In today’s rapidly evolving digital landscape, organizations face increasing pressure to deliver real-time, responsive applications. In this post I’ll explore the convergence of event-driven architecture (EDA) and API-first approaches, demonstrating how these two paradigms complement each other to create more robust enterprise solutions.As businesses want to become more agile and responsive, they find that traditional REST APIs alone cannot address the demands of modern applications. While REST APIs excel at handling direct, synchronous interactions, they show limitations when dealing with real-time updates. This is where event-driven architecture (EDA) comes into play, offering solutions for scenarios requiring immediate notifications and real-time data distribution.
Just as APIs make it easy to engage in request/reply interactions, APIs are needed in the realm of EDA to give developers an easy way to access information/updates being sent as part of an event stream. These are call event APIs.
We are seeing the emergence of Unified API Management bringing together traditional REST APIs and the event-driven capabilities of so-called event APIs. This unified approach to leveraging the two complementary kinds of APIs enhances developer experience, streamlines operations, improves system efficiency, and enables organizations to better serve their employees, partners and customers.
Let’s examine how organizations can effectively implement and manage both REST APIs and event APIs within a single framework. I’ll explore the benefits of treating events as first-class citizens in an API-first world, discuss practical implementation approaches, and provide real-world examples of how this unified approach creates value across different industries. This guide will help you understand how to leverage both traditional APIs and event APIs to build more capable, scalable, and responsive applications and services.
Event APIs and REST APIs – Two Sides of the Same Coin
Why do Event APIs and REST APIs go hand in hand?
If you take a moment to consider the relationship between APIs and events, you’ll realize that they are two complementary aspects of modern software architecture – essentially two sides of the same coin.
Traditional REST APIs excel at handling direct, synchronous interactions where immediate responses are needed. They’re particularly effective at issuing specific commands and retrieving information precisely when users request it. For instance, when browsing through an online retail catalog where you expect an immediate response placing an order or checking an order’s status at a specific moment in time.
However, when it comes to staying informed about ongoing changes and updates happening to your order in the background, APIs begin to show their limitations. Let’s say you want to follow the journey of your order through various stages – from the initial moment when your credit card has been successfully validated, through the warehouse process where the order has been picked from the shelves to shipping, and more importantly know in real-time of potential complications such as the package being held up at customs or border control.
Traditional APIs aren’t particularly well-suited for this type of continuous monitoring. The common solution of repeatedly polling for status updates creates significant challenges – it generates excessive network traffic and unnecessary system load as your application constantly checks for changes – often referred to as “polling madness” – which was coined when it was discovered that 98.5% of polling requests return no new or updated information. This madness leads to both scalability issues and increased operational costs. Despite all this overhead, it still fails to deliver the optimal user experience of knowing your order’s status in real-time.
This is precisely where event-driven architecture demonstrates its true value. Event APIs provide an elegant solution to these real-time notification challenges.
In a modern enterprise environment, any significant change or occurrence can be captured as an event. When something important happens – like an order status change, a price update, or a stock level adjustment – this information can be immediately shared with all interested parties. Applications can subscribe to receive specific types of events that matter to them, creating a more efficient and responsive system.
This approach eliminates the need for constant polling and ensures that information flows naturally as changes occur., Modern applications need to be increasingly responsive and dynamic. To achieve this, organizations require a robust and scalable platform that seamlessly integrates both traditional Web APIs for direct interactions and event-driven capabilities – event APIs – for real-time updates and notifications. This combination allows businesses to build responsive, efficient applications that can handle both immediate requests and real-time updates effectively.
And that is why I say REST APIs and event APIs are two sides of the same coin – they complement each other perfectly, each handling different aspects of modern application architecture to create complete, responsive, and efficient systems that better serve business needs and user expectations.
Use Cases that Showcase the Synergy of REST APIs and Event APIs
Event-enabled Order Management System
Let’s examine an order management system in detail – a critical component of business infrastructure.
We’ve carefully designed and deployed a robust REST API that enables our partners to build applications and integrations that help expand our market reach and sell our products through multiple channels.
