Scheer PAS API Management

API-Management from Scheer PAS offers you maximum control with the administration and optimization of your programming interfaces.

This comes from the differing levels of access rights for the use and administration of API’s, services and clients. The supply and publishing of agreements (contracts) can also be controlled flexibly and in real time. Access to interfaces is possible via (fixed) contracts as well as via the use of open API’s. The documentation of your API’s is secured over their complete lifecycle with the help of Swagger (Open API Specification)

You benefit from the comprehensive functionality of the Process Automation Suite integration platform. All connected REST and SOAP interfaces are secured via API Management. In addition, REST and SOAP interfaces from other systems can also be administered. You can now offer the flexible use of individual API’s to your developers and partners as well as to your end-customers. Scheer PAS API Management makes possible the direct import of xUML Service endpoints into API-Management.

The availability of policies offers additional benefits for your agility. These are a succession of differing statements that are applied sequentially at diverse points (API, plan, client etc.) and which can be adapted flexibly to specific needs. Policies in API-Management offer the opportunity to adapt the behaviour of an interface quickly and easily.

API-Management procedure with Scheer PAS

The provision of a programming interface takes place in multiple steps. First of all the API must be chosen, or rather, newly created. Following this, a plan, or a group of rules (policies) is defined. In doing so, multiple plans can be defined. The next step is to create a user for the API (customer) and to define a contract. The contract links a specific plan to an API. Any number of contracts can be created per customer.

In order to administer a large number of interfaces, API’s, plans and customers must be classified into groups. These groups are called “organizations”. Users within an organization are allocated rights in the form of roles. For example, a user with the role “API viewer” may view all the API’s in an organization, but not edit them.

What is API-Management?

API-Management offers you the possibility of administering diverse programming interfaces (also known as application programming interfaces) centrally. Alongside administration, API-Management serves the control and provision of interfaces. In this way API’s are mostly catalogued, versioned, documented and finally published internally or externally. The resulting catalog contains an overview of all available interfaces.

The publishing of the respective API takes place via gateways. A gateway is upstream of the actual implementation in the backend and serves as a centralised collection point for requests.

How are API-Management projects implemented?

API-Management projects are very individual in nature and are oriented always towards the current needs of the respective company. There are, however, certain scenarios which occur frequently in a business context and these are outlined below.

Scenario A
An interface is to be offered to two partners.

First of all the interface is clearly defined. In this specific example a contract with 10,000 accesses per day is set up for the first partner. The second partner however is given a contract with 100,000 accesses per day. The API-Management task is to monitor the interfaces and to protocol the number of accesses in order to prepare a statement of account at the end of the month.

Scenario B
An interface is used by multiple mobile apps.

The problem with mobile applications: a large amount of data is transferred, so much that a data limit must be set in order to prevent the system becoming overloaded. Via the interface administration function a customer can be set up for each mobile app and a data limit can be applied to each one.

Szenario C
Transparency in the company.

In a large organisation there are many users for popular interfaces. On changes to an API it is important to know who is currently using the interface and how intensively. This is important to know as the implementation effort can therefore be planned in advance. It is advantageous in this scenario if each internal user is recorded in API-Management as a customer. In this way the unique identifier of the user (API key) is communicated with each use. This way the company has a permanent overview of, and control over interface usage.

Why does API-Management make sense?

Modern interface management systems improve in particular the agility and security of a company’s IT infrastructure. Such systems enable the saving and administration of differing versions of a programming interface. Also, many differing API’s can be offered via a particular URL. If required, an open or a private API can be created. This way user access can be explicitly controlled and administered.

The benefits of API-Management

  • Centralized security: via automatically applied guidelines and centralised administration of users, access rights and authentication
  • Version administration: versioning of APIs and clients
  • Scalability: through the use of multiple and specialised gateways
  • Caching: the load in the backend can be reduced through the caching of data-intensive requests or data which seldom changes
  • Optimization:using metrics and access controls performance can be optimized by targeted changes
  • Monitoring of data traffic from individual clients and API’s
  • Simplified statements of account
  • Quota-Limits: offer a way of limiting the total number of requests to an interface. For example, a daily limit of 1,000 requests can be set
  • Rate-Limits: offer a way of ensuring that the backend does become overloaded. For example a maximum of 100 requests per minute – the ideal prevention of denial of service attacks (DOS)
  • Time controlled availability: APIs are only available – or not available – for a freely defined period of time
  • Traffic limitations: limitations on data volume can be set for the API or individual clients