using this portal. The publisher can tailor the appearance of the developer portal as per their needs. Key features:
- Developer self-registration.
- Ability to search and navigate the portal with the same user experience of an online store; with clear listing of most popular APIs, What's new, API price, description, etc.
- Facility to manage the subscriptions through an easy interface.
- Ability for internal and external developers, API providers to quickly view statistics of their API usage.
- Facility for API providers to easily expose/create APIs by proxying existing endpoints and attaching policy templates.
- Help / support ticket system built-in for API developers to report issues, bugs, etc.
The gateway enforces the policies defined by the publishers, validates the subscriptions, collects metrics, and enforces quotas. The gateway is configured and managed using the publisher portal. No coding or customisation is required. Key features:
- Event-driven paradigm used to implement the gateway, hence high concurrencies can be achieved easily.
- Policy enforcement (details of each policy is described in our answer to the next question).
- Cluster-wide policy enforcement.
- Quota overrun alerts with configurable threshold.
- Transaction recording for analytics.
- Multi-gateway runtime architecture to support isolation of high-traffic, high-volume APIs. Configuration and management is central though.
- Subscription validation and auto-renewal facility.
OAuth Authentication Server
- Token management.
- Supports OAuth custom grant types.
How does DigitMarketTM API Manager compare with its competitors in functionality?
Following are the three main aspects that differentiate our products:
- Product Positioning - We differentiate by positioning our product for customers that have a much wider scope of building a Digital Ecosystem rather than just API management. When customers with a broader scope (digital ecosystems) choose only API management, they have to either build the digital marketplace on top of API developer portal or integrate a standalone digital marketplace product like AppDirect. The scope of Digital Marketplace includes additional platform-business specific capabilities such as provider on-boarding, contract management, workflows, e-commerce experience, etc. Ours is an integrated offering designed and positioned for enterprises that are already confident about the potential of API economy and aim big to build digital ecosystems. (Like Schneider Electric, Dubai Smart City, etc).
- Product Engineering and SI under one roof – Our product engineering and SI work very closely that enables a tighter-feedback loop. Customers get the benefit in terms of rapid delivery of features/enhancements.
- White-label / Distribution model for Enterprise Customers - Our products are designed to be multi-tenant that allows enterprise customers to distribute / provide cloud access as a rebranded enterprise offering.
What internal skills do I need to work with DigitMarketTM API Manager?
What are the different API Monetisation policies offered?
The following are the different API monetisation policies on offer:
- Direct Billing – In this type of billing, the external developers get billed directly for their API consumption on basis of usage volumes, load, bandwidth utilisation, location etc.
- Bundled Billing (Packs) – This is a type of direct billing in which the external developers pay for bundled API kits instead of being billed for individual API’s.
- Internal Billing – This type of billing is mainly used for providing internal metering and chargeback for different units or departments within an organisation.
- Tiered Billing – This type of a billing model can be used to create categories of external developers based on parameters like usage, location etc and billed accordingly.
API monetisation policies and functions are flexible and customisable; and can be different for the same API depending on the API consumer. We offer a paradigm of individual APIs and a collection of productised APIs – Packs/Plans. Each API consumer subscribes to a plan. Policies can be attached to Plans and individual subscriptions, i.e individual API consumer.
How does DigitMarketTM API Manager protect APIs against different types of threats?
DM-APIM comes with built-in threat protection using the popular, industry-standard Mod-Security framework. The following essential rule sets are enabled by default:
- Content validation – XML schema and JSON schema.
- Memory space breach and Buffer overflow attacks.
- HTTP Protection - detecting violations of the HTTP protocol and a locally defined usage policy.
- Real-time Blacklist Lookups - utilises 3rd Party IP Reputation.
- Digital signatures eg two-way SSL.
- HTTP Denial of Service Protections - defence against HTTP Flooding and Slow HTTP DoS Attacks, Public key DoS attacks.
- Common Web Attacks Protection - detecting common web application security attack, resource hijack attacks, session hijack attacks.
- Automation Detection - Detecting bots, crawlers, scanners and other surface malicious activity.
- XML Virus attack prevention.
- Integration with AV Scanning for File Uploads - detects malicious files uploaded through the web application.
- Tracking Sensitive Data - Tracks Credit Card usage and blocks leakages.
- Trojan Protection - Detecting access to Trojans horses.
- Identification of Application Defects - alerts on application miss-configurations.
- Error Detection and Hiding - Disguising error messages sent by the server.
How can I manage API consumption?
API Consumption management/control is provided by DM-APIM with the following capabilities:
- A backend rate limit can be defined. This is separate from the API's rate limiting policy. This ensures that the backend resources are not overloaded.
- To track usage of external APIs against consumption quotas based on API call limits, a usage policy can be attached to the API and the gateway will ensure that the usage is limited to the defined limit.
- Consumption management features work based on total consumption across a distributed deployment. The product architecture includes a network-centric global counter that maintains count across distributed gateway deployment.
