Deep-Dive on SAP API Management powered by HCP: Publish, consume and monitor APIs in secure and scalable manner

As developers on the HANA Cloud Platform, you know that in order to build, extend, and integrate cloud-first apps, HCP provides different types of services such as integration services, analytics services, security services, IoT services, and UX services. These back-end services can be easily accessed using easy to consume APIs. For example, when you develop any IoT-based mobile application to monitor the room temperature, this application makes API calls to consume HCP IoT services and mobile services which will get/store data in the backend systems and display it on a mobile app. But these APIs alone are not sufficient. All of these APIs need to be managed and controlled. And this is done by API management. SAP API Management is one of the capabilities provided by integration services in HANA Cloud Platform.

SAP API Management is created to address API needs with features such as API provisioning and publishing, API discovery and consumption, security and access control, analytics and reporting, monitoring, operations and a developer portal. It provides a framework to expose SAP or non-SAP backend data and processes as APIs using REST, OData, and standard SOAP services. These APIs can be used to provide backend content to developers and 3rd party applications to drive commercial transactions and subscription growth.

As API Management is running on SAP’s HANA Cloud Platform, it immediately can tap into SAP’s unified cloud portfolio of services, developed apps, and integration capabilities all hosted on SAP’s Cloud infrastructure. In order to maintain the unified experience, SAP API Management integrates with classic SAP On-Premise services that run SAP Gateway via OData. With a built-in discovery feature, SAP API Management can connect to the repository of services already created and expose them as a managed API. It will also capture existing service documentation and include it with the generated API. Rather than app developers consuming services directly, you just access the APIs created using SAP API Management and can create apps without having to know the details about the system you are working on. APIs created using SAP API Management map a publicly available HTTP endpoint to backend services. SAP API Management handles the security and authorizations required to protect, analyze, and monitor your services.

Here is the API-based 4-layer architecture that explains where the API Management layer fits in:

Layer 1: API Runtime is the base layer. Developers create and build APIs from services, which could be anything providing data upon request. E.g. standard SAP on-premise Business Suite Service, a custom database, or some managed cloud service. This is the data which is locked in its own silo, which you are looking to make available in a lightweight, controlled manner.

Layer 2: The next layer, API Implementation, is an optional one. This relates to utilizing SAP Gateway or the reusable component Integration Gateway in order to transform RFCs, BAPIs, or other non-web enabled services into standard OData/REST or SOAP exposed services, which can then be consumed by applications designed to speak OData/REST or SOAP, such as API Management. This layer is optional, and only needed for services which are not natively web-enabled.

Layer 3: SAP API Management is a blanket layer between generation layer and the consumption layer, which is where all the apps live, providing users the powerful front-ends for consuming and utilizing the backend data. The API Management layer’s primary purpose is mediating all communication between these two layers.

Layer 4: This layer provides a single consistent look and feel to all the data it exposes, via REST or OData, so that regardless of what the source actually is, the apps consuming the information need only to know these standard data protocols in order to present them to the users.

SAP API Management consists of 3 high level components:

1. API platform – It provides tools to manage APIs and helps in adding, configuring APIs, and managing developers and apps. It helps to create and consume APIs, be it building API proxies as a service provider or using APIs, SDKs, and other convenient  services  as an app developer
2. API analytics – It provides powerful analytical tools to view short and long term real time usage trends of APIs. IP, URL, user ID for API call information, latency data, error data, and cache performance metrics etc. can be collected.
3. Developer services – It provides tools to manage app developers. To quickly onboard developers, it provides a developer portal for API discovery of publicly available API products. It provides facility to enforce Role Based Access Control (RBAC) to control access to features of the portal.

Finally, here are some of the main features of SAP API Management:

1. Discovery and Consumption – SAP API Management provides API discovery, catalog, subscription etc., making it easy to consume data across all devices and UIs. Complexity is reduced with unified access and governance of APIs across all landscapes. A developer portal provides comprehensive API exploration and documentation.
2. API Provisioning and Publishing – Features include API Registration, security and traffic policy definition, protocol definition and mapping, API Availability and Lifecycle Management.
3. Analytics and Reporting – Analytics powered by SAP HANA provide real-time visibility on how, who and when enterprise information is accessed via APIs. The analytics provide reports on usage metrics, errors, latency, and performance in a simple, intuitive Web experience. It helps to gain better insights on where to invest your resources in the future. The historical and predictive analytics let you inspect and troubleshoot any issues in the system.
4. Security and Access Control – SAP API Management provides policy enforcement, throttling and API Monitoring to aid in scaled and governed access to enterprise information. The security policies provide XML Threat Protection, JSON Threat Protection in addition to Message Validation policy for XML Schemas (XSDs) and WSDL definitions. The mediation policies that can be defined and associated to an API or service enable extraction, filtering and manipulation of messages including headers, URI paths, payloads, and query parameters. SAP API Management supports flexible choice of Authentication schemes such as SAML 2.0, OAuth, Client certificate, API Keys etc. It also provides Role Based Access Control for the Administration of APIs.
5. Traffic Management: SAP API Management provides quota policies to manage traffic to the backend servers in order to avoid overloading those servers. It also provides quota calculation at Application Level and Concurrency Rate-limiting and Spike Arrest for APIs.

Thus SAP API Management capabilities enable IT to simplify the way developers go about integrating with their SAP and non-SAP applications, thus reducing cost, fostering co-innovation and increasing participation in the API economy, in a lightweight and cost effective manner.

SAP API Management is now available on HANA Cloud Platform trial account. Check out this blog to enable API Management service in your trial account: Free Trial of SAP API Management on HANA Cloud Platform is available now!

You can learn more about SAP API Management at

• SAP HANA Cloud Documentation – http://bit.ly/1ZO6mR4
• SCN http://scn.sap.com/community/api-management
• SAP – http://hcp.sap.com/capabilities/api-management.html
• Social media channels:
  • YouTube: http://spr.ly/youtube-sap-api-management
  • Facebook: SAP Cloud: https://www.facebook.com/SAPCloudSolutionshttps://www.facebook.com/sapdevelopers
  • Twitter: SAP Cloud: https://twitter.com/SAPCloud, SAP Developers: https://twitter.com/sapdevs