Introduction to web ap is
Upcoming SlideShare
Loading in...5

Introduction to web ap is



Exposing information through web APIs is quickly accelerating, with APIs being exposed by enterprises and governments, and being the de facto standard for startups. This deck provides answers to the ...

Exposing information through web APIs is quickly accelerating, with APIs being exposed by enterprises and governments, and being the de facto standard for startups. This deck provides answers to the following questions: What is a web API? Why is there so much buzz about it? What makes it different from classic SOA services? What technology and skills are needed to start exposing Web APIs? What's the difference between internal and external exposure of web APIs?This presentation will have a technical focus, while providing business context, including examples that illustrate business models and industry use of web APIs.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Introduction to web ap is Introduction to web ap is Presentation Transcript

  • © 2013 IBM CorporationIntroduction to Web APIsRachel Reinitz,IBM Distinguished Engineer, ISSWDinesh Shetty,Senior Certified IT Specialist, ISSW2678
  • 22 © 2013 IBM CorporationPlease NoteIBM’s statements regarding its plans, directions, and intent are subject to changeor withdrawal without notice at IBM’s sole discretion.Information regarding potential future products is intended to outline our generalproduct direction and it should not be relied on in making a purchasing decision.The information mentioned regarding potential future products is not acommitment, promise, or legal obligation to deliver any material, code orfunctionality. Information about potential future products may not be incorporatedinto any contract. The development, release, and timing of any future features orfunctionality described for our products remains at our sole discretion.Performance is based on measurements and projections using standard IBMbenchmarks in a controlled environment. The actual throughput or performancethat any user will experience will vary depending upon many factors, includingconsiderations such as the amount of multiprogramming in the user’s job stream,the I/O configuration, the storage configuration, and the workload processed.Therefore, no assurance can be given that an individual user will achieve resultssimilar to those stated here.
  • 33 © 2013 IBM CorporationAgenda•API Economy – Understanding the space•Top APIs today•Industry Examples of Web APIs•Terminologies, Roles & Relationships•Fundamental Concepts - REST, XML & JSON•API Styles•Web API Use Cases – Internal & External•API Security•Caching
  • 44 © 2013 IBM CorporationExploding and InterconnectedDigital Universe33% of all new business softwarespending will be Software as a Service1 billionworkers will beremote ormobile1 trillion connectedobjects (cars,appliances,cameras)1B Mobile Internetusers30% growth of 3GdevicesEmbracing New Technologies,Adopting New Business ModelsMobilityCloud / VirtualizationSocial BusinessBring YourOwn ITLarge existing ITinfrastructures with aglobalized workforce,3rd party services,and a growingcustomer base30 billion RFID tags(products,passports,buildings,animals)Cloud, mobile analytics, and social are fueling the hyper-growth of API-centric, business as-a-service economies
  • 55 © 2013 IBM CorporationExample players in the newservices economyBusiness functions delivered as API-centric services, enablebusinesses to co-create customer value with speed and scale“As-a-service” is disrupting the traditionalbusiness models and the technology consumptionparadigmThe evolution of SOA into technologies like REST allows forthe externalization of core services through consumable APIsTrend established in web-centric companies, and enterprisesare beginning new solution creation patterns – it changes theinteraction patterns and processes across businesses andleverage analytics, mobile, social and cloud to differentiateAgile, scalable, and consumable business as-a-service, APIsis shifting the application development market as Cloudsimilarly shifted delivery of ITTransform the business model along sales, contracts,engagement, processes, development, and delivery towards anew scalable model$1.5B revenue of10K+ affiliatesExpecting $10Bmobile transactionsin 201240% total unitssold by outsidesellers40% new businesscomes from non-CRM offeringsAPI only companyreaches 150,000developers and1.5M calls a day
