Blog
May 6, 2026
There are a lot of great API managers available. Starting with the A's, we have Akana, Apigee, AWS and Azure, among others. DreamFactory is a secure, self-hosted enterprise data access platform that provides governed API access to any data source, connecting enterprise applications and on-prem LLMs with role-based access and identity passthrough. The first part of this post explores how you can use DreamFactory with almost any API manager. The second part explores scenarios where DreamFactory is a more effective way to manage governed data access than an API management solution alone.
How API management platforms work
API managers are often used to expose REST APIs to an internal or external group of developers. An internal group of enterprise developers might use a catalog of API services as a starting point for software development projects. An external group of partners might use the APIs for integration with their backend systems. In some cases, partners might use the APIs to purchase goods, services, or information.
An administrator adds any number of services to the API management catalog. They need to enter REST URLs, select HTTP verbs, and write documentation for each service. Then developers or partners are invited to the portal. When someone goes there, they see a catalog of the APIs they can use. They can interactively test out the services, or get code samples showing how to call the APIs from different languages.
API managers are very good at listing API services, governing API access, providing documentation, metering usage, and in some cases, charging subscription fees. An API manager is similar to an API marketplace, where developers can go to browse publicly available services.
The API manager acts as a proxy gateway. When a service in the catalog is called, the API manager invokes the actual REST API, waits for a response, and then relays the results back to the original caller. This is how an API manager tracks usage and limits access to the various services in the catalog.
Arbitration layers build bottlenecks
The services listed by an API manager are not usually appropriate for mobile application development. The problem is that using an API manager introduces an additional proxy relay on top of the underlying service. This means that the service is often too slow for transactional mobile applications where the round trip delay needs to be a half second or less.
API managers mainly provide a service catalog. For a modern developer to actually use the services, they have to build out a runtime platform for application hosting, create a user management system, develop role-based access controls, etc. For this reason, API management systems are often used for backend integration scenarios. The services are mainly intended as building blocks for other servers to use. This reflects the SOA heritage of many API management companies.
How to use DreamFactory with an API manager
DreamFactory works with almost any API management system. You can expose governed REST APIs for any SQL database, NoSQL document store, file store, SaaS app, or legacy system in minutes. Role-based access control, identity passthrough, audit logging, server-side scripting, and data orchestration capabilities can be used to customize and govern the service.
First, create an application in the DreamFactory admin console and assign it a default role. Then use the API Key for that application as a URL parameter in the API Management system. This provides access for unauthenticated users to all of the services enabled by that role. The API Key will be “hidden” by the API manager, so access will be limited to the developers who are invited to the portal.
When documenting the service, be sure to list the URL parameters that developers will need to know about. This lets them customize many aspects of the REST API call. The parameters for a given service are explained in the Live API section of the DreamFactory admin console. The API manager will pass these parameters to DreamFactory when the service is called.
When you connect a database to DreamFactory, the request URL for the service will look something like this:
www.server.com/version/database/table?param=value
The “database” path name is a label for the database, and the “table” path name is one of the tables in that database. Some API managers support flexible path names like this. In that case, you can expose multiple database tables with one listing in the API manager catalog. Other API managers do not support flexible path names, and in that case you will need to create a separate listing for each database and table that you want to expose.
When to use DreamFactory instead of an API manager
There are times when DreamFactory is the right choice instead of a standalone API manager. If you need governed data access for enterprise applications, AI agents, or on-prem LLMs with role-based access control, identity passthrough, and full audit logging, DreamFactory is the better fit. If you only need a service catalog and usage metering for server-side developers, a traditional API management portal may suffice.
Some visual aids will help illustrate the difference. Below is a view of the developer portal in the Microsoft Azure API Management system. You can see a listing of the available services and try them out interactively. Code snippets are provided for calling the services.
A modern developer can either sign up at the portal or be invited. They are presented with a runtime platform for building mobile, web, or IoT applications. The platform is pre-loaded with all of the services that they need for modern application development. They can invite other administrators, manage end users, create user roles, and onboard other services as needed for integration. They can use server-side scripting to customize existing services or develop custom services if needed.
There is a listing of the available services under the API Docs tab. The listing can include SQL and NoSQL database services, Third-party services like Twilio and Stripe, or other external REST or SOAP services that have been added to the environment. DreamFactory supports the Swagger API documentation system to list and interactively try out the services. Here is an illustration of the service catalog and documentation interface.
One advantage to the DreamFactory development environment is that the platform is directly connected to the data sources. This is consistent with DreamFactory’s primary focus on providing transactional API services for massively scalable runtime environments. API management systems require an additional HTTP proxy relay for each call that passes through the gateway. That can introduce speed and scalability concerns.
DreamFactory use cases
If your audience is a client-oriented modern software developer, then an instant developer environment makes a lot of sense. Here are some popular use case scenarios for using DreamFactory.
Curated enterprise development environments
Companies often have different departments building different types of applications and AI workloads. With DreamFactory, IT staff can create governed API environments appropriate for each type of application or AI use case. Developers can access pre-approved, governed APIs with role-based access control, identity passthrough, and audit logging already enforced. The API services and access rights to databases are curated by IT administrators, decoupling backend governance from front-end development. This brings dramatic savings in time and cost while ensuring that AI agents and applications access only the data they're entitled to see.
API sandboxes for modern developers
Many companies need to provide developers and AI systems with governed access to data and services. With DreamFactory, they can provide a complete governed API environment instead of just listing endpoints in a catalog. A developer or AI agent gets instant access to governed REST APIs with role-based access control, identity passthrough, and rate limiting already configured.
DreamFactory provides the governed data access layer plus all the supporting capabilities needed for enterprise development: user management, role-based access control, audit logging, server-side scripting, and integration with authentication systems like OAuth, LDAP, and SSO. This significantly lowers the barriers to building secure applications and AI workloads. Instead of rebuilding data access, auth, and governance for every project, teams focus on building experiences while DreamFactory handles the governed data layer.
Custom partner access portals
API management is a good way to make REST API services available to a partner. But partners often need more than a service catalog. They may need to control administrative access within their own organization, implement role-based access for their own developers and AI systems, customize services with server-side scripting, or integrate with their own databases and authentication systems. DreamFactory enables all of these scenarios through governed API environments with identity passthrough, role-based access control, and full audit logging.
Partners can administer user roles, control access to specific endpoints and data, and connect their own AI agents or applications to governed APIs. Because DreamFactory enforces security at the API layer with identity passthrough via OAuth, LDAP, or SSO, every partner query is tied to a real user identity and fully auditable.
A complete platform
DreamFactory offers much more than the aggregation options of a traditional API management platform. It's a secure, self-hosted enterprise data access platform that provides governed API access to any data source for enterprise applications, AI agents, and on-prem LLMs. With role-based access control, identity passthrough, full audit logging, and a built-in MCP server, DreamFactory gives teams governed data access without rebuilding security for every project. Contact the DreamFactory team for a free 30-minute demo.
