This document provides an overview of the API economy and IBM API Management. It discusses the growth of APIs and how they allow organizations to open up assets and data for new business channels. The document then defines what a business API is and provides examples. It discusses how APIs have evolved from SOA services and provides public API examples from the insurance industry. The rest of the document discusses IBM API Management, including its architecture, key capabilities, deployment options, and how to structure an API initiative.
VIP Kolkata Call Girl Kestopur đ 8250192130 Available With Room
Â
Iag api management architect presentation
1. Š 2015 IBM Corporation
The API Economy and
IBM API Management Overview
Alan Glickenhouse
glick@us.ibm.com
@ARGlick
API Management Business Strategist
IBM
2. Š 2015 IBM Corporation
Agenda
â˘API Economy
â˘What is IBM API Management?
â˘Governance
â˘Architecture
â˘Getting Started with a Successful API
Initiative
4. Š 2015 IBM Corporation
Adoption of cloud, analytics, mobile & social
computing is forcing organizations to open IT
assets to new business channels
âŚand challenging them to rethink the way
they have traditionally approached security & control
Between 2005
and 2020, the
amount of data
in the world will
grow 300X, from
130 to 40,000
exabytes.
81% of adults
use personally
owned mobile
devices for
conducting
business
70% of
employees are
engaged in
social activities
both internally
and externally
73% of
organizations
discovered
cloud usage
outside of IT or
security
policies
5. Š 2015 IBM Corporation
Websites
Connected
Appliances
Partners Websites/Sensors
Internet TVs
Smartphones
Tablets
Game
Consoles
Connected Cars
Millions 1993 -
2000
ââŚin 1993 and 1994 we
were deeming the web as
the next place for FedEx to
be.â -Thomas Wicinski, VP Digital
Marketing FedEx
The way we reach customers is evolving
APIs
Trillions 2013+
6. Š 2015 IBM Corporation
What is a Business API?
ď§ A Business API is a public persona for an enterprise; exposing defined
assets, data or services for public consumption
ď§ A Business API is simple for app developers to use, access and understand
ď§ A Business API can be easily invoked
What Value Does a Business API Provide?
ď§ Extends an enterprise and opens new markets by allowing external app
developers to easily leverage, publicize and/or aggregate a companyâs
assets for broad-based consumption
What âassets, data or servicesâ
are exposed via a Business API?:
ď§ Product catalogs
ď§ Store listings
ď§ Order status
ď§ Inventory
ď§ Social interaction
Business API = Web API = Productized Service
App Developer
7. Š 2015 IBM Corporation
Does this sound familiar?
A repeatable business
task â
e.g., check customer
credit; open new account
A Service
A way of thinking about
your business through
linked services and the
outcomes that they bring
Service Orientation
Service Oriented
Architecture (SOA)
An business-centric architectural
approach based on service oriented
principles
7
Most characteristics
of a good service are
âhiddenâ in this definition
8. Š 2015 IBM Corporation
Business Design is an end-to-end Endeavor
9. Š 2015 IBM Corporation
APIs are not a new name for SOA Services
There are many similarities â but one very important difference:
The objective they are intended to achieve
APIs SOA
âHow can I increase
the pace of
innovation?â
âHow can I increase the agility
and effectiveness of
delivery?â
Reuse â Speed to deliver
Sharing â Expediency
Encapsulate â Less to learn
Reuse â Effort to deliver
Sharing â Effectiveness
Encapsulate â Less to change
10. Š 2015 IBM Corporation
Public API Examples â Insurance
Agencyport Turnstyle
provides for extraction of data from ACORD-compliant forms used in the
insurance industry for serialization as XML. It aims to integrate form data
and form-based processes into efficient XML-based workflows to transfer
data to point-of-sale, customer relationship management (CRM), and other
backoffice systems. This process is intended to replace manual rekeying
and sequestration of data in emailed ACORD forms, PDF files, and other
inaccessible formats.
Progressive
SuperCREWS
provides information comparing the rates of other major insurance
companies to its own. The SuperCREWS API provides programmatic
access to this information in a string or in ticker format. Users can input
criteria such as age, gender, marital status, state of residence, and type of
car and then receive their unique insurance rate comparison information.
Insured Rating
enables users to develop a rate plan reflecting risk levels posed by
prospective customers. Quote requests can then be made via the Insured
Rating API which return coverage and premium information. The data
generated helps to manage insurance product offerings and provide
accurate rate quotes matched to determinants of risk.
