Securely Expose Protected Resources as APIs with App42 API

Gateway
ShepHertz has been an API provider for the last 6 years and is today processing ~30+ Billion API
calls made by thousands of customers spread across 150 countries. It has been quite a journey for
us during which we experimented at multiple levelsthe underlying technology to be used,
security, documentation, pricing, identity management and especially non-functional requirements
i.e. performance, high availability & scalability. Last year one of our partners suggested that we
should carve out a gateway which would sit in front of our App42 API platform as a separate
project and we offer it as a separate product. We ourselves always have wanted to do so, but
because of bandwidth issues it always stayed on our wish list. Post this discussion we decided to
productize our Gateway solution which was tightly integrated with our platform as a separate
component. While we had created our first Beta version we already could see a lot of interest from
our Enterprise customers. The incumbent solutions in the market were very few and lacked the
flexibility & agility that is required to succeed in the API Economy and some of them were
prohibitively expensive and unnecessarily complicated.
In parallel how new age Apps/Products that were getting developedthe landscape, environment
& consumer expectations changed remarkably in the last 2 years.
In todays day & age apps are not built in isolationthey either need to integrate with other apps
or expose their data/services as APIs for other apps to integrate. In the Enterprise space they are
now being built or already have internal, partner apps as well as customer facing apps. Some of
them also want to create a developer community around their app & data, which other partner apps
can leverage to realize higher level use cases like a taxi marketplace app opening up their APIs or
building an app that is built using a mash up of different APIs such as a weekend getaway app
integrating travel ticket & hotel booking APIs, Social APIs, Geo Spatial and Map APIs, deal &
offer APIs, etc. Furthermore with multiple IoT devices coming up in the market, these connected
devices had to be exposed as APIs for building other apps or for talking with each other. Opening
up these APIs also puts them at risk of exposing their APIs to potential threats of security, denial
of service attacks etc.
A new term API Economy got coined and making money using your historical data by exposing
them as APIs and charging them was fast becoming an option which companies did not want to
ignore. There were startups mushrooming all over the world that were launching services as only
APIs, in fact the .io domain became popular for these API companies. Government organizations
and various other institutions also started to open up their data as APIs.

This development in the market coupled with direct requests that came to us through our multiple
interactions with our customers and partners were some of the main driving forces behind the
launch of this product.
Our vision was to leverage all the learnings that we had as an API provider and come up with a
platform that was easy to set up and would configure, build and monitor APIs with minimum time
to market and yet sufficed the requirements from simple to complex use cases. We wanted to offer
all the features that helped us in our offering of 800+ APIs, 18 SDKs and 25+ modules.
Before we could complete the final release, we already had multiple customers on board that
deployed our product in a dedicated cloud setup/On-Premise model. Requirements started to pour
in from our existing customer base including primarily indie developers & App Studios that
wanted to have the same capability, but at a much lower price as a multi-tenant solution on the
public cloud.

We are glad to announce that today we have launched the multi-tenant solution of ourApp42 API
Gateway. It is a comprehensive & battle tested solution that enables companies of all sizes and
even individuals to launch APIs in minutes and even expose their protected resources as APIs.
Customers can now create APIs for:

Standardizing their internal APIs for their Omni-Channel Apps

Exposing them to partners for collaboration of data and services

Creating & managing a developer community

Exposing unstructured data or devices e.g. IoT as APIs
Getting generated documentation, SDKs & test APIs
Above all, customers can also apply different policies i.e. Traffic, Security, Rules, Metering &
Charging on the fly over existing internal APIs or the new ones that are created, manage them and
monitor their performance & usage.
What does App42 API Gateway do?
Securely exposes legacy systems and other protected resources

Authenticates and authorizes the protected resources before exposing them as APIs
Gives in-depth analytics of what all is happening with your APIs
Limits burst and rate at which your clients can access APIs to prevent the backend from
becoming overloaded
Enables caching to limit requests that are being directed toward APIs to make the backend
more resilient
Takes care of generation of SDKs automatically according to your needs
Facilitates work process by extending APIs without having you to customize them with inbuilt pre & post processing rules
Empowers you to create identities that can access your APIs in whichever way you want
them to
Allows you to control who can access your API and who cannot by blacklisting and
whitelisting IPs

Features overview
1. Build, Deploy, and Manage APIs
With App42 API Gateway, custom APIs can be created quickly and easily from any backend along
with connecting to multiple data sources such as SOAP, JMS or code your own on the fly. Using
the App42 API Gateway consoleGatewayHQyou can define your API and its associated
resources and methods, manage your API lifecycle, generate your client SDKs as well as view API
metrics.
2. Resiliency Control and Governance
App42 API Gateway helps manage traffic to the end servers by allowing you to create traffic
policies, based on the number of requests per second for each HTTP method in your APIs. Along
with this you can also blacklist and whitelist IPs and create IP pools to restrict access from
undesirable audience. You can also set up a cache and time-to-live (in seconds) for your API data
to avoid hitting your end services for each request. App42 API Gateway handles any level of traffic
received by an API, so you are free to focus on your business logic and services rather than
maintaining infrastructure.
3. API Lifecycle Management

App42 API Gateway provides versioning of APIs. Version management allows you to easily test
new API versions that enhance or add new functionality to previous API releases and ensures
backward compatibility as your user communities transition to adopt the latest release. With this
you can manage API lifecycle from creation to end-of-life. You can create your policies to be
applied on each API and an interactive API Testing tool.
4. IAM (Identity Access Management) Support
IAM support enables you to securely control access to API resources for your users by providing
support to attach APIs to IAMs.
5. SDK Generation
App42 API Gateway can generate client SDKs for various platforms that you can use to quickly
test new APIs from your applications and distribute SDKs to third-party developers. The generated
SDKs handle API keys and signatures.
6. API Operations Monitoring
Once an API is deployed and in use, App42 API Gateway provides an interactive dashboard to
monitor the analytics of the API calls. The analytics include total requests, total revenue, average
response time, no of responses, no of failed calls and etc.
7. Authentication and Authorization
To authorize and verify requests to APIs, App42 API Gateway can help leverage signature
validation on various parameters. You can also use Identity and Access Management (IAM) and
access policies to authorize access to your APIs. Along with this you can also attach Key based as
well as OAuth based authentication policies.
8. Rules Creation & Management of APIs
You can create your own custom Pre and Post rules and attach your APIs with them. Using these
rules you can change headers, parameters, body and etc. on the fly for each API call.
9. IAM ID and Secret Keys for Third Party Developers
App42 API Gateway helps distribute your SDKs to third party developers as well. You can create
API keys on App42 API Gateway, set access permissions on each key and distribute them to third
party developers to access your APIs. The use of API keys and OAuth access token is completely
optional and based on the usage the need can be enabled.

10. Scalable and High Availability

Multiple instances of App42 API Gateway can be deployed to achieve high availability and
scalability. With this App42 API Gateway can be deployed on-premise as well as it can be used
as a managed service from App42. It supports all the deployment models, i.e., Public (Multitenant),
Dedicated, Hybrid and On-Premise.
We will be continuously adding more features in the coming weeks and further enhance our
solution to add more value to Indie developers, AppStudios & Enterprises. We encourage you to
try this product out. Here is the link to get started.
Should you need to reach out to us with any general queries, you may do so on our Forum and for
any specific query, suggestion or issue feel free to reach out to us at support@shephertz.com. You
may also request for a demo by clicking here and our API Management expert will get in touch to
give you a concise walkthrough of our GatewayHQthe App42 API Gateway Management
Console.