API Management

Modern Software Principles Every Enterprise Must Adopt

“What got you here, won’t get you there.”

This was the overriding message delivered by Apigee chief technology officer Anant Jhingran in his keynote Wednesday at I Love APIs 2015. He explained how modern software is built and operated very differently, and why legacy technology infrastructure, architectures, and principles are no longer sufficient to build a competitive advantage in the digital economy.

Enterprises can no longer afford to bolt on to their current technology investments in hopes of staying competitive in the digital world. Instead, CIOs and architectects need to rethink their technology strategy and adopt the approach to software development, infrastructure, and operations that startups and disruptors have pioneered.

For five key areas of building and operating software, there are five modern software principles that every CIO and architect should adopt:



Legacy Approach

Modern Software Principle


Expensive two-phase commit

Eventual consistency


Expensive reliable queues

Replication & idempotency

Unknown threats

Rules & humans



Care & revive

Rip & replace

Cooperating services

ESB & message brokers

Distributed network


An API-first approach plays a central role and paves the way to adopting modern software principles and building and operating modern software:

Apigee’s head of engineering, operations, and support Shankar Ramaswamy joined Anant onstage, and described how the Apigee platform is built using the same modern principles that we exhort our customers to adopt.

This API-first approach enables Apigee to accelerate our software delivery velocity, launch new products such as Apigee Sense and Apigee Health APIx, and scale our API traffic volume by 268% year-over-year while achieving 99.998% cloud availability.

CIOs and architects must adopt modern software principles if they want their software archtecture and their businesses to be agile, relevant, and competitive. And, as Apigee CEO Chet Kapoor said in his I Love APIs 2015 keynote earlier in the week, the time to get started is now.

Anant's presentation is available on SlideShare.


Security in the Digital Age: Deep-Dive Webcast

What are the biggest cyber threats facing financial and healthcare entities today and in the near future? How can organizations embrace innovation and agile development culture while balancing the time to market goals with risk management?

Join Jason Kobus, director of API banking at Silicon Valley Bank, and Apigee's head of security Subra Kumaraswamy in this webcast replay as they discuss how an effective API program, combined with a secure API management platform, can:

  • provide visibility for all security threats targeting their backend services

  • control access to sensitive data, end-to-end

  • enable developers to build secure apps with secure APIs

  • facilitate secure access with partners and developers


API Management: Generate Value with Monetization

Digital assets or services provide real value to customers, partners, and end users. So why  shouldn’t they be a source of revenue for your company and an important part of your business model?

In the pre-API world, monetization was accomplished via long, drawn-out contractual processes, or data sharing agreements. In some instances, data was given away for free. APIs enable you to expose data and services securely, publish it to partners in a scalable manner, and, with a sophisticated API management platform, charge for usage, revenue-share with developers, and track billing in real time.

Sophisticated API management, in other words, provides the robust infrastructure that empowers your business model—and opens the door to new revenue opportunities.

Attract developers, generate revenue

Innovative models, like revenue sharing or pay-by-performance, go a long way in attracting and keeping developers on your platform.

There are many successful examples of how this works today. Take Uber. It offers third-parties who develop on its API $5 to $10 per new user acquired.

Offering data, content, or services via a platform that enables third parties to create powerful new experiences that extend your brand. It also offers a clear path to charging your partners or, indirectly, your end users for the valued content or service.

Pinterest, Instagram, and Facebook have generated enviable investor and consumer interest by creating fresh content, and making it accessible to third-party development for further mashups and innovation.

Google, Yelp, Mapquest, and Stripe enable partners and third parties to access and innovate on services such as maps, location, payments, and real-time offers, ultimately leading to better end-user experience and engagement—and significant revenue.

The price business partners are charged for building on the Google Maps API, for example, starts at $10,000 annually and generates further revenue for the search giant from ads linked to map searches.

Create and derive value

The common thread we observe across these winning businesses in the new economy is one of:

  • value creation via content, data, or services
  • a platform approach that enables partners and third parties to innovate

  • a powerful experience for the end user that creates more traffic, which equates to more revenue for all the players in the ecosystem

In addition to a deep understanding of the market and a clear articulation of value across the ecosystem, it takes a sophisticated API management solution to enable this business model.

