IBM API Connect Review

It combines IBM DataPower being a security gateway with some of the features that are in IIB and IBM App Connect. I think that a subscriber should being able to subscribe to a plan.

What is most valuable?

I think the most valuable feature is the fact that it sort of combines IBM DataPower being a security gateway with some of the features that are in IIB and IBM App Connect, to kind of build a complete integration. Also, IBM API Connect being the API gateway is extremely valuable both for internal and external consumers of APIs. Off the top of my mind, those are the big points that I would add.

How has it helped my organization?

For full transparency, at this point, we brought the solution in and we've used it for a couple of internal hackathons, but we haven't actually used it for any production work yet. Like any bank, it's really forcing a transformation in the sense of the whole industry related to cloud and related to connections to the outside. We're really trying to figure out, internally, how we want to define that.

Some of the other growing pains we've had is, how do we operationalize the technology in the sense of ownership internally; to say, which different groups should actually own which component and how we control the security across that. Personally, my side of the house, which is being responsible for delivering solutions on behalf of the businesses, I'm ready and anxious to get going on it. I'm very excited about the possibilities that the technology brings.

What needs improvement?

I think that some features that would be kind of cool are around the whole idea of a subscriber being able to subscribe to a plan. Not only should that plan include the number of calls per month or per week or whatever but also, I want to subscribe to a plan with an SLA, which gets into response time of an API call. If the response time in the plan that you subscribe is like 200 milliseconds with a 99.9% guaranteed delivery, then I should be able to subscribe to that plan and then be able to go into it and actually see how close I am to adhering to that.

Internally, this makes for some very interesting conversations right around going from application to application, issuing a connection and they're saying, "Hey, well, we're going to make this many calls a month and this is what we need the response time to be." You could literally say, "Well, we're hitting the SLA." Or, "We're not hitting the SLA." Externally, I think you have the same sort of commitments and when you're negotiating contracts, especially on the larger business partner connection, with the business-to-business connection conversation as well.

What do I think about the stability of the solution?

Given the fact that it's not operationalized, I cannot really comment too well on the stability because we haven't really had to worry about the stability yet. I'm not really in a place to know. I've heard rumors that there are occasionally some issues related to how it maintains connections with its other pair, but I don't know enough to know.

What do I think about the scalability of the solution?

Based on the architecture, from what I've heard, it's quite scalable. It's just, bring in more nodes and away you go. My understanding is it’s very scalable.

How are customer service and technical support?

Personally, I have not used technical support.

Which solution did I use previously and why did I switch?

We did not previously use a different solution. Let's face it: This is a relatively new space and we’re a bank. Of course, we knew that the solution was going on.

How was the initial setup?

I was not involved in the initial setup.

Which other solutions did I evaluate?

I do believe that there was an RFP process that we went through as part of the selection for this tool. I do not know which other vendors were on the short list.
Usually, our vendor selection process is quite rigid around that. Everything comes into play. Of course, there's cost but then there's, how well it's going to be supported. What does the product roadmap look like? How well does it conform to our internal technology standards? How well will it play within our environment? There's a lot of stuff there.

What other advice do I have?

I think if you're working with IBM and you're looking at possibly using Bluemix now or in the future, the other thing is, if you're using IIB or you're looking at Salesforce, there are a lot of synergies related to these platforms and this tool set, so it sort of makes sense to head down this road.

Personally, if you're a small startup, you might need to evaluate the entire landscape a little bit differently, but if you're a large enterprise and you already have a pretty big relationship with IBM, I think that it makes a lot of sense.

My rating reflects the fact that it's not operationalized at this point, and that's not entirely the product’s fault. I see a lot of potential, but there are still some things that need to be there.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More IBM API Connect reviews from users
...who work at a Financial Services Firm
...who compared it with 3scale API Management
Learn what your peers think about IBM API Connect. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
510,882 professionals have used our research since 2012.
Add a Comment
ITCS user

author avatarit_user579336 (Principal Information System Engineer at a financial services firm with 5,001-10,000 employees)

Hi Andrew,

Here are some of my thoughts which might help you ;

The real value of IBM API connect lies for enterprises in Healthcare, Financial and Insurance industry because they have to deliver and comply with strict security and privacy norms. The most important architecture/product evaluation decision about deployment of any API management solution would focus around security. As in long run, any enterprise would like to monetize the solution by exposing API, even if they don't have external API requirement now.

The true value of any API management solution lies in API gateway which is the runtime engine for API management solution. Datapower gateway is built on hardened and secured javascript engine while Mulesoft is an application that runs on JVM. Mulesoft based solution is vulnerable to all security threats posed to a typical Java application as well as JDK vulnerabilities fixed by Oracle time to time. With IBM API connect you also get Virtual Machine and docker form factor which can be installed on VMWARE and Linux.

Recently IBM launched a preview version of API connect on docker. The preview version doesn't have command-line interface access yet but IBM is working on releasing a full featured IBM API connect solution too. The newer APIConnect release is easier to use and has multi language support which is useful for any global organization. IBM has taken big step to accept and support OpenAPI specification (i.e. Swagger ) for their API platform starting from IBM API connect. Older IBM API management (firmware 4 and earlier) solution was not based on OpenAPI instead was using YAML for API definition , same which Mulesoft platform uses inherently.

I have also worked on Apigee edge which is a cloud based platform and I found it easier and convenient to use.Currently Apigee offers more out of the box policies than IBM API Connect. I feel IBM on-premise solution require quite a learning curve in start. Unfortunately I had to learn IBM API management (firmware 4 and earlier) which was older version. Then IBM made significant change in IBM API Connect (firmware v 5 +). Also IBM API connect inherently support XML-JSON or JSON-XML policies as Datapower supports both JSON and XML parsers while Mulesoft internally use Custom extension functions and Java objects to do this conversion. So you get highly secure, efficient and customized parsor for XML and JSON processing with API Connect which can be deployed in DMZ network zone.

Also as per my understanding, Datapower use non-blocking/parallel processing to process a single transaction while Java based application/Mulesoft use a thread which might be a problem, when it comes to high scalability. So for long term approach to API management solution, APIConnect/Datapower will be highly scalable and faster than Mulesoft .

There are also some github projects to create custom policies for API connect which can be imported in API Connect. I clearly see API Connect is better solution than Mulesoft but I am still in middle of evaluating it against Apigee out of my own interest , so I will leave that comparison for future.