NAIC Registry
allows automated filing of standard reporting documentation required of
insurance providers for compliance with state regulations. The provider is a
cooperative agency maintained by state governments to encourage
consistent regulatory and business practices for insurance companies.
11. Š 2015 IBM Corporation
API Economy Supply Chain
15. Š 2015 IBM Corporation
ď§ Drives Adoptions of APIs
ď§ Typically low valued
assets
ď§ Drive brand loyalty
ď§ Enter new channels
For Free
Facebook Login API
provides free
authentication for any
Web / mobile app
Example:
Developer Pays
ď§ Business Asset must be of
high value to the Developer
ď§ For example, marketing
analytics, news,
ď§ Capabilities such as credit
checks
Amazon EC2 Web
Services â APIs charge
per usage to launch
and manage virtual
servers.
Example:
Developer Gets Paid
ď§ Provides incentive for
developer to leverage web
API
ď§ Ad placements
ď§ Percentage of revenue
sold product or services
Google AdSense
APIs pay developers
who include
advertising content
into apps
Example:
Indirect
ď§ Use of API achieves some
goal that drives business
model.
ď§ E.g. Increase awareness
of specific content, or
offerings
eBay Trading APIs
offer developers
access to trading
services extending the
reach of listings and
transactions
Example:
The Business of APIs
16. Š 2015 IBM Corporation
ď§ 48 hours, 25 developers, over 400,000 API calls
ď§ Impressive 13 pieces of Intellectual Property for ASDA
ď§ Winning Ideas
- âGeorge Go!â - search application using multiple
descriptors
- âClothing Shakerâ - create your outfit by shaking
your device
- âVirtual Fitting Roomâ - use of Xbox Kinect and
APIs
ď§ IBM API Management on Cloud provided Developer
Portal & secure access to APIs
ď§ https://www.youtube.com/watch?v=biTvnghl5x8
ď§ Looking to transform the Digital Banking landscape:
- Innovative mobile solutions & IoT/ Wearables
ď§ 40,000 API calls from more than 100 different groups
ď§ Prototype APIs allowing Developers to interact with fake
accounts
- Account Details (APR/Interest Rate, Available
Credit, Payment Due Date, etc)
- Customer Information (Name, Addresses, Phone
Numbers, Email Addresses)
- Payment Details (Scheduled payments, payment
history, etc)
ď§ IBM API Management on Cloud provided Developer
Portal & secure access to APIs
ď§ https://citimobilechallenge.ciondemand.com/citimobilechallenge/pub/#/apis
New approach to Innovation:
Hackathons, Developer Challenges
17. Š 2015 IBM Corporation
Who is the Audience?
ď§ If you are not clear on the audience you have no clue what makes a good API
ď§ In 2014 More than 80% of API use cases were internal
ď§ APIs are the currency of Cloud and Mobile â often good places to start
What do they want?
ď§ Exposing âwhat you haveâ as an API isnât particularly useful
ď§ Good APIs are simple to understand and use
ď§ There is an art to a âdelightful API experienceâ
ď§ Many APIs may not last very long, that is an opportunity not a problem
Under what terms and conditions
are you willing to share?
ď§ Un-managed APIs quickly lead to chaos
ď§ Business Ts&Cs are important (Plans)
ď§ Its not a one-way street, give and take
ď§ Make sharing easy
Three Questions Lead to Good APIs
https://developer.ibm.com/apimanagement/2015/05/07/how-to-get-to-two-speed-it/
18. Š 2015 IBM Corporation
How can the API Economy help you?
â˘Mobile (internal dev) â
â˘What data/transactions would your own mobile apps need?
â˘Is there data that is generic (e.g. business locations, rates, etc.)?
â˘Is there data that is specific to existing customers that should be accessible via
your app?
â˘Partnering â
â˘Is partner on boarding a long difficult process? Would self registration of
partners be of value (e.g. more partners, wider geographic coverage)?
â˘What data/transactions do you share between yourself and your partners?
â˘Public Composite Apps â
â˘What apps might others write that could use your data/transactions?
â˘If there were a comparison app for you vs. your competitors would you want to
be listed as an option?
â˘What other industry sales might also use your products (e.g. car purchase
needs bank loan)?
â˘Think Mash-ups â what other APIs might make sense with yours? Mapping?
Social?
19. Š 2015 IBM Corporation
How can the API Economy help you?
