The end-to-end API lifecycle solution API Connect has been available in Bluemix for quick some time. With the recent addition it’s much easier to leverage this functionality since everything can be configured from the application dashboards.
I’ve just tried it for a simple sample where only developers with a key (and optionally secret can invoke APIs). API definitions can be imported via Swagger/OpenAPI definitions. My app exposes some REST APIs for which I enforce a key in a header.
In the next step I can expose the managed API which means that it’s not longer possible to invoke it without the key. At the bottom of this screenshot I can create an API key and a get a link to an API explorer.
The API explorer allows me to test the APIs and it passes in the key.
To find out more you can follow the getting started tutorial.