SlideShare a Scribd company logo

Core Dimensions of API Management

Faisal Banaeamah
Faisal Banaeamah

This was presented by me in AWS Meetup in Riyadh. I spoke about core dimensions of API management and Amazon API Gateway. It covers API fundamentals as well as security and architecture principles using AWS services.

Technology
1 of 32
Download to read offline
Core Dimensions of API Management Faisal Mohammed Banaeamah – ‫محمد‬ ‫فيصل‬‫باناعمة‬ Senior Architect at Elm Company LinkedIn - @banaeamah September 1st, 2020
2 Biography • Development background • Solution architecture • API transformation • PaaS and containerization • Cloud computing • Microservices • APIs
3 Agenda • Introduction to APIs  Styles  Classification • API Management Overview  Identity Access Management • Amazon API Gateway • Security Models in Amazon API Gateway  API Endpoints • Architecting with Amazon API Gateway • Open Discussion
4 Before We Start • This session is in Arabic  However, discussions in English are welcome • Let’s make it interactive  Quick questions  Short discussions • Pauses between sections  Suitable for 1-minute question or discussion
5 Introduction to APIs
6 Introduction to APIs • Application Programming Interfaces  Entry points or front door to access business capabilities o Business logic, data, transaction or functionality  Through different channels  Share information  Building blocks to connect applications
7 Introduction to APIs (Cont’d) Self-Service One-to-Many Reusability Creation Evolution Documentation
8 API Classification APITypes DirectAPI Backend-to-Backend Portal API SPA MobileAPI Android or iOS IoT Internet ofThings Client context only Device context User and client context
9 API Styles API Styles GraphQL gRPC URI: CRUD Hypermedia Tunnel: SOAP Event Driven HTTP WebHooks WebSockets Non-HTTP AMQP Apache Kafka
10 OpenAPI Initiative (OAI) • OpenAPI Specification (OAS)  Industry standard  Programming language-agnostic interface  Description for modern APIs  Enables humans and computers to discover and understand API capabilities
11 API Management Overview
12 Management API Management: Dimensions API Lifecycle (Creation and Maintenance) Security (API Gateway) Publishing (Engagement and Developer Portal) Monetization Monitoring (Analytics and Alerts)
13 API Management and Identity Access Management API Management (APIM) • Authentication • Authorization • Single sign-on • Logging • Federation • Entitlements: (grants / revokes) Identity Access Management (IAM) • Access control • Rate limiting • Documentation • Analytics • Alerts • Monetization • Developer Portal Client Applications
14 Amazon API Gateway
15 Amazon API Gateway • APIM-as-a-Service • Support variety of workloads  Containerized  Serverless  Web applications Amazon API Gateway AWS Lambda Web Application
16 Amazon API Gateway: Tasks Traffic Management CORS Authorization Throttling (Rate + Burst) Caching Monitoring Access Control Versioning
17 Amazon API Gateway: Tasks Traffic Management CORS Authorization Throttling (Rate + Burst) Caching Monitoring Access Control Versioning
18 Amazon API Gateway: Throttling •Rate Limits •1K requests/second for a specific method in an API •Burst Limits •2K requests/second for a few seconds •Requests over limit receive 429 HTTP response
19 Amazon API Gateway: Caching • Improves performance  By reducing traffic to backend • Control cache key with time-to-live (TTL)  Usage Plan  Stage  Caching o E.g. stage is prod or sandbox
20 Amazon API Gateway: Monitoring • Monitoring dashboard with Amazon CloudWatch  Visualize API calls  Performance metrics and information on API calls  Data latency  Error rates Amazon CloudWatchAmazon API Gateway
21 Amazon API Gateway: Developer Portal • Serverless Developer Portal to publish  Managed APIs o Directly from Amazon API Gateway  Self-managed APIs o OpenAPI Specs Serverless Developer Portal on GitHub: https://github.com/awslabs/aws-api-gateway-developer-portal. Discover API Browse Docs RegisterTry out Monitor Usage Self-Service
22 Amazon API Gateway: Monetization • To monetize APIs on Amazon API Gateway  Publish APIs in AWS Marketplace  API provider to register as a seller  Submit usage plans on as products AWS MarketplaceAmazon API Gateway Monetize APIs in AWS Marketplace: https://aws.amazon.com/blogs/compute/monetize-your-apis-in-aws-marketplace-using-api-gateway/.
23 Security Models in Amazon API Gateway
24 Amazon API Gateway: API Endpoints API Endpoints Edge- Optimized Regional Private  Geographically distributed clients  Amazon CloudFront PoP  Clients in same region  Less connection overhead  Custom domains for multiple regions with Amazon Route 53  Amazon Virtual Private Cloud (VPC)  Interface VPC endpoint
25 Amazon API Gateways: API Types . Stateless REST HTTP Stateful WebSocket  Request/response model synchronous  Regional API endpoints  71% Cheaper HTTP APIs vs. REST APIs: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html.  AWS IAM  Usage plans  API Keys  All: Edge-optimized  Reactive model  Bidirectional  Real-time apps: chat, collaboration
26 Amazon API Gateway: Access Control AWS Identity and Access Management Amazon CognitoAmazon API Gateway Lambda authorizer function (custom) OAuth2 JWT Authorizers OIDC
27 Amazon API Gateway: Access Control (Cont’d) Application-Level Roles and Policies IAMTags User Pools Lambda Authorizers Token-based Request-based Network-Level Resource Policies Endpoint Policies Amazon CognitoAWS IAM Lambda function VPC Endpoints API Key • To identify an app developer who uses REST or WebSocket APIs. • Auto-generated or self-provided. • Be used with Lambda Authorizers or Usage Plans
28 Architecting with Amazon API Gateway
29 Architecture: API Private Endpoint Elastic Network Interface Amazon EC2 (Private IP) Private Subnet API Consumer API Endpoint 1 Amazon API Gateway API Endpoint 2 API Endpoint N . . . API Provider
30 Architecture: API Edge-Optimized Mobile apps Websites Services Amazon API Gateway Amazon CloudFront API Gateway cache Amazon CloudWatch Lambda function API EndpointInternet External API Endpoint
31 Architecture: External Identity Provider Amazon API Gateway Lambda authorizer Resource Client External Identity Provider (IdP) Resource Owner 1 2 3 4 5 6
32 Thank You!

