Concepts
The APIM system is composed of key entities and components that work together to support full lifecycle API management. This section defines each concept, its role in the system, and how it contributes to API development, publication, and consumption.
API Manager
Definition: The API Manager is a system user responsible for defining, configuring, and maintaining APIs throughout their lifecycle.
System Location: Uses the APIM Console for all configuration and management tasks.
Key Responsibilities:
- Develop and register backend services
- Define API endpoints and specifications
- Write and manage API documentation
- Configure routing and policy enforcement
- Publish APIs to the designated gateways
API User
Definition: The API User is a developer or application team that consumes APIs published on the platform.
System Location: Interacts with the system via the Developer Portal and frontend applications.
Key Responsibilities:
- Access and review API documentation
- Request API access and authentication credentials
- Integrate APIs into frontend applications (Web/Mobile)
- Monitor usage and manage API tokens
Backend Service
Definition: A backend service is the core business logic or data-processing unit that the API exposes.
System Location: Resides outside of the APIM system but is registered and accessed through it.
Function:
- Receives and processes API requests
- Returns structured data or service outcomes to the client via the gateway
Frontend Application
Definition: A consumer-facing web or mobile application that utilizes APIs to deliver business functionality to end-users.
System Location: Built and operated externally by API Users.
Function:
- Sends structured requests to the API Gateway
- Receives and displays API responses to end users
- Acts as the client interface for API-based interactions
API Gateway
Definition: The API Gateway is a core runtime component responsible for enforcing policies, routing traffic, and processing API calls.
System Location: Positioned between frontend applications and backend services.
Key Functions:
- Validate and authenticate incoming API requests
- Apply request and response policies (e.g., throttling, transformation)
- Route requests to the appropriate backend service
- Support replication, scalability, and isolation across multiple projects
APIM Console (API Management Console)
Definition: The APIM Console is the main administrative interface for managing APIs, policies, gateways, and projects.
Target Users: API Managers, Platform Administrators
Key Functions:
- Define, register, and publish APIs
- Configure policies and access rules
- Create and manage API Gateways
- Monitor API usage, performance, and system logs
Developer Portal
Definition: The Developer Portal is a self-service platform for API Users to discover, explore, and access published APIs.
Target Users: Internal teams, partner developers, external consumers
Key Functions:
- Browse available APIs and documentation
- Request API access and manage credentials
- Track personal usage and approval statuses
- Serve as the interface for Open API collaboration
API Test Portal
Definition: A dedicated tool for testing APIs in real time using request/response simulations.
Target Users: Both API Managers and API Users
Key Functions:
- Send sample requests with parameters and headers
- Validate functional correctness of APIs
- Use authentication methods such as API Key or Token
- Debug API behavior before production usage
Tenant Management Console (User Management)
Definition: The Tenant Manager Console provides user and project management capabilities for platform-level administrators.
Target Users: System-level administrators
Key Functions:
- Create and manage users and projects
- Assign roles, permissions to users
- Assign users to projects
API
Definition: An API (Application Programming Interface) is the main service unit exposed to consumers via the APIM platform.
System Location: Registered and published in the APIM Console, accessed via Gateways
Attributes:
- Defined using Swagger/OpenAPI
- Connected to a backend service
- Subject to lifecycle management and policies
- Consumed by frontend apps or external systems
API Documentation
Definition: Structured technical documentation that describes how to consume an API.
System Location: Created in the APIM Console and published to the Developer Portal
Contents Include:
- Endpoint descriptions and methods
- Input parameters and output structures
- Authentication requirements and usage examples
API Policy
Definition: An API Policy is a set of rules that govern how API requests and responses are processed by the API Gateway. These policies control access, security, data transformation, and traffic behavior.
Policy Placement: Policies are applied at two distinct stages in the API flow:
- Inbound Policies (Request Policies): Applied before the request reaches the backend service. Purpose:
- Authenticate the caller (e.g., API Key, Token, OAuth)
- Transforms or pre-processes requests, such as validating headers, payloads, or parameter formats.
- Apply rate limiting and quota enforcement
- Perform routing decisions or header enrichment
- Outbound Policies (Response Policies): Applied after the response is returned from the backend but before it reaches the API User. Purpose:
- Mask sensitive data in the response body
- Transform response format (e.g., XML to JSON)
- Add or modify response headers
- Log response content or status codes
- Configured in the APIM Console
- Enforced dynamically by the API Gateway
When an API User sends a request, the Gateway first applies inbound policies to check authentication and validity. Once the request is routed to the backend and a response is generated, outbound policies are applied to ensure the response complies with security, format, or logging requirements before it is returned to the frontend application.
Multi-Gateway Management
Definition: The capability to define and operate multiple gateways, with each project limited to one single gateway.
Purpose and Benefits:
- Traffic isolation between projects
- Scalability via resource-specific deployments
- Support for rolling updates and replication control
- Flexible deployment per team, department, or tenant
API Lifecycle
Definition: The end-to-end process of API creation, deployment, and operation.
Lifecycle Stages:
- Backend service development
- API definition and documentation
- Gateway creation and policy setup
- API publishing
- Testing and frontend integration
- Runtime request/response execution
- Monitoring and version control
API Request and Response Flow
Definition: The actual runtime sequence an API call follows from consumer to provider and back.
Flow Steps:
- Frontend application sends request to API Gateway
- Gateway applies request policies
- Request is routed to backend service
- Response is generated and returned
- Gateway applies response policies
- Final response is sent to the frontend app