What is our primary use case?
API Platform is used to manage and monitor APIs as they are published to consumers, both internally and externally to the organization. The cloud service allows us to register all of our APIs as a catalog, link to the Apiary documentation for each API, apply policies (security and usage restriction) to the runtime endpoints, and monitor usage through analytics.
How has it helped my organization?
The API Platform has provided a consistent place to administer OAuth 2.0, Access Key, and other policies across groupings of APIs. It has also allowed standardization in the definition and documentation of the APIs. Rather than APIs being documented in a Wiki and shared through ungoverned Postman collections, we can have more fine-grained access and authorization rules as to who can use which APIs. All API usage is now governed and tracked.
What is most valuable?
The linkage to Apiary and the validation between the API documentation and the resource endpoints has ensured our documentation and implementation stay aligned.
There is an API Gateway for which all runtime traffic routes through to access the API endpoints. The fact that this gateway can be deployed on-premise is an important feature for our financial services projects.
The Call Home pattern that the gateway employs allows the security team to be comfortable with the link between the on-premise runtime and the cloud definition of the policies.
What needs improvement?
The APIs to retrieve the list of APIs should be improved. The need to allow token-based authorization with grant types other than the current password types, allowing us to integrate the API more easily into our public facing custom developer portal. Currently, only tokens generated by the Oracle Cloud login screen can be used.
There should be closer integration between the API Platform Cloud Service and the Identity Cloud Service to allow IDCS Applications, protecting backend systems, to be linked to the API Applications that consumers use to access APIs.
For how long have I used the solution?
What do I think about the stability of the solution?
We have no current production issues with stability.
What do I think about the scalability of the solution?
The gateway is lightweight and highly scalable in our experience.
How are customer service and technical support?
Oracle Product Managers are open to feedback through partners and support of API Platform has been swift. Challenges arise when issues fall between two cloud teams, e.g. API Platform and Identity Cloud Service, so precision and patience are needed with the definition of the problem for Oracle Support.
If you previously used a different solution, which one did you use and why did you switch?
We used a Service Bus previously. The API Platform has better native support for REST and the Gateway is more lightweight.
How was the initial setup?
Once the architecture is understood, it is simple to configure and setup. The instructions for gateway setup are clear and concise.
What about the implementation team?
We implemented this solution for our client using the Griffiths Waite development team.
What was our ROI?
This is part of our new digital offering for customers and has helped with new prospects to offer a modern secure API solution. Therefore it is having a real impact on the business adoption of API integration for customers.
What's my experience with pricing, setup cost, and licensing?
The pricing is for each logical gateway (a logical gateway can have multiple physical nodes).
The cost is very competitive for the average load that we expect. However, there is a minimum charge of one gateway, even if no gateway is active, so make good use of the trial before subscribing to check that the product is suitable.
Which other solutions did I evaluate?
We looked at Kong and IBM API Connect.
What other advice do I have?
There is a clear roadmap for support of standards in documentation and policies. I am keen on the fact that modern consumption protocols, like GraphQL, are also considered. At the moment you can have one policy per GraphQL service, but it would be good to have better granularity. How the platform links in with events is also a topic to consider on the roadmap.
Disclosure: I am a real user, and this review is based on my own experience and opinions.