API gateway evaluation checklist

API gateway checklist

Evaluation checklist

In the post which API gateway to choose, we list the industry most adopted API management products. Each product has a review summary and a detailed evaluation report.

In order to do the evaluation summary, I have created a checklist with a set of questions to cover the product and technical sides.

API gateway evaluation checklist is listed below.

Product Checks

  • Initial Cost. Initial cost to setup and start using the product. Many cloud based API gateway solutions are offering self on boarding options with monthly payment setup. However, this cost should include the effort required to start using the product.
  • Cost over time. Medium to long term cost of running the API gateway product. This includes license or subscription fees and the required developer effort.
  • Maintainability. What effort is needed to maintain the solution. For SaaS solutions this would be close to zero. But if the solution is installed on premise, the maintainability can play a big factor while making the investment decision.
  • Scalability. Scalability is an important factor which ensures that your system can start serving increased amount of requests and traffic. Its important to understand what are the system limitations in this area.
  • Portability. How easy it is to switch the vendors if required. What would be the process and the complexity.
  • Training availability. Is product supported by vendor who provides training and professional services? Id there a strong developer community around the API gateway product?

Technical Checks

  • Secure connectivity between API gateway and the backend systems. What security mechanisms are available within the product to protect upstream backend services. Mutual SSL would be one example.
  • API Access control with API keys, certificates, JWT tokens.
  • Quotas and rate limits for incoming requests.
  • Request and response payload transformation and mediation possibilities.
  • Request and  response caching capability.
  • Logging / Analytics. What option does system provide for API request and response logging. What are the options for aggregating data and use it for business analytics.
  • Support for custom runtime policies (runtime extensions).
  • API documentation / specification definition support.
  • Management APIs. Can the product be programatically integrated into CI, CD and app development lifecycle.
  • Prebuilt integrations with backend systems. Modules or libraries which provide integration to known 3rd party applications or data stores.


Did you like this post? Subscribe to our monthly newsletter and get updates sent to your inbox!