1. Do you have more than 10 APIs, 10 client applications or 20 individual developers?
2. Do you have any client applications that run on public networks or user-managed devices using your APIs? User-managed devices are devices where the users may install proxy apps or otherwise control clients or traffic like mobile phones, IoT devices or single-page applications.
3. Have the APIs been implemented as microservices with their own published URLs that may be exposed to clients / network?
4. Are multiple different technologies used to develop the APIs by different vendors/subcontractors/teams? Are the services running in multiple cloud environments?
5. Have you got a centralized authentication and identity service typically implementing OpenID Connect available for API security?
6. Do you want to know who uses which version of APIs so you can better handle versioning and life-cycles of the APIs?
7. Do some of the APIs have higher security standards? Do you need to be able to audit who uses them and what data or operations they were accessing?
8. Do you need to restrict the access of development teams to different environments (like testing and production)?
9. Do you want to restrict access or viewing of specific APIs based on users organization?
10. Do you want to provide developers with up-to-date documentation, preferably in an automated way? Should developers be able to try the API directly on the documentation site?
11. Hoping to plug in your API definition and documentation as part of your Continuous Integration (CI) pipeline to also update your API gateway rules if needed?
12 Do you want to invite clients, partners and/or the wider developer community to innovate new products and services using your APIs?
13 Do you need a channel to inform API users about changes and support them? Maybe API users could offer peer support?
14 Need to charge your API users for API usage, maybe different rate limits for different user groups?
15 Do you have a real budget instead of some credit card limit to purchase an API management solution?
"Yes" to questions 1-3:
You can manage with a cloud/environment native HTTP/API gateway service. You may benefit from using also a separate API design and catalogue tool. As a minimum use the one offered by your cloud service and Swagger Hub, Postman, Insomnia or Stoplight.
"Yes" to questions 4-6:
You need a very simple API management solution. If your team consists of software developers only and you are building microservices, a distributed developer-friendly solution is probably enough.
"Yes" to questions 7-9:
You need a more heavy-weight API management solution, including analytics or integration to analytics. You will also need fine-grain access management features and possibly an external audit log.
"Yes" to questions 10-15:
You will most likely need a full solution to API management. Depending on your environment, competencies, and budget you should consider a full API management solution. This includes gateways, management features, analytics and documentation. The most important part is the self-service portal, not just an API catalog but a place to sign up or request access to the APIs and to try them out. This can be just an "API catalogue", but it can grow to a developer or partner portal with other features and content, too, plus the full onboarding flow. You may also need support for direct monetization with integration to accounting if you collect payments from your API users. Even most open-source API management solutions offer paid options to heavy users.