Recommended

API Management
API ManagementAPI Management
API ManagementProlifics
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterpriseGuru Lakshmeekar B
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API ManagementApigee | Google Cloud
 
API Management
API ManagementAPI Management
API ManagementRoger van de Kimmenade
 
The Power of IBM API Management. API connect 2016 Vegas
The Power of IBM API Management. API connect 2016 VegasThe Power of IBM API Management. API connect 2016 Vegas
The Power of IBM API Management. API connect 2016 VegasSaaS-Journal
 
API Introduction - API Management Workshop Munich from Ronnie Mitra
API Introduction - API Management Workshop Munich from Ronnie MitraAPI Introduction - API Management Workshop Munich from Ronnie Mitra
API Introduction - API Management Workshop Munich from Ronnie MitraCA API Management
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 

Recommended

API Management
API ManagementAPI Management
API ManagementProlifics
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterpriseGuru Lakshmeekar B
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API ManagementApigee | Google Cloud
 
API Management
API ManagementAPI Management
API ManagementRoger van de Kimmenade
 
The Power of IBM API Management. API connect 2016 Vegas
The Power of IBM API Management. API connect 2016 VegasThe Power of IBM API Management. API connect 2016 Vegas
The Power of IBM API Management. API connect 2016 VegasSaaS-Journal
 
API Introduction - API Management Workshop Munich from Ronnie Mitra
API Introduction - API Management Workshop Munich from Ronnie MitraAPI Introduction - API Management Workshop Munich from Ronnie Mitra
API Introduction - API Management Workshop Munich from Ronnie MitraCA API Management
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 
Introduction to IBM API Management
Introduction to IBM API Management Introduction to IBM API Management
Introduction to IBM API Management Patrick Bouillaud
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management DemystifiedManmohan Gupta
 
Application Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesApplication Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesSlideTeam
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
 
Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...
Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...
Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...CA API Management
 
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesAPI Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesSlideTeam
 
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays
 
Intel Mashery API Management Solution
Intel Mashery API Management SolutionIntel Mashery API Management Solution
Intel Mashery API Management SolutionDavid Gevorkyan
 
