In the previous blog entries I described how to develop and document REST APIs with Spring Boot and Swagger and how to deploy Spring Boot applications to Bluemix as Docker containers. Below I go one step further and explain how to manage and monitor APIs on IBM Bluemix via the API Management service.
With the API management service you can manage your APIs without having to write this functionality yourself and redundantly directly in the API implementations. For example you can define how to handle security and throttling and you can monitor which APIs are invoked how often at which times by which applications. Below I use the same simple greeting REST API from the previous blog entries and show how to enforce a client id and secret for applications.
Existing APIs can be imported via the Swagger 2.0 format into the API management service.
In order to enforce a client id and secret you need to define security schemes and requirements and you need to select “identification” for each operation.
API providers create plans that can contain several APIs, that can be versioned and that can be deployed to different environments.
Developers register applications to receive client ids and secrets in the developer portal. With these credentials APIs of specific plans can be used, either directly in applications or via the test/invocation tool that is available in the portal.
API providers can monitor the usage of their APIs in the API management dashboard, e.g. they can filter API calls by application.