Our customers have diverse needs when interacting with our system. First and foremost, they want the ability to search through our extensive product catalog and access detailed information about our offerings. This includes not only basic product details but also real-time inventory levels, pricing information, and product specifications. They need to know exactly what products are available, what’s currently in stock, and when out-of-stock items might become available again.
And naturally, once they’ve found what they’re looking for, they want a smooth and efficient process to place their orders through our system.
And the customer journey doesn’t end with the order placement. What’s equally important is their ability to track and monitor the progress of their orders through every stage of fulfilment. They want to know precisely where their order stands – has it been received and processed by our warehouse team? Has it been picked from our inventory and prepared for shipping? Has it left our facility and begun its journey to them? And if there are any complications, such as customs delays or other shipping delays, they want to know about these too.
This brief video shows how REST APIs and event APIs combine to enable a rich, real-time order management experience:
These various status changes represent events that occur in the background of our operations, and with a traditional REST API approach, you face a significant challenge. Our systems would need to constantly poll for updates to discover when these changes occurred, creating unnecessary load and potential delays in status updates. A more elegant solution is event-driven architecture and event APIs – by implementing an event-based system, you can have our internal systems automatically generate and send out events in real-time as these status changes occur. These events are then immediately delivered to external applications that have subscribed to receive them, ensuring our partners and customers always have the most up-to-date information without the need for constant polling. This approach not only improves system efficiency but also enhances the overall customer experience by providing instantaneous updates about their orders. A must have in an on-demand world.
Supply Change Management with IoT and Events
Picture a supply chain service provider that offers comprehensive solutions for tracking shipping containers, giving cargo owners detailed visibility into their shipments throughout the entire transportation journey. While traditional REST APIs serve essential functions – such as allowing our cargo owners to efficiently register new shipments and execute queries about current container locations – modern supply chain management requires more sophisticated real-time monitoring capabilities.
This becomes particularly crucial in scenarios involving unusual or potentially problematic activities that demand immediate attention and response. For instance, a rise in temperature within a temperature-controlled container that could compromise sensitive cargo. Or security concerns like doors being opened at unauthorized locations.
To address these scenarios, you can deliver immediate real-time event and alert feeds to our customers through event APIs following the same self-service model as our REST APIs, ensuring consistency in the user experience while providing the additional benefit of real-time notifications.
Now our customers can both actively query information when need and passively receive critical updates automatically, creating a comprehensive monitoring solution that helps them to detect unusual events such as potential theft or spoilage of goods when it happens and react quickly to mitigate risk.
Events as Products in the Aviation Industry
In the aviation industry, EDA makes a big impact on customer experience and operational efficiency. The aviation sector handles a continuous stream of critical events through air traffic control and ground operations – including but not limited to last-minute departure time adjustments, unexpected gate changes, various types of delays, and real-time updates about gate openings and closures. These events have become increasingly valuable to our stakeholders: from airline partners managing and optimizing their operations, to airport authorities coordinating ground services more efficiently, and extending to retailers and service providers operating within airport terminals who can adjust their operations based on passenger flow and provide a tailored customer experience for passengers.
Given the extensive variety of event types and the volumes of real-time updates that are generated across airport operations, it’s clear that traditional REST APIs simply cannot scale efficiently to meet the challenge of distributing time-sensitive notifications to a broad network of partners. That is where event APIs demonstrate their true value, enabling straightforward self-service access to customized event feeds.
This approach not only solves technical challenges of real-time data distribution but also creates new opportunities for innovation and service improvement across the entire aviation ecosystem.
Benefits of applying API Management Principles to Event APIs
An event API describes a family of related events and is the means by which developers can give the application they’re building access to data flowing as part of an event stream.
As events continue to gain prominence, event APIs become as important as traditional APIs in modern software architecture, which makes it crucial to apply similar governance principles to the management of both events and event APIs.
This evolution in our approach to event streaming requires us to make events as accessible and developer friendly as REST and other conventional synchronous API styles, ensuring seamless integration across our technology landscape.
A comprehensive approach to event management delivers significant benefits across multiple dimensions.
