About Apinizer
In this section, an overview of Apinizer's capabilities is given, including definitions, key concepts and the features and how you can benefit them.
What is Apinizer?
Apinizer is a product family that enables the following tasks to be done easily and quickly with simple configurations, without writing code as much as possible:
- Apinizer API Gateway: Performing security, traffic management, load balancing, logging, message content conversion and enrichment, validation, testing and many other tasks related to API/Web Services by configuration via form-based interfaces without writing code.
- Apinizer API Creator → DB-2-API: Creating and publishing an API/Web Service from database operations instantly without the need for a server or the need for writing code other than SQL.
- Apinizer API Creator → Script-2-API: Creating and publishing an API/Web Service from JavaScript or Groovy code instantly without the need for a server.
- Apinizer API Creator → Mock API Creator: Creating and publishing a Mock API instantly without the need for any server or writing code.
- Apinizer API Monitor: Automatic and continuous monitoring of whether API/Web Services or external systems are working properly and being notified of problems instantly.
- Apinizer API Analytics: Visualizing performance, usage detail, error metrics, and etc. of API/Web Services.
- Apinizer API Portal: Providing API/Web Services documentation, trial opportunity, and collaboration platform to stakeholders.
- API Portal: An individual product in Apinizer family that is not natively integrated to Apinizer and can be used independently, optionally in front of any API Gateway. It provides documentation, trial opportunity, collaboration platform and pricing plans to stakeholders.
- Apinizer Integrator: Meeting and automating integration tasks without code, and optionally exposing as an API/Web Service.
- Apinizer Platform: Providing API teams a single, integrated API Development Lifecycle Management platform which users with various roles can work collaboratively and operate API lifecycle steps such as requirement setting, documentation, design, development, testing, publishing, versioning, monitoring, analytics, reporting and releasing.
What is not Apinizer?
Although Apinizer can do many things, it does not aim to replace software or solutions that are specialized in their field. In this context, it is necessary to answer the question of what Apinizer is not with some examples:
- Apinizer is not a Service Mesh software: If you plan to work with microservice architecture, Apinizer can help you as an API Gateway, but it is not correct to use it instead of Service Mesh.
- Apinizer is not a Kubernetes Management or Monitoring Tool: Apinizer runs on Kubernetes and provides interfaces for tasks such as creating Environments definitions and configurations for its own usage and opening Pods for them on Kubernetes. In this respect, users do not need to know or manage Kubernetes. However, users can continue to use Kubernetes if they are already working with it and monitoring Kubernetes environments with tools such as Grafana, Prometheus.
- Apinizer is not Opsgenie or PagerDuty: Apinizer can take some actions regarding errors by constantly monitoring API/Web Services. It can integrate with specialized systems such as OpsGenie or PagerDuty, but does not replace them.
- Apinizer is not ELK: Apinizer uses Elasticsearch to store log records and allows the Index Lifecycle Management feature of Elasticsearch to be adjusted through Apinizer interfaces. It allows users to query these records without knowing how to use Elasticsearch or related tools. However, if users wish, they can also perform detailed inquiries or reporting using Kibana.
- Apinizer is not a SIEM application: Apinizer can write logs to SYSLOG so that SIEM devices can read it.
- Apinizer is not a Firewall: Apinizer can perform functions such as IP restriction, message content control on API / Web Service basis and located behind a firewall.
- Apinizer is not a Load Balancer: Apinizer can balance the load or perform failover if multiple endpoints are defined for API/Web Services. It also does not need a load balancer for its own horizontal scaling. However, it can be positioned behind the organization's existing load balancer and resolving TLS/SSL on this device/software can contribute to performance.
- Apinizer is not an IDE: Apinizer offers facilities for creating API/Web Services or meeting various low-level needs of API/Web Services such as security, message conversion and so on. In this context, it also allows to write a small amount of code that can be called configuration code with tools such as XSLT, Jolt, JsonPath, XPath, JavaScript or Groovy. However, it is not an IDE to be used for coding, running or debugging purposes.
- Apinizer is not MailChimp: Apinizer can automate the task of sending e-mails to e-mail addresses entered manually or pulled from another source such as a database or API/Web Service. However, Apinizer offers these features for integration and notification purposes, it is not specialized software that can be used for marketing or e-mail subscription management needs.
- Apinizer is not Zapier or a BPM Software: Apinizer offers the opportunity to integrate various systems or software via task flows created by adding custom tasks defined over connectors. It even gives the opportunity to open these task flows as API/Web Services. Although it is sufficient to meet many needs of companies, Apinizer is not a general purpose integration software and it does not have too many connectors as Zapier or similar software have.
Who can benefit from Apinizer?
