API Management


State January 2019

Evolution of API Management

Since the last update of the Tech Radar, our API Management solution wicked.haufe.io has been applied in more projects inside the Haufe Group, and has also been adopted by other companies, such as Clarivate Analytics (part of Reuters Group).

Even more now, API Management should be used as a means of decoupling systems and giving standardized access to APIs of different projects, while not having to reinvent the authentication and authorization wheel all over again. As for wicked, it is now possible to do fairly lightweight integrations with arbitrary Identity Providers, also of course including our own Foundational Services (SAML2 identity provider).

wicked itself is approaching a first fully featured version 1.0; the feature set was primarily formed by the Sucasa project (new "Mein Konto" application), myOnboarding, Panama (which is also transitioning to wicked from Azure API Management) and the Developer Portal by Clarivate Analytics.

API Management can help with federating authentication and handling authorization, while giving a simpler way to integrate with the project. This has an even greater impact on the extensibility if the project itself is formed around an "API first" approach.

Problems solved

  • Federation of Atlantic SAML to simpler OAuth2 flows
  • Simpler deployment, using Kubernetes and Helm charts
  • Fully supported OAuth2 flows via built-in Authorization Server
    • Authorization Code Grant, including PKCE
    • Implicit Grant
    • Resource Owner Password Grant (for Identity Providers supporting it)
    • Client Credentials
  • Simple API Keys (like before)

Upcoming work

Wicked is still in the prerelease phase of version 1.0.0; we are happy to receive contributions or bug reports as we are approaching the actual release.

Having stated this, the recommended way of deploying wicked is using the Beta/RC versions, and not the previous 0.12.4 version. The Beta/RC versions are already stable enough for production workloads, as the actual API Gateway is still based on Kong Inc.'s Kong API Gateway.


scale | November 2017


With an exponential increase in the number of apps required in the digital world, businesses need to expose more data through APIs in order to provide richer and personalized app experiences both for internal users, customers, and partners. Public APIs foster innovation and allow you to bring new products and services to market faster. All these APIs require a strong API Management solution to measure performance and make business decisions based on API usage. API management solutions help you manage, secure, mediate, and grow your API program to meet the increasing demand. It enables you to create, secure, manage, scale and analyze APIs.

An API Management is a "Must Have" for partner business like it is a goal in different units and already on its way.

API Management solutions


We have our own API Management solution called Wicked. It is the recommended solution to implement an API Management.

Azure API Management

Azure API Management is used in the Panama project.

Our projects

Wicked API Management

Martin Danielsson from CTO Office created our own API Management solution. It has been fully open sourced, and we encourage anybody to contribute:

Usage of API Management


Martin Danielsson martin.danielsson@haufe-lexware.com and everybody from CTO Office _LeadArcsCTO@haufe-lexware.com