Build, manage and monetize API products internally and externally

Hero Banner 1
Hero Banner 2
Hero Banner 3
badge1
badge2
badge3
badge4

Successful API management requires more than simply subscribing to APIs and enforcing API security policies — especially for digital business strategies like open banking, small business enablement, and dynamic value chains.

Enterprise API strategy is about business flexibility, ecosystem engagement, and digital transformation, based on well-crafted API products for open access to key business capabilities.

As a key component of a digital ecosystem platform, TH-APIM is specifically designed for this larger, strategic vision for APIs.

Torry Harris API Manager
(TH-APIM) is a complete foundation to:

  • Make your APIs income-generating through platform models, third-party connections
  • Support governance and API user engagement needs, security and control
  • Support API product design processes,advanced analytics
products_api_manager_TH-APIM-img

Available in these deployment models

SaaS offering

(THDP-managed)

Customer-managed

(on-premises, customerchoice of cloud)

Hybrid

THDP/customer-managed

Enhance API security and governance with TH-APIM

  • A feature-rich solution designed to drive new revenue streams
  • Enables your APIs to generate income through third-party connections
  • Ensures governance, security, and user engagement
  • Supports your API lifecycle from creation to retirement

TH-APIM features and functions

Although API gateways and portals are central to an API management solution, there is more to it. Along with these core components, Torry Harris API Manager enables you to:

  • Securely expose APIs via micro gateways
  • Effortlessly configure and consume APIs with intuitive UI
  • Integrate easily with billing, pricing and use API product packaging features
  • Incorporate extended API documentation into the portal
  • Monitor usage with rich reporting, prediction & analytics
products_api_manager_TH-APIM-img

Reviews & ratings

Try it now!

Torry Harris API Manager is flexible with deployment methods. It supports THIS SaaS deployment, customer-managed deployments, or a hybrid mix of the two. Torry Harris can customize and manage the deployment plan according to your enterprise needs. This table summarizes our standard SaaS plans.

Choose your Plan

Trial
Get started
SME
Get started
Enterprise
Get started
Enterprise Plus
Get started
API calls a day up to 4 million calls up to 8 million calls up to 17 million calls up to 60 million calls
Performance Testing Environment Yes (up to 5 Days in a Month) Yes (up to 10 Days in a Month)
Service Composition
Runtime SLA 95.50% 99.90% 99.90%
Support Limited Email support 8 Business hours 24/7 24/7
Analytics Basic 24/7 Advanced
Support documents & videos
Schedule a demo

Frequently asked questions

Our API Management platform, Torry Harris API Manager (TH-APIM) is a complete package to help manage your APIs and turn them into tools that propel your business forward. It has four components that work in unison to provide the following basic runtime functionality:

The API Publisher Portal

This portal allows API publishers to configure the APIs, API packs, usage plans, usage policies, etc. Key features include:

  • Create secure API proxies
  • Create API packs from multiple APIs
  • Advanced Policy library with the facility to share policies across multiple APIs
  • Workflow/approval cycles on policy lifecycle
  • Configure transformations at API and resource levels
  • Ability to create multiple usage plans with a different set of runtime policies for each plan. For instance, Basic, Gold, Silver, Platinum, etc
  • Ability to selectively deploy and manage plans on different gateway runtime instances from a single screen
  • Near-real-time statistics visualization
  • Advanced and highly granular role-based access control for all features - API visibility, management, publishing, and consuming

The API Developer Portal

The Developer Portal helps developers discover, explore, try out and subscribe to the publishers’ APIs. The publisher can tailor the appearance of the developer portal as per their needs. Key features include:

  • Developer self-registration
  • Ability to search and navigate the API developer portal with the same user experience of an online store; with a clear listing of most popular APIs, What's new, API price, description, etc.
  • Facility to manage the subscriptions through an easy-to-use interface
  • The ability for internal and external developers and API providers to quickly view statistics of their API usage
  • Facility for API providers to easily expose/create APIs by proxying existing endpoints and attaching policy templates
  • Help/support ticket system built-in for API developers to report issues, bugs, etc.