Realizing SOA and API Convergence
Realizing SOA and API ConvergenceRealizing SOA and API Convergence
Realizing SOA and API ConvergenceAkana
 
Implementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformImplementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformWSO2
 
IBM API Connect - overview
IBM API Connect - overviewIBM API Connect - overview
IBM API Connect - overviewRamy Bassem
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0sflynn073
 
Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...
Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...
Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...Codemotion
 
Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love CA API Management
 
API Connect from IBM
API Connect from IBMAPI Connect from IBM
API Connect from IBMKatherine Duffy
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connectKellton Tech Solutions Ltd
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy IntroductionDoug Gregory
 
Lean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesLean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesNordic APIs
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentationsflynn073
 
Enterprise API New Features and Roadmap
Enterprise API New Features and RoadmapEnterprise API New Features and Roadmap
Enterprise API New Features and RoadmapSalesforce Developers
 
Operating your Production API
Operating your Production APIOperating your Production API
Operating your Production APIAmazon Web Services
 
Building Serverless Backends with AWS Lambda and Amazon API Gateway
Building Serverless Backends with AWS Lambda and Amazon API GatewayBuilding Serverless Backends with AWS Lambda and Amazon API Gateway
Building Serverless Backends with AWS Lambda and Amazon API GatewayAmazon Web Services
 

More Related Content

What's hot

Introduction to IBM API Management
Introduction to IBM API Management Introduction to IBM API Management
Introduction to IBM API Management Patrick Bouillaud
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management DemystifiedManmohan Gupta
 
Application Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesApplication Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesSlideTeam
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
 
Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...
Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...
Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...CA API Management
 
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesAPI Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesSlideTeam
 
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays
 
Intel Mashery API Management Solution
Intel Mashery API Management SolutionIntel Mashery API Management Solution
Intel Mashery API Management SolutionDavid Gevorkyan
 
Realizing SOA and API Convergence
Realizing SOA and API ConvergenceRealizing SOA and API Convergence
Realizing SOA and API ConvergenceAkana
 
Implementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformImplementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformWSO2
 
IBM API Connect - overview
IBM API Connect - overviewIBM API Connect - overview
IBM API Connect - overviewRamy Bassem
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0sflynn073
 
Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...
Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...
Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...Codemotion
 
Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love CA API Management
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy IntroductionDoug Gregory
 
Lean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesLean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesNordic APIs
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentationsflynn073
 
Enterprise API New Features and Roadmap
Enterprise API New Features and RoadmapEnterprise API New Features and Roadmap
Enterprise API New Features and RoadmapSalesforce Developers
 

What's hot (20)

Introduction to IBM API Management
Introduction to IBM API Management Introduction to IBM API Management
Introduction to IBM API Management
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management Demystified
 
Application Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesApplication Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation Slides
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API Management
 
Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...
Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...
Considerations For an API Strategy - Ronnie MItra API Architect Layer 7 Londo...
 
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesAPI Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation Slides
 
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
 
Intel Mashery API Management Solution
Intel Mashery API Management SolutionIntel Mashery API Management Solution
Intel Mashery API Management Solution
 
Realizing SOA and API Convergence
Realizing SOA and API ConvergenceRealizing SOA and API Convergence
Realizing SOA and API Convergence
 
Implementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformImplementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management Platform
 
IBM API Connect - overview
IBM API Connect - overviewIBM API Connect - overview
IBM API Connect - overview
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
 
Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...
Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...
Alexio Cassani - Start-up & API Economy: opportunità e benefici | Codemotion ...
 
Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love
 
API Connect from IBM
API Connect from IBMAPI Connect from IBM
API Connect from IBM
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connect
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy Introduction
 
Lean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesLean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps Cycles
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
 
Enterprise API New Features and Roadmap
Enterprise API New Features and RoadmapEnterprise API New Features and Roadmap
Enterprise API New Features and Roadmap
 

Similar to Core Dimensions of API Management

Building Serverless Backends with AWS Lambda and Amazon API Gateway
Building Serverless Backends with AWS Lambda and Amazon API GatewayBuilding Serverless Backends with AWS Lambda and Amazon API Gateway
Building Serverless Backends with AWS Lambda and Amazon API GatewayAmazon Web Services
 
Api gateway-security
Api gateway-securityApi gateway-security
Api gateway-securityKali860857
 
Security Best Practices for Serverless Applications - July 2017 AWS Online T...
Security Best Practices for Serverless Applications - July 2017 AWS Online T...Security Best Practices for Serverless Applications - July 2017 AWS Online T...
Security Best Practices for Serverless Applications - July 2017 AWS Online T...Amazon Web Services
 
Deployment Patterns for API gateways
Deployment Patterns for API gateways Deployment Patterns for API gateways
Deployment Patterns for API gateways NGINX, Inc.
 
