Building APIs is not just about technology. APIs enable many new business opportunities, but only if done correctly. Enter API Management platforms to provide the building blocks behind a successful API program. As a result of lucrative opportunities, many Software vendors have emerged or pivoted from their SOA management roots to provide API Management capabilities.
In this session, Kent will introduce you to Microsoft’s Azure API Management platform by providing an overview that highlights its capabilities and the opportunities that emerge for organizations. As part of this presentation, Kent will demonstrate how developers can create their first API and discuss strategies for transforming existing services to leverage Azure API Management.
This presentation will consist of general guidance on API Management, an Azure API Management portal walk-through and demos that re-enforce the concepts that were introduced.
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
API Management Part 1 - An Introduction to Azure API Management
1. tSponsors
Kent Weare
Integration MVP, Author
API Management Part 1 – An Introduction
to Azure API Management
BizTalk Summit 2015 – London
ExCeL London | April 13th & 14th
3. About Me
• 10+ years of BizTalk experience
• Author
• Microsoft BizTalk/Integration MVP since 2008
• Senior Architect – Calgary, Canada
4. What is an API?
•“In the simplest terms, an application programming
interface, or API, is a set of requirements that
enables one application to talk to another
application.” *
4
* http://readwrite.com/2013/04/24/api-gold-rush
5.
6. What is a Web API?
•Similar in nature but have a prescribed
implementation:
• HTTP(s)
• RESTful
• JSON (preferred), XML (supported)
• Spec Driven (Swagger, RAML, WADL, API Blueprint)
6
(ish)
8. The Rise of APIs
0
5000
10000
15000
20000
25000
2006 2007 2008 2009 2010 2011 2012 2013
Number of Public APIs
Managed Total APIs
Continued robust growth in APIs
Fueled by mobile, cloud, open & big data, IoT
Public APIs are just the “tip of the iceberg”
APIs are a core component for many startups
APIs are drivers of innovation in the enterprises
9. The Power of APIs
9
The power of APIs - In 2015
• Uber, the world's largest taxi company owns no
vehicles
• Facebook, the world's most popular media owner
creates no content
• Alibaba, the most valuable retailer has no inventory
• Airbnb, the world's largest accommodation provider
owns no real estate
Source: LinkedIn
15. Microsoft Azure API Management
Azure
API
MGMT
Project existing
or new services
as APIs
Publish APIs to
developers,
partners and
citizens
View
Operational and
Business
insights through
Analytics
Developer
Engagement
18. WEB USERS
WEB SITE
YOUR ORGANIZATION
APP DEVELOPERS
USERS
MOBILE APPS
SOCIAL APPS
PARTNERS AND
AFFILIATES
API
AZURE API MANAGEMENT
DEVELOPERPORTAL
REGISTRATION
DOCUMENTATION
INTERACTIVE API CONSOLE
DEVELOPERANALYTICS
APP GALLERY
FORUMS
NEWS
ISSUES
WIKI
API PROXY
SCALING
CACHING
MONITORING
TRAFFIC MANAGEMENT
ADMIN PORTAL
API PUBLISHING
SUBSCRIPTION MANAGEMENT
SECURITY
MEDIATION
CONTENT PUBLISHING
SITE CUSTOMIZATION
ISSUE MANAGEMENT
ANALYTICS
REPORTS
22. 22
6 weeks?
Try 6
months.
When we go live with this in
6 weeks. We will leapfrog
the competition and I will
get a huge bonus!!!
Security?
Enrollment?
Governance?
Visibility?
23. • #$%&#^% IT is too slow!!!
• Amateurs
• I should just outsource everything
24. I have no idea how we
are going to do this.
It takes 6 weeks just
for change
management.
What is API Management?
27. No Firewall Ports need to be opened
Out of Box Authentication
Throttling and Rate Limiting
Caching
Self Service Enrollment
Leverage existing investments
28. …and we now have
analytics so we can
track where
requests are coming
from and drive
future investment
37. How do I secure my backend services?
37
IP Whitelisting
Basic Authentication
Mutual Authentication (certificates)
Network Layer Security
(Express Route or Site to Site VPN)
39. API MGMT Premium GA
Static IP
OAuth 2.0 support
Backup / Restore
Certificate auth
Root APIs
HTTP support
Subscription per app
Performance improvements
(DevX and Proxy)
Recent News/Updates
41. Premium
> 1B API calls / month / unit
> 5x throughput of Standard unit
> 5GB cache
> Multi-geography deployment
> Virtual Private Network support
> Azure Active Directory Integration
> SLA 99.95% (with multi-geo)*
> Up to 10 units per region (or call for more)
Analogy:
You have a building, you want to allow people in and out of your building. Doors are used to allow people to enter or exit your building. People must conform to the way in which a door allows entry. It may be a door you push, you pull, or perhaps slide but you as the building owner are instructing visitors on how to get in or out of your building
Expand on why Spec Driven Development is important:
Code First
Design First
Self documenting
These are the building blocks of an API Economy
ISVs – build Software solutions that expose API endpoints to enable organization to exchange Data
New Channels – new opportunities emerge as a result of the API. For example many startups rely upon other APIs to build their business. For example an Auto Insurance company who wants to introduce self service quoting.
