IBM has recently announced that they've open sourced their API Microgateway. This means that any developer/business can now take advantage of this software in their own computing projects at no cost.

An API gateway is a software layer between one to many API services and their consumer applications. The purpose of this software is to provide a variety of common services useful for all APIs. Examples of such services are security, rate limit, and change management tooling. IBM's Microgateway is written in Node.js and utilizes the Swagger 2.0 spec. The open sourcing of this software is a huge boon to the development community as API gateways from major corporations such as IBM, Microsoft, Oracle, etc are usually licensed. The IBM Microgateway is not to be confused with IBM's DataPower Gateway, which is a different Enterprise solution which has a greater emphasis on security.

The key features of IBM's API Microgateway are network traffic management, easy implementation of security standards (such as OAuth), and policy management. There is also an API Designer toolkit which provides a GUI (graphical user interface) for creating YAML API specs. A small data store and robust flow-engine process allow for persistence of basic API data models and the ability to create complex policies around API consumability. The software includes pre-built policies for common use cases such as API key validation, basic authorization, and rate limiting.

The primary focus of IBM's API Microgateway is policy management. A user can use "if" and "switch" statements, which are a part of flow management, to create their own custom policies if they're not utilizing one of the pre-built inclusions. IBM product manager Ozair Sheikh writes in IBM's blog of expanding these polices beyond basic conditional statements, "When you need to roll up your sleeves and apply your own logic, the JavaScript policy provides ultimate flexibility to enrich the payload." The inclusion of basic conditionals and javascript configurability allows a user to adapt the gateway to suit their individual business needs and custom business logic.

Another large focus of the gateway is on API definition recognition and creation. Inclusion of the Swagger spec means that there is a single recognizable standard for API definitions and users can utilize the underlying Swagger Editor to create their own specs in YAML. Due to the sensitivity of editing in YAML, which can be similar to assembling a house of cards in the midst of a gale, a GUI on top makes this process a lot less time consuming. These tools allow for developers to easily create their API's definitions within the gateway itself, which leads to the possibility of policy creation based on consumer specific API definitions. However, the gateway is limited in only recognizing two types of APIs: REST and SOAP. Any API developers not currently utilizing either of these paradigms may find support lacking. Similarly, if the swagger spec is not a fit for an existing API ecosystem the microgateway experience may not be as robust as it could be. However, the great aspect of open source is if there are facets of a software that could be added or improved, they're always looking for contributors.