By making events readily available as event APIs, you enable developers to create more sophisticated and responsive user experiences that combine the resource oriented, request-response interaction of traditional APIs with the real-time capabilities of event APIs. This synergy opens new possibilities for innovation and application development.
Furthermore, you can identify and capitalize on previously untapped business opportunities by providing real-time data streams to our entire business ecosystem – from suppliers and partners to customers – through seamless integration with event APIs.
The implementation of self-service onboarding processes and streamlined access mechanisms facilitates rapid scaling of our developer ecosystem, partner network and customer base, accelerating business growth and market expansion.
From an architectural perspective, adopting an “event API first” approach transforms EDA from an infrastructure consideration into a fundamental pattern that architects and developers can leverage effectively. This elevation in status promotes greater reuse of event APIs and wider adoption across the organization, leading to more consistent and maintainable systems. It also establishes a strong foundation for building scalable, responsive applications that can adapt to changing business needs.
“It is useful to think of REST APIs is how they change things … and in response to a change you can fire an event… you can look at all your POSTs, PUTs, UPDATEs, DELETEs and see what event you could be generating… then prioritize them based on business impact…”
Jonathan Schabowsky, Field CTO at Solace
By providing developers with the tools and documentation to connect multiple applications, services, and integrations to our event mesh, Solace also maximizes platform utilization. The development of new API-based integrations becomes more efficient through well-documented event APIs, while self-service onboarding capabilities and automated broker configuration substantially reduce the operational burden on our platform and middleware teams. This automation and self-service approach not only accelerates development but also ensures consistent broker configuration of resources and access controls.
The transition from REST-based real-time data access to event protocols brings substantial technical benefits. It eliminates the need for resource-intensive polling mechanisms and reduces the infrastructure requirements typically associated with traditional APIs, such as extensive caching systems or horizontal scaling of API Gateways as well as back-end services and systems. This shift results in significantly reduced data transfer volumes and more efficient resource utilization across the entire system, leading to better performance and lower operational costs.
In terms of security and compliance, the implementation of coherent and consistent runtime access controls significantly enhances our data security posture and ensures compliance with increasingly stringent regulations. Sensitive information receives enhanced protection through granular access controls and permissions, substantially reducing the risk of unauthorized data exposure or breaches. A key advantage of this approach is the ability to quickly revoke data access across multiple clients by retiring specific event APIs, providing a centralized and efficient method for managing data access controls. This capability becomes particularly valuable in scenarios requiring rapid response to security concerns or changes in data access requirements.
Making Events First-class Citizens in the “API-first” World
Pain Points in Traditional API Management
APIs and API management practices are experiencing a significant transformation. Organizations face increasing challenges with API sprawl and the proliferation of shadow APIs, resulting in a fragmented environment where APIs are distributed across multiple API management solutions and other technologies. In some cases, these APIs operate without any governance structure.
In addition, the days of monolithic “full API lifecycle management” are about to end – the “great unbundling” with organizations increasingly using a best of breed approach for different aspects of API management and governance.
“Organizations are moving away from broad suites that cover API planning, design, testing, gateway, portal, and lifecycle management. Instead, they are combining vendor tools. This is what Erik Wilde has called the ‘great unbundling’.”
Mark O’Neill, Gartner on Linkedin
This dispersion creates substantial obstacles for development teams who must locate, comprehend, and gain access to the APIs they need for their projects. The situation necessitates implementation of both design time and runtime governance mechanisms across the complete API infrastructure. This dual governance approach serves multiple purposes: it works to enhance the overall quality of APIs, maintains consistency in implementation, improves the experience for developers working with these APIs, and ensures the application of uniform security measures across all endpoints. The governance framework needs to address both technical standards and operational requirements to be effective.
The limitations of traditional REST APIs have become more apparent as application requirements evolve. This has led to increased adoption of new API standards, particularly Async API, which provides specifications for event-driven interactions. The implementation of Async API introduces additional technical requirements, specifically for advanced event API use cases that rely on specialized protocols such as AMQP or MQTT, which operate outside traditional web protocols.