â˘Social / Big Data â
â˘How do your systems interact with social media? Can you spot trends in
social media and raise alerts or take action?
â˘Can you gain insight on your brand and your competition via social media?
â˘Can you do real time analytics combining current customer status/behavior
and history?
â˘Device integration/wearables â
â˘How are you positioned to integrate the next UI technology (after
Mobile/Tablets)?
â˘Does your company deal with devices (e.g. cars, appliances,
sensors/meters)? What scenarios can apply to the device (e.g. needs
repair/supplies, needs to send status info, interaction between device and
xxx)?
â˘Valuable Data â
â˘What data do you collect on your clients?
â˘Can your data identify market segments that would be of interest to a non-
related industry? (e.g. expensive cars are purchased in this neighborhood,
lots of child related purchases occurring in this neighborhood).
20. Š 2015 IBM Corporation
Sample API Scenarios for IAG
â˘IAG Internal Mobile App development â general information about offerings â life, car,
home, travel, business, etc. based on audience (individual, business, adviser). Find an
adviser/location, insurance calculators, tools. FAQs, Document access. Tailored
information such as view/update profile, contact your agent, policy terms. Make payments,
renew policy, file a claim, claim status. Goal oriented planning and advice, Mapping status
to goals.
â˘Partner integration â Partner on boarding, Providing APIs would allow partners to offer
your insurance options to their customers (White labeling insurance offerings through
partners). Business onboarding to set up insurance plans for employees â make set up
part of the employee on boarding process. Supplier interfaces for acquiring insured
replacement items.
â˘Public API â Offerings available API for use by a comparative app. Some of the general
information APIs from the internal mobile (above). The Business next door - Financial
education businesses, Healthcare, Banking, Auto sales, real estate, travel.
â˘Social â Various interest groups for finance, travel, etc. Twitter feeds that reference your
company combined with your own analytics can help determine if actions need to be taken
to rectify customer satisfaction issues. References to consumer or business needs might
allow you to act to offer insurance solutions. Provide news, promote local activities.
â˘Device â Plan ahead for wearables. Health monitoring, auto driver monitoring.
â˘Data / Analytics â Target prospects to cross-sell products, offer data access for a fee to
other industries.
https://developer.ibm.com/apimanagement/2014/09/12/apis-for-the-insurance-industry/
21. Š 2015 IBM Corporation
API externalization
Multi-tenancy
Rate limiting
Runtime policy enforcement
API deployment
OAuth security management
Data transformation/redaction
Backend service discovery
Version management
Analytics support
Role-based access control
Environment management
Monitoring and notification
API exploration
Self-service sign up
Interactive API testing
App key provisioning
API usage analytics
Rate limit notification
Multiple dev communities
Real API Success = API externalization + realization
API realization
22. Š 2015 IBM Corporation
Securely expose your business to an internal/external
developer ecosystem
Provide self-service API
portals to
internal/external app
developers
Expose business services
securely as APIs to select
developer communities &
analyze API usage
Manage & monitor the
entire API platform
On-premise
private
Off-premise
SaaS
Off-premise
dedicated
Hybrid
IBM API Management
23. Š 2015 IBM Corporation
Compose a new API, Import APIs, or Discover APIs,
specify security & API behavior, version APIs
Create a Plan, add API resources, choose rate limits,
stage it in a runtime environment, test API resource,
version Plans
Invite developer organizations to use your APIs &
communicate with them
Publish your Plan to select developer organizations &
portals; manage subscribability
Analyze API usage
Managing APIs is simple
24. Š 2015 IBM Corporation
IBM API Management
Fully on-premise, multi-tenant solution,
for API providers
IBM DataPower
API Gateway for security, control, integration &
optimized access to a full range of Mobile, Web, API,
SOA, B2B & Cloud workloads
Over a decade of innovation, 10,000+ units sold,
2000+ customer installations worldwide
A single, comprehensive solution to design, secure,
control, publish, monitor & manage APIs
25. Š 2015 IBM Corporation
Runtime view
IIB or other ESB
WAS or other app server
Applications/Services
in Java, NET, Cobol,
etc
z/OS, IMS, CICS,
DB2
Mobile
Third party APIs
Web
Business Partner
application
IoT
API Management
26. Š 2015 IBM Corporation
Easily manage your APIs, in your private environment
design, secure, control, publish, monitor & manage
Explore API documentation
Provision application keys
Self-service experience
Developer Portal API Manager Management Console
Define and manage APIs
Explore API usage with analytics
Manage API user communities
Provision system resources
Monitor runtime health
Scale the environment
API Gateway
(IBM DataPower)
Enforce runtime policies to control API traffic
27. Š 2015 IBM Corporation27
API Management solution
Product APIs allow
customers to interact
with the API
Management solution,
and extend/customize
Product APIs Management layer Gateway layer
The management layer
embodies the capability for
organizations to define,
manage, expose and
control APIs
Provides API Manager,
Developer Portal and
Management Console
API configurations are
deployed to the gateway,
which provides the
enforcement point for
runtime policies to control
API traffic
Gateway is DataPower
physical or virtual
28. Š 2015 IBM CorporationŠ 2015 IBM Corporation
On premise
On CloudDedicated
3 | On premise
Behind your firewall for most sensitive
workloads & complete control
API Manager Cloud Management Console*Developer Portals
API Management â The way you want it
2 | On Cloud
Maximize on cloud economics and
agility. Offered as SaaS on SoftLayer
and also available through Bluemix
1 | Dedicated
With Bluemix Dedicated API
Management, everything is dedicated and
connected to you â agility of public
cloud, yet feels like home
29. Š 2015 IBM Corporation
API Developer
⢠How do I assemble APIs?