Apinizer is a software product and its focus is on API/Web Services and integration. With this point of view, all large or small institutions, companies or teams that develop, publish, and consume API/Web Services, and need integration with other systems/stakeholders, can meet their needs easily, quickly and at a much lower cost in total with Apinizer.
- IT Departments: IT Departments of public institutions or private sector companies, whose main job is not software development but integrating with other institutions/companies, can easily meet many needs, especially the following:
- Developing and publishing web services in just a few minutes with security, logging, routing, load balancing and many other requirements being met. No software developers are needed for this process.
- Publishing existing legacy SOAP Web Services as REST without modifying the code.
- Opening the same Web Service to different clients through different URLs with different configurations.
- Following when the Web Services are opened to whom, with which protocol/contract, and when they will be closed.
- Creating a Web Service inventory.
- Instant detection of the problem if any Web Service fails.
- Keeping track of who accessed which data and when.
- Meeting low-level requirements for Web Services without writing code.
- Creating integration automations without writing code. Examples:
- At a certain time every day, the central bank rates are withdrawn and uploaded to the database.
- Sending multiple emails and calling a specific Web Service using records retrieved from the database every friday at 7:00 pm.
- Startups: Startups that are established by a small number of people with very limited resources and focus on a specific business idea do not need to spend both limited workforce and limited resources on developing and/or managing APIs/Web Services. With Apinizer, they can meet many of their needs easily, in a short time and cheaper:
- Especially mobile application developers or integrators can publish Mock APIs quickly and easily.
- Even non-software developers can create an API/Web Service in a few minutes.
- Commercialization of APIs developed by the company with its own know-how and expertise (artificial intelligence, image processing, a special algorithm, etc.). All other common requirements such as security, routing, load balancing, failover or consumption tracking can be easily met by Apinizer.
- Companies that develop customer-specific software: Many software companies, large or small are working on software developed specifically for an institution or company. Apinizer can provide very important conveniences and benefits for the needs such as the integration of these software with the existing systems of the customer, the need to open the newly developed features via mobile or Web clients, the organization and management of the existing Web Services of the customer.
- Publishing existing legacy SOAP Web Services as REST without modifying the code so that the customer can use them in mobile applications.
- Opening existing or new APIs/Web Services to clients of different profiles in different ways and through different addresses.
- Creating Web Service inventory for use by both customer and software company personnel.
- Automatic continuous monitoring during and after development to immediately identify any failing API/Web Services.
- Providing a flexible and horizontally scalable infrastructure that can meet the increasing demand over time and the load it brings.
- Following cost savings can be achieved when the code development process of APIs/Web Services contains only the business logic, and all other common requirements are met on Apinizer:
- The amount of code to be developed and the technical knowledge and experience required for this task are greatly reduced.
- Along with the amount of code, the maintenance cost also decreases.
- These works, which will no longer be done by developing software, can be done on Apinizer by people who are not software developers or are relatively less experienced. Thus, personnel costs are significantly reduced.
- In customer-specific projects, the need to open APIs/Web Services for database operations often arises. Apinizer enables such APIs/Web Services to be put into service within minutes by people who are familier with database and SQL and do not need to know software development. This feature significantly reduces time, development and personnel costs.
- Many integration works can be done and automated without writing code.
- Firms that develop software products and/or API products, and companies or institutions in sectors such as e-commerce, tourism, banking, insurance, finance that use software technologies intensively and integrate with many systems: These types of companies/institutions are generally companies that have large software teams with high technical knowledge skills, operate software development processes, use SDLC practices, and have teams familiar with concepts such as CI/CD and DevOps. Apinizer provides a collaborative integrated platform for managing API Lifecycle steps, which is parallel to SDLC for API/Web Services but differs in some respects:
- Offers a working environment that manages, directs and supports the flow of lifecycle steps such as requirement specification, design, development, testing, uploading, monitoring, analytical data collection and review, publishing, pricing, versioning, retiring of API Products.
- Provides the opportunity to work by separating projects, teams and responsibilities by creating workspaces.
- Supports CI/CD processes by integrating with tools such as Jira, GitLab (future work).
- Provides the ability to define and update workflows (future work).
- Allows test automation (future work) and reuse.
- Allows to use test definitions for monitoring.
- Allows for versioning and running different versions in different environments at the same time.
- By creating Development & Test, Sandbox and Production environments, it provides the opportunity to publish an API from different addresses at the same time.
- Allows to operate different environments with different resources for different projects or APIs.
- Gives the opportunity to create a portal to make API Products available to API Consumers for a fee, along with trial version and documentation.