API Federation and API Marketplace solutions have emerged as structured approaches to address these operational challenges. These platforms provide centralized API discovery capabilities that can integrate with multiple API Management solutions. They offer comprehensive features including lifecycle management functions, systematic quality assessment processes, and API cataloging services. A key component is the unified developer portal, which serves as a centralized access point, providing self-service capabilities for all available APIs regardless of their origin or implementation.
The introduction of event API Management represents a response to the growing requirements for event APIs and AsyncAPI. Event API management provides event and event API governance and includes event API gateway functionality. It integrates with existing API Federation or API Marketplaces solutions seamlessly just like any other APIM. This combination ensures consistent management of both traditional and event APIs within the organization’s infrastructure.
How Event APIs make an API Program Better
As I outlined above, organizations face an increasing number of scenarios that require real-time access to accurate data across their systems and applications.
Traditional REST implementations, or more generally, blocking (synchronous) request-response communication patterns, can only provide an approximation of real-time data distribution. This approach incurs significant operational costs due to two main factors: the necessity for frequent polling to maintain data currency, and the substantial protocol overhead associated with web-based communications.
These limitations become more pronounced as the scale of data distribution increases and as requirements for data “freshness” become more stringent.
Event-driven non-blocking (asynchronous) interactions, facilitated through event brokers, provide solutions to these technical constraints. This architectural approach delivers several operational advantages: it establishes communication patterns that eliminate direct dependencies between systems, enables a notification-based model that removes the need for continuous polling, and implements protocols that reduce overall system overhead. The event-driven model also provides more efficient resource utilization across the entire system infrastructure.
However, the implementation of EDA presents significant technical and organizational challenges. The complexity of event-driven systems, combined with the learning curve required for development teams, creates barriers to adoption. This explains why many organizations and development teams continue to implement REST APIs, despite their known limitations. The familiarity and established patterns of REST APIs often outweigh the potential benefits of transitioning to event-driven systems.
The concept of treating events as event APIs represents an approach to incorporating event-driven interactions within established API programs. This integration requires presenting event APIs using formats and documentation styles that align with current developer expectations, making these APIs available through existing developer platforms and tools, and establishing streamlined self-service access mechanisms.
Our blog “The Case for Event APIs and Unified Event & API Management” discusses these aspects in more detail.
The combination of these elements forms unified API management — a comprehensive approach to handling both traditional and event-driven APIs within a single framework. This unified approach delivers multiple benefits across the organization. It enhances the developer experience by providing consistent interfaces and tools for both traditional and event-driven APIs. It reduces the operational burden on platform teams by consolidating API management functions.
These improvements enable organizations to realize the advantages discussed in the previous section: enhanced customer experience through more responsive applications, increased opportunities for innovation through simplified API access, improved resource utilization through API reuse, and expanded distribution of real-time information both within the organization and to external partners.
The subsequent section will examine in detail the fundamental components required to implement a “Unified API Management” strategy.
Treating Event APIs as Products
The term “API product” is widely used in traditional API management contexts. It refers to a curated collection of existing APIs that are combined and presented to application developers. It enables organizations to reconfigure existing APIs into different combinations, providing targeted solutions for specific client needs or use cases.
API products become the building blocks of that can be used to solve business problems and create a smooth user experience.
The methodology of designing APIs and API products by first considering the needs of the target audience – commonly referred to as “outside-in” design – has become a standard practice in API management and governance.
The API Product concept enables API product managers to consider APIs as representations of business capabilities – creating interfaces that effectively translate core business functions into digital services. The focus shifts from technical implementation details to business value delivery, allowing organizations to align their API strategy with specific market requirements and opportunities.
Event API products follow similar principles, adding a layer for packaging and presenting event APIs to developers. These products maintain the core concepts established by traditional API products while addressing the specific requirements of event-driven architectures. The principles of audience-focused design and business capability representation remain consistent across both domains.
An event API product provides organizations with the capability to package multiple event APIs that align with specific use cases or target developer requirements. This packaging can include various event types, notification patterns, and data streams that work together to address a particular business scenario.
The organization of these event APIs into products makes them more accessible and understandable to developers who need to implement event-driven solutions.
Additionally, the management of all API styles within the same products allows us to provide combinations of REST and event APIs that expose all aspects of a business capability.