⢠How do I manage security?
⢠Will the infrastructure scale?
⢠How do I measure
performance?
App Developer
â˘Where do I access APIs?
â˘How do I understand the
APIs?
â˘How do I measure
success?
API Product Manager
⢠How can I rapidly release & update my APIs?
⢠How do I publicize my API?
⢠How do I measure success?
Operations Lead
â˘How do I manage all the API
Environments that are being
requested?
â˘How can I scale each
environment?
â˘How can I easily find and fix
issues?
API Success Requires Addressing Needs of
Multiple Stakeholders
30. Š 2015 IBM Corporation
Developer
organizations
(consume APIs
develop Apps)
API Provider
organizations
Users
Cloud
system
admin
Clusters
of
servers
User registry
(identity
provider)
email server
configuration
Anatomy of API Management
IBM /apimanagement 15
Developer
portal
API Manager
Cloud
Management
Console
31. Š 2015 IBM Corporation
Organization Structure
Executive Steering
Committee
Core API Team
Business Domain
Owners
API Product
Manager
(Business)
Integration / API
Developer
(Technical)
Operations
Integration
Architects
Service
Owners
Internal App
Developers
â˘Executive commitment
â˘Funding
â˘Resource commitments
â˘Measurements/Reports
Need a strong Core Team and Business leader to own the
success of the API initiative
32. Š 2015 IBM Corporation
âJust Enoughâ Governance
For APIs, focus is on speed and time to market. A light weight
Governance model is required.
Governance model will vary based on the control of the API
consumer audience with increased governance the less the
API consumer is controlled.
Always required:
â˘Communication
â˘Measurements
Internal:
â˘Lighter concern on API
identification, versioning,
security (use internal)
â˘Monetization = Chargeback
â˘Entitlement enforcement
usually soft
Partner:
â˘API identification,
â˘Versioning plan,
â˘Security,
â˘Privacy
â˘Monetization â maybe?
â˘Entitlement enforcement
soft or hard
Public:
â˘API identification,
â˘Versioning plan,
â˘Security,
â˘Privacy
â˘Legal
â˘Monetization
â˘Entitlement enforcement
more often hard
33. Š 2015 IBM Corporation33
The âAPI Factoryâ Approach
Standardized API development
process in a production factory
process
ď§While the APIs vary considerably in terms of their functionality, all APIs follow a
similar lifecycle of proposal, architecture review, business owner review, followed by
packaging for test, and then deployment to production, deprecated due to re-
versioning, and then retired
ď§Because the API creation process is repetitive, we can use a production engineering
approach to automating API development
ď§In effect, we are building an API Factory: much of the purpose of API Lifecycle
Management is to define how that factory can operate most effectively
34. Š 2015 IBM Corporation34
IBM APIM - API Lifecycle Management
Start
Retired
Proposed
API Designer
proposes API
Defined
Architect Review
(Data & Lead)
Constructed
Business Owner
Review
Certified
Updates
Suggested
API Packaged, Versioned
Staged
Published
Deprecated
Retirement Decision
Re-Versioned
Test
Rework Required
Deployment to
Production
Old Service State
New Service State
Action or Activity
Design Time
Run time
INDEX
Owner
Rejects
35. Š 2015 IBM Corporation
Technical Governance
For APIs, focus is on speed and time to market. A
light weight Governance model is required for the
technical Governance as well.
