With the advancement of technology, more and more software and applications are being developed at a rapid pace. There is an ever-increasing need for applications to negotiate with each other, share data and work together. Such needs can be fulfilled by API (Application Programming Interface). API is a software intermediary that allows two applications to communicate. With APIs, it is possible to use the same data/service in mobile apps as well as in web apps without any extra coding.
To put it in simple words, APIs enable speedy application development, provides wider reach of relevant, updated data, content help in automation and Integration with efficiency. An effective API Strategy will drive future direction for nationwide e-Governance data and services. It will empower digital transformation, open the door to new avenues, drive innovation, improve time-to-value, and open up new possibilities for creative e-Governance models.
As the need for APIs is increasing, more-and-more APIs are being developed which brings security challenges. In a traditional web application, the data processing usually happens at the server end thus limiting the entry points to the network architecture and thereby limiting the attack surface of the overall application. In API-based applications, the processing of data is not limited to the server end rather, more and more clients fetch the data from APIs, then do the processing and rendering, which significantly expands the attack surface as entry points to the network increases.
Also, with the increasing number of API consumers, keeping track becomes challenging and analysis of API traffic becomes difficult. Since the API call happens from an external application or system; limiting the traffic on the API becomes crucial because bots can send multiple numbers of requests in a short time. With the increasing challenges in application security and traffic management the need for an API management platform arises. It becomes crucial to manage the API lifecycle from design, creation, deprecation, and retirement.
API management platform focuses on the following aspects:
Designing and Publishing APIs – The ability to design, publish, deploy APIs as per the best practices of API development hence bringing the standardization in the API development.
• API Authentication & Authorization – Authentication and Authorization for API using Open Authorization (OAuth 2.0), JSON Web Token (JWT), and API Keys.
• Throttling Policies – Limiting traffic based on resource, API endpoint, and the user is needed to limit the API usage which can help in avoiding the DDoS attack.
• API Analytics – Monitor API uses, their load, performance, transaction logs, and other matrices so that the functional and business capability of the API can be monitored regularly.
• API Lifecycle Management – Managing an API lifecycle from creation, publishing, deprecation, to retirement.
• Version Management – Managing multiple versions of an API.
Having recognized these requirements, the QA and API Infrastructure Management Division of NIC developed the National API Exchange Platform (NAPIX), which has the vision to provide features of API management to various stakeholders. The platform facilitates in publishing and consumption of APIs, thus ensuring co-creation and innovation in application development methodologies.
This platform provides various benefits to API owners and consumers, some are listed below –
• The core component of API Management solution is an API Gateway. It acts as an API front-end, receives API requests, and enforces throttling and security policies.
• A collection of API Publishing Tools that API providers use to define APIs, using the OpenAPI Specifications.
• Developer portal that can encapsulate API users in single-source information and functionality including documentation, tutorials, sample code, software development kits, and interactive API console.
• Functionality to monitor API usage and load through Reporting and Analytics.