Previously, we talked with founder of Varnish, Per Buer about the advancements Varnish has made over the past couple years and how they continue to grow in the market of open source caching. But one topic that came up was how Varnish’s API Engine compares to the likes of legacy API Engines such as Tibco Mashery, Apigee, Kong and Tyk. Buer related how Varnish manages to stack up to these when it comes to performance, but that they may contain richer feature sets. Given the assertion, we decided to follow up with a side by side comparison of the four API Engines to shed light on the competition in the API market.
The World of APIs
Tibco Mashery
Last year in August TIBCO Software, which specialized in analytics, integration and event processing, announced that they acquired Mashery, an API management company. The goal of the acquisition, as told by the company’s press release, was to expand TIBCO’s API management solutions “to help enterprises transform into digital businesses, integrate more channels for new services and experiences, and empower developers to accelerate innovation.”
Mashery already had a strong track record in the world of API Management, being named the leader in Application Services Governance Magic Quadrant by Gartner. Now with TIBCO, they continue to expand on their API engine with an extensive feature set.
- API Portal: Allows you to create a customizable portal for enrolling and supporting partners
- Provisioning tactics that lets you issue live keys or require activation by a moderator for security
- Mashery I/O Docs lets developers execute calls directly from API documents. It also shows them how many calls they’re making, the methods they’re using, and so on
- API Security: PCI-Compliant for data security, HITRUST CSF Certified to handle health information, SSAE 16 SOC 2 Type 1 compliant
- Also have OAuth 2.0 accelerator for secure access to sensitive user data and SSL support
- API Analytics: Helps to identify key trends and behaviors that impact business, while gaining a deeper understanding of API traffic, performance and growth.
- Helps make reports more user friendly, transporting raw data into more visible insights
- Provides you with the information to scale your API Management infrastructure, uncover new business outlets and so on.
- API Traffic: Offers three types of infrastructure
- Cloud: global PoPs, dynamic scaling and monitoring features, fast time to market, focus on core competency
- Local: Fully integrated central dashboard for API policies, management and reporting. Removes network latency, internal traffic situation, with on-premise security and control.
- Hybrid: Contains a single integrated Web dashboard for access policy configuration, partner administration and reporting. Ultimate flexibility, “single pane of glass” control, right tools for various use cases
- API Packager: Helps give management teams the power to negotiate custom API access, reduce work for IT, and provides fine-tune resources.
- With the packager no coding is required, allowing for business-side product creation with lifecycle management and response filters.
Apigee
At the top of the list for most API management needs, is Apigee who has been recognized by Gartner for both “ability to execute” and “completeness of vision.“ They handle billions of API calls with almost 100% availability, with features as follows:
- Apigee Edge: API management platform to help you build and scale your network with security, comprehensive analytics and apps.
- Apigee Cloud API traffic has increased 268% annually
- Self service developer portal, interactive API docs, varying SLAs and billing, all done with simple configuration through the management platform
- Supports interactive scaling and traffic isolation
- Automated API management capabilities with platform APIs, zero downtime upgrades
- Operational control with multi-tenancy, role based access (RBAC) and global policy enforcement
- Apigee Insights: helps you to understand customer behavior across channels and predict their behavior based on data in order to enact future business plans
- Analytics profiled through Hadoop Data Lake, Mobile/Web Traffic, API traffic and your data warehouse
- Analyzes all different digital channels to identify patterns across the entire digital environment
- Offers visualizations of data, event behavior graphs and API Journey Analysis
- Apigee Link: Allows you to evolve your business into a digital IoT platform, linking your API across all connected objects and devices
- Support for connected cars, smart infrastructure, home hubs, bluetooth devices, and even energy hubs
- Growing an ecosystem of connected devices
- Apigee Sense: offers security for your API, both internally and externally
- Data-Driven API security for DDoS and Bot protection, and OWASP top 10 threats
- Automated threat protection against spike arrest, quota
- Security governance with RBAC, data masking: allows for visibility at the API layer with risk monitoring, externalized authentication, and separation of duties
- Apigee Exchange: solution for mobile connectivity/telecommunications
- simplifies building apps across multiple platforms, while also giving the operator full control of developer and subscriber experience
Kong
Kong offers a scalable, open source API layer, running in front of any RESTful API, with extension plugins to provide extra functionality and services. Kong offers services to over 140,000 developers in the Mashape community, the world’s largest API marketplace.
- Installation on most Linux and OS X with the source code for their latest release v0.70 provided online here
- Supports clustering for use of multiple nodes
- Allows you to optimize your Kong cluster, database and proxy servers through their configuration file, which they provide the details on here
- Offers CLI reference tools, ability to write your own plugins and tips for proxy setup
- Scalability: Kong easily scales horizontally by adding more machines, helping to manage heavier loads and keep a low latency
- Modular: Can be extended through the addition of new plugins, configured through RESTful Admin API
- Runs on any Infrastructure: Can be deployed on the cloud, on-premise, in a single or multi-datacenter setup, for public, private or invite-only APIs
Tyk
Tyk is an open source API management platform, featuring an API gateway, analytics, developer portal and dashboard, all with speed and scalability in mind.
- Manage Multiple APIs: Tyk’s dashboard has one gateway to manage all your APIs with streamlined integration
- Allows you to set quotes, rate limits and manage access with fine-grained control and detailed reporting
- The dashboard also lets you view the usage statistics for your APIs, giving full views of your data by API Version, error type, endpoint, user and OAuth client
- Allows you to track API performance hour-by-hour with granular views of your data
- Customisable API Portal: Tyk’s portal makes it easy to publish your APIs to the world and allow developers to enroll for access
- allows for multiple portals where each enterprise gets their own portal, separating developer and team members for better organization across larger companies
- Comes with flexible, themeable templates based on twitter bootstrap
- Cloud, Hybrid or On-Premise Integrations:Tyk offers fully supported infrastructure through the cloud for free
- Auto-scaling, fault-tolerant infrastructure that keeps traffic flowing with full SSL security
- Full REST API to help smooth the interactions between your APIs gateway, analytics, policies, and keys
- Load Balanced: can handle up to 100 requests per second on a single node
- Configuration: Supports hot-configuration reloading without dropping any requests
- change the security model, blacklist, endpoints or add new API versions to your stack and load them with little downtime
- Open Source: fully open sourced and can be forked on GitHub with no limitation.
- Written in Goland and has no dependencies or complicated installation procedures
- Offers a support plan for 99 Euros a month
Takeaways
There seems to be two separate spectrums here with the feature sets–fully integrated support or freedom with open source. TIBCO Mashery and Apigee are by far larger, with a more extensive list of features, but this comes at a higher cost compared to open source alternative like Kong and Tyk. Depending on your company and you specific API needs, certain feature might draw you in more so than others, but know that there are several options out there, more than we can profile, so there’s always an alternative to fit your needs.