Introducción a Azure API Management

Estamos atendiendo a un cambio en el modo de afrontar la incorporación de software externo a un proyecto. Cada día es más habitual el incorporar el uso de APIs externas para suplir funciones en lugar de incorporar el software y los datos necesarios para llevarlas a cabo internamente. Todos hemos oído o leído que el paradigma del futuro cercano son los microservicios y llevamos muchísimo viendo las bondades de las APIs REST. Este cambio, como todos, tiene sus cosas buenas y sus cosas no tan buenas.

Seguir leyendo en CompartiMOSS.

WSO2 vs Azure API Management

Next values are estimations and all of them depend on the final production needs.

  WSO2 Azure API Management
Deployment effort 24-40 hours 1 hour
New API effort 1-2 hours 1-2 hours
Scale effort 4-8 hours 1 hour
Distribute in other location effort 16-24 hours 1 hour
Min dev. environment costs 1 machine = 587 euros yearly 486 euros yearly
Min pro. environment costs 12 machines + 8,500 euros (yearly) for production support = 15,544 28,288 euros yearly + 1,404 euros for VPN connection to private endpoints = 29,692
Pros –          It is more flexible thinking about configuration and deployment options –          Its management is easier and faster.
Cons –          Hard maintenance –          Its more expensive

–          At this moment you can only use this over Azure infrastructure.

Azure API Management

It is a cloud API Manager that can connect to public and private endpoints. It is provided by Microsoft and cannot be installed as on premise service (but they are open to suggestions about this point and it is under review: “There is no on-premises deployment option available at this time but you can vote on uservoice if you’d like this capability. However, you can certainly use Azure-based API management with on-premises systems and data.”).

At this moment it does not provide a monetization standard (but it is under review: ”We’ll monitor continued feedback on this item”).

It is planned to provide a standard way to have testing and live environments (Sandbox Environment – SBE).

Set Up

Follow a two steps wizard is the only need to set up an Azure API Management instance.

Azure APIM 1

Azure APIM 2

Advanced configuration can be provided in order to personalize security, rate limits or monitoring capabilities.


A publisher can add a new API manually or import it using WADL or Swagger definition files.

Azure APIM 3

A subscriber can discover and subscribe to an API throw developer portal.

WSO2 API Manager

It can be installed on premise or it can be used in its cloud version. The cloud is a beta version. We will only consider the on premise versio. Thinking about an on premise solution you are responsible of deploy an environment that provides availability, scale capabilities, and low latency for all subscribers.

Set up

In order to create a preproduction environment all the components can be installed, configured and run in the same machine.

In order to create a production environment the different components (API Publisher, Gateway, Store, Key Manager, and 3 MySQL Databases) should be installed in separate servers. Multiple instances of these components should be set up behind a load balancer in order to provide high availability.


Additionally, a monitoring component could be included. Different configurations must be applied to each component.


A publisher can publish an API manually, using a WSDL in a SOAP Endpoint or other API definition file for another type of service.

A subscriber can discover and subscribe to an API throw Store component. After that she can invoke the API using SOAP or REST clients.


API Management

What is it?

Creating a centralized API architecture that makes the process of composing, securing and managing high-performance interfaces significantly simpler and more consistent.

API Management helps organizations publish APIs to external, partner and internal developers to unlock the potential of their data and services. API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security and protection.

Main areas

  • API Security—Enterprises cannot afford misuse or abuse of their information or of any application resources exposed by an API.
  • API Lifecycle Management—Enterprises need a way to ensure API updates do not break when they upgrade/version APIs or move between environments, geographies, datacenters and the cloud.
  • API Governance—Enterprises need a way to control and track the broader operational character of how APIs get exposed to different partners and developers, through policy characteristics like metering, SLA, availability and performance.
  • Developer Enablement and Community Building—Enterprises need a way to bring developers on board, manage these developers and assist them in making the most of the exposed APIs.
  • API Monetization—For some enterprises, publishing APIs is not enough. APIs also represent a new revenue opportunity. Different API Management solutions enable monetization to different degrees. For enterprises, addressing these functional requirements is non-negotiable. However, along with these functional requirements, an enterprise will expect its API Management solution to deliver certain operational characteristics relevant to its unique IT experience.
  • Solution Manageability—Enterprises have development, test and production environments that span geographies, datacenters and clouds. They will therefore need an API Management solution that can fit their specific development styles and processes.
  • Solution Reliability—Enterprises publishing APIs commercially expect 5 9’s uptime, if not greater. Enterprises cannot afford outages.

Main features

  • API Integration – Ensure consistency between multiple API implementations and versions.
  • Documentation (Doc) – One of the most common problems of developers is figuring out how an API works. Development time is too precious to waste in trial and error of an undocumented API. An API management service has to provide an easy way to read the documentation and enable developers to “try before they buy”. In some cases it is even possible to provide interactive documentation. Simplicity and usability are the keys.
  • Analytics and Statistics (A&S) – It is critical to understand how people use your API and get insights for your business.
  • Deployment (Dep) – Should be flexible and support public or private clouds, on-premises implementations, or combinations.
  • Developer engagement (Dev) – Engaging with your API consumers, developer or partners is important. Getting an easily accessible developer portal will significantly facilitate onboarding.
  • Sandbox environment (SBE) – This feature will increase both the value of an API and its adoption rate, making easy to test code.
  • Traffic management (Tra) and caching abilities (Cch).
  • Security (Sec) – APIs carry sensitive data, so it is important to protect the exposed information. The service has to at least provide identity and access management for users and developers.
  • Monetization (Mon) – Provide the capability to monetize your API.
  • Availability (Ava) – Should be available, scalable and redundant. An API environment can become demanding and the service should be able to deal with any kind of errors, problems or temporary traffic spikes.


  Doc A&S Dep Dev SBE Tra Cch Sec Mon Ava
3scale Yes Yes   Yes   Yes   Yes Yes  
Akana Yes Yes   Yes         Yes  
Amazon API Gateway   Yes No       Yes Yes   Yes
ApiAxle   Yes Yes     Yes        
Apigee   Yes           Yes Yes Yes
Axway     Yes         Yes   Yes
Azure API Management Yes Yes Yes Yes No Yes Yes Yes No Yes
CA Layer 7   Yes   Yes   Yes   Yes Yes Yes
IBM API Management   Yes   Yes       Yes   Yes
Mashape Yes Yes   Yes       Yes Yes Yes
Mashery   Yes   Yes   Yes   Yes    
Mulesoft   Yes Yes     Yes   Yes    
Oracle SOA Yes Yes   Yes       Yes    
WSO2 Yes Yes Yes Yes Yes Yes Yes Yes Yes No

* White boxes indicate that no documentation about subject could be found on the first looks

Políticas en API Management, mi colaboración en el Global Azure Bootcamp

Nota rápida para compartiros mi charla del Global Azure Bootcamp. En ella introduzco el entorno de API Management que proporciona Azure, y vemos cómo se pueden usar las políticas para hacer prácticamente lo que nos dé la gana. Podéis ver todos los videos en Channel 9.