To learn more about API monetization and API management, read the eBook, “The Definitive Guide to API Management.”

Blog home page image: Gerald Wildmoser/The Noun Project

API Management isn't SOA

In the previous post in this series, we introduced the basic tenets of API management. Before we dive in and explore each of the different aspects of a complete API management solution, it’s important to understand what API management isn’t.

It’s not integration-based architecture

To think of APIs as a continuation of the integration-based architectures that have long been in use within enterprise IT is a narrow view.

Because modern software is built as services, all development becomes API development. Rather than using web frameworks that invoke services and produce web pages, applications today are built by consuming and producing APIs. Mobile technology and HTML5/JavaScript have accelerated this movement to API development.

The communications mechanism for mobile is APIs. Sometimes, the same mobile developer is charged with building the server-side and client-side interactions. In other cases, such as for companies that needed to support native iOS and Android applications, specialists become responsible for building the client implementations. These specialists are often contractors, digital agencies, or system integrators. That is, they can be external to the company. This drives the requirement for an API to be central to the application development effort.

It’s not monolithic applications

Not only have applications embraced APIs on the front end for connecting to rich clients, they are used on the backend for integrating with internal systems; and on the sides for enabling other applications to access their internal data and processes.

This approach is achieved through micro services architecture (MSA): the concept of exploding an application into a set of component fine-grained services, linked together via APIs. The promise of SOA has become reality in micro services architecture.

The goal of an API tier in the enterprise infrastructure is to enable a large number of apps, from your partner channels or new app development teams, to access content and data from internal systems in a way that:

  • grants individual users appropriate levels of access control

  • shapes data to exactly the size and format necessary for ease of app development

  • validates or processes data with lightweight logic and combines it with or distributes it to multiple sources and services as necessary

  • enables deep analytics to measure developer productivity and app and API usage growth as well as derive business-level insights by examining the interactions described within the contents of the API traffic

It’s not SOA governance

API governance (API management), separate and distinct from SOA governance, has emerged as a new area of focus. API management concerns itself with providing standardized conventions for documentation and consistent security and access control mechanisms. It exists in support of the application teams rather than the centralized IT resources. It is generally not prescriptive except in a few vital areas, such as defining standards for security mechanisms including OAuth.

All of these distinctions lead to different approaches and decisions for designing, building, securing, deploying, and managing the lifecycle of the data and services a company exposes to developers and partners, both internal and external.

API management isn’t SOA governance. The two are separate and distinct. A centralized services governance process, owned by a special architectural team in IT, simply can’t maintain an iron grip on agile and decentralized API-first architectures.

To read more about the differences between API management and SOA governance, download the free eBook, “APIs are Different than Integration.” For more on API management, download “The Definitive Guide to API Management.”

Coming up next in this blog series, we’ll explore the capabilities of a sophisticated API management platform.

Top Seven Proxy Editor Improvements to Apigee Edge

UI frameworks have evolved a ton since we launched Apigee Edge three years ago. About a year ago, we standardized on Angular for our web application UIs. However, migration always takes time and effort, and because of the proxy editor’s complexity, it was the last component that remained of the legacy Edge UI. With the latest release of Edge, this migration from Backbone is complete, and the new visual proxy editor has become the default experience. While it’s still possible to access the old version of the editor, we plan to remove it in a future build.

During this development effort, we reduced the lines of code by over 60%—just for the proxy editor alone—even as we increased our test coverage. Even better, it is much easier to work with our new code base, making it simpler to add and improve features.

We took advantage of this rewrite to make some usability improvements. There are many little details you'll notice as you use it, but here are the top seven changes:

1. Better use of vertical space in the map pane

The first section we revisited was the map view, since the old version was a bit bulky. By tightening up how policies are presented in a flow, we created more room for working with policy configuration details without sacrificing any usability in the map.


2. Folding sections in the editor

In the policy configuration pane, you can now fold sections, which makes working with longer documents a much nicer experience.


3. Improved context for action buttons

In the old proxy editor, when you needed to add anything, you'd have to visit the "New" menu to do so:


But with the new editor, you have "Add" or "+" buttons in the context of the kinds of things you're adding:


By moving these buttons into their related sections, this makes adding policies, flows, proxies, and targets much more intuitive.

