Skip to Content
Pillar Pages

The World of API Simplified – API Integration and API Management

Ready to learn about API integration? Discover how to integrate with APIs and manage systems in real time while creating new opportunities for innovation.

Overview

1. Executive summary: API integration and API management

APIs connect applications, systems, mobile devices and partners in real time. From mobile apps, e-business or cloud, to onsite or point-of-sales connections, APIs enable fast, secure, easy access to data and business processes.

We will answer these questions: What are APIs? Why are APIs so important? What opportunities and possibilities do APIs offer? What is an API integration? And what is API full lifecycle management? We will also introduce you to the SEEBURGER BIS API Management and API Integration capabilities.

APIs are creating new opportunities for digitalization.

2. What is an API?

APIs play an important role in software development by enabling, for example, one program to provide its functionality to other programs or systems via interfaces (APIs). These APIs connect applications and systems with each other, open data silos and allow developers of new applications to access and reuse existing applications and data sources. APIs open various functional units to the outside world and connect platforms with ecosystems. They are designed for real-time scenarios and facilitate interactions between any system, application or mobile device app.

In short, APIs offer a standardized way for clearly defining the kind of data or functionality that a system or application can provide in real time. These quick and easy entry–point interfaces have enabled organizations to implement innovative business models and new initiatives.

API Consumer API Provider

The risk of overloading the provider with too many individual requests and the administrative overhead associated with the large number of individual requests (e.g., for checking access authorizations) are also reasons why APIs are less suitable for mass data processing and batch processes than classic asynchronous communication protocols (e.g., EDI).

Rather, the power of APIs lies in their openness and flexibility, which allow applications and systems to be loosely connected and data silos to be opened by allowing application developers to access and reuse existing applications and data sources. APIs are what make today's interactions between any system, application, mobile device, or app possible.

In short, APIs provide an elegant way to clearly define what kind of data or functionality a system or application can provide in real-time. These simple and fast entry points into systems and applications have transformed and continue to transform entire business models and drive new strategic business directions.

There are three types of APIs, depending on how they are used:

  • Internal/private APIs
  • Partner APIs
  • Public APIs

To learn more about how APIs work, check out our in-depth blogs: What is an API and API – What is it really all about.

3. Why are APIs so important?

Application Programming Interfaces (APIs) integrate business processes, services, content and data. They connect partners, systems, internal teams and numerous other sources easily and securely.

APIs shape the digital world. Today, there are more than 20,000 APIs listed in API portal directories, with several hundred being added every month. In addition, only public APIs are listed in these directories. If you consider the countless APIs that are currently used internally by companies, the number 20,000 is conservative, at best.

Why have APIs become so important to business?

APIs enable existing application functions and data to be leveraged by other systems and applications. This means, for example, that with an API, data within a company database can be made available to other internal systems (i.e. legacy system integration). Before APIs, only isolated or locally-used resources could be made available to other systems.

The more a company is internally integrated and the more it connects different applications through APIs, the more accurate and comprehensive the information it can obtain. For example, API integration enables companies to obtain data about its customers, which can be a significant competitive edge.

In addition to internal networking, APIs can also open the door to the outside world for companies to innovate, create new business models and take advantage of their digital transformation. Many companies are already providing APIs to suppliers, customers and other partners to help them access relevant information. In addition, APIs allow this information to be directly implemented into other systems, where it can be accessed in real time.

Where external partners get access to internal APIs, it is often possible to develop a business model that generates additional revenue. There are virtually no limits to the opportunities for companies to integrate with APIs.

4. APIs – new opportunities and possibilities

When Amazon founder Jeff Bezos proclaimed the API First strategy in his famous mandate in 2002, he was already aware that the digital future will be built on a strategy of data opening, not only internally but also externally.

Jeff Bezos, CEO and founder of AMAZON, 2002

The Famous Mandate

All teams will henceforth expose their data and functionality through service interfaces.
Teams must communicate with each other through these interfaces.
No other interprocess communication is allowed other than service interfaces over the network.
It doesn't matter what technology they use.
All service interfaces, without exception, must be designed to be externalizable. No exceptions.
Anyone who doesn't do this will be fired.

