Just because you can doesn’t mean you should…
I seem to be running into more and more application leaders that are confused by the marketing messages regarding API platforms, iPaaS, and mobile backend for frontend (BFF) vendors. More often than not, companies are trying to satisfy requirements that cut across the fields of mobile enablement, API delivery and integration, and cloud adoption, which bring added complexity. Now add to this the fact that lines of business are becoming significantly more empowered—shadow IT teams are buying products without centralized oversight—and application leaders are left with multiple options when deciding their platform of choice.
In this article, I will compare and contrast the relative strengths and weaknesses of the platforms mentioned above so that application leaders have the ability to make more informed decisions. The central theme of this article is to provide guidance on choosing the right tool for the job and to make you aware of trade-offs you are signing up for when you make those decisions.
API Management Platforms
A well designed and managed API program gives an organization insight into the usage, availability, security, accessibility, and usability of their APIs. This can result in new partnerships, better efficiency for employees, more reliable vendor communication, and ultimately, new revenue channels.
A good API platform must, at the very minimum, provide the following capabilities:
- API portal
- API gateway
- API hosting
- API lifecycle
Designing and monitoring the API portal requires a strategy and plan in the following key areas:
- API catalog. How the APIs are published, discovered, categorized, and described (their metadata).
- API analytics. Consists of real-time metrics, KPIs, dashboards, and reports.
- API developer self-service. How the APIs are registered and on-boarded, in addition to API key management and sandbox testing.
- API documentation. Consists of machine- and human-readable content, API interface contracts (IDLs), and dynamic documents (Swagger, RAML, etc.).
- API community management. Setting up forums, writing usage/benefit blogs, socializing, delivering system alerts, and overall branding.
- API product management. How the APIs are monetized (rate plans and billing), packaged, licensed, and recognized in contracts and SLAs.
The API gateway is focused on the monitoring and security of your APIs:
- API security. Addresses authentication, authorization, auditing, attack and threat prevention, transport and message-layer security, encryption, and signatures and schema validation.
- Traffic management. Designed to control and optimize traffic through rate-limiting, metering, quotas, throttling, load-balancing, caching, and compression.
- API traffic monitoring. Consists of logging, metrics capture, storage, and threshold monitoring.
- API protocol & data interchange standards. How to implement the best application protocols (HTTP, HTTPS, etc.), message formats (JSON, SML, SOAP, etc.), and services (REST, Web services, etc.).
- API proxies & mediation. Best approaches for protocol and message transformation, routing, policy-driven mediation, and version management.
Determining a strategy and roadmap for hosting your APIs can save a lot of time and money in the long run:
- Basic API hosting (cloud vs on-premise). Determine the best API assembly and composition method, data services, and standard connectors (HTTP, HTTPS, REST, etc.).
- Advanced platform & resource connectivity. Consists of connector and adapter frameworks, cloud and SaaS adapters, and big data and NoSQL access.
- Basic enterprise service bus capabilities. Includes asynchronous messaging, events, files, notifications, and data integration strategies.
Managing the API Lifecycle
The API lifecycle consists of three major categories:
- API governance. Addresses API portfolio management (including inventory and identification), lifecycle approval workflows, version and change management, and impact and dependency analysis.
- API design & development. Incorporates browser-based design, developer IDE, and testing tools.
- API DevOps. Creates a strategy for building, deploying, and promoting APIs, as well as configuration management, automating, scripting, and development community self-service.
Integration Platform as a Service (iPaaS) for Hybrid Cloud Integration
The rise of software as a service (SaaS), as well as the increasing heterogeneity of enterprise application
portfolios and data sources, have necessitated a shift to Hybrid Cloud integration approaches. Integration platform as a service (iPaaS), a sub-segment of PaaS, continues to evolve as an integration approach capable of meeting a wide range of integration needs, including on-premise, cloud, B2B, and mobile application integration.
Although some iPaaS vendors offer API management capabilities, these offerings are more focused on
the design and development of APIs rather than on the managed exposure of these APIs. Enterprises that need full lifecycle management of their API portfolios find that most iPaaS platforms still lack deep API management capabilities (such as analytics, developer portal, and versioning support). Similarly, those requiring advanced mobile integration capabilities (such as analytics, push notifications, offline caching, and data synchronization) will find that those features are often lacking in most iPaaS solution offerings.
According to the Ovum Decision Matrix, any enterprise-grade iPaaS solution offering needs to provide at least the following capabilities:
- A cloud service, available by subscription and accessible over internet technologies. This includes some self-service provisioning and management by subscribers, instrumentation for resource use tracking, and sharing of physical resources between logically isolated tenants.
- A PaaS, encapsulating the underlying virtual or physical machines (their procurement, management, and direct costs), which does not require tenants to be aware of them. Patching, versioning, and health of the platform stack is delegated to the vendor/provider.
- Support for multiple connectivity protocols and data/message delivery styles, data and message validation, mapping and transformation, routing, orchestration, and adapters for cloud-based and on-premises packaged applications and data sources.
- The iPaaS solution should provide a centralized console for scheduling, monitoring, and managing integrations.
- The iPaaS solution should provide enterprise-grade security and governance features and capabilities, such as transport layer and application- and network-level security and support for implementation and administration of governance policies.
- Tools to develop, test, deploy, execute, administer, monitor, and manage integration flows and the lifecycle of relevant artifacts (for example, transformation maps, routing rules, and orchestration flows) via a web-based and/or mobile graphical user experience, and/or a command-line interface or an API.
Mobile Backends for Frontends
Mobile BFF is an architecture paradigm that provides web applications and mobile applications with a way to access APIs and backend data stores while also providing features such as user management, push notifications, and integration with social networking services.
In addition, organizations looking to expand their mobile application portfolio beyond mobile devices (for example, wearable devices such as fitness trackers, or virtual personal assistants such as Amazon's Alexa and Apple's Siri) are also starting to leverage mobile backend services to support those Internet of Things (IoT) initiatives.
Here is a high-level view of the mobile BFF architecture pattern:
You can find a much more detailed explanation here.
An enterprise-grade mobile BFF solution offering must provide the following capabilities:
- Accelerating the delivery of mobile applications by making the backend infrastructure transparent to, and reusable by, the mobile application developer.
- Providing low cost of entry for mobile application development and deployment.
- Attracting developers beyond IT. This requires organizations to provide enterprise-wide education, oversight, and governance. That is especially true where mobile backend services come with rapid mobile app creation tools.
Using the Right Tool for the Job
The chart below distils this article into a simplistic understanding of the relative strengths of API platforms, integration platforms as a service, and mobile backends for frontends:
Hopefully this article has helped clarify the relative strengths and limitations of these platforms. I have purposefully stayed away from mentioned specific vendors, although it was very tempting to do so. The reason is simple—today’s marketplace is moving very quickly, and each vendor is adding capabilities to their respective platforms on an almost weekly basis.
However, this post should help you form a strong understanding of the various architecture paradigms, what use cases they should be used for, and often more importantly, what use cases they should not be used for, allowing you to make an informed architecture decision.
Prithvi collaborates with clients to help them craft transformative enterprise strategies. He has led large and complex solution deployments for multiple customers across the financial services, banking, healthcare life sciences, retail and insurance industries.