A quick look at Apinizer's features
- Common
- Runs on Kubernetes
- Available on-prem or own cloud
- Automatic upgrade
- Horizontal scalability
- Supports multiple projects
- Supports multiple environments
- Supports multiple teams
- Dynamic role and team management
- Capability to manage Kubernetes
- Scalable log infrastructure with Elasticsearch
- SIEM integration
- API Proxy
- Security
- OAuth2
- JWT
- Username/Password Authentication
- Basic Authentication
- mTLS Authentication
- Digest Authentication
- SAML Validation
- SSO integrations
- Use LDAP/Active Directory for authentication and authorization
- Use Database for authentication and authorization
- Use Custom API for authentication and authorization
- Black (Blocked) IP Lists
- White (Allowed) IP Lists
- Predefined and/or custom message filters by regular expressions
- Encryption/Decryption
- Digital Signature/Signature Validation
- WS-Security
- JOSE Validation
- JOSE Implementation
- Advanced Access Control
- RBAC (Role-based Access Control)
- Method/Endpoint-based Access Control
- Identity and role management of clients
- Identity-based Throttling
- Identity-based Quota
- Traffic Management, Load Balancing and Failover
- Address Virtualization
- Conditional Routing
- Instant load balancing by adding new backend addresses at runtime. No restart required.
- Timeout and Retry Customization
- Disabling/enabling access to specific methods/endpoints
- Error Message Customization
- Circuit-breaker
- Identity-based Banning
- Using Proxy Server
- API-based Throttling
- API-based Quota
- Message Transformation
- XML Message Transformation
- JSON Message Transformation
- Message Validation
- Content Length Validation
- JSON Schema Validation
- XML Schema Validation
- Ability to call external APIs
- Ability to use JavaScript or Groovy to manipulate request/response messages, or apply business logic
- Ability to publish a SOAP Web Service as REST API
- Creating Mock APIs and conditional response definition
- Creating Mirror/Echo APIs to respond with the request
- Version Management
- Ability to publish multiple versions of an API concurrently
- Creating API Specs, import/export and expose capability in multiple formats
- Testing
- Creating test cases
- Creating test collections
- Test history recording and reuse capability
- Logging
- Customized and detailed logging
- Full-text-search capability on log records
- Customization capability for sensitive information within messages
- Error code and error message customization
- Tracing API calls
- CORS settings
- Cache capability
- Importing/exporting projects
- Policies
- Reusable policies
- Global or API specific policies
- Importing/exporting policies
- Applying policies on API Group, API and/or method/endpoint levels
- Conditional policy enforcement
- Enabling/disabling a single policy or all policies by a single click
- Creating API Groups for easy management
- Publishing APIs through API Group's URL and/or API's individual URL
- Manipulation and/or enrichment capability for request/response messages
- Customization of responses according to client's identity (Redaction)
- Security
- API Creator
- DB-2-API: Creating REST APIs operating on database
- No code required. SQL is enough.
- Stored Procedures are supported.
- Cursors are supported.
- Batch operations are supported.
- A single API may have multiple endpoints that each one uses a different database.
- Script-2-API: Creating REST APIs by script code
- JavaScript is supported.
- Groovy is supported.
- Message parts are available to use within script, and they can be manipulated.
- Mock API: Opening REST API by designing Enpoints via UI
- Imitating real data
- Different response based on condition on same endpoint
- DB-2-API: Creating REST APIs operating on database
- API Monitor
- Uptime Monitor
- Ability to continuously check if endpoints are up and healthy
- Ability to use existing test cases for monitoring
- Ability to create multiple monitors for each endpoint
- Ability to create multiple validation rules for each monitor
- Ability to create multiple actions to be executed in case of trouble for each monitor
- Uptime Monitor
- API Analytics
- Overview of APIs' performances
- Method/endpoint based statistics
- Seeing the general status of the system with predefined reports
- Custom query creation ability
- Custom report creation ability
- Anomaly detection by custom queries
- API Integrator
- Creating task flows integrating multiple systems
- Automating task flows
- Ability to publish task flows as REST APIs
- Ability to create multiple actions to be executed in case of trouble for each task flow
- API Portal
- Integrated to Apinizer
- Dynamic API Documentation
- Customizable Registration
- User registration for API products
- Generating unlimited API Key for API Product
- Consumption details per client
- Collaboration platform
Apinizer as an API Lifecycle Management Platform
API Lifecycle is a process that many users from different roles take part and overlaps with the Software Development Lifecycle (SDLC) since ultimately every API is a piece of software. In this process, Apinizer provides API stakeholders with a platform to work with and tools to facilitate their work, while providing integration with SDLC tools and process. Thus, software developer stakeholders have the opportunity to work in the environment and processes they are used to, as well as to use tools designed to do specialized work for APIs and related topics.