The order management example I discussed earlier demonstrates this concept – the use case can be supported by an API product that provides access to all relevant APIs to developers. Such an API product might combine catalog and order REST APIs for direct queries with order and inventory event APIs for real-time updates.
It enables developers to build applications that provide an integrated user experience, effectively managing both (relatively) static data through REST APIs and real-time updates through event APIs.
Developers can access product information and process orders through REST APIs while receiving immediate updates about order status changes and inventory modifications through event APIs, all within a single, cohesive product offering.
This integrated approach simplifies the development process by providing all necessary APIs – both REST and event-based – in a single package, reducing the complexity of working with multiple API types and enabling developers to focus on creating applications that meet business requirements.
Bringing APIs and Events Together – Unified API Management
Building Blocks of Unified API Management
When examining your event-driven system through an API management perspective, there are two primary areas of consideration that require specific:
- Governance:event API Lifecycle Management necessitates specialized capabilities designed for the unique characteristics of event-driven interactions. While event APIs share some common elements with REST APIs, they present distinct requirements and challenges that demand a tailor-made approach.
- Developer Experience:Development teams expect a unified and consistent approach to API discovery and self-service access. They need to find event APIs in the same location – typically a centralized developer portal – where they access other types of APIs. This consolidation of access points streamlines the development process and reduces the learning curve for teams working with multiple API types.
This means you need three distinct but interconnected capabilities for successfully managing event APIs within your organization:
- Back-office event API managementwith an event portal. It handles the aspects of event API lifecycle management, including event schema definition, version control, and runtime configuration. The event portal provides the necessary tools for designing, documenting, and managing event APIs throughout their lifecycle, ensuring consistency and maintainability across the system.
- Front-office API management (or API governance)to curate and expose all your APIs: RESTful, event APIs and other API styles. This layer implements standardized governance processes across different API types, ensuring consistent quality, security, and compliance. It might also provide API product creation, enabling the combination of different APIs into offerings that address specific business needs.
- Storefront– a developer portal or marketplace for finding and gaining access to APIs and/or API products. This serves as the primary interface for developers, providing a unified experience for discovering, testing, and accessing both REST and event APIs. It enables developers to efficiently locate and implement the APIs they need, regardless of the underlying API style or technology.
Event and Event API Governance
You might ask yourself – if you have already implemented comprehensive API Management and Governance frameworks within your organization – why would there be a need for separate event and event API Lifecycle Management capabilities?
This question becomes particularly relevant as organizations expand their API strategies to include EDA.
According to established industry analysts such as Gartner and Ventana Research, event Management is emerging as a critical component in modern enterprise architectures. Their research indicates that while organizations may be inclined to extend their existing API Management tools to handle events and event APIs, these tools typically lack essential features required for effective event Management. Traditional API Management solutions were designed primarily for traditional REST APIs and do not adequately address the specific requirements of event-driven systems, including event discovery, schema management, and real-time monitoring capabilities.
In addition to traditional API Management, event API Management requires managing the lifecycle of discrete events and associated schemas as the elementary, reusable building blocks of event APIs.
PubSub+ Event Portal applies established API Management principles to the world of events. It enables IT organizations to develop, distribute, and oversee their event streams, event APIs, and applications more effectively as they build out their event-driven architecture.
Event portal provides a structured approach to managing the complete event lifecycle, making it easier for teams to work with event-driven systems.
It can be easily integrated with Developer Portals where teams can locate event streams and event APIs quickly and efficiently alongside traditional REST APIs creating a single, unified API Management solution.
Teams can work through the complete process of designing event streams and creating schemas, managing these assets throughout their operational lifetime. This includes practical aspects like deploying to different environments and handling version changes as systems evolve. The platform also includes useful monitoring features that automatically check your running systems to ensure they align with the original design specifications and verify that clients accessing your events and event APIs have proper authorization.
As discussed earlier, you can package event APIs into business capabilities that give developers the tools they need to create useful applications. This packaging approach makes it simpler for development teams to access and implement event-driven features in their projects. To understand this relationship, consider a comparison with mobile phone services: event APIs are like the basic services a mobile network provides – voice calls, data access, text messaging – while event API products work like the service bundles that mobile operators offer to customers. Just as you might choose between a “data-only unlimited plan” or a “combined plan with unlimited voice and 2GB data,” event API products let you package different event capabilities into solutions that make sense for specific user needs.
