image-blog-akana-protect-your-api-investment-with-akanas-community-portal.png
May 22, 2023

Reimagine the API Portal and Maximize Your API Investment

Security

Akana continuously seeks to help customers protect their API investments, with APIs becoming increasingly critical for the business. Protecting API endpoints through a highly reliably API management infrastructure has become of paramount importance. 

The Akana API Management Platform consists of numerous components that, taken together, provide a comprehensive set of capabilities to address all critical API aspects from any stakeholder perspective. Moreover, these capabilities are offered from a highly reliable solution, both in terms of security and operational performance. Last but not least, Akana’s current versions offer extensive automation support, allowing for seamless product upgrades that protect customer investment by mitigating any known security vulnerabilities.  

In this article, we’ll provide details on Akana’s Community Manager component, which not only provides API Portal features but also allows Akana customers to make use of advanced features like OAuth security and API product automation, ultimately helping them capitalize on the intrinsic business value of their APIs.

Back to top

About The Community Manager Portal

Great API management solutions should provide two essential capabilities: a robust API gateway to reliably process API traffic and an API Portal that provides developers and other API stakeholders with a comprehensive overview of available API products and all relevant details.

Both components have been part of Akana’s API management solution almost from the start. From its inception, Akana acknowledged the significance of the consumer perspective on APIs. Unlike any other integration architecture until then, it was clear that APIs offered a value that would eventually be determined by the level by which consumers were willing to adopt them. Even more, this implied the promise that this value might one day be capitalized upon.

The change in mindset that this observation implies cannot be underestimated. Unfortunately, for quite some time, the provider-consumer relationship was largely projected unto external consumers - in other words, developers beyond the boundaries of the enterprise network. As we have seen, it took a decade before enterprises acknowledged the intrinsic value of APIs and felt sufficiently comfortable to start capitalizing on it. Obviously, security concerns were always at the forefront, but the ways and means through which to make APIs available also proved to be challenging.

When Akana introduced its Community Manager component, it explicitly had these two main concerns in mind. 

1.) API Security

Robust API security has always been a main driver behind the Akana product, and its API Gateway has continued to rank among the most secure gateways that the market has to offer - if not being the most secure. With the introduction of Community Manager, however, security concerns also had to be addressed from quite different angles.

For example, API details would now be offered to a potentially much larger audience than before (access to the API Gateway and its associated management console was typically limited to an audience of specific, internal users). Hence, fine-grained authorized access was built into Community Manager’s API Portal from the start.

2.) Portal Security

Next, it was recognized that the Portal itself could be targeted as an additional attack vector. As it is meant to give access to APIs that represent direct access to potentially sensitive enterprise data, it was essential that the Portal itself did not contain any security loopholes.

This is why the Community Manager is built upon the reliable Akana Platform API with all necessary security measures in place, ensuring that API data are only accessible to authorized users and forbidding any malicious input, by accident or intentional.

Over the past two years, the API Portal GUI offered through Community Manager has evolved into the principal UI for most Akana Platform users. Essentially, the API Portal caters for the needs of three categories of users:

  • Akana Platform administrators
  • API admins/developers
  • API consumers 

Which functionality is accessible depends on the permissions assigned to the user in combination with the user’s network access. Think, for example, of APIs that should be accessible for internal users only versus APIs that should (also) be accessible to users outside the enterprise network perimeter. This can easily be achieved by having two distinct API Portal instances, one of which is accessible over an internal IP only, whereas the other one is accessible over the internet. Conveniently, both API Portals are part of the same Akana deployment, so may give access to the same (sub)set of API products.

Back to top

Community Manager Supports Both Internal and External Users

Let’s have a closer look at the internal-external dimension. To facilitate external developers, it has long been acknowledged that detailed API information must be provided. Businesses have discovered that APIs have ample potential to add to the business’ revenue stream. In order to be successful, however, these APIs must be adopted by external parties. To make APIs successfully attractive, they should be treated as products in their own right. Community Manager’s API Portal allows you to do exactly that.