Two points of this mandate are critical to the development of APIs and the ability to integrate with APIs:

Point 1
From now on, all teams will provide their data and functionalities via service interfaces (APIs).

Point 5
All these APIs must be designed to be externalizable - without exception.
(Must be shareable with the customer or the outside world.)

First, Jeff Bezos dictates to develop APIs internally, according to the company's own needs, which ensures their practicality. Then, he orders synergy with business partners to design APIs in such a way that they can also be used externally.

This is THE reason why Amazon is so successful

  • Almost every retailer today also uses Amazon as a distribution channel – via APIs.
  • Many households stream their videos via Amazon and use Alexa as a voice-controlled search engine – via APIs.
  • Connections for delivery services, music services and even your Amazon shop run via APIs.

The development of new services, business models and features is much easier in an IT landscape characterized by API interfaces. Companies are thus prepared for the future in the long term and more attractive for employees, partners and customers. However, the prerequisite for the efficient use of APIs is the ability to integrate with APIs with professional API management.

Cross-industry competitive advantages thanks to the use of APIs

Many companies provide supply chain management APIs to deliver real-time inventory information

 a complete product catalog or current pricing information to their customers. APIs enable customers to integrate this up-to-date information directly into their ordering system.

Utilities are working to deliver real-time

continuous energy consumption to their corporate customers via APIs using digitalized electricity meters that are integrated via APIs.

Consumer goods companies face market giants like Amazon or Wayfair by offering their services through integrated APIs

or even copying their customer experience and range of services to their own web channels.

Banks are providing their B2B customers with high-quality real-time information

on the status of mass transactions received via traditional integration processes such as MFT.

In many cases, the pay-for-use model has replaced the prepayment model

For consumer goods, this can mean measuring usage and transferring the data via an API to a central billing center.

New high-quality, marketable services were created from the reuse

and/or combination of internal data with the internal digital infrastructure.

Information from the point of sale can be provided directly to the manufacturer of the goods as a chargeable service in real time

he manufacturer can then analyze and use this data in combination with consumer information provided via Twitter or Facebook (via API).

Industrial IoT, APIs and unlimited possibilities

Providers of large, electronically controlled machines are now able to centrally monitor machine data using APIs. Each machine is connected to the main system via its own APIs and transmits data at regular intervals. Possible malfunctions and wear are detected early, maintenance can be provided, and spare parts are ordered or exchanged when needed. With API-based integration, this data can be directly connected with the ERP system, inventory and employees, providing multiple opportunities for new efficiencies.

The scope of APIs goes beyond machine data; there are practically no limits to the possible applications. From sensors on a highway, to shipping containers in a cargo bay, data is transmitted via APIs to communicate with various stops along a supply chain. Intelligent household appliances can be controlled via applications, desktops can be woven into a communicating IT infrastructure, and external partners can be connected and integrated into your partner portal – all via API integration.

5. What is an API integration

As we’ve explained, everything from sensors on a highway and shipping containers to household appliances can now be controlled and managed via APIs.

And how is it possible that all this data can be collected and used from different sources, via different connections and in different formats? The answer is API integration.

API integration refers to the translation process for which the interface is responsible. It enables connected functional units to communicate with each other. The target structure of adjacent functional units and data units can differ greatly, which can make mediation difficult. In addition, outgoing responses must also be transmitted in the appropriate format.

All these translation tasks are handled by API integration. Also, an API does not necessarily have to be associated with only one functional unit. Depending on the scenario and the structure of the infrastructure, the request of an API must be resolved into various request types on different backend systems. Since the respective backend systems can communicate in different ways, multidimensional API integration is necessary to provide a unified response.

API-based integration enables seamless connectivity between disparate software systems by allowing them to communicate and exchange data in real time. This streamlines workflows, enhances data accuracy and optimizes operational efficiency by automating interactions and integrating functionalities.

Read more in our blog What is API Integration? and learn how to overcome the challenges of API integration.