Does DigitMarketTM API Manager support Mobile / Multi-channel experience?
DM-APIM and our associated service offerings provide features that are specifically aimed at supporting multi-experience strategy:
- Configurable content compression at the gateway to support low-footprint API payloads to support use cases in IoT, wearables, etc.
- Support for integration with third-party services to enable voice-driven applications and chatbots.
- Support for channel-specific APIs and creation of separate architectural layer tailored for front-end channels. This is commonly referred to in the industry as the BFF pattern (Back-end For Front-end). Microservices, exposed through micro gateways are good candidates to build the BFF layer.
- System Integration and custom solution development to build industrial Augmented Reality applications using frameworks like ARKit in the Energy management domain.
The key consideration in API Management to support all the above-mentioned multi-experience touch points is the ability to tailor specific security policies, support streaming, pluggable state management, data compression, etc.
Does the API Management solution offer a hybrid deployment model?
DigitMarketTM API manager can be deployed and managed with a hybrid topology - Cloud and on-premise. The management layer could be deployed on the Cloud, where as the Gateway could be on-premise or vice-versa. To support such hybrid topology, we provision a separate instance on the Cloud and deploy additional layers of security to allow secure access to the admin APIs of the API management platform.
How compatible is DigitMarketTM API Manager with Open Banking specifications?
Our industry vertical templates provide the required specs, principles and reference models to integrate Open Banking APIs to your core banking and associated systems. Our complementing offering, Concierge Bank is a comprehensive marketplace-banking solution built on the foundation of Open Banking. It allows quick integration to third party services helping banks to create their own marketplace via the managed API platform.
What is the process for support escalation?
Our Support models range from product support to system-integration oriented Level 2 and Level 3 support. Product support escalation process allows customers to escalate to a product support manager as a first level. The second level of escalation is Product owner. The final level of escalation is the CEO.
Our system integration-based support models are highly evolved. If a customer wishes to escalate any problem, the first level of escalation is the Support Manager. The second level is Business Unit Head, the final level is the CEO.
Here is how the SLAs work: Our SLAs are categorised into availability uptime SLAs (also known as System Availability SLA) and QoS (Quality of Service) SLAs. The uptime SLA values are different for on-premise deployment and Cloud deployment. For on-premise hosting, we allow flexible SLAs that are designed for supporting mission critical business applications. This includes both QoS related SLAs such as response times from the gateways and high-availability SLAs (Ex: 99.999% availability).
The following elements differentiate our customer support:
- We follow the DevOps model, combined with some elements of the traditional support to offer best of both worlds.
- We offer tailor made support plans & SLAs that best suits the need of the customer.
- We charge for support only when the customer goes live.
What happens when my subscription expires?
Seven days before your account subscription expires, you receive an email notifying you that your account is about to expire and prompting you to contact your account representative to retain your account.
When your subscription expires, you can’t restart existing apps or create new apps. Running apps might stop without notice at the discretion of Torry Harris. To renew your subscription, contact your account representative.
How are products updated once deployed?
The Cloud version is updated on a regular basis, with bug fixes and minor enhancements. However, every change is notified to the customers. We also ensure a zero-downtime deployment, using our continuous delivery framework, Meridian. We ensure this by deploying the changes on the independent nodes of a load balanced environment at a non-peak time. Customers however are informed well in advance of the changes and about the possibility of a performance degrade. In case of customers who have very high loads, separate instances are spawned to eliminate the performance degrade.
Any major feature changes are released as part of the scheduled release plan. Customers are also informed in advance on the release schedules and any migration steps that may be required are published in advanced.
Do you offer professional services for product implementations?
Professional services and consultancy form a very important part of our model, since we offer consolidated end-to-end services in our focus areas. Depending on the phase the customer is in with respect to his/her API journey, any of the blocks within DigitMarketTM could be used by the customer and made to work (coexist) with any other commercial or open-source products. We also assist clients from time-to-time in product selection for their enterprise. Though DigitMarketTM is open standards based and the client can choose to engage with any vendor for the professional services and consultancy bit, they generally tend to engage us to offer both these services.
Do you support mocking/virtualisation, so that services can be tested before they are written?
Do you provide continuous testing services / monitoring on APIs after they are published?
AutoStub® 2.0 is our product that clients use to mimic the services/APIs. The tool generates a mocked HTTP(S) endpoint based on the WSDL or Swagger specification provided. This ensures that the contract itself can be validated and the same test cases (already created on AutomatonTM), can be run on the actual service once it is ready to ensure that the contract is enforced during actual end point exposure. AutoStub® generates high volume of test data based on pattern rules. AutoStub® and AutomatonTM provide command line triggers that can be easily integrated with the DevOps pipeline. We provide our own framework Meridian for this purpose, though it can be used with any DevOps toolset.
Digital Enablement Platform
digital capability for Pure Planet