Below are API stakeholders and what tools the Apinizer product family offers to them:
API Product Manager: The API is a commercial product that can be sold. Therefore, there is a Product Manager in the company that manages the production of this product. It is the role that determines, plans and manages the features that the product must provide, its quality requirements, its capabilities, what needs of the customer it will met, its cost and selling prices, and how it will be marketed. Apinizer offers tools such as Canvas Creator (future work), Issue Tracker (future work) or API Portal for users in this role.
API Requirements Analyzer: It deals with setting and documenting API requirements. It can be thought of as a hybrid role that can use some of the capabilities of the API Product Manager and API Designer roles. It leverages Canvas Creator, Issue Tracker and API Spec Creator tools. For this reason, it is not shown separately in the image below.
API Designer: It designs the details such as parameters, headers, message structures of the messages to be received or returned by the endpoints of the APIs, and publishes them as an API Specification in a format that API Developers can understand and use. It uses API Spec Creator and Metadata Manager tools for this purpose.
API Developer: Users who perform two separate job descriptions that complement each other.
- The first of these is the writing of API code as an actual software development job. In this context, Apinizer offers users in the API Developer role the opportunity to open an API instantly (on-the-fly) with no-code or low-code options, and also without the need for a server.
- The second job description is to create API Proxies and make the necessary configurations on API Gateway software in order to meet the security, logging, message conversion, message verification, enrichment and similar requirements required by existing API/Web Services. Apinizer provides tools for this purpose that many jobs can be done without writing code, just by configuration. Thus, the original API/Web Service can only be planned to perform the business logic related parts, and the rest of the improvements can be made on Apinizer.
Apinizer offers Mock API, Mirror API, DB-2-API, Script-2-API, API Integrator and API Proxy products for API Developers to do the work required by these job descriptions.
API Tester: API testing is similar to software testing. It is possible to code software test cases that call the target API and test the results it returns. However, topics such as preparing message headers, parameters or message content, sending messages as HTTP/S calls and handling the details about them make it more practical to use specialized tools for API Testing. Also, policies implemented on an API must be able to be tested on the fly. Details such as saving test cases, creating test collections, automating them, making them reusable, and storing and re-running the history make testing easier and manageable for testers. In this context, Apinizer provides API Test Console and Test Toolbox tools.
API QA Specialist: Every API published to consumers should be monitored with various criteria such as the level of meeting client needs, correct operation and performance, and necessary improvements should be made. For this, Apinizer offers Anomaly Detector and API Analytics products.
API Support Specialist: In the company or institution, it is necessary to answer the questions from the clients regarding the APIs, to follow up the error notifications, to identify and document the possible bugs or security vulnerabilities, to resolve the problems and to provide feedback to relevant stakeholders as soon as possible. Apinizer allows users in this role to test APIs, access log records, and trace APIs step by step.
API Portal Manager: API Products are made available to API Consumers with the API Portal. In this way, API Consumers have the opportunity to create API keys for themselves, try the API Products they are interested in, view the documents, and use the API choosing the appropriate pricing option among the others. The API Portal Administrator is responsible for making the necessary configurations for these operations, briefly operating the API Portal. In this context, Apinizer offers an API Portal product and the necessary roles for the work that can be done on the portal.
API Analytics: Data such as the general success status of the APIs, the distribution and frequency of errors, if any, should be constantly monitored to ensure API service quality. For this, log data is examined. However, log data may contain sensitive data. Therefore, it is desirable to restrict users who can access analytics data. Apinizer fulfills this requirement with its API Analyzer role.
API Security Manager: API Developers set security requirements for the API they are working on, such as authentication. However, API Developers are requested not to have permission to manage the identities to use, because it can be inconvenient for a developer to give access to anyone he wants. Apinizer fulfills this requirement with the API Security Manager role. Only users with this role can manage usernames and passwords, information that requires security, such as passwords needed for definitions such as database or LDAP connection. In other words, the API Developer specifies that a resource should be authenticated, and the API Security Manager determines the identities to be checked, their privileges, and where they can access. In addition, it is the API Security Administrator's responsibility to determine how to filter, mask, or log sensitive client data.
API Consumer: Clients are the parties using APIs. If API Portal is available, API Consumers can define applications on the portal and register API Products to these applications, define authorized users of the application and generate API Keys for them, and perform functions such as testing API Products. If there is no API Portal, API Consumers are stakeholders who can use the APIs opened via API Proxy by calling them from the addresses given to them. They cannot do any configuration work on Apinizer and they do not need to do this. In other words, API Consumers are the clients of API Products or APIs from within or outside the institution/company.
All stakeholders of API Lifecycle work collaboratively with Apinizer;