Federated API Management: Balancing Speed and Control

The need for self-service API infrastructure

When we think about self-service API infrastructure for developers like we need for a federated model, a potential challenge could be governance. How does the central IT team or platform team retain control? Guardrails ensure that the distributed activities all consistently meet the governance policy and compliance requirements of the business.

Let's consider an example that helps illustrate the need for both a federated model and self-service. Developers have different API use cases. For example, say you have a developer who has a backend REST API. They're looking for an API gateway to protect this API — to enforce a rate limit and use JWT authorization. This developer could build all that logic themselves, but they want to rely on a prebuilt API gateway and prebuilt API authorization and rate-limiting logic. 

In the centralized (or central) API team model, that developer might then ask someone on the central API team to spin up gateway infrastructure. And along with that gateway infrastructure, the team might go ahead and build a gateway service or a gateway API for that dev gateway service with the proper logic.

This becomes a real bottleneck for organizations as they scale. This is just one developer with one API use case. Multiply that single developer's use case by hundreds of requests from multiple developers, and the central API team can become a bottleneck where devs have to end up waiting days, weeks, or months to get their specific requirements met by that central team.

This is where the federated API platform model comes into play. There's still a central team — typically, now you're talking in terms of your platform team — and they build a central API platform.

In this API platform, self-serve options for gateway infrastructure. Developers can now use this platform to spin up infrastructure for themselves. While this could sound scary; the whole reason the centralized model became so prevalent was to have some level of control. But it doesn't mean you're embracing API anarchy.

The right API platform includes guardrails to make sure that any piece of infrastructure that is spun up is done so based on corporate standards and security policies and in the environment of their choice. 

As a massive bonus, the API platform can also grant shared services and central IT teams a real-time, centralized view of all their services and runtimes — offering visibility into things like error rates and throughput for each runtime, service, and route. 

While developers are now tasked with serving themselves, it enables developers to spend more time writing code and less time maintaining the infrastructure — which in turn cuts time and effort in getting services into production.

The pros and cons of a federated model

In this federated operational model, a single control plane exists for all teams within the organization. For some small-scale users of the platform, data planes are provided as a service so that they don't need to be concerned about how their gateway infrastructure is deployed as a pipeline is provided to the teams that is capable of deriving gateway configuration from an API specification.

However, if we follow one of the core tenets of platforms as practiced by Kong, the shared data planes will be created using infrastructure as code and teams will be onboarded to the platform in a fully automated manner. This means that this infrastructure as code can be made available to other users of the platform who do want to manage their own infrastructure. 

In the federated model, the golden organizational image must be:

• Hardened
• With certificates installed
• Employ a universal base image (UBI)
• Patched centrally and then rolled out automatically
• Connected to central control plane

Most Kong customers are either operating in a federated model or have ambitions to transition to a federated model.

Pros

• Single API catalog for all internal API assets to promote enterprise-wide consumption and adoption
• Economies of scale for small teams that wish to continue using shared service
• As all infrastructure components are delivered as infrastructure as code, business units can submit pull requests to the code base to democratize innovation of the platform
• Gateway patterns can be coded, exposed, and consumed in the environment of choice for each business unit (e.g., as a virtual machine, a container, or a K8s deployment)

Cons

• Operational complexities can be potentially introduced to ensure that the business unit teams update infrastructure in line with the organizational policy
• Requires a central platform function to maintain the golden images and control plane as well as to ensure consistent governance across the organization

How federated API management works

With federated API management, a central team is responsible for creating the technical assets that can be consumed by developers. These assets may include API management best practices, tooling, and frameworks. The central team essentially delivers infrastructure-as-code in the form of standardized patterns or templates that developers can consume.

For example, your organizational standards for APIs may include disabling HTTP, restricting certain SSL ciphers, and adding certificate authorities (among others). The template or the golden image delivered by the central team to the service delivery team in each line of business would already have these configurations enabled.

By simply deploying this golden image in the environment of their choice — whether that happens to be Kubernetes, public cloud, VMs, or hybrid — the service delivery team would ensure it has met all the governance requirements that the central team has mandated and now its instance is aligned with the single source of truth with regards to API configurations and telemetry data.

Federated API Deployment Model: The central team provides shared technical components, know-how, best practices, and enablement to service delivery teams

Benefits of federated API management

The federated model of API management balances standardization and DevOps principles that are desired by the central team with the flexibility craved by developers to deploy the APIs in the environment of their choice and according to their business requirements.

In the federated model, the developer becomes the operator by following the DevOps principles and utilizing the best practices and golden image provided by the central team.

The federated API deployment model delivers value for both central enablement and service delivery teams.

Under this model, the central enablement team produces infrastructure-as-code as the guardrail to ensure consistency, standardization, and compliance. But at the same time, it reduces its operational burden because now this team doesn’t have to run the data plane and the infrastructure as a shared service. The individual data planes are run and managed by their respective LOBs.

With the federated model, the central team also gets comprehensive visibility through aggregated analytics. Another advantage for the central team is that it helps them with continuity of operation.

For the service team responsible for consuming infrastructure-as-code, it’s all about architectural freedom and the flexibility to operate their gateway close to the APIs and microservices.

This reduces latency and provides flexibility to operate on the infrastructure of their choice.

The federated API deployment model also enables the service team to be more productive because now developers have to perform a smaller number of configurations to deploy their APIs because the majority of them have already been included in the golden image that they are consuming. The same golden image allows the service delivery team to be aligned with APIOps principles and follows standard development methodology and documentation.

In the next section, we’ll touch upon how Kong Konnect delivers on the promise of the federated API deployment model.

Power up federated API management with Kong Konnect

In the ever-evolving world of digital transformation, APIs have become the backbone of modern applications and services. As organizations embrace microservices architectures and distributed systems, managing APIs effectively and securely becomes a paramount concern. Enter Kong's Konnect platform, a cutting-edge solution that empowers enterprises to achieve federated API management at scale.

Robust components for seamless integration

At the core of Kong Konnect lies a powerful control plane that serves as the central configuration hub for your API landscape. This control plane enables you to define and enforce enterprise-wide policies, security standards, and operational guardrails, ensuring consistent governance across your APIs.

Complementing the control plane are the runtime components, known as data planes. These data planes are infrastructure-agnostic, allowing you to deploy them seamlessly across on-premises environments, public clouds, or even as a managed service from Kong. This flexibility ensures that your APIs remain in close proximity to your applications, optimizing performance and reducing latency.

Feature-rich capabilities for agile API management

Kong Konnect is packed with features that streamline and simplify API management. Embracing the "everything as code" philosophy, it enables declarative configuration management, ensuring consistency, auditability, and reproducibility across your API lifecycle.

Role-Based Access Control (RBAC) and control plane groups strike the perfect balance between centralized governance and distributed ownership. Global policies and standards can be enforced across teams and environments, while still granting teams the autonomy to manage their API configurations independently.

The platform also boasts a rich ecosystem of out-of-the-box plugins and third-party integrations, covering authentication, security, traffic control, serverless, analytics, transformations, and logging. This extensible foundation empowers you to tailor the platform to meet your specific requirements.

Moreover, Kong Konnect seamlessly integrates with popular automation tools and CI/CD pipelines, enabling you to automate various aspects of your API lifecycle, from design and validation to deployment, testing, and monitoring. This automation capability accelerates time-to-market and ensures adherence to best practices across your API landscape.

With Kong's Konnect, organizations can embrace the power of federated API management, unlocking agility, scalability, and consistent governance for their digital initiatives.

Ready to dive in? Get a demo and see how Kong Konnect can transform your organization.