apidays New York 2023 - Make API Governance work in your unified API Strategy, Markus Müller, APIIDA AG
•
0 likes•5 views
apidays New York 2023 APIs for Embedded Business Models: Finance, Healthcare, Retail, and Media May 16 & 17, 2023 Make API Governance work in your unified API Strategy Markus Müller, CTO at APIIDA AG ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/
Recommended
Recommended
More Related Content
Similar to apidays New York 2023 - Make API Governance work in your unified API Strategy, Markus Müller, APIIDA AG
Similar to apidays New York 2023 - Make API Governance work in your unified API Strategy, Markus Müller, APIIDA AG (20)
More from apidays
More from apidays (20)
Recently uploaded
Recently uploaded (20)
apidays New York 2023 - Make API Governance work in your unified API Strategy, Markus Müller, APIIDA AG
- 1. Make API Governance work in your unified API Strategy apidays New York 2023 Markus Müller CTO, APIIDA
- 2. Why you cannot live without API Governance
- 3. 3 The Critical Role of APIs “APIs are the critical building blocks for business innovation” Roey Eliyahu, Forbes Councils Member “APIs hold systems together. We would be left with isolated data and applications that can’t communicate. Without APIs, the technologies we rely on won’t work.” apiworx “APIs are also enabling companies to innovate their business models. The product has become the service delivered via APIs, allowing companies to scale and monetize their new capabilities.” Cloudflare “APIs account for more than half of the total traffic generated […], and they’re growing twice as fast as traditional web traffic.” Cloudflare
- 4. 4 How will your Business Change? The number of APIs within your companies will rise! The number of consumers of these APIs will rise as well. You need to stay on top of it! Business is increasingly driven by machine-to-machine communication: • AI Agents • Embedded Products • “Go where your customers are”
- 5. 5 Core Capabilities of API Governance Inventory of all APIs Design Consistency Security Quality Assurance Compliance Usage Montoring and Control
- 6. Did you notice something?
- 7. I did not talk about technology at all!
- 8. Strategic API Management! API Governance is not bound to any API technology!
- 9. 9 Unified API Strategies APIM Hybrid Strategies CLOUD APIM ON-PREM APIM Types of APIs SYNCHRONOUS APIM EVENTS APIM Audience INTERNAL APIM EXTERNAL
- 10. The days of one single APIM solution are gone!
- 11. 11 We go from this… Data Plane API Consumers / Applications On-Prem API Gateway A Enforce Policies
- 12. 12 …to this Data Plane API Consumers / Applications On-Prem API Gateway A Enforce Policies Data Plane API Consumers / Applications Cloud 1 API Gateway B Enforce Policies Data Plane API Consumers / Applications Cloud 2 API Gateway C Enforce Policies
- 13. 13 Federated API Management Control Plane Developer Portal Admin Portal Define Policies Manage API Keys Data Plane API Consumers / Applications On-Prem API Gateway A Enforce Policies Data Plane API Consumers / Applications Cloud 1 API Gateway B Enforce Policies Data Plane API Consumers / Applications Cloud 2 API Gateway C Enforce Policies
- 14. © APIIDA AG 2022. All rights reserved 14 More common than you think! Unified API Strategies „In 2018 only 20% of big enterprises were invested in Federated API Management. This number will grow to at least 60% in the coming years.“ “At Gartner we expect the ‘bring your own gateway’ strategy to continue to be big in 2023”
- 15. Don’t try to solve it where it does not belong API Governance is a task of the control plane!
- 16. 16 Discovery Control Plane APIs running on any your APIM platforms should be discovered automatically • Manual processes will fail and create shadow APIs • Bring in already existing information like specs and other metadata • Makes configuration and interaction with the APIs much easier as they are already connected to your gateways. One unified Developer Portal / Catalog • No need to look in multiple portals • Answer “What APIs have we published” with a click of a button
- 17. 17 Design Consistency Control Plane Deploy a centralized approach, triggered from your CI/CD pipelines rather than a local one • Configure generic rules at one place and not n repos • Overwrite if needed in the repos Use a gate keeper • Build your processes in a way, that APIs not consistent with your style guides are not published to the catalog and are not available to 3rd parties or internal teams • Automate to facilitate shift left
- 18. 18 Security Control Plane Use Templates to create new API-Proxies • Reduce the risk of insecure configuration Deploy a centralized approach, triggered from your CI/CD pipelines rather than a local one • Configure generic rules at one place and not n repos • Overwrite if needed in the repos • Check the proxies as well! Not only the spec! Use a gate keeper • Build your processes in a way, that APIs that are not secure are not published to the catalog and are not available to 3rd parties or internal teams • Automate to facilitate shift left
- 19. 19 Usage Monitoring and Control Manage API Keys across platforms right inside your control plane • Have one place to grant and revoke access • Answer “Who has access” with the push of a button • Relate API Keys to API usage and usage patterns • Identify bad citizens Use API Keys in the first place! • Do not rely solely on end user authentication • You need to be able to shut down malicious consumers • Developers make mistakes! Control Plane
- 20. 20 Compliance Control Plane Check all parts involved with compliance • The API spec • The nature and shape of the data transferred • The configuration of the gateway Embed compliance checks within your pipelines • Check continuously instead on a per audit basis • Especially with infrastructure and policies as code every change needs to be compliant • Store compliance results for audits
- 21. 21 Quality Assurance Run automated tests • Embed automated tests in your pipeline • If you define the protection of APIs as code as well, you use the same setup for all runtimes! Continuously monitor performance • Watching quality of service is also part of API governance! • Define watchdogs and automate alerts across all of your platforms Control Plane
- 22. and Use The Tools Available! API Control Plane APIIDA Automate Governance
- 23. Wrap Up
- 24. 24 Wrap-Up Never go out there alone! Have API governance in place right from the start of your API journey. Implement Federated API Management to easily integrate new offerings and technologies into your existing API infrastructure while keeping governance lean. Embed governance right into your processes, workflows and pipelines.
- 25. 25 The APIIDA solution for API Governance • Know exactly what APIs you publish • Manage and control access to your APIs • Have actionable quality and security ratings for all your APIs • Check quality and compliance automatically with every change • Guarantee governance while still shifting left API publishing API Control Plane APIIDA
- 26. 26 How Mature is Your API Management? https://apiida.com/service/apim-maturity-assessment Or right at our booth!
- 27. The API Management Experts