The API Gateway

The API gateway enforces the policies defined by the publishers, validates the subscriptions, collects metrics, and enforces quotas. It is configured and managed using the publisher portal. No coding or customization is required. Key features include:

  • The event-driven paradigm used to implement the API gateway, easily achieving high concurrencies
  • Policy enforcement (details of each policy is described in our answer to the next question)
  • Cluster-wide policy enforcement
  • Quota overrun alerts with configurable threshold
  • Transaction recording for analyticsMulti-gateway runtime architecture to support isolation of high-traffic, high-volume APIs. Configuration and management is central though
  • Subscription validation and auto-renewal facility

OAuth Authentication Server

The OAuth authorization server is a software system that implements network protocol flows that allow a client software application to act on behalf of a user. Key features include:

  • Token management
  • Supports OAuth custom grant types

Following are the three main aspects that differentiate our API manager tools:

  • Product Positioning - We differentiate by positioning our product for customers that have a much wider scope of building a Digital Ecosystem rather than just providing API management service. When customers with a broader scope (digital ecosystems) choose only API management solution, they have to either build the digital marketplace on top of the API developer portal or integrate a standalone digital marketplace product like AppDirect.

    The scope of Digital Marketplace includes additional platform-business-specific capabilities such as provider on-boarding, contract management, workflows, e-commerce experience, etc. Our API manager is an integrated offering designed and positioned for enterprises that are already confident about the potential of the API economy and aim big to build digital ecosystems such as Schneider Electric, Dubai Smart City, etc.

  • Product Engineering and SI under one roof - Our product engineering and SI work very closely which enables a tighter feedback loop. Customers get the benefit in terms of rapid delivery of features/enhancements.

  • White-label / Distribution model for Enterprise Customers - Our API manager tools are designed to be multi-tenant that allows enterprise customers to distribute/provide cloud access as a rebranded enterprise offering.

Skills required by API providers are OAuth, HTTP, REST/JSON, and Swagger. To create some advanced rules, JavaScript skills would be an added advantage.

The following are the different API monetization policies on offer:

  • Direct Billing – In this type of billing, the external developers get billed directly for their API consumption on basis of usage volumes, load, bandwidth utilization, location, etc.
  • Bundled Billing (Packs) – This is a type of direct billing in which the external developers pay for bundled API kits instead of being billed for individual APIs.
  • Internal Billing –This type of billing is mainly used for providing internal metering and chargeback for different units or departments within an organization.
  • Tiered Billing –This type of billing model can be used to create categories of external developers based on parameters like usage, location, etc, and billed accordingly.

API monetization policies and functions are flexible and customizable, and can be different for the same API depending on the API consumer. We offer a paradigm of individual APIs and a collection of productized APIs – Packs/Plans. Each API consumer subscribes to a plan. Policies can be attached to Plans and individual subscriptions, i.e individual API consumers.

DM-APIM comes with built-in threat protection using the popular, industry-standard Mod-Security framework. The following essential rule sets are enabled by default:

  • Content validation – XML schema and JSON schema
  • Memory space breach and Buffer overflow attacks
  • HTTP Protection - detecting violations of the HTTP protocol and a locally defined usage policy.
  • Real-time Blacklist Lookups - utilizes 3rd Party IP Reputation
  • Digital signatures such as two-way SSL
  • HTTP Denial of Service Protections - defense against HTTP Flooding and Slow HTTP DoS Attacks, Public key DoS attacks
  • Common Web Attacks Protection - detects common web application security attack, resource hijack attacks, and session hijack attacks
  • Automation Detection - detects bots, crawlers, scanners, and other surface malicious activity
  • XML Virus attack prevention
  • Integration with AV Scanning for File Uploads - detects malicious files uploaded through the web application
  • Tracking Sensitive Data - tracks Credit Card usage and blocks leakages
  • Trojan Protection - detects access to Trojans horses
  • Identification of Application Defects - alerts on application miss-configurations
  • Error Detection and Hiding - Disguises error messages sent by the server

API Consumption management/control is provided by DM-APIM with the following capabilities:

  • A backend rate limit can be defined. This is separate from the API's rate limiting policy and ensures that the backend resources are not overloaded.
  • To track usage of external APIs against consumption quotas based on API call limits, a usage policy can be attached to the API and the gateway will ensure that the usage is limited to the defined limit
  • Consumption management features work based on total consumption across a distributed deployment. The product architecture includes a network-centric global counter that maintains count across distributed gateway deployment.