â˘API Standards / Best Practices â REST and SOAP are most common. Usually REST/JSON is used for lower bandwidth
devices and to reduce the amount of data transmitted. Set up naming standards! There is no âofficialâ REST standard.
â˘Granularity / Simplicity â see next slide
â˘Lifecycle â few stages should be required
â˘Security â App security handled via App keys and secrets. Users of the App may be identified using OAuth to shield
their private login information from the App itself.
â˘Deployment / Publishing â early environments are usually handled synchronously. However, Production is usually
isolated and requires a disconnected deployment approach (usually scripted).
â˘Versioning â most critical for public APIs. Plan for change. Try to make APIs backward compatible so you can move
consumers automatically to the new level. Often will have multiple versions in production at the same time, but need
to plan for consumer movement to new versions.
â˘Scale â API entitlement levels are used to plan for capacity, the gateway enforces these entitlements. Scaling should
be simple using additional instances added to a cluster.
â˘Integration â simple integrations to back end services directly or to an ESB to do more complex integration. Generic
results can be returned to the gateway and customized to the required API response to reduce the amount of data
transmitted.
36. Š 2015 IBM Corporation
Simplicity and Granularity
Design for ease of consumption by an App
developer
â˘APIs are fine grained (not like SOA Services)
â˘They do one thing
â˘Easy to understand parameters â aim for self documenting. Supply samples to call the API
and the returned data.
â˘Donât do anything unusual
â˘Make it easy to try
Behind the API systems may be complex
â˘Donât show the complexity
â˘One API call may access 3 backend systems, extract lots of data, throw 90% of it away and
reply back with the 10% that answers the API request. Donât have 3 APIs and make the
consumer do the work.
By having fine grained simple APIs, it may be possible to keep the API
consistent even when back end systems change.
37. Š 2015 IBM Corporation
Management-Gateway Communications
38. Š 2015 IBM Corporation
Topology â Gateway Cluster in DMZ
38
FIREWALL
DMZ
Trusted
INTERNAL
SERVICES
FIREWALL
LOAD BALANCER
(OPTIONAL)
MANAGEMENT
CLUSTER
GATEWAY
CLUSTER
IDP : END USER
AUTHENTICATION
https
https:24
43
https:94
43
https:55
50
APPLICATIONS
(API CONSUMERS)
SMTP SERVER
IDP FOR
PORTAL USERS
REVERSE PROXY
OR DATAPOWER WAF
LOAD BALANCER
APP DEVELOPERS
https
https
39. Š 2015 IBM Corporation
Topology â Gateway Cluster in Trusted Zone
39
FIREWALL
DMZ
Trusted
INTERNAL
SERVICES
FIREWALL
LOAD BALANCER
OR
DATAPOWER
MANAGEMENT
CLUSTER
GATEWAY
CLUSTER
IDP : END USER
AUTHENTICATION
https
APPLICATIONS
(API CONSUMERS)
SMTP SERVER
IDP FOR
PORTAL USERS
REVERSE PROXY
OR DATAPOWER WAF
LOAD BALANCER
APP DEVELOPERS
https
httpshttps
INTERNAL
APP DEVELOPERS
INTERNAL
APPLICATIONS
41. Š 2015 IBM Corporation
Cluster Topology â Single Management Cluster
Topology
42. Š 2015 IBM Corporation
Multi-Management Cluster Topology OR
Disconnected Cloud Topology
43. Š 2015 IBM Corporation
Where does API Management fit?
