Why we develop commercial relationships with Apiman users
I'm delighted to say that Apiman 3 is out! It's been a lot of hard work over the last year or so, and it's wonderful to finally release it.
But, I thought I'd share a few words about why we work hard to establish commercial relationships with Apiman users — consulting companies, integrators, middleware vendors, end-users, etc.
Since setting off on this journey, it has been Black Parrot Labs' full-time endeavour to push Apiman forwards. Apiman is a popular project with a wide range of large enterprises and consulting companies benefitting from the years of development and passion poured into it (including lots of evenings and weekends!).
In reality, almost all the work on Apiman is undertaken by the Black Parrot Labs team (Marc being BPL's founder and Apiman's co-founder). Without BPL's continued investment in Apiman, the project will cease to be developed, and everyone benefitting financially and functionally from Apiman over the years will lose out.
We need to ensure Apiman remains a vibrant and forward-looking project that continues to be successful, well-maintained, and evolves to match the changing deployment landscape. We have a huge number of innovative ideas that we want to pursue for Apiman, but it requires the financial resources to do so. After all, GitHub stars don't put food on the table!
In a nutshell, this is why the development of commercial relationships between Apiman users and Black Parrot Labs are absolutely critical to ensuring Apiman is sustainable.
But, we understand that any business relationship has to provide value over and above the open source community. And that's an area where we have a proven track record that we are proud of. Here are just a few examples.
Our breadth of projects & experience
As you can see in our case studies, during the past few years we have had the fortune of undertaking a broad range of Apiman-related projects for our customers — and sometimes Apiman-unrelated, as it turns out!
You can have the confidence that we deliver.
A client with a large Apiman deployment called us in to help with a P1 critical issue in a production system that they thought may be related to API Management. This was causing the entire system to become unavailable during their client's most important product launch.
We received contact at 12:30 midday on 30th December from the company's CEO requesting urgent assistance, and jumped straight into action. We joined the 'war room', and worked until around midnight helping the customer's team work through the issue and identify some solutions that helped get through the night.
It turned out that the problems were not related to API Management, and after a few tweaks to JVM settings, that part of the system was working without any problem even under peak load of a much-anticipated new service launch. The client requested we stay to help with the remaining problems, as our experience with the Java-centric middleware and distributed systems technologies used in their platform proved valuable.
We were then called back the next day, Saturday 31st December, to help with some new issues that had arisen, and again went above and beyond to help the client. Eventually, the issues were identified as likely being related to parts of the system the client was not directly responsible for and a variety of mitigations were subsequently established that helped.
At various stages the situation was critical for the client, as they were being blamed for the situation, so the evidence collected and solutions provided were important in providing evidence to the contrary.
Nobody knows Apiman better than us. We offer a range of support packages that provide 24/7 access to the Black Parrot Labs team if and when an emergency arises.
Augmenting Existing Platforms with API Management Capabilities
When Apiman was designed, a core philosophy was that it should be as modular and flexible as possible, and hence there many points of extensibility and integration. This approach lends itself well to integrating Apiman into existing platforms to seamlessly offer API Management capabilities.
A project that BPL is undertaking involves the integration of Apiman into an existing low-code/no-code integration platform vendor serving a large retail group. This collaboration is not just providing Apiman and API Management expertise, but also training and software architecture.
And this is not the first time we've done similar integration work. In fact, this appears to be quite a common area of interest.
We were delighted to work closely with another low-code/no-code business automation vendor who needed a variety of features adding to Apiman that would benefit their downstream product. In fact, many of the features that landed in Apiman 3 were by virtue of our collaboration with them: events, notifications, developer portal API, implicit permissions system, API approvals, etc.
We've also developed enhancements to various areas of Apiman's codebase as a direct result of collaborations with clients. For example, several significant enhancements were made to the Elasticsearch metrics implementation to allow collection of arbitrary headers, query parameters, and even logging to file instead of a remote server.
If you need features adding to Apiman, particular issues fixed, or insight into the roadmap, we would be delighted to work with you. As the original developers and maintainers of Apiman, we have unparalleled knowledge of the codebase, as well as extensive experience integrating Apiman into other platforms.
We understand that Apiman's flexibility is very attractive to customers, and they would like to transfer knowledge about Apiman to their development teams. Apiman is Java-based, and therefore it's easy to integrate with existing Java/JVM-based codebases, which tends to make excellent use of existing skills and resources.
We've delivered custom training on a wide variety of topics, including plugin development, notifications subsystem, events subsystem, general architecture, permissions system, and much more.
For some clients it's difficult to upgrade to newer major versions of Apiman. Sometimes that's because their end-client considers upgrading a risk, or they are simply happy with the stability and functionality of the existing version.
Hence, we offer long-term support to customers who need it. For example, we maintain a old Apiman 2.x release for a customer who is in a restrictive environment, and have backported features as-needed at their request.
Optimisation & architecture
We've worked with clients to help optimise their deployments and advise on best practices for Apiman. Every deployment is unique and requires time, research, and testing, but we've built up great base of experience to help customers rapidly hone in on the best settings — including in large deployments on platforms such as OpenShift and Kubernetes.
In modern software, security issues are a fact of life. As part of our support offering, we proactively inform customers about CVEs that may affect their deployments as we discover them.
Once identified, we open a ticket in our portal to keep customers updated as we identify the CVE's cause, and develop a mitigation or patch. Our goal is to keep customers as secure as possible whilst providing the fastest practical remediation; sometimes this means starting with interim changes to mitigate risk, followed by a permanent patch later.
We keep in constant dialogue with customers to find the best solution for their unique deployment.