DM-APIM and our associated service offerings provide features that are specifically aimed at supporting multi-experience strategy:

  • Configurable content compression at the gateway to support low-footprint API payloads to support use cases in IoT, wearables, etc
  • Support for channel-specific APIs and creation of separate architectural layers tailored for front-end channels. This is commonly referred to in the industry as the BFF pattern (Back-end For Front-end). Microservices exposed through micro gateways are good candidates to build the BFF layer.
  • System Integration and custom solution development to build industrial Augmented Reality applications using frameworks like ARKit in the Energy management domain.

The key consideration in API Management to support all the above-mentioned multi-experience touchpoints is the ability to tailor specific security policies, support streaming, pluggable state management, data compression, etc.

Torry Harris API Manager can be deployed and managed with a hybrid topology - Cloud and on-premise. The management layer could be deployed on the Cloud, whereas the API Gateway could be on-premise or vice-versa. To support such hybrid topology, we provision a separate instance on the Cloud and deploy additional layers of security to allow secure access to the admin APIs of the API management platform.

Our industry vertical templates provide the required specs, principles, and reference models to integrate Open Banking APIs to your core banking and associated systems. Our complementing offering, Concierge Bank is a comprehensive marketplace-banking solution built on the foundation of Open Banking. It allows quick integration to third-party services helping banks to create their own marketplace via the managed API platform.

Our Support models range from product support to system-integration oriented Level 2 and Level 3 support. The product support escalation process allows customers to escalate to a product support manager as a first level. The second level of escalation is the Product owner. The final level of escalation is the CEO.

Our system integration-based support models are highly evolved. If a customer wishes to escalate any problem, the first level of escalation is the Support Manager. The second level is Business Unit Head, the final level is the CEO.

Here is how the SLAs work:

Our SLAs are categorized into availability uptime SLAs (also known as System Availability SLA) and QoS (Quality of Service) SLAs. The uptime SLA values are different for on-premise deployment and Cloud deployment. For on-premise hosting, we allow flexible SLAs that are designed for supporting mission-critical business applications. This includes both QoS-related SLAs such as response times from the gateways and high-availability SLAs (Ex: 99.999% availability).

The following elements differentiate our customer support:

  • We follow the DevOps model, combined with some elements of the traditional support to offer the best of both worlds
  • We offer tailor-made support plans and SLAs that best suit the needs of the customer.
  • We charge for support only when the customer goes live.

Seven days before your account subscription expires, you receive an email notifying you that your account is about to expire and prompting you to contact your account representative to retain your account.

When your subscription expires, you can’t restart existing apps or create new apps. Running apps might stop without notice at the discretion of Torry Harris. To renew your subscription, contact your account representative.

The Cloud version is updated regularly, with bug fixes and minor enhancements. However, every change is notified to the customers. We also ensure a zero-downtime deployment using our continuous delivery framework, Meridian. We ensure this by deploying the changes on the independent nodes of a load-balanced environment at a non-peak time.

Customers, however, are informed well in advance of the changes and about the possibility of a performance degrade. In the case of customers who have very high loads, separate instances are spawned to eliminate the performance degradation.

Any major feature changes are released as part of the scheduled release plan. Customers are also informed in advance about the release schedules and any migration steps that may be required are published in advance.

Professional services and consultancy form a very important part of our model since we offer consolidated end-to-end services in our focus areas. Depending on the phase the customer is in with respect to their API journey, any of the blocks within Torry Harris API Manager could be used by the customer and made to work (coexist) with any other commercial or open-source products.

We also assist clients from time to time in product selection for their enterprise. Though Torry Harris API Manager is open standards-based and the client can choose to engage with any vendor for the professional services and consultancy bit, they generally tend to engage us to offer both these services.