This question is a constant topic in water coolers of every IT department and to save everyone some headache we fashioned this survey to help you.
Every time you answer "Yes" give your self a point.
Answer questions and score your answers
1. Do you have more than 10 APIs, 10 client applications or 20 individual developers ?
2. Do you have any externally maintained clients or clients using public network or own devices, like mobile, IoT or single page applications using the APIs?
3. Have the APIs been implemented as microservices with own urls?
4. Are multiple different technologies used to develop the APIs by different vendors / subcontractors / teams? Are the services running in multiple cloud environments (like Heroku, AWS, Google, Azure, Digital Ocean, IBM)? Is this also what you want to continue with?
5. Have you got a centralized authentication and identity service implementing OpenID Connect available for API security?
6. Do you want to know for life-cycle management who use which version of APIs?
7. Do some of the APIs have higher security standards? Do you need to be able to audit who uses them and what data or operations they were accessing?
8. Do you need to restrict the access of development teams to different environments (like testing and production)?
9. Do you want to restrict access or viewing of specific APIs based on users organization?
10. Do you want to provide developers up-to-date documentation, preferably in an automated way? Should developers be able to try the API directly on the documentation site?
11. Hoping to plug in your API definition and documentation as part of your Continuous Integration (CI) pipeline to also update your API gateway rules if needed?
12 Do you want to tempt developer community to innovate new products and services using your APIs?
13 Do you need a channel to inform API users about changes and support them? Maybe API users could offer peer support?
14 Need to charge your API users for API usage, maybe different rate limits for different user groups?
15 Do you have a budget to purchase an API management solution?
"Yes" to questions 1-3:
You need an HTTP/API gateway service. As a minimum use the one offered by your cloud service. Or just a generic proxy product or service.
"Yes" to questions 4-6:
You need a very simple API management solution. If your team consists of software developers only and you are building microservices, a distributed developer friendly solution is probably enough.
"Yes" to questions 7-9:
You need a more heavy-weight API management solution, including analytics or integration to analytics. You will also need fine-grain access management features and possibly an external audit log.
"Yes" to questions 10-14:
You will most likely need a full solution to API management. Depending on your environment, competences, and budget you can collect the required pieces using open source libraries or by a full API management solution with integrated documentation and "developer portal" for users to manage their own credentials and communication. You may also need support for monetization with integration to accounting if you collect payments from your API users.
"Yes" to questions 15:
If you answered "yes" to all or most questions and you have a budget for it, consider buying ready made solution or subscribing to a service. Even most open source API management solutions offer paid options to heavy users. Remember that API management is 80% processes and methods and only 20% about technology.