6. What is API management?

API management is the process of managing, regulating, securing and monitoring APIs in a secure and protected environment. It enables you to control the increasing number of internal and external APIs used or provided by an organization. API management addresses the needs of all API stakeholders, including API publishers, API developers, app developers and API consumers.

The company (or department) that provides APIs for others. An API publisher is also responsible for administering the APIs and monitoring daily API usage.

API management is the core element serving all stakeholders, directly or indirectly. APIs need to be managed and monitored accordingly.

Why API management? Unmanaged APIs are not secure and cannot be reused efficiently. Their acceptance rate is low. If not properly managed, they put a service-based infrastructure of systems and applications at risk because they are not protected. APIs, if unmanaged, are the primary cause of business vulnerability that can result in high costs. Our API management infographic illustrates the benefits of managed APIs compared to unmanaged APIs.

API management is the solution to avoid this threat to your company!

Learn more about the tasks of API management, how it can be part of the API infrastructure and all the challenges in our detailed blog: What is API management?

Challenges of API full lifecycle management

The more APIs an organization provides and the larger the addressed and actual user base, the better it helps to manage APIs with full lifecycle management. It provides a holistic view for managing all APIs.

The entire process from the design and release of an API to the end is called the API lifecycle. This API lifecycle has to be managed and documented, and this documentation needs to be made available to all API stakeholders who use and integrate with APIs.

API full life cycle management is the management and control of APIs throughout their entire lifecycle.

API Full Lifecycle Management handles the administration and organization of the various phases in the life of an API. According to Gartner, the 5 phases of the API lifecycle are planning and design, implementation and testing, deploy and run (basic), deploy and run (advanced), and versioning and retirement.

API-Full-Lifecycle-Management
  • Planning and Design: What are the functions of an API, who has access rights, what is the expected volume, etc?
  • Implementation and Testing: API implementation and test definitions to detect problems early on.
  • Deploy and Run (Basic): Adoption of API documentation in the API catalog and definition of guidelines, among others for mediation, traffic management and security.
  • Deploy and Run (Advanced): Definition of further meta information and creation of reports regarding API monetization, adoption and frequency of consumption.
  • Versioning and Retirement: Decision on the basis of collected data whether an API is deactivated, extended or continued as before.

API full lifecycle management follows an API from design and delivery to enhancement and deactivation.

White Paper: API Security – A Brief Introduction | EN

 White Paper

API Security
A Brief Introduction

Read now

7. What is an API integration and API management solution

The previous sections described the individual components in the universe of APIs and their functions. Finally, we address the questions of how these individual elements are connected as a whole and how you as an organization can best use them for your purposes.

The SEEBURGER BIS Platform API capabilities are a comprehensive solution to support API-based integration. It covers the entire API lifecycle, from creation, implementation, publishing to use, and supports API protection, API usage monitoring, and identity and access rights management.

The SEEBURGER BIS API Solution includes the following components:

BIS API Integration (BIS API/EAI)

Enables the development, administration, monitoring and control of all types of integration scenarios. This involves both systematic integration and ad hoc integration. The intuitive Web front end makes it possible to implement new APIs simply by configuration, even without programming.

BIS API Management (BIS API Management Solution)

Responsible for ensuring API governance with the associated components

API Gateway

Hosts and executes API proxies that enforce API governance. Checks the access rights of the requester and routes the calls to internal services or converts them to internal interface calls.

API Portal

Provides customized role-based functionality for API vendors and API consumers/App developers through a web-based application, minimizing administration and communication overhead.

Components of the SEEBURGER API Solution

API First Strategy Supports New Ways of B2B Sales

OSRAM connects multiple systems via API management and API integration to Salesforce and has successfully completed the first phase of its Next Generation Sales project.

OSRAM Video

Companies that want to integrate with APIs should establish a clear strategy from the beginning. Typically, companies start with a few APIs that are easy to manage. The amount of APIs often grows rapidly, making it more and more difficult to maintain control. The number of systems and people involved can also increase quickly, pushing unstructured solutions to their limits.

What does this mean for you?