AWS Serverless API Management - Meetup
AWS Serverless API Management - MeetupAWS Serverless API Management - Meetup
AWS Serverless API Management - MeetupSamuel Vandecasteele
 
Serverless Development Deep Dive
Serverless Development Deep DiveServerless Development Deep Dive
Serverless Development Deep DiveAmazon Web Services
 
Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...
Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...
Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...Amazon Web Services
 
AWS August Webinar Series - Building Serverless Backends with AWS Lambda and ...
AWS August Webinar Series - Building Serverless Backends with AWS Lambda and ...AWS August Webinar Series - Building Serverless Backends with AWS Lambda and ...
AWS August Webinar Series - Building Serverless Backends with AWS Lambda and ...Amazon Web Services
 
SMC301 The State of Serverless Computing
SMC301 The State of Serverless ComputingSMC301 The State of Serverless Computing
SMC301 The State of Serverless ComputingAmazon Web Services
 
Building Serverless Web Applications - May 2017 AWS Online Tech Talks
Building Serverless Web Applications - May 2017 AWS Online Tech TalksBuilding Serverless Web Applications - May 2017 AWS Online Tech Talks
Building Serverless Web Applications - May 2017 AWS Online Tech TalksAmazon Web Services
 
Building Serverless Web Applications - May 2017 AWS Online Tech Talks
Building Serverless Web Applications - May 2017 AWS Online Tech TalksBuilding Serverless Web Applications - May 2017 AWS Online Tech Talks
Building Serverless Web Applications - May 2017 AWS Online Tech TalksAmazon Web Services
 
Webinar: Serverless Architectures with AWS Lambda and MongoDB Atlas
Webinar: Serverless Architectures with AWS Lambda and MongoDB AtlasWebinar: Serverless Architectures with AWS Lambda and MongoDB Atlas
Webinar: Serverless Architectures with AWS Lambda and MongoDB AtlasMongoDB
 
Cloud Security-how to create serverless applications
Cloud Security-how to create serverless applicationsCloud Security-how to create serverless applications
Cloud Security-how to create serverless applicationsAmazon Web Services
 
Primeros pasos en desarrollo serverless
Primeros pasos en desarrollo serverlessPrimeros pasos en desarrollo serverless
Primeros pasos en desarrollo serverlessjavier ramirez
 
Serverless Computing: build and run applications without thinking about servers
Serverless Computing: build and run applications without thinking about serversServerless Computing: build and run applications without thinking about servers
Serverless Computing: build and run applications without thinking about serversAmazon Web Services
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisisChristian Posta
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...Kim Clark
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 

Similar to Core Dimensions of API Management (20)

Operating your Production API
Operating your Production APIOperating your Production API
Operating your Production API
 
Building Serverless Backends with AWS Lambda and Amazon API Gateway
Building Serverless Backends with AWS Lambda and Amazon API GatewayBuilding Serverless Backends with AWS Lambda and Amazon API Gateway
Building Serverless Backends with AWS Lambda and Amazon API Gateway
 
Api gateway-security
Api gateway-securityApi gateway-security
Api gateway-security
 
Operating Your Production API
Operating Your Production APIOperating Your Production API
Operating Your Production API
 
Security Best Practices for Serverless Applications - July 2017 AWS Online T...
Security Best Practices for Serverless Applications - July 2017 AWS Online T...Security Best Practices for Serverless Applications - July 2017 AWS Online T...
Security Best Practices for Serverless Applications - July 2017 AWS Online T...
 
Deployment Patterns for API gateways
Deployment Patterns for API gateways Deployment Patterns for API gateways
Deployment Patterns for API gateways
 
AWS Serverless API Management - Meetup
AWS Serverless API Management - MeetupAWS Serverless API Management - Meetup
AWS Serverless API Management - Meetup
 
Serverless Development Deep Dive
Serverless Development Deep DiveServerless Development Deep Dive
Serverless Development Deep Dive
 
Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...
Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...
Developing and Implementing APIs at Scale, the Servless Way - Ed Lima - AWS T...
 