Yet, there is no reason why only external developers should be helped in this way. Once APIs are made accessible across the enterprise, it makes great sense to apply the same API product ‘model’ to internal developers, too. Akana Community Manager’s Portal can act as the comprehensive catalogue for all enterprise APIs across all departments – whether they are deployed on the Akana API Gateway or any other gateway solution. This effectively supports API discoverability, which lies at the start of API adoption.

Back to top

Community Manager Has Kept in Step with Evolving API Management

Over time, we have witnessed significant developments in the ways APIs are appreciated and being used.

For many enterprises, APIs have evolved from a mere convenient integration capability to a highly valued business asset. Well-designed APIs allow for effective expansion of an enterprise’s digital footprint, both through internally created applications and by allowing these APIs to be utilized by third parties. Such expansion is expected to lead to additional business opportunities, expanded customer reach and improved customer satisfaction.

Many critical aspects of APIs have now been addressed in widely accepted technical standards, ensuring more consistency and, crucially, a high level of API security. Over the years, Community Manager’s API Portal has seen more of these standards turned into product features.

For example, the Portal uses OAS as the principal means for API interface documentation (though alternatives like RAML and WSDL are also supported). The use of GraphQL schema language, which is slowly gaining traction among enterprise APIs, is also supported. This means that the Portal can host a variety of APIs based on different specifications.

Next, the API Portal offers the ways and means to both apply and validate all necessary API security policies. Akana security policies are renowned for their ease of configuration and effective association with selected APIs – apart from the strong protection they provide.

Back to top

Community Manager Supports Advanced API Security Features

Community Manager effectively integrates with OAuth2.0 authorization solutions, whether it is Akana’s own OAuth Server or a third party solution. Using the Test Client built into Community Manager’s API Portal, all aspects of the OAuth2.0/OIDC spec can effectively be validated. This includes advanced features like mTLS-based client authentication, the use of PKCE and OAuth access tokens in the shape of signed or even encrypted JWTs.

RESTful APIs should see their input/output specified in schema objects. Akana not only allows such schemas to be defined in reusable Model elements, but also provides the Message Validation Policy that strictly validates input and output against the schema, refusing or flagging any message that does not comply.

Back to top

Community Manager Offers Both API Provider and API Consumer Benefits

Detailed information about API behaviour is important for both API provider and consumer. Providers need to gain insight in how well their API is doing, to keep abreast of potential issues and to make sure that it meets consumer expectations. But it is also very useful if consumers can have some of these insights themselves. For example, this may help them to see whether the applications that use an API continue to function correctly.

For this reason, Community Manager’s API Portal provides both API admins and API consumers with all necessary API metrics. Moreover, both parties may have access to detailed transaction logs to verify API behaviour or help troubleshooting incidents.

Back to top

Community Manager Supports CI/CD Automation

In line with current DevOps practices, API product automation is gaining rapid traction. An important Community Manager benefit is given through its comprehensive RESTful API. Any action that can be executed through the API Portal can also be executed by directly calling the underlying API. This can be applied to API product creation, but also to promotion of the product across environments (dev, test, etc.) and publishing the product to the designated production Portal(s).

By leveraging advanced Akana API lifecycle management capabilities, API products can be created from the CI/CD pipeline by using API profiles that contain specific metadata values. In this way, API products can automatically be given specific security policy configurations, assigned to a specific organizational scope or marked for eventual publishing in an internal or internet-facing Portal, for example.

Back to top

Summary

Akana’s Community Manager is a quintessential component of the Akana API Management Platform, as it allows for the automated provisioning of high-quality API products which, in turn, lead to a higher adoption rate by API consumers. Not only do consumers find all necessary API product details in Community Manager’s API Portal, but they can also use the Portal to review operational metrics, transaction logs and other data that help them manage their applications.

To create high-quality API products, Community Manager offers many capabilities that range from API documentation to implementing security policy packages and, increasingly relevant, the creation of subscription plans in line with an organization’s API monetization efforts.

Community Manager’s extensive set of capabilities help to protect your investment by elevating your API management programme to the level of a mature enterprise-grade solution that is compliant with modern-day security requirements and provides the means for effective API monetization.

Unlock Akana's Community Manager

Back to top