Consuming or deploying APIs is only one step in a much larger process. Whether you want to use and integrate with APIs as the foundation for a new business model, centralize internal data or make everyday work easier for employees with an app – you can do it.

APIs are your key to digitalization!

To choose the right API-based integration solution for your business, you need an experienced partner. The SEEBURGER BIS Platform with API integration and API management capabilities empower you to integrate with APIs for maximum results.

8. API-based integration glossary

Access Management

Access Management enables access control to individual APIs. It controls who has access to which API gateway or API portal and what individual users are allowed to do.

API

An Application Programming Interface (API) is an interface or communication protocol between different parts of a computer program intended to simplify the implementation and maintenance of software. An API may be used for a web-based system, operating system, database system, piece of hardware or software library.

API Catalog

In an API catalog, API publishers manage the API lifecycle, maintain API documentation and control the visibility of their APIs. App developers use an API catalog to browse and subscribe to APIs and obtain access to API documentation and lifecycle information.

API Consumer

API consumers use provided APIs. They are identifiable within the API gateway, but they may not be assigned to business units or organizational units.

API Developer

API developers work within the API management area. Unlike an API publisher, developers do not provide and configure the API, but they are responsible for implementation and integration of APIs into the backend.

API Integration

API integration involves connecting and enabling communication between different software applications through their APIs, allowing them to work together seamlessly. Backend integration is supported by a broad range of adapters for different types of interfaces and applications. This includes multiple backend-systems, complex integrations or ‘heavy lifting’, as well as protocol- and content- handling.

API Management

API management is a set of processes that distribute, control and analyze APIs. API management includes provisioning of all API information, the API lifecycle and API security, as well as performance measurement and documentation.

API Manager / BIS API Manager

BIS API Manager is SEEBURGER’s application for managing APIs.

API Portal / BIS API Portal

The API portal is part of the SEEBURGER BIS API Management Solution. The API portal is the platform for configuring and monitoring API proxies running on the API gateway. The API portal is used by both API providers who want to provide APIs giving access to backend services, and app developers who want to use APIs.

API Proxy

An API proxy is an interface to consumers who want to use backend services. Within the proxy, API policies are executed.

API Publisher

The API publisher provides the API, configures it with policies and manages the API lifecycle.

App

An app is a virtual representation consuming one or more APIs for a specific business use case. Apps can be mobile apps, web apps or business processes.

App Developer

The app developer is responsible for developing apps that consume APIs.

Asynchronous

A data transmission technique that does not require the sender and the receiver to be synchronized in their schedule.

Authentication

Authentication is used to ensure that people or apps accessing APIs actually have the identity they claim to have. The most common authentication is basic authentication. Identity is secured by a user name and password. Authentication answers the question: who are you?

Authorization

Authorization follows authentication. Authorization checks whether the identity has the necessary rights for the desired activity. Authorization answers the question: what are you allowed to do?

Bearer Token

The bearer token is used for authentication and can represent an access token. The token, which is a cryptic string, is sent with the request to a resource server and contains the necessary information. As an example, bearer tokens are used in OAuth2.0.

Caching

Caching is used to provide frequently-used data in a fast and resource-conserving way. It provides increased performance and quick availability, because the data does not have to be generated every time it is requested or extracted from slow systems.

Content Validation

Content validation checks the syntax in the payload within APIs to detect vulnerabilities like mass assignment or injection attacks.

Developer Portal / BIS Developer Portal

The developer portal is part of the API portal within SEEBURGER’s API Manager app. It is the entry point for app developers and consumers. For app developers, it provides app management that allows them to maintain app-specific settings and apply for API keys. The API consumer and app developer can browse the catalog, request and receive detailed information about APIs.

Endpoint

APIs access required resources via endpoints. Endpoints represent the access point on a server or system with a specific URL.

Gateway / API Gateway / BIS API Gateway

BIS API Gateway is part of SEEBURGER BIS API Management. It is the platform for hosting and executing API proxies. When backend services are simple, the API gateway can connect to them directly. When there is more complexity involved, BIS API Integration is required for mediation. The API gateway is also used as a line of defense against security threats from the outside world.