44. Š 2015 IBM Corporation
A successful API initiative requires end-to-end focus
APIs
Apps
Social Feedback and Communities
Marketplace
Self-Service Portal: Registration ⢠Documentation ⢠Sandbox
Security, Metering and
Control
API Design and Integration
Analytics and Monetization
API Lifecycle Management
Composition
Infrastructure Services
DevOps and App Management
Mobile Services
Internal
Developers
Partner
Developers
External
Developers
Channels: Smartphones ⢠Tablets ⢠Desktops ⢠Cars ⢠TVs ⢠Others
Services: Data ⢠Processes ⢠Applications
Cloud
45. Š 2015 IBM Corporation
ď§ Leverage a robust API Gateway to launch your API platform
⢠An API Management platform needs a robust, secure and scalable API Gateway for runtime
enforcement
⢠IBM API Management has optimized integration with IBM DataPower gateway appliances
⢠Single pane of glass to manage APIs, Plans, Users, Clusters to provide a unified operational view
⢠DataPower is the industry leading security & integration gateway for a range of workloads, with over
2200 customers and 10,000 units deployed worldwide
ď§ Flexible deployment options
⢠IBM API Management is available as on-premise, hosted, and SaaS
ď§ Thought Leadership & Active developer community
⢠Free access to experts to help with API strategy
⢠Discussion forums, blog posts, events at developer.ibm.com/api
⢠1M+ participants on IBM developerWorks
ď§ Access to a worldwide marketplace
⢠IBM Bluemix and IBM Cloud marketplace represent a unique broad developer audience, building
apps
ď§ Choose the API Mgmt vendor strategically
⢠IBM is investing heavily in API Mgmt, Mobile, Cloud, Analytics, IoT & Big Data
45
Why IBM?
46. Š 2015 IBM Corporation
Key Points to Remember
46
1.IBM DataPower has NOT partnered with any API Mgmt vendor
âThere is NO product-level integration
2.IBM provides immediate feature availability
âTake advantage of DataPower new features as soon as it is GAâed by IBM instead of waiting
months/years for others to add to their product e.g. WebSockets support added mid-2014 in
DataPower v7.0
3.IBM APIM/DataPower natively integrates with WAS, WXS, MobileFirst & Bluemix
4.IBM APIM generates efficient configurations/policies for DataPower to execute/enforce
âBeware of others creating inefficient policies for DataPower. This may result in more
DataPower needed
5.IBM APIM has self-contained virtual appliance packaging
âBeware of others requiring a DB plus addressing DB replication for analytics data
6.IBMâs APIM solution deployment topology is simple â mgmt & gateway
âBeware of others requiring various components sitting on separate servers, plus load balancers
& another DB for HA
7.API Management is strategic to IBM
âIBM is investing heavily in API Mgmt, Mobile, Cloud, Integration, Analytics, IoT & Big Data
âWe plan to provide a unified platform for Mobile App Mgmt & API Mgmt using a single gateway
8.With IBM, customers gain access to a worldwide marketplace
âIBM Bluemix & IBM Cloud marketplace represent a unique broad developer audience, building
apps
9.IBM provides Thought Leadership & Active developer community with 1M+ participants
âFree access to experts to help with API strategy
âDiscussion forums, blog posts, events at developer.ibm.com/apimanagement
47. Š 2015 IBM Corporation
Getting Started
1. Executive and Business Backing
⢠APIs are a product to be delivered, not a technology for IT to improve efficiency
⢠Lack of executive or business buy-in will result in a technology implementation with no/little impact on
the business.
⢠Leadership absolutely must participate and back the initiative.
2. Establish a strategy and goals
⢠Understand why you are executing an API strategy
⢠Set Goals for the initiative with time frames and reporting metrics
3. Commitment to Roles, Responsibilities, and Resources
⢠There will need to be resources dedicated to the API initiative.
⢠Enable enough key resources to make governance effective.
4. Get the Message Out
⢠Involve some folks skilled in formal communication and education
campaigns.
⢠Do some API evangelist work
⢠The core teamâs role(s) must be understood and propagated
⢠Collect and Publish Metrics
48. Š 2015 IBM Corporation
API developer
community site
on APIs,
API economy, API Mgmt
Includes
ďźAPI community forum
ďźAPI events
ďźBest practices blog
ďźVideos
developer.ibm.com/api
49. API Management Resources
Product Page
⢠ibm.com/apimanagement
API developer community
⢠developer.ibm.com/api
Twitter
⢠@ibmapimgt
YouTube Channel
⢠youtube.com/ibmapimanagement
Slideshare
⢠slideshare.net/ibmapimgmt
Speaker Deck
⢠speakerdeck.com/ibmapimgmt
49
51. Intuitively and iteratively define
APIs and associated policies
Rapidly assemble APIs via
configuration, not coding
Minimize risk with industry leading
security & scalability
Define
API
Developer
Assemble
Meter
SecureDeploy,
Test & Debug
Monitor
Scale
Version
51
API Developer: Create, Secure & Version APIs
Simple interface accelerates iterative API development & deployment
52. API Developer:
Assemble New APIs Through Configuration
ď§ Assemble a new API
by combining multiple
REST or SOAP
services into a
composite API
ď§ Provide examples of
the request and
response messages,
headers and
parameters
ď§ Drag and connect
linking the request and
response messages
ď§ Transform the
message elements
with a click
53. API Providers & Consumers:
Test API readiness with Ready! API plugin
Export:
Define new APIs in
Ready! API product
by uploading
Swagger, WADL,
RAML, WSDL, etc.,
and then test the
API.
