Overview

I recently finished a project that required replacement of an on-prem version of Mashery or take the path of the Tibco Cloud API Management. I ended up pushing towards Azure based on cost savings and ability to meet requirements.

APIM Vs. Mashery

Azure API Management (APIM) and Tibco's Mashery are in the business capability category of "Full API Lifecycle Management and API Hub/Gateway".

Mashery Key Features:

• Mashery API Explorer- Sign In and discover new APIs from our open data commons of RESTful APIs or contributed from our open source I/O Docs GitHub Project
• Developer Connect- Developer Connect matches API developers with API projects.
• API Status Monitor- The Mashery API Status monitor provides this transparency with third-party real-time and historical performance issues.

What is Azure API Management? 

Azure provides a Hybrid, multi-cloud management platform for APIs with a single place for managing APIs. It is classified as a platform-as-a-service, and supports the complete API lifecycle.

You can use API Management to provide a Gateway to any service residing on-premise, in a container or cloud (back-end services). It can help you securely expose your APIs to third parties, partners or internally.

Azure API Management Key Features:

• Azure Portal - administrative interface where you set up API program to:
  • Define or import API schema.
  • Package APIs into products.
  • Set up policies like quotas or transformations on the APIs.
  • Get insights from analytics.
  • Manage users.
• API Gateway - is the endpoint that:
  • Accepts API calls and routes them to your backends
  • Verifies API keys, JWT tokens, certificates, and other credentials
  • Enforces usage quotas and rate limits.
  • Transforms your API on the fly without code modifications.
  • Caches backend responses were set up.
  • Logs call metadata for analytics purposes.
• Developer Portal - serves as the main web presence for developers to:
  • Read API documentation.
  • Try out an API via the interactive console.
  • Create an account and subscribe to get API keys.
  • Access analytics on their own usage.

APIM Pros and Cons

Pros:

• Developer Portal - works well out of the box, while a little rough around the edges and provides a fairly nice UI for externalizing APIs. Developers can register themselves and request and manage subscriptions to products/APIs. The site is customizable though that process cumbersome. The sign-up process even has customizable email templates for verification.
• Flexibility - there are tons of customizations that are possible through API policies. This could be transforming XML to JSON or vice versa, modifying headers, restricting parameters, redirecting to different end-points depending on the message body.
• Management - the structure of how APIs are managed is well thought-out. It makes it quick to start standing up new APIs and versioning them. Additionally, the analytics provided are also very helpful in diagnosing possible bottlenecks or unusual usage.
• Cost - the upfront cost is flexible. If you're just starting out with API management, it can be an expensive proposition. Value increases as you add additional APIs. If you're using Azure B2C for the developer portal, you'll require Standard or Premium since they support AAD integration however it's only identity-based tokens.

Cons:

• Security Granularity - at time of writing, APIM doesn't support breaking out operations to products. For example, if you have an API that has a GET and a POST operation, and you want the POST operation to require a different subscription. There is a work around, but it makes management a bit messy.
• Developer and Publisher Portal - it's a bit strange at first. Microsoft hasn't migrated all the publisher portal functionality into the "native" Azure portal. So some of it feels a little weird - especially when working with the content management side of things for the developer portal.
• Scaling - while it's easy to scale up, the cost of APIM ramps up very quickly and you will want to have budget alerts setup. Standard -> Premium is a 4x jump.

Alternative to APIM and Mashery

These are a few of the notible alternatives to Azure and Tibco.

1. Apigee - API management, design, analytics, and security are at the heart of modern digital architecture. The Apigee intelligent API platform is a complete solution for moving business to the digital world.
2. OcelotIt - Aimed at people using .NET running a micro services/service oriented architecture that need a unified point of entry into their system. However it will work with anything that speaks HTTP and run on any platform that ASP.NET Core supports. It manipulates the HttpRequest object into a state specified by its configuration until it reaches a request builder middleware where it creates a HttpRequestMessage object which is used to make a request to a downstream service.
3. Kong - A scalable, open source API Layer (also known as an API Gateway, or API Middleware). Kong controls layer 4 and 7 traffic and can be extended via Plugins that provide extra functionality and services beyond the core platform.