4. Script listing improvements

Instead of interpreting the type of file, we now use the file extension and folder structure to present the assets in the scripts directory. This makes it easier to find the file you're looking for.


5. Search across the proxy configuration

We added a search function, which makes it easier to find keywords in policies and flows:



6. A tightened-up Overview tab

Over time, we had added a number of items to the Overview tab. Now, it's been re-organized to focus specifically on the high-level overview of your proxy. The section formerly called "Resources" now more accurately represents the "Conditional Flows" that you have defined for your proxy.


7. Dedicated space for performance visualizations

Performance outgrew the Overview section and now has it's own tab. Special attention was given to improving the interactions for investigating performance:



Bonus! Find orphaned policies quickly

While it's not new with this release, did you know that policies that haven’t been attached to a flow have a visual treatment? This makes it easy to identify orphaned policies and keep your proxies lean.


The new proxy editor became available in May and will be included in the 15.07 Edge for Private Cloud release. If you have any questions or feedback, please get in touch at community.apigee.com.

Create FHIR-Enabled Expriences: An API-First Approach for the Healthcare Apps Ecosystem (webcast & podcast)

The Fast Healthcare Interoperability Resources (FHIR) mandate, which created an API-based format for exchanging health data, has opened the door to a world of new efficiencies and patient-centric healthcare reform. With APIs as the foundational technology, FHIR enables healthcare IT to drive innovation that’s truly focused on the patient.

In this webcast replay, SMART Health IT's Josh Mandel joins Apigee's Aashima Gupta to discuss the future of FHIR-enabled apps.

Josh and Aashima also discuss:

  • the current state of FHIR specs and the roadmap ahead
  • the purpose of the Argonaut Project, an industry-led code sprint
  • the importance of an intelligent API platform for creating FHIR APIs
  • how to sign up for Apigee’s Sandbox and begin creating FHIR-enabled experiences


Apigee Edge SMB: API Management for Small and Mid-sized Businesses

Are you at a smaller company that‘s launching an API to grow your business? Do you need a quick way to get your API program off the ground?

This week we announced Apigee Edge SMB—API management for small and mid-sized businesses.

Apigee Edge SMB is based on Apigee Edge technology, and is available as a cloud-only offering for up to 25 million API calls per quarter at an annual subscription that works out to less than $2,000 per month.

It includes the core API management functionality you’ll find in our full Apigee Edge enterprise platform, a developer portal, and support for a single named contact. There’s no limit on the number of APIs or API products you can build or the developers you can support. Apigee Edge SMB is a self-service and SaaS experience—you’ll be building APIs right away and launched in days.

Want to learn more?    

First, start by learning “how to buy” on our website for a full comparison between the free Apigee Edge developer trial, Apigee Edge SMB, and the Apigee Edge enterprise digital platform. After you have a sense how our different Apigee Edge offerings compare, let us know if you’d like the detailed specifications on Apigee Edge SMB.

APIs for Dummies: Stop Leaving Money on the Table

"API" sounds like a geeky term and that's a shame because using APIs correctly, at the business level, is critical to thriving in today's marketplace. Businesses bemoan the fact that they're fragmented into silos, with their business units and subsidiaries operating as quasi-independent companies, all resulting in customers having a terrible experience.  

And customers aren't used to having a terrible experience. They won’t tolerate it. They've learned to expect that content and services are available on every device they own. They've learned to expect a consistent look and feel. They've learned to expect that your business—no matter how old or established it is—engages with them in just the same way as a company that was founded to do business in the digial economy.

Failure to realize this situation and failure to act upon it results in brand devaluation, customer defections, and an inability to get new ideas to market in time to compete. APIs can solve this problem. In fact, APIs might be the only answer.

The importance of a seamless digital experience

Another heartbreaking scenario is the lost opportunity. Customers want fast, easy access to services from across your entire brand (and possibly from your partners, too). Every new website they must log in to and every new app they must open only increases the likelihood that they’ll simply give up or find someone else to whom they’ll give their money.  

On the other hand, if a company presents all of its products and services (brand-wide and ecosystem-wide) to me in one place, I am much more likely to make additional purchases and to consume additional services.