  • 66 © 2013 IBM CorporationAPI-centric model is at thecore of mature born-on-the-web companies likeAmazon, Google, andfacebookRegistrations inProgrammable Web havemore than doubled thisyear. At that pace we couldsee more than 100,000APIs registered by 2016.By 2014, Gartner predictsthat 75% of Fortune 1000companies will exposesome form of APIs+80B API Invocations per day APIs registered across amultitude of business areas0500001000001500002000002500003000002004 2006 2008 2010 2012 2014 2016 2018 2020Projected +300k APIs by 2020We are here!All Fortune 1000 companies willhave APIs by 2015APIs as a strategic business tool for value co-creation andfront-office digitization is growing in Fortune 1000 companies
  • 77 © 2013 IBM CorporationApps, APIs and API Mgmt…BusinessOwner ITDeveloperConsumersNew business opportunities• New markets• Increase customers• Enhance branding• Competitive advantageExtend development team•Increase innovation•Increase scalePartner/supplieralignmentBenefitsBenefitsChallengesChallengesBusiness strategyInfrastructure• Security• Creation• ScalabilityOperational control• Publish• Analyze• Monitor
  • 88 © 2013 IBM CorporationPublic, Open-To-All APIsProtected, Open-To-Partner APIsPrivate, InternalAPIs• APIs are open to anydeveloper who wants tosign up• Apps are more targetedtowards end consumers• The business driver is toengage customers throughexternal developers• APIs are open to selectbusiness partners• Apps could be targeted atend consumers or businessusers• The business driver isusually different, based onthe data and type ofbusiness of the enterprise• APIs are exposed only toexisting developers withinthe enterprise• Apps are usually targetedat employees of theenterprise• The business driver is morearound productivity ofemployeesCustomers will require a combination of three API types
  • 99 © 2013 IBM CorporationConsumers are Internal and ExternaldevelopersConsumers are Internal (and maybe partner)developersEmbracing of open community/socialbusiness is criticalPromote reuse within a company andsometimes with partnersREST, leverage HTTP for Internet scale SOAP & protocol independent headersEasy of use based on simplicity andreadabilityInteroperability and tooling consumptionbased on WSDLFine grained, small amounts of data Coarse grainedRelaxed consistency Option for transactionality & reliabilityTrue ‘black box’ separation between WebAPI and consuming app; simple contractMore extensive contract between serviceprovider and consumer… in enterpriseimplementationsWeb APIs are Different from SOA Services
  • 1010 © 2013 IBM CorporationTop APIs todayIndustry Examples of Web API10
  • 1111 © 2013 IBM CorporationTop APIs today.. and growing8000 APIs and counting*Source: programmableweb.comTop APIs todayRight now!
  • 1212 © 2013 IBM CorporationPhilips hue API: Wireless Lighting• Provides wireless control ofdomestic lighting systems alongwith mobile apps• Opened an official developerprogram• Recognizes roadblock for biggerdevelopers - lack of commitmentand proper docsSource:“Now what we want to do as Philips is we actually want to help and grow and encouragethis community, and give them tools and proper documentation. Also, we want to givethem commitment that this is the API and we’re going to support it and it won’t changeovernight.” – George Yianni, Hue System Architect
  • 1313 © 2013 IBM CorporationPayPal API: Payments API• Launched X.commerce in2011 for eBay integration• Demand for features andsimplicity from developers• Newly launched REST APIs• Organized a developer loungeand competition“PayPal is making it easier for developers to accept payments from more than 123 millionactive accounts across 190 markets and in 25 currencies around the world, and we’d loveto hear from you” - Company blog post @
  • 1414 © 2013 IBM CorporationSingapore Expose Transportation Data through Web APIsand has many apps developed free by developersArticle talking about program - APIs example
  • 1515 © 2013 IBM Corporation•Terminologies, Roles &Relationships•Fundamental concepts• REST• XML• JSON15
  • 1616 © 2013 IBM CorporationTerminologies: Web APIs, Mashups & AppsWeb APIA defined set of HTTP requestmessages along with a definitionof the structure of responsemessages, typically expressedin JSON or XMLMashupA web page or application, thatuses Web APIs to combine data,presentation or functionality fromtwo or more sources to createnew services.Web AppAn application accessed by usersover the Internet or an intranet. Theterm may also mean a softwareapplication coded in a browser-supported programming language(such as JavaScript and markuplanguage like HTML)Mobile AppAn application designed to run onsmart phones, tablets and othermobile devices. Usually availablethrough application distributionplatforms, operated by the owner ofthe mobile OS. e.g. Apple App Store,Google Play, Windows Phone Store
