APIs can be created and exposed to consumers directly without the need for an API platform. However, this is highly unadvisable as it requires a high level of effort and diligence in terms of network security and firewall configuration, while still exposing organizations to a significant level of risk. Instead, API managers need to ensure their APIs are secured against all common threats and provide facilities to manage a community of developers using a user-friendly portal. By providing a central point of access, together with full API documentation, API managers can create a controlled environment that will promote API usage for an organization. When a service endpoint is accessed using an API Gateway that enforces security policies, ...