JSON

JavaScript Object Notation (JSON) is a data exchange format similar to XML. JSON uses human-readable text to transmit data objects consisting of attribute–value pairs and array data types.

JWT

JSON Web Token (JWT) is an authorization token consisting of three components. The header specifies the encryption or signature procedure, as well as the type of JWT. The payload consists of any number of key/value pairs. Both components are encoded (e.g. Base64). The third component, the signature, is also encoded. The token is transmitted either as request-parameter or in the header and looks like this: Header.Payload.Signature

Lifecycle

The lifecycle describes the different phases an API goes through, from planning to versioning and retirement. Depending on the form of presentation, there can be any number of phases, but the content is always the same:

  1. Planning and Initial Design
  2. Implementation and Testing
  3. Deploy and Run (Basic)
  4. Deploy and Run (Advanced)
  5. Versioning and Retirement

Source: Gartner Inc.

Mediation

Mediation is the connection between the inner and outer world and the transformation of formats. This can be anything from simple JSON, to XML mappings, to complex transformations with business logic. Simple mediation topics are handled within the gateway, but as soon as complexity or business logic is added, API integration is required.

OAS

The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation or through network traffic inspection.

Policies and Policy Management

Policies provide rules for the API gateway. These rules define the behavior of, or access to, an API. The policies are used to manage APIs. Policy management is required for the administration, creation and activation of single or multiple policies.

Publisher Portal / SEEBURGER Publisher Portal

SEEBURGER’s Publisher Portal is part of the API portal within the API Manager app. In this portal, the API publisher can manage the lifecycle of APIs and configure rules.

Quota

Quotas regulate the use of APIs and limit the number of possible requests. Quotas are expressed in requests per time, with time being calculated in seconds, minutes, hours, days, etc. Quotas are used by businesses and are often used in conjunction with monetization.

Request/Response

Request and response refer to the inquiry of an API and the answer that is sent. Request and response have nothing to do with how an answer is returned; they have to be defined and then follow a given pattern or rule.

REST

REST stands for Representational State Transfer. REST and SOAP are the two programming paradigms. REST APIs are based on the architectural design in which interaction occurs via HTTP methods such as POST, GET, PUT and DELETE.

API Security

Security protects the API, the API Gateway and the entire backend system. Security is, for example, provided through access permissions,and must meet format and content regulations.

SOAP

SOAP stands for Simple Object Access Protocol. SOAP and REST are the two programming paradigms. A SOAP package consists of three aspects: SOAP-Envelope, SOAP-Header and SOAP-Body.

Spike Arrest

Similar to quotas and throttling, spike arrest regulates API access rate. Spike Arrest is used to protect against peak loads and a large number of accesses in a short time period. Spike Arrest is based on averages. For example: 10 calls in 10 seconds means that every second only one call may be executed (calls/time).

Streaming

With streaming APIs, a connection is established and maintained rather than the connection being open and closed for a certain period of time. With these permanently open connections, data is either streamed continuously or as it becomes available.

Swagger

Swagger is an interface definition language and is used to describe API interfaces, usually for REST APIs. APIs can be created based on Swagger data, in JSON or YAML.

Throttling

Throttling is a way to regulate usage of APIs by consumers during a given period. Throttling can be defined at the application level and API level.

Token

Tokens are used for authentication and authorization. Tokens are encrypted strings that contain authentication and authorization information. Tokens can be stored and reused and have various life spans depending on the methods and settings used.

Traffic Management

The number and frequency of APIs and API gateway usage must be regulated from both economic and safety-critical points of view. Both throttling and quotas are traffic management methods.

Web Application Firewall

The web application firewall is a part of the protection architecture and provides functions to protect the API gateway, the entire API management architecture and individual APIs.

WSDL

Like Swagger, the Web Service Description Language (WSDL) is used to describe API functionality and is based on XML. With WSDL 2.0, it is possible to describe REST APIs, but is more commonly used for SOAP APIs.

XML

Extensible Markup Language (XML), like JSON, is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

Do you work in a sector with its own specific needs?

Take a look at the SEEBURGER range of industry-specific solutions