AWS August Webinar Series - Building Serverless Backends with AWS Lambda and ...
AWS August Webinar Series - Building Serverless Backends with AWS Lambda and ...AWS August Webinar Series - Building Serverless Backends with AWS Lambda and ...
AWS August Webinar Series - Building Serverless Backends with AWS Lambda and ...
 
SMC301 The State of Serverless Computing
SMC301 The State of Serverless ComputingSMC301 The State of Serverless Computing
SMC301 The State of Serverless Computing
 
Building Serverless Web Applications - May 2017 AWS Online Tech Talks
Building Serverless Web Applications - May 2017 AWS Online Tech TalksBuilding Serverless Web Applications - May 2017 AWS Online Tech Talks
Building Serverless Web Applications - May 2017 AWS Online Tech Talks
 
Building Serverless Web Applications - May 2017 AWS Online Tech Talks
Building Serverless Web Applications - May 2017 AWS Online Tech TalksBuilding Serverless Web Applications - May 2017 AWS Online Tech Talks
Building Serverless Web Applications - May 2017 AWS Online Tech Talks
 
Webinar: Serverless Architectures with AWS Lambda and MongoDB Atlas
Webinar: Serverless Architectures with AWS Lambda and MongoDB AtlasWebinar: Serverless Architectures with AWS Lambda and MongoDB Atlas
Webinar: Serverless Architectures with AWS Lambda and MongoDB Atlas
 
Cloud Security-how to create serverless applications
Cloud Security-how to create serverless applicationsCloud Security-how to create serverless applications
Cloud Security-how to create serverless applications
 
Primeros pasos en desarrollo serverless
Primeros pasos en desarrollo serverlessPrimeros pasos en desarrollo serverless
Primeros pasos en desarrollo serverless
 
Serverless Computing: build and run applications without thinking about servers
Serverless Computing: build and run applications without thinking about serversServerless Computing: build and run applications without thinking about servers
Serverless Computing: build and run applications without thinking about servers
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 

Recently uploaded

Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...caitlingebhard1
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseWSO2
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 

Recently uploaded (20)

Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

Core Dimensions of API Management

  • 1. Core Dimensions of API Management Faisal Mohammed Banaeamah – ‫محمد‬ ‫فيصل‬‫باناعمة‬ Senior Architect at Elm Company LinkedIn - @banaeamah September 1st, 2020
  • 2. 2 Biography • Development background • Solution architecture • API transformation • PaaS and containerization • Cloud computing • Microservices • APIs
  • 3. 3 Agenda • Introduction to APIs  Styles  Classification • API Management Overview  Identity Access Management • Amazon API Gateway • Security Models in Amazon API Gateway  API Endpoints • Architecting with Amazon API Gateway • Open Discussion
  • 4. 4 Before We Start • This session is in Arabic  However, discussions in English are welcome • Let’s make it interactive  Quick questions  Short discussions • Pauses between sections  Suitable for 1-minute question or discussion
  • 6. 6 Introduction to APIs • Application Programming Interfaces  Entry points or front door to access business capabilities o Business logic, data, transaction or functionality  Through different channels  Share information  Building blocks to connect applications
  • 7. 7 Introduction to APIs (Cont’d) Self-Service One-to-Many Reusability Creation Evolution Documentation
  • 8. 8 API Classification APITypes DirectAPI Backend-to-Backend Portal API SPA MobileAPI Android or iOS IoT Internet ofThings Client context only Device context User and client context
  • 9. 9 API Styles API Styles GraphQL gRPC URI: CRUD Hypermedia Tunnel: SOAP Event Driven HTTP WebHooks WebSockets Non-HTTP AMQP Apache Kafka
  • 10. 10 OpenAPI Initiative (OAI) • OpenAPI Specification (OAS)  Industry standard  Programming language-agnostic interface  Description for modern APIs  Enables humans and computers to discover and understand API capabilities
  • 12. 12 Management API Management: Dimensions API Lifecycle (Creation and Maintenance) Security (API Gateway) Publishing (Engagement and Developer Portal) Monetization Monitoring (Analytics and Alerts)
  • 13. 13 API Management and Identity Access Management API Management (APIM) • Authentication • Authorization • Single sign-on • Logging • Federation • Entitlements: (grants / revokes) Identity Access Management (IAM) • Access control • Rate limiting • Documentation • Analytics • Alerts • Monetization • Developer Portal Client Applications
  • 15. 15 Amazon API Gateway • APIM-as-a-Service • Support variety of workloads  Containerized  Serverless  Web applications Amazon API Gateway AWS Lambda Web Application
  • 16. 16 Amazon API Gateway: Tasks Traffic Management CORS Authorization Throttling (Rate + Burst) Caching Monitoring Access Control Versioning
  • 17. 17 Amazon API Gateway: Tasks Traffic Management CORS Authorization Throttling (Rate + Burst) Caching Monitoring Access Control Versioning
  • 18. 18 Amazon API Gateway: Throttling •Rate Limits •1K requests/second for a specific method in an API •Burst Limits •2K requests/second for a few seconds •Requests over limit receive 429 HTTP response
  • 19. 19 Amazon API Gateway: Caching • Improves performance  By reducing traffic to backend • Control cache key with time-to-live (TTL)  Usage Plan  Stage  Caching o E.g. stage is prod or sandbox
  • 20. 20 Amazon API Gateway: Monitoring • Monitoring dashboard with Amazon CloudWatch  Visualize API calls  Performance metrics and information on API calls  Data latency  Error rates Amazon CloudWatchAmazon API Gateway
  • 21. 21 Amazon API Gateway: Developer Portal • Serverless Developer Portal to publish  Managed APIs o Directly from Amazon API Gateway  Self-managed APIs o OpenAPI Specs Serverless Developer Portal on GitHub: https://github.com/awslabs/aws-api-gateway-developer-portal. Discover API Browse Docs RegisterTry out Monitor Usage Self-Service
  • 22. 22 Amazon API Gateway: Monetization • To monetize APIs on Amazon API Gateway  Publish APIs in AWS Marketplace  API provider to register as a seller  Submit usage plans on as products AWS MarketplaceAmazon API Gateway Monetize APIs in AWS Marketplace: https://aws.amazon.com/blogs/compute/monetize-your-apis-in-aws-marketplace-using-api-gateway/.
  • 23. 23 Security Models in Amazon API Gateway
  • 24. 24 Amazon API Gateway: API Endpoints API Endpoints Edge- Optimized Regional Private  Geographically distributed clients  Amazon CloudFront PoP  Clients in same region  Less connection overhead  Custom domains for multiple regions with Amazon Route 53  Amazon Virtual Private Cloud (VPC)  Interface VPC endpoint
  • 25. 25 Amazon API Gateways: API Types . Stateless REST HTTP Stateful WebSocket  Request/response model synchronous  Regional API endpoints  71% Cheaper HTTP APIs vs. REST APIs: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html.  AWS IAM  Usage plans  API Keys  All: Edge-optimized  Reactive model  Bidirectional  Real-time apps: chat, collaboration
  • 26. 26 Amazon API Gateway: Access Control AWS Identity and Access Management Amazon CognitoAmazon API Gateway Lambda authorizer function (custom) OAuth2 JWT Authorizers OIDC
  • 27. 27 Amazon API Gateway: Access Control (Cont’d) Application-Level Roles and Policies IAMTags User Pools Lambda Authorizers Token-based Request-based Network-Level Resource Policies Endpoint Policies Amazon CognitoAWS IAM Lambda function VPC Endpoints API Key • To identify an app developer who uses REST or WebSocket APIs. • Auto-generated or self-provided. • Be used with Lambda Authorizers or Usage Plans
  • 29. 29 Architecture: API Private Endpoint Elastic Network Interface Amazon EC2 (Private IP) Private Subnet API Consumer API Endpoint 1 Amazon API Gateway API Endpoint 2 API Endpoint N . . . API Provider
  • 30. 30 Architecture: API Edge-Optimized Mobile apps Websites Services Amazon API Gateway Amazon CloudFront API Gateway cache Amazon CloudWatch Lambda function API EndpointInternet External API Endpoint
  • 31. 31 Architecture: External Identity Provider Amazon API Gateway Lambda authorizer Resource Client External Identity Provider (IdP) Resource Owner 1 2 3 4 5 6