The inability to execute product ideas and provide a consistent and seamless digital experience across all the channels of your brand is a potentially fatal error at the business level. The inability to execute ideas and campaigns across the ecosystem of your subsidiaries and partners is a potentially fatal error at the business level. The lack of real-time visibility, trending information, and personalization is a potentially fatal limitation at the business level.

APIs: More than a technology issue

APIs help companies solve these business problems. APIs are a business issue of the highest urgency.

It's too bad that some people view APIs as being solely a technology solution. Companies are walking away from business growth because of this misconception. That said, it's not too late (though it will be soon).

At Apigee, in addition to building software products to help companies manage, secure, analyze, and scale their APIs, we offer the knowledge gained from many years of experience working with customers in multiple industries.

Check out the Apigee Special Edition EBook: APIs for Dummies. It’s intended to help businesses overcome the misconceptions described above, and to know how to use APIs as a strategic and competitive weapon. It describes the business outcomes that APIs and robust API management drive. The winners in tomorrow's economy are deploying APIs today.

Use Salesforce? REST APIs and Apigee Connectors for Better Enterprise Connectivity

Chances are you’re a Salesforce customer. Chances are that you are not only using Salesforce for sales and service, but also use their platform (Salesforce1) to build applications. Chances are that you have had to deal with questions like:

  • how do I securely access Salesforce APIs through different apps?

  • how do I simplify my access to other backend systems / cloud providers through Salesforce?

  • how can I get visibility into how the Salesforce APIs are being used, or what is Salesforce calling into?

  • how can I ensure that I don’t run over my Salesforce platform limits?

Apigee Edge provides answers to these questions. You can use Edge as a facade: a proxy layer which can sit between Salesforce and other apps and cloud providers.


Edge enables the exposure of normalized, consumable APIs (based on your design philosophies) that provide access to Salesforce APIs for use by other apps in your enterprise.

You can take a few different approaches to integrate with Salesforce. With a Salesforce REST API you can use service callout policies in Edge to authenticate against Salesforce and invoke methods on various standard objects, such as account and opportunity.

Volos connectors are a set of Node.js modules that enable you to connect to enterprise systems (cloud SaaS providers, databases, and cloud storage, for example) in a RESTful manner. The Volos Salesforce connector is a Node.js module that lets you fetch data from Salesforce using a RESTful API. It leverages the SOQL (Salesforce object query language) framework to provide seamless access to Salesforce data to the rest of your enterprise.

So big deal, why do I still need to use Apigee? Turns out there are several benefits.

End-to-end visibility

Analytics is a core component of Apigee Edge that provides real-time and role-specific visibility into Salesforce API usage across your enterprise. You can use the out-of-the-box and custom reports to very quickly determine the overall performance of the APIs, where the bottlenecks are, what Salesforce objects are being accessed more frequently than others, what channels (mobile, web, desktop) are driving API usage, and a whole lot more.

Effective control and management over platform limits

The Salesforce platform has several limits that you can run into, including platform apex limits, static apex limits, API request limits, and Chatter REST API limits. Edge provides several traffic management policies, including concurrent rate limits, quota, spike arrest, and caching, which enable you to minimize latency for Salesforce data while providing effective control and management over platform limits.

Data shaping and flexible security

Apigee provides a rich set of transformation and security policies. You can use the transformation policies to convert the response from Salesforce and present it in formats that can be readily consumed from different apps.

You can also use the rich set of security policies to provide a consistent and flexible security facade while accessing Salesforce data from other apps in your enterprise. Apigee provides support for OAuth, SAML and other security standards. You can also use traffic management and threat protection policies as a buffer to safeguard your Salesforce data from malicious requests, limit how many times (quota) the data is accessed, and protect from sudden traffic spikes.

Several of our customers have already taken this road and are reaping the benefits of this approach. For a more detailed discussion on Edge and Salesforce integration, check out this demo:


New eBook: The Role of APIs in Media & Entertainment

Media and entertainment companies must become digital in all aspects of their business, and understand their customers’ preferences like never before. They must be able to deliver the right experience to the right device at the right time, and take advantage of the massive flow of data from increasingly connected consumers to better understand customers and their behavior.

In this business brief, we explore four ways that APIs enable media and entertainment companies to meet the expectations of customers and stay ahead in the face of the constantly and rapidly changing competitive landscape. 

Download "The Role of APIs in Media & Entertainment" to learn more.