Getty Images

Low-code API management tool fights complexity, with caveats

A new low-code API management tool could bring benefits such as increased speed, fewer coding errors and wider accessibility. But it must prove itself in the market.

Experts agree that API management is often too complex. But one startup's recent attempts to offer a low-code alternative still face an uphill battle to gain traction.

Visual API tools have existed for decades to address specific aspects of API management, such as API code generation and API testing. For example, Swagger helps design and document APIs, and Twilio can visualize how API interactions take place. Other tools competing in the API management space include Postman, APIMan and F5 Nginx.

Now, a new contender has emerged in APIwiz, which was founded in 2017 and raised a $2 million seed funding round in March. The startup looks to extend a low-code visual interface to encompass the entire API management lifecycle and make it accessible beyond the ranks of professional developers.

"This whole API lifecycle today is broken down and addressed by various tools and technologies … [some] that are focused on design. And there are certain aspects of those [that] are more focused on building CI/CD automation, sandbox creation, [or a] developer portal," said Rakshith Rao, co-founder and CEO of APIwiz. "APIwiz is taking the approach [of], 'How do we bring various aspects of the API management lifecycle under a single pane of glass?'"

In addition to providing professional developers with visual tools, the platform allows citizen developers to build, publish and maintain APIs without understanding traditional coding languages or infrastructure as code languages such as JSON or YAML, according to Rao.

A low-code approach to API infrastructure configuration might let developers build configuration files without learning a new syntax, potentially opening API configuration to non-developers and those who are technical but not comfortable with code, such as product managers, said Rob Zazueta, a freelance technical consultant based in Concord, Calif.

"I'm honestly in favor of anything that democratizes the digital space by making complex technical things accessible to more people," he said. "APIwiz does sound a wee bit too good to be true in some ways. But I think there's also an argument to be made that API management and configuration is currently too difficult for some teams to manage."

Speed is another potential advantage of using a no-code/low-code API management platform. Pre-built modules, available as icons in the APIwiz user interface, mean configuration files and other components do not have to be hand-coded, which reduces labor hours and errors, Rao said.

Low-code can also speed up bulk configuration, Zazueta said.

"The old [user experience] of [API management] tools was somewhat limiting and made it difficult to perform bulk configuration," he said. "If you wanted to migrate dozens of endpoints to a new management system, you likely had to go through dozens of forms in the interface."

Low-code API management vs. skeptics

Another API management alternative to hand-coding is to add all API endpoints to a YAML or JSON file using a format such as the Open API specification. But that can still be overwhelming for non-technical users.

"Even though it's YAML or JSON, it's still code. And that can be intimidating," Zazueta said. "So your choice for administration was either pages of forms or getting a dev to write more code."

APIwiz's Rao claims that his company's product bypasses those challenges to make API creation, publication and maintenance accessible to anyone on a development team. That includes citizen developers, subject matter experts and product managers.

These non-coders can help when API management teams are swamped with too many requests, which frequently happens, Rao said. They can help with grunt work, such as writing test cases, scripts or documentation, which speeds up the process for everyone.

But it isn't clear how many non-coders need access to more complex API configuration, Zazueta said.

"Certainly some," he said. "But if most of it can be managed largely by open API spec files, and the non-coding teams are more focused on bundling endpoints for specific customer audiences, managing the portal, etc., then this low code approach may be overkill."

APIwiz does sound a wee bit too good to be true in some ways. But I think there's also an argument to be made that API management and configuration is currently too difficult for some teams to manage.
Rob ZazuetaFreelance technical consultant

Another developer questioned whether a low-code platform can cover the full scope of API management.

"From my experience, low code/no code tools follow the 80/20 rule," said Adam Stivers, application development manager at Republic Bank in Louisville, Ky. "They cover about 80% of the use cases. But the other 20% are too complex or too unique to be handled."

As a business grows and expands, more complex cases arise that require more configuration or coding, requiring a professional developer to look at a problem holistically. Low-code/no-code tools often stop a developer from finding creative solutions in such cases, Stivers said.

While APIwiz seems simple to use, it's doubtful that a typical citizen developer could use the platform to manage the full end-to-end API lifecycle, according to David Mooter, an analyst at Forrester Research.

For example, APIs typically require some understanding of the REST protocol -- a set of service connection conventions – and security concepts, such as mutual TLS or Oauth, to keep the API protected. Understanding how to comply with various privacy regulations is important too, Mooter said.

"No matter how easy an API designer is, you can't eliminate the need to understand those concepts. And most citizen developers don't have a background in that sort of thing," Mooter said. "The last thing you want is a citizen developer making the wrong decision about how to secure an API. Pro coders make enough mistakes with API security as it is. And they have far more familiarity with security than citizen developers."

APIwiz low-code API management platform
APIwiz’s low-code API management platform uses the OpenAPI specification.

However, Rao countered that APIwiz does indeed eliminate the need for citizen developers to understand most of the details of such concepts, including security. Those rules can be predefined within the product by an enterprise security team. Citizen developers do need to have some knowledge of REST, but that can be achieved with a few hours of training, he said.

As far as complex use cases go, APIwiz can handle every use case from simple to complex deployments where teams are managing tens of thousands of APIs, according to Rao.

APIwiz's free tier is aimed at individuals who want to design and share APIs. The team level, which targets enterprises with multiple product teams, is $249 per user per month. It includes API testing, virtualization and monitoring. Custom quotes are available for larger enterprises.

Next Steps

Postman API platform will use Akita to tame rogue endpoints

Dig Deeper on Software design and development