Marketing and Customer Relationships – For many organzations there is a renewed focus on Customer Relationship Management. With Social Media platforms being used by hundreds of millions of people world wide these people now have a platform and organizations are paying attention to Customer Sentiment. This is all being driven through APIs.
API Security – While there are no bullet proof solutions when it comes to Security, there are some common approaches used then securing APIs such as Oauth or identity federation such as Active Directory or Social Identity
Internal Agility – Ultimately introducing APIs to your organization should provide a layer of agility for your business. In the upcoming demonstration, I should be able to prove this out.
Programmable Web is tracking 13 174 public APIs on their website programmableweb.com . It is safe to assume there are millions more hidden inside the enterprise.
Let’s pretend the doors in the previous slide are the doors to a night club. Some night clubs will not have a doorman or a bouncer. The clubs that do chose to implement doormen, do so in order to maintain order. The owner of the club wants to protect its business or assets.
The bouncer is there for:
Authentication and Authorization: Authenticate and Authorize people by looking at their ID, ensuring they are of legal age, ensure they are not on the “Do not enter list”
Policy Enforcement - The Doormen is also there to ensure that people have a good time. If there is an unruly consumer the doorman there is to restore order and deal with those types of customers
Analytics - The doorman provides analytic services. Buildings often times have restrictions on the number of people who can be in the club at a particular place. The bouncer uses his “clicker” to count the number or people entering or exiting.
Customer Engagement Promote the club – the doorman may hand out promotional materials to entice customers to come into the club
Authentication and Authorization – Checking someone’s ID
Policy Enforcement Provide a good experience – Noisy neighbor. Or those people that are enjoying themselves perhaps too much and need to be put in order
Analytics – You want to understand where your customers are coming from, what products they are interested which helps you drive future investment.
Developer Engagement – how do you onboard new developers? Making an API simple will ease adoption. Tell story of USA Today MLB Salaries API discovery.
Not sure if you have ever seen a dog show on TV but it is pretty amazing to see dogs turn on a dime. An API Management Platform is there to provide similar capabilities for you business. By having an agility layer you can then pivot your business when a new business opportunity emerges without having to spend a lot of time in long development cycles.
You can think of API development in terms of a life cycle
We can project existing services as APIs or build our own
Publish our APIs to developers and partners in anticipation of integration
Monitor our APIs from both a business and operational perspectives
Engage new developers and communities to further expand our APIs reach
Talk about a very competitive landscape
A lot of acquisitions in this space:
Microsoft bought Apiphany
Intel bought Mashery
CA Technologies acquired Layer 7
In addition to these acquisitions other vendors such as IBM, Tibco, SOA Software(akana) and MuleSoft have offerings.
SAP signed partnership with Apigee
Let’s start at the backend where we may have existing or new services that need to be built. These services may be on-premise or may also be in the cloud.
Once you have your backend stabilized you then can begin the Admin process where you apply different policies based upon business need. These policies can include JSON-XML conversion, rate limiting, security
Once the API has been published you can now connect Apps that will make requests to the Proxy and the proxy in turn will communicate with the backend services. Since all traffic is moving through the Proxy, this is where our analytics are available to us.
Once we have everything configured and are satisfied with the experience, we can make our API discoverable through a Developer portal where developers can sign up for your API, get an application key and then use a developer console in a variety of languages.
Let’s double click and take a closer look at the architecture
There are a lot of features that exist within an API Management platform. You would not want to build this on your own.
Last time we caught up with Vince Vaughn, he was an intern at a start up company in Silicon Valley. Based upon his success at this startup he is now a savvy IT Manager at an Insurance company on the East Coast.
Insurance Business – offer services to new audiences
We now have a director from the business who wants to provide a mobile experience for his customers and create new revenue channels through partnerships.
Like may Line of Business owners, he wants rapid results.
Vince Vaughn on the other hand has seen how long it takes to get anything done in IT and knows he cannot make that 6 week deadline as there are just too many concerns that him and his team will need to deal with.
