Building API Driven Business Platforms for Innovation and Scale
1. Innovation and Scale
Drivers and pitfalls to building API
driven business platforms
Mifan Careem
VP - Solutions Architecture, WSO2
mifan@wso2.com | @mifanc | https://www.linkedin.com/in/mifan/
All Things Open 2019
North Carolina
3. Towards disaggregation
Disaggregated architectures drive 50 billion endpoints, growing >1 trillion
CONSUMER DEMAND
Scale and agility are pushing
app disaggregation...
…that makes hybrid
integration the unspoken
challenge of all cloud services
SUPPLIERS DISAGGREGATE ARCHITECTURE TO MEET DEMAND
1
10
102
103
105
109
MONOLITHIC
BUSINESS APP
ENTERPRISE
APPS
DEPARTME
NTAL APPS
SAAS APPS
PUBLIC /
PRIVATE APIS
SERVERLESS &
MICROSERVICES
1970s
|
MAINFRAME
1980s
|
IT
AWAKENING
1990s
|
INTERNET
2000s
|
MOBILE
2010s
|
IoT/AI
2020+
|
DIGITAL NATIVE
3
4. “APIs create business agility
that fosters the rapid
business reconfiguration
necessary to continually
adapt to an unknown future
of constant change.”
~ Randy Heffner,
Forrester Research
...And APIs Are The Glue
All integration is becoming API driven hybrid integration
5. 5
The Global Impact of APIs
APIs now account for 25% of the Internet’s traffic.
$1 trillion is up for grabs through the redistribution of
revenue through APIs (McKinsey 2017).
25% of revenue flows through APIs (Vanson Bourne 2018).
Through 2020, integration work will account for 50% of the
time and cost of building a digital platform (Gartner 2018).
7. Align Business
Strategy with API
Strategy
Every company is a technology
company
Technology assets need to be built for
use and reuse
Reuse has a compound effect on
technology investments
APIs thus are an encapsulation of the
organization’s intellectual property
Streamline internal assets AND better
customer reach via APIs
8. 2. Distributed Platforms vs Centers of Excellence vs Agility
External Developers (Partners)
Other BU Developers
(Inter BU Access)
Internal BU Developers
(Intra BU Access)
BU 1 API Marketplace BU 2 API Marketplace BU 3 API Marketplace BU n API Marketplace
BU 1 API Management
(Dedicated On-prem
Deployment)
BU 2 API Management
(Private Cloud Tenant)
BU 3 API Management
(WSO2 API Cloud
Tenant)
BU n API Management
(Other APIM Platform
Tenant)
Private Cloud Public Cloud
Enterprise
Enterprise API Marketplace
BU 1 BU 2 BU 3 BU n
9. 9
Integration & Middleware Are Bottlenecks to Agility
LAYERED MONOLITH
Coordinated releases, organizational rigor, centralized change control
Compute Network Storage
Ops Infrastructure
Ops
Team
Observability
Scaling HA Resilience Observability
Scaling HA Resilience Observability
HA Resilience
Middleware
& Integration
CoE Teams
HA Resilience ObservabilityScaling
INTEGRATION
HA Resilience ObservabilityScaling
MESSAGING
HA Resilience ObservabilityScaling
DATA
HA Resilience ObservabilityScaling
SECURITY
App Logic
. . .
Centralized
Dev Org
App LogicApp Logic
App 1 App 2 App (n)
PEOPLE
Center of Excellence teams add
governance barriers to releases.
PROCESS
Middleware and integration
systems create trickle-down
“gates” decelerating releases.
TECHNOLOGY
Middleware is a dependency
slowing app dev teams.
10. Self-contained
Deployable as a unit
Independently elastic
Data plane and control plane
Cells… The New Building Blocks For The Composable Enterprise
11. Becoming Integration Agile…
App Logic
. . .
Scaling HA Resilience Observability
Scaling HA Resilience Observability
HA Resilience Observability
Compute Network Storage
Ops Infrastructure
Centralized
Dev Org
Middleware
& Integration
CoE Teams
Ops
Team
LAYERED MONOLITH
Coordinated releases, organizational rigor, centralized change control
HA Resilience ObservabilityScaling
INTEGRATION
HA Resilience ObservabilityScaling
MESSAGING
HA Resilience ObservabilityScaling
DATA
HA Resilience ObservabilityScaling
SECURITY
App LogicApp Logic
App 1 App 2 App (n)
APIs
COMPOSABLE ENTERPRISE
Autonomous releases, CI/CD, self-organization, change-control authority
App (n)
App
Microservice
INTEGRATION
MESSAGING
DATA
SECURITY
App 1
INTEGRATION
MESSAGING
DATA
SECURITY
Microservices
App 2
App
Miniservice
INTEGRATION
MESSAGING
DATA
SECURITY
APIs
Self-
Organizing
Dev Teams
. . .
Ops
Team
Event-Based Hybrid Integration Platform
Scaling | HA | Resilience | Observability
Orchestration & High-Performance Data Store
Ops Infrastructure
DevOps
<Microgateway> <Microgateway>
<Microgateway>
15. Implementing a Gateway Architecture
15
API
Gateway
Policy
Enforcement
& Security
Lifecycle
Mgt.
Governance Analytics
Threat
Protection
QoS and
Rate Limiting
• Gateway Patterns act as
the (central) point of
control for incoming and
outgoing data
• Enforce QoS and acts as
a Policy Enforcement
Point
• Utilize an IAM to enable
BYOID via federation
• Follow industry standards
such as Oauth2, OIDC,
SAML
• Be able to extend and
customize as required
using Oauth2 fraud
detection, HMAC, Custom
headers
19. “What was once a rich
selection of blogs and
websites has been
compressed under the
powerful weight of a few
dominant platforms. This
concentration of power
creates a new set of
gatekeepers, allowing a
handful of platforms to
control which ideas and
opinions are seen and
shared.”
- Tim Berners-Lee
https://webfoundation.org/2018/03/web-
birthday-29/
https://beta.techcrunch.com/2018/03/12/
platform-power-is-crushing-the-web-warns-
berners-lee/
20. 20
The right API driven
business platform is
key to innovate at
scale
Define
API
Strategy
Define a
Platform
Strategy
Facilitate
Consumers
Engage
and
Empower
Producers
Incentives
and
Monetizatio
n
Agility and
Distributio
n
Platform
security
model
Govern
and
Manage