How To Build A Successful API Program -Best Practices For The CarrierK Scott MorrisonCTOSept 11, 2012
Researchers have discovered that the US national divorce  rate has been falling since            2006…
2007: 3.6 divorces per 1000 people     2008: 3.5 divorces per 1000 people     2009: 3.4 divorces per 1000 peopleSo, does t...
No.
It’s because of the recession.
APIs are like arelationship
They require     ^maintenance. very high   high
This talk is about how to   have a successfulAPI relationship.
Carriers already know how to monetize relationshipsNow Apply This To APIs
Piece of Advice #1
Best Practice #1       It takes two to tango.
The Web wasn’t arelationship
Successfulrelationships  are built on    trust and      equality
Equal, but different
BP #2          Understand and        respect the cultural            differences.
Client   Server
Inside   Outside
Contractor   Regular
PartnerContractor   Regular
PartnerNo Affiliation   Regular
Us   Them
The New Identity Management     API Users                         API Developers                 External   Internal
APIs change compositionof internal teams        Product                             API                             CFO   ...
BP #3         Memorize this        simple equation.
API Development != Web Development
Beware of habits
BP #4        Take security away         from developers.
Separation ofConcerns                                   API                                   Server                      ...
BP #5        Trust, but verify.
SQL Injection (courtesyXKCD)             Exploits of a Mom                                 Source: https://xkcd.com/327/
BP #6        SSL everywhere.
It’s Cheap
BP #7        It’s still all about         access control.
But think hardabout tokens
BP #8        Don’t roll your own.
Security is hardto get right
BP #9              Manage        misconfiguration risk          with appliances.
Protect theServers                                     API                                           Client              F...
BP #10    Engage the developers.
The New Governance                    Old            NewDocumentation       WSDL           Wiki/BlogDiscovery           Re...
The Layer 7 APIDeveloper Portal                                     API                                    Client         ...
To Summarize:  The game has changed    Clients need attention  The security problems are the same    But the names have ...
Picture Credits   Antelope Canyon 4 by klsmith– stock.exchg   Band silhouettes by mr_basmt– stock.exchg   Check and Sta...
For further information:             K. Scott Morrison             Chief Technology Officer             Layer 7 Technologi...
How to Build a Successful API Program: Best Practices For the Carrier
Upcoming SlideShare
Loading in …5
×

How to Build a Successful API Program: Best Practices For the Carrier

1,557 views

Published on

More and more carriers are looking to API publishing as a way of offering new services to developers building mobile apps and cloud services. But launching an API publishing program inevitably raises questions about:
• How to maintain security when exposing internal systems and processes to external developers
• How to manage developers, weeding out the bad and rewarding the good
• How carriers can monetize their APIs
• How existing IT investments can be leveraged to maximize performance and ROI
• How building community among developers can drive revenue and minimize operating costs
This talk will give carriers the critical guidance they need to build a successful API strategy.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,557
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Everyone here needs to choose.Ignore the middle groundAre you fearfulOr are you confident?
  • Everyone here needs to choose.Ignore the middle groundAre you fearfulOr are you confident?
  • Everyone here needs to choose.Ignore the middle groundAre you fearfulOr are you confident?
  • Token protection, SSL, etc.
  • The new enterprise web is about integration
  • The new enterprise web is about integration
  • How to Build a Successful API Program: Best Practices For the Carrier

    1. 1. How To Build A Successful API Program -Best Practices For The CarrierK Scott MorrisonCTOSept 11, 2012
    2. 2. Researchers have discovered that the US national divorce rate has been falling since 2006…
    3. 3. 2007: 3.6 divorces per 1000 people 2008: 3.5 divorces per 1000 people 2009: 3.4 divorces per 1000 peopleSo, does this mean people are getting better at relationships? Source: Slate http://slate.me/wGf9et
    4. 4. No.
    5. 5. It’s because of the recession.
    6. 6. APIs are like arelationship
    7. 7. They require ^maintenance. very high high
    8. 8. This talk is about how to have a successfulAPI relationship.
    9. 9. Carriers already know how to monetize relationshipsNow Apply This To APIs
    10. 10. Piece of Advice #1
    11. 11. Best Practice #1 It takes two to tango.
    12. 12. The Web wasn’t arelationship
    13. 13. Successfulrelationships are built on trust and equality
    14. 14. Equal, but different
    15. 15. BP #2 Understand and respect the cultural differences.
    16. 16. Client Server
    17. 17. Inside Outside
    18. 18. Contractor Regular
    19. 19. PartnerContractor Regular
    20. 20. PartnerNo Affiliation Regular
    21. 21. Us Them
    22. 22. The New Identity Management API Users API Developers External Internal
    23. 23. APIs change compositionof internal teams Product API CFO Manager Developer Business Security Manager Officer
    24. 24. BP #3 Memorize this simple equation.
    25. 25. API Development != Web Development
    26. 26. Beware of habits
    27. 27. BP #4 Take security away from developers.
    28. 28. Separation ofConcerns API Server API Expert API Proxy Security Expert
    29. 29. BP #5 Trust, but verify.
    30. 30. SQL Injection (courtesyXKCD) Exploits of a Mom Source: https://xkcd.com/327/
    31. 31. BP #6 SSL everywhere.
    32. 32. It’s Cheap
    33. 33. BP #7 It’s still all about access control.
    34. 34. But think hardabout tokens
    35. 35. BP #8 Don’t roll your own.
    36. 36. Security is hardto get right
    37. 37. BP #9 Manage misconfiguration risk with appliances.
    38. 38. Protect theServers API Client Firewall API Proxy DMZ API Server Secure Zone Enterprise Network
    39. 39. BP #10 Engage the developers.
    40. 40. The New Governance Old NewDocumentation WSDL Wiki/BlogDiscovery Reg/Rep SearchApproval G10 Platform EmailEnforcement Gateway GatewayUser Provisioning IAM PortalCommunity What’s that? Forum
    41. 41. The Layer 7 APIDeveloper Portal API Client Firewall iPhone API Developer Proxy API API Server Portal Enterprise Network
    42. 42. To Summarize:  The game has changed Clients need attention  The security problems are the same But the names have changed  Don’t just build APIs Build secure and managed APIs
    43. 43. Picture Credits Antelope Canyon 4 by klsmith– stock.exchg Band silhouettes by mr_basmt– stock.exchg Check and Statement by kgdsgn– stock.exchg
    44. 44. For further information: K. Scott Morrison Chief Technology Officer Layer 7 Technologies 1100 Melville St, Suite 405 Vancouver, B.C. V6E 4A6 Canada (800) 681-9377 smorrison@layer7tech.com http://www.layer7tech.comSeptember 2012

    ×