  • 1717 © 2013 IBM CorporationRoles and RelationshipsApp Developer Business User IT Person• Develops cool newapplications against newpublic or private APIs• Understands one or moreweb programming languages• Spends his free timedeveloping Apps too• Wants to reach new marketsthrough new channels• Understands the businessand value of assets beingexposed• Needs to experiment withdifferent programs andcampaigns to drive adoption• Product Manages theinitiative• Exposing public APIs mightbe new to the IT Person• Worried about security andscalability of infrastructure• Short on time to do newprojects
  • 1818 © 2013 IBM CorporationREST22• Architectural style; Popular choice for building web applications• Verb = HTTP Action (GET, POST, PUT, DELETE)• Noun = the URI of the Service (the document)• Adjective = MIME type of the resulting document
  • 1919 © 2013 IBM CorporationXML• There are more XML APIs registered on programmableweb thanJSON• But JSON as a choice and JSON only APIs are increasing quickly• XML continues to be leading choice of format for APIs• But payloads are kept simple• Developers rely on examples rather than XML schemasExample: popular telephony service from Twilio<TwilioResponse><SMSMessage><Sid>SM1f0e8ae6ade43cb3c0ce4525424e404f</Sid><DateCreated>Fri, 13 Aug 2010 01:16:24 +0000</DateCreated><From>+15104564545</From><Body>A Test Message</Body><Uri>/2010-04-01/Accounts/AC228b97a5fe4138be081eaff3c44180f3/SMS/Messages/SM1f0e8ae6ade43cb3c0ce4525424e404f</Uri></SMSMessage></TwilioResponse>
  • 2020 © 2013 IBM CorporationJSON (Java Script Object Notation)• Lightweight data-interchange format;• Based on a subset of the JavaScript Programming Language• Easy for humans to read and write.• Easy for machines to parse and generate• JavaScript has and is increasing in popularity for browser andbeyond browser client applicationsTwilio example (cut down but you get the idea):{"sid": "SM1f0e8ae6ade43cb3c0ce4525424e404f“,"date_created": "Fri, 13 Aug 2010 01:16:24 +0000","to": "+15305431221","from": "+15104564545","body": "A Test Message","uri": "/2010-04-01/Accounts/AC228ba7a5fe4238be081ea6f3c44186f3/SMS/Messages/SM1f0e8ae6ade43cb3c0ce4525424e404f.json"}
  • 2121 © 2013 IBM Corporation•API Styles•Web API Use Cases• Internal• External21
  • 2222 © 2013 IBM CorporationProxies & Assemblies – Types of web APIsOrder Serviceorg/proxy1_orderorg/proxy2_customerCustomer ServiceInvoke Service AHTTP/JSONInvoke Service BHTTP/JSONHTTP/JSONHTTP/JSONClientAppClient LayerAPI Management Layer On Premise/Cloud ResourceEg. order/get/1234Eg. customer/1099Proxy StyleAssembly Style
  • 2323 © 2013 IBM CorporationTypical Architecture – SaaS-based API solutionDMZIntranetInternet,CloudConsumers
  • 2424 © 2013 IBM CorporationTypical Architecture – On-premise API solutionInternet,CloudDMZSecurity GatewayRich Internet ApplicationsDojo.baseDojo.dojox/Dojox.mobileDojo.dataNavigationControllersTemplating(django)Other UI TechAuthenticationAuthorizationOptimizationEcryption/DecryptionRouting/TransformationEnterprise Connectivity & IntegrationOn-premise APIsAssembliesProxiesExternal AppDevelopersIT OperationsBusiness UserEnterprise Information SystemsEnterpriseDataBaseCore ApplicationBackendEnterprise ESBProtocolTransformationAdapters REST Services SOAP ServicesHTP/XML HTTP/SOAPHTTP/JSONOtherEISHTTP/JSON/XMLMobile ApplicationsDojoXQueryInternalMobileApps(Internal)RIAInternal AppDevelopersIntranet
  • 2525 © 2013 IBM Corporation•API Security•Caching25
  • 2626 © 2013 IBM CorporationSecurity mechanisms for Web APIsOAuth•Enables users to allow webapplications to access other webapplications on the user’s behalfBasic Auth•Passes Username and password with therequest•Defined by the HTTP specification•Uses HTTP Header “Authorization”•Uses encoding, no encryptionAPI Keys•Not based on any standard•Service Provider decidesimplementation•Keys act like signatures
  • 2727 © 2013 IBM CorporationSecurity Mechanisms - OAuth“The OAuth 2.0 authorization framework enables a third-party application toobtain limited access to an HTTP service, either on behalf of a resourceowner by orchestrating an approval interaction between the resource ownerand the HTTP service, or by allowing the third-party application to obtainaccess on its own behalf”FourSquareTwitterSteve, logged on Foursquare, wantsto update his holiday location andalso post the same on his TwitterpageTwitter provides an access token forFoursquare allowing access toSteve’s twitter pageForsquare uses access tokenprovided by twitter to make a poston twitter on Steve’s behalfAccess token (no user id/password) required
  • 2828 © 2013 IBM CorporationSecurity mechanisms: API Keys•API Key‒ Code passed by web applications calling an API (UUID or unique string)‒ Establishes identity of the calling program, its developer, or its user to theWeb site‒ Used to track and control how the API is being usedMeasure, monitorPrevent abuse•Access Control‒ API Keys and Secrets provide Authentication mechanism – e.g. EveryTrailAPI‒ Implementation is decided by API provider
  • 2929 © 2013 IBM CorporationImplement CachingHTTP headers can contain caching directivesHTTP/1.1 200 OKDate: Fri, 30 Oct 1998 13:19:41 GMTServer: Apache/1.3.3 (Unix)Cache-Control: max-age=3600, must-revalidateExpires: Fri, 30 Oct 1998 14:19:41 GMTLast-Modified: Mon, 29 Jun 1998 02:28:12 GMTETag: "3e86-410-3596fbbc"Content-Length: 1040Content-Type: text/htmlCaches improve network efficiency, improves scalability, and improvesuser-perceived performance of your API
  • 3030 © 2013 IBM CorporationExpanding to APIs – IBM Serviceshas the Expertise to Ensure Your Success30• What should my API Strategy be?• How are APIs being used in my industry?• What is needed to expose and manage APIs?• What security do I need?• Who are my target developers?• How do I delivery and measure business value?• How do I get IBM API Management setup quickly?• Help me design my APIs?• How do I expose my backends as APIs?• Help me secure and scale my APIs?• How do I deliver reports to my management?• How do I integrate with existing infrastructure?API CentricArchitectureAssessmentRoadmapIBM SoftwareServices forAPIManagementFor more information contact us at
  • 3131 © 2013 IBM Corporation• Emerging technology resources includingproven, prescribed, and repeatable assets &offerings to accelerate Mobile, Cloud, andSmarter Process adoption.• Access to worldwide skills, capabilities, andeducation that only IBM Software Servicesfor WebSphere can bring to your project.• Practitioners’ insight on project trends,best practices and emerging technologiesthrough personal videos, blogs, articles &more.• Discover defined and proven offerings toget your project started us in the Solution Center:• Services, Support and Education Zone• Smarter Process ZoneIBM Software Services Zone for WebSphere
  • 3232 © 2013 IBM CorporationWe love your Feedback!Don’t forget to submit your Impact session and speaker feedback!•Your feedback is very important to us – we use it to improve next year’sconference•Go to the Impact 2013 SmartSite (http://impactsmartsite/com):‒ Use the session ID number to locate the session‒ Click the “Take Survey” link‒ Submit your feedback
  • 3333 © 2013 IBM CorporationLegal Disclaimer• © IBM Corporation 2013. All Rights Reserved.• The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information containedin this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which aresubject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothingcontained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms andconditions of the applicable license agreement governing the use of IBM software.• References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/orcapabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment tofuture product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken byyou will result in any specific sales, revenue growth or other results.• If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete:Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user willexperience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the users job stream, the I/O configuration, the storageconfiguration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.• If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete:All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costsand performance characteristics may vary by customer.• Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBMLotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server).Please refer to for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in yourpresentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included inyour presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of InternationalBusiness Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.• If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete:Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.• If you reference Java™ in the text, please mark the first use and include the following; otherwise delete:Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.• If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete:Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.• If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete:Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States andother countries.• If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete:UNIX is a registered trademark of The Open Group in the United States and other countries.• If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete:Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks ofothers.• If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, ZetaBank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustrationpurposes only.
  • 3434 © 2013 IBM CorporationBackup Slides34
  • 3535 © 2013 IBM Corporation