API Management Requirements Template, Checklist and Gathering Document
This requirements table for API management provides a comprehensive overview of the key features and functionalities that should be considered when evaluating vendors. The table covers security protocols supported (like OAuth, JWT), the ability to handle high traffic loads and scale automatically, support for multiple languages and frameworks, and customizable request and response handling.
API Management Requirements Table
Must make APIs discoverable
Must make it easier for developers to find, understand, and get access to different APIs.
API Discovery, API Search, API Cataloging
Must provide data protection
Must provide features for protecting the data while in-flight.
Data Encryption, Data Masking
Must provide tools for API design
Must help create a blueprint for the API.
API Design Tools, API Mocking Tools, Common API Design
Must have API mediation capabilities
Must have mediation capabilities that help with dynamic discovery, integration, while providing a high degree of scalability and flexibility.
API Mediation, API Composition, Prebuilt API Mappings, Custom Workflow
Must have API testing and test reports
Must come with a user interface that has an integrated test tool for generating test reports.
API Test Automation, Test Reports, Test Console
Must provide flexible deployment options
Provides support for deployment options suitable for the environment and architecture.
On-premises Deployment, Cloud Deployment (SaaS), Hybrid Deployment
Must provide developer-friendly features for API development
Provides a great developer experience through the whole API lifecycle.
API Developer Portal, Developer Portal Customization, Client SDK
Must provide API reporting features
Must have effective reporting features that help pull out reports to gain insights on API usage.
API Report Design, API Usage Monitoring, QoS Dashboard, Activity Logging
Must have affordable pricing
Offers low pricing options based on the expected adoption of the tool and future usage growth.
Low-Cost Pricing Per API Call, Low-Cost Pricing for Low API Call Volume, Low-Cost Pricing for API Gateways, Low-Cost Pricing for High Egress
Must provide features for API productization
Provides capabilities for enabling APIs as products that can be monetized.
API Monetization, API Productization, API Publication
Must support the DevOps workflow
Must have a built-in CI/CD pipeline to support faster deployments and API versioning.
Automated Builds, CI/CD Integration, Issue Management
Must offer a community management service
Must have a space for API evangelists to engage with peers, developers, and API consumers, and build and operate communities to help with knowledge exchange.
API Community, Contract Management
Must provide identity management
Must support identity management features for strong and adaptive authentication, privacy management, cross-protocol, SSO, and more.
Identity Management, OAuth, Authorization Service, SAML Support
Must provide key management
Must have features that enable the management of API keys, and the setting of restrictions to the APIs based on the keys.
Key Management, Public Key Infrastructure (PKI), Single Sign-on (SSO)
Must allow for secure API authentication
Provides authentication for users making calls to the APIs.
Basic Authentication, Digest Access Authentication, Token-based Authentication
Must automate the API lifecycle process
Enables API lifecycle automation, and therefore, faster deployments of APIs with fewer tradeoffs for speed over quality.
Workflow Management, Dependency Management, API Metadata Management
Must monitor and improve API performance
Must have features for traffic and quota management.
Cache Analytics, Impact Analysis, Load Balancing
Must have message-level security features
Provides message-level security to check for injection or DDoS attacks.
Message Injection, Malformed Message, Message Depth Limit
Must protect against attacks
Comes with features to prevent attacks and mitigate OWASP API security threats.
IP Whitelisting/Blacklisting, Malware Detection, Malicious Scripting, System Overload
Must have extensive compliance policy management
Must allow features to be added to the APIs at runtime with the help of configurable files.
Policy Tagging, Policy Bundling, Policy Versioning, Policy Deployment, Policy Design
Must provide features to enable/disable API access.
Platform Access Levels, Platform Access Revocation, Anonymous Platform Access, Fine-grained Access