API Governance and Developer Experience
A new generation of API Management platforms is emerging that functions as an API Federation or Marketplace. These platforms provide organizations with comprehensive capabilities to oversee and present any type of API – whether traditional REST APIs or event APIs – across their technical infrastructure. This unified approach helps organizations manage their growing API landscape more effectively while maintaining consistency in governance, security and access control.
The API Governance functionality within these platforms includes automated API discovery mechanisms that create and maintain a complete inventory of APIs deployed across the organization’s infrastructure. This covers APIs operating on any API gateway within the organization’s network, as well as event APIs available through event API Management solutions or directly from event brokers.
These platforms implement a standardized lifecycle management process that applies to all APIs, regardless of their type or implementation. It includes systematic quality assessment procedures to maintain API standards and a curation process that enhances API documentation.
The improved documentation helps development teams understand and use the APIs more effectively, leading to better integration outcomes and reduced implementation time.
The developer portal component serves as a centralized access point, presenting all available APIs through a unified, detailed catalog. This portal goes beyond basic API listings to provide comprehensive resources for developers. Teams can access both technical specifications and implementation guidance, including standardized specification files such as OpenAPI for REST APIs and AsyncAPI for event APIs. The portal also manages the complete API access workflow – developers can request access to any API through a standardized process, and these requests automatically flow through to the underlying infrastructure, whether API gateways or event brokers.
Automation ensures that when access is granted, the appropriate runtime permissions are configured correctly, allowing developers to begin working with the APIs or events while reducing the administrative overhead with API access management.
Event APIs and Runtime Governance
The Propagation of API access requests to event brokers and API gateways ensures consistent authentication and authorization of API clients. As authorization is derived uniformly from APIs taking resources, channels, scopes and other metadata into account.
I have discussed event and API lifecycle management and design time governance. To round things up let’s have a look at the runtime data path and how unified APIM provides runtime governance.
The automatic propagation of API access requests to event brokers and API gateways governed by the API Federation or API Marketplace is a core mechanism to ensure consistent authentication and authorization of API clients across a heterogeneous API infrastructure.
The client authorization is derived uniformly from the APIs an application has access to, taking into account multiple factors including resources, URIs, event exchange channels such as topics and queues, OAuth scopes and claims, and other relevant metadata elements.
This comprehensive approach enables the implementation of precise access controls throughout the data path, establishing appropriate security control, resulting in improved data security, protecting sensitive information and reducing the risk of data breaches.
In case something should go wrong there’s one point of managing access which makes it easy to address and mitigate risk. Individual applications’ credentials that may be compromised can be revoked, removing access to all APIs they were applicable for. APIs access can be quickly revoked when it was granted erroneously or is no longer appropriate.
Likely, the future will see an evolution of Unified API Management and API Federation towards managing more policies – such as rate limiting, resource allocations, quotas – in the API governance layer and applying them to any applicable API.
Summary
In this document, I explored how REST APIs and event APIs function as complementary aspects of modern software architecture, effectively representing two sides of the same coin.
I demonstrated that event APIs deserve equal status as first-class citizens in an “API first” world, as they provide essential capabilities that complement traditional REST APIs. While REST APIs excel at handling synchronous interactions, event-driven approaches enable efficient solutions for real-time updates and continuous data flow.
Unified API management brings all APIs – REST, event APIs and other styles – together with three fundamental building blocks: a developer portal or marketplace with self-service access to APIs, front-office API management (or API governance), and back-office event API management with an event portal.
By treating events as first-class citizens alongside traditional APIs, organizations can build more responsive applications that effectively manage both request-response and real-time communications. This unified approach enables a consistent developer experience while maintaining appropriate security controls and operational efficiency across a heterogeneous API landscape.
Learn more
Throughout this article I have linked to some additional resources, but here are some more suggestions what to read next:
- See it and put it into action:
- Learn more:
