Why API Management matters?Strategic enterprise benefits with APIManagement
HTML5, Proxy and APIs -The NewThree Tier Architecture
ObjectivesResourcepooling•Multi-tenancy•Resource utilization•Shared, virtual infrastructure•InteroperabilityOn-demandself-service•Fine-graded metering•Billing & reporting•Flexibility workload assignment•Standard service offerings•Quick deployment and automationRapidElasticity•Stateless services•Rapid provisioning•Flexible topology•High Quality of ServiceSaaS delivery model(pay per use)
Traditional vs. New SOA ModelCloudCentricAccountability[Contracts/SLAs]Visibility[Analytics]Control[Governance]Agility[Self-ServiceprovidesOperationalEfficiency & Agility]
Driving Force behind API ManagementSaaS-style delivery model for API Services•AaaS: Providing API’s as a Service•Access services on any device from anywhere at any time•Self-Service shifts IT centric model to a delegated administration methodology•Monetization – usage based chargebacks•Multi-tenancy for Service Layer – Prevent single tenant monopolizing resources•Analytics-as-a-Service: To offer Next-generation analytics/Big Data as API•Low TCO and high ROICloud Service Brokerage(CSB) Infrastructure for Healthcare Integration•Essential for Health Information Exchange(HIE), EMR/EHR projects to facilitate secureinformation exchange between disparate organizations across boundaries.•API Marketplace to browse API Catalog, subscribe APIs, establish contracts(SLA)•Customization – Implementing unique services or capabilities beyond the originalservices•To apply cross-cutting concerns like security, privacy, QoS, policies and mediationswithout impacting upstream and downstream systems.
Driving Force behind API Mgt (Cont’d)Consumerization & Mobile Enablement•To support Bring Your Own Device (BYOD) programs and Mobile DeviceManagement(MDM)•To modernize services for mobile consumption [Cache, Compress, Pagination,Pre‐fetch content, WAN optimization - chatty to chunky interfaces]•To secure REST APIs: Map Web SSO and SAML to mobile‐friendly OAuth, OpenIDConnect and JSON Web tokens•To adapt Mobile App Paradigm by leveraging existing Enterprise AssetsIncrease Operational Efficiency•Fully integrated API Mgt Suite (Turnkey solution that includesDevelopment, Runtime and Operational governance capabilities)•Reduce IT burden – Delegated, role-based administration via 24/7 self-serviceportals vs., dependency on limited IT resources•High visibility with real-time dashboards for Root Cause Analysis•Impact Analysis for Change Management•Elastic Scalability – Scale-out / Auto-Scale all components
how API Management relates to SOAGovernance?Gartner’s : Application Services Governance
GatewayService Virtualization for exposing on-premise and external APIs as servicesAuthentication and Access Control, enforcing OAuth or API key access on inbound RESTful requests andproxy these to internal services, Credential Mapping, Identity PropagationData Format Mediation, with support for conversion of unstructured, semi-structured and structuredXML data into RESTful API responsesProtocol Mediation across a wide range of protocols including SOAP, JMS, MQ, FTP(S), Raw TCP, andcustom protocolsContent Attack Prevention, including support for XML and HTTP level content threats, denial of servicesupport and policy-based input validation.SLA Management and Rate Limiting, including support for identity based metering of API calls andexternalized policies that enforce a consistent quota across a cluster of gatewaysPolicy Engine, with support for service composition, orchestration - conditionals and looping, responsecaching, pagination expressed as policy, not code
API GatewayGreater flexibility for changing policy requirementsConsistent processing across multiple servicesOn-demand API customizations for individual client needs
API ManagementAPI Product Management, API packaging of existing services as productsDeveloper on-boarding and registrationPortal administration and content management systemReporting and analytics for API usage and latencyDeveloper facing services catalogDeveloper enablement tools, such as IO docs, which provide mock-responses fortesting APIsAdmin tools, to allow administrators access to developer approvalsCommunity tools, such as forums, blogs and application galleries
DevOps- Service Lifecycle ManagementProject and TeamManagementSoftwareDevelopmentWorkflowGovernance andComplianceDevelopment ToolsIssue TrackingSource ControlContinuous BuildContinuousIntegrationTest HarnessContinuous Delivery(Configuration Mgt)ContinuousPerformanceManagementMetadataRepositorydPaaS/DevOps - development Platform as a Service
DevOps: Test-Driven Development +Continues Integration + CPM
Operational ManagementCapacity and Availability Management – Plan and manage throughput andavailability to ensure that you deliver the performance and service levels yourcustomers expect without risking internal system overload.Root cause Analysis – Track transactions from the API where they enter your businessto the back end services and applications that process them so you can quickly findand fix problems.Impact Analysis – Understand the relationships between your business systems andapplications, SOA assets and services, APIs and your customers and partners. Thisway you will know the potential impact of any changes you plan to make before youmake them.End-to-end Security – Use the appropriate security models and standards for servicesand APIs even if they are different. Use the SOA Software product set to enable end-to-end security mediation and integration with enterprise security systems.
API and SOA Deployment ArchitectureAPI Consuming applicationAPI Interface exposed by API GatewayService virtualization, composition andorchestration hosted by Enterprise Service BusAtomic Business Services hosted byapplication server, business process server
Evolve to Cloud Services Brokerage (CSB)Cloud Service Brokerage (Healthcare Service Hub)Enterprise Service BrokerageEnterprise API ManagementAPIGatewayAPIBrokerAggregate–Integrate–CustomizePartnerDeveloperPortalInternalDeveloperPortalAPIProviderPortalAPIBrokerPortalOwnAPIs3rd-PartyAPIs