Like many IT Managers when faced with adversity, Vince polishes up his resume and hopes his team come up with a Hail Mary in order to keep his job.
After cautioning the Business Director that 6 weeks was not likely to happen, the Business Director became very upset.
He also has a grandson who is a Minecraft champion so surely this cannot be that difficult. If he can set up a MineCraft server in the cloud then surely these guys can allow customers to get quotes over their cellphones.
Vince then reaches out to his new hot shot architect. Unfortunately he is stumped and is not sure how to solve the problem in such a short timeframe. He then reaches out to Mike Stephenson who seems to have all the answers these days. Mike suggests looking into API Management.
After hearing about API Management, Vince is starting to become more and more confident that this date can be met. In part due to less friction than what is typically involved in these situations. Usually in these situations there are just too many teams and hand offs involved that just consumes a lot of time.
When asked how they are going to achieve the timelines, our hot shot architect mentions that since they do not need to re-write existing services they can re-use much of what has already been built.
At the architecture review board, Vince needs to present the solution to stake holders and describes all of the features in an API Management platform. He is able to address the non-functional IT requirements in addition to providing the business with the agility that it needs.
One of the key benefits of using an API Management approach is the ability to collect analytics out of the box.
Of course after the implementation goes live there is a resurgence in the confidence that the Business has for IT
Let’s take a look at what their initial architecture may have looked like. In this case we have some backend services available to BizTalk. These services include SalesForce, the cloud based customer information system. We also have a Policy System where all of the customer’s policy information is kept.
A Rating engine, or Quote Calculation engine, is provided in the form of our BizTalk rules engines where customer demographic and policy information is passed to and the Rating engine is going to output a cost for our customer.
Lastly we have the department of motor vehicles or the DMV which maintains a registry of cars. One of the attributes that the DMV will be maintaining is whether or not a vehicle is considered to be environmentally friendly.
Moving forward, we can introduce Azure API Management layer in front of our on-premise services. As you can see, within the enterprise there is a lot of SOAP messaging that is occurring. Mobile platforms typically do not support SOAP as JSON over HTTP is typically used instead. So using this approach we can introduce a layer of agility without changing all our backend systems.
We can continue to support agent to agent communication through the traditional application(s) but we now offer a mobile application and can support new channels by allowing Partners to re-sell our policies. All of the interactions between external parties and the insurance company are secured and managed through our API Management Platform.
Mobile App Walkthrough
Legacy Modernization
API Management Provisioning
Products
APIs
Operations
Analytics
Testing APIs
Custom Policies
JSON – XML
XML – JSON
String Manipulation
Caching
Rate Limiting
Security
Mobile App Walkthrough
Legacy Modernization – BizTalk has been characterized as being legacy which is a bit of a stretch but in this case were able to use our existing platform and investments in order to provide integration for a modern day use case.
API Management Provisioning – We saw the Azure API Management Administration portal where we were able to create our products, define our APIs and their related operations. We were then able to enforce some policies.
Dashboard and Analytics – Our Dashboard provided us with some useful operational and business analytics. We were able to determine which API operation was being called most frequently, from where and how long the interactions were talking.
Products – Products are our largest conceptual container where we can enforce policies. This is where we define a product and can assign it a tier. So we may have a premium paid tier where we allow for more API calls to be made. Similarly we can provide a free tier product where we allow consumers to try out our API with little commitment or friction.
APIs – APIs themselves represent our group of operations. We can also apply policies at this tier but these tend to be universal policies such as JSON-XML conversion.
Operations – Lastly we have our lowest level of granularity where we have a specific operation. Policies can also be set at this level and are very specific to our API Operation. An example of this is our string replacement policy where each operation may have a unique requirement.
Testing APIs – We also logged into our Developer Portal where we can test or “kick the tires” on our API. We saw that pre-built forms were available to us that contained sample data that allowed our “Time to first successful call” to be very low. We also saw code samples for many popular languages where we use that code in our applications to get up to speed very quickly
Custom Policies – Custom Policies allow us to alter both requests and responses as message enter or exit our API. We can kinda look at it similar to pipelines where messages can go through different stages and one stage builds on top of a previous stage.
JSON – XML
XML – JSON
String Manipulation
Caching
Rate Limiting
Security
Authentication and Authorization – Checking someone’s ID
Policy Enforcement Provide a good experience – Noisy neighbor. Or those people that are enjoying themselves perhaps too much and need to be put in order
Analytics – You want to understand where your customers are coming from, what products they are interested which helps you drive future investment.
Developer Engagement – how do you onboard new developers? Making an API simple will ease adoption. Tell story of USA Today MLB Salaries API discovery.
Azure API Management Premium tier has recently GA’d