ď§ Commit to a full
range of tests â
functional, load,
security
ď§ When ready, click a
button to
Export API to insert
the tested API into
API Manager UI
Import:
Use Ready! API
testing platform to
Import SOAP &
REST API
definitions directly
from IBM API Mgmt
Dev portal for
unit/functional
testing, load testing,
service virtualization
& more
ď§ Select any API from
Dev Portal
ď§ Auto-generate test
suite
ď§ Validate
functionality and &
API Consumers API Providers
55. API Provider: âProductizeâ APIs using Plans
ď§ Introduce API Trial Use
ď§ Free, limited plans can
be made available
alongside premium plans
ď§ For example, a free plan
could be unrestricted,
and a premium plan
restricted
ď§ Include multiple APIs
and Resources per
Plan
ď§ Version your Plans
ď§ Apply Rate Limit by
Plan or Resource
ď§ Reject calls when limit
reached
56. API Provider: Publish your APIs to multiple
developer portals
Multiple Developer Portals
API Manager
API Provider
App Developers
In group 1
App Developers
in group 2
Securely share APIs/Plans with various
select developer communities
ď§Fine grained plan deployment
ď§Non-disruptive Publish: Replace a currently
published version of a Plan without any
disruption in API availability
57. API Provider: Gain Business Insights
⢠Pinpoint key
market
fluctuations and
find correlations
related to your
business
⢠Analytics for both
API provider and
application
developer:
⢠Analyze
performance of
APIs
⢠Enables chargeback
or billing for API
consumption
58. App Developer: Register application
ď§ Register new
application
ď§ Request
security keys
with enhanced
privacy
ď§ Deferred
retrieval of
client secret
59. App Developer: Analyze App Performance,
Get notified
ď§ Monitor most
active
applications and
APIs
ď§ Rate limit
developer
notifications
60. IT Admin: Manage Overall Environment*
ď§ At-a-glance
server
utilization
metrics
ď§ Management &
Gateway Server
utilization -
CPU, Memory,
Disk
ď§ Usage over
time available
by drilling down
* Not applicable to SaaS
61. Enabling businesses to join the API Economy
IBM API Management - on-cloud & on-premise
Engage with app developers through portals
⢠API exploration
⢠Self-service sign up
⢠Interactive API testing
⢠App & Key management
⢠API usage analytics
⢠Rate limit notification
⢠Multiple dev communities
⢠Build custom portal with blogs, forums
⢠Define & Secure REST & SOAP APIs, Publish to multiple
developer portals & users, Analyze API usage &
performance
⢠A resilient integrated API runtime gateway infrastructure
with IBM DataPower Gateway for enforcement of runtime
policies to secure & control API traffic
⢠Seamlessly move APIs & Plans from public to private cloud
or on-prem for complete flexibility
Define, publish & manage APIs
⢠OAuth security management
⢠Backend service discovery
⢠API lifecycle management
⢠API subscription management
⢠Data transformation/redaction
⢠Rate limiting at Plan/Resource level
⢠API user & Plan management
⢠API deployment to Gateway
⢠API security enforcement
⢠API Analytics to gain business
insight
⢠Custom roles & role-based access
control
Manage API environment
⢠Administer & scale system
resources
⢠Monitor runtime health
⢠Multi-tenancy
REST APIs to extend/customize
⢠Developer Portal
⢠User onboarding
⢠Integration with API testing
tools (SoapUI NG Pro,
Ready! API)
⢠Integration with Content
Management System
(Drupal)
Editor's Notes
Update your name and contact information
Also you can personalize the title by adding their company name and logo to the slide.
the fact is that by dec 2013, it crossed 10000 api Â
shows the xponential growth of APIs, almost doubling every 5 months
In the past, private data, software and code could be reasonably protected behind a network perimeter of security & control. With the rise of mobile, that perimeter can no longer be the most important line of defense when it comes to security threats & IT control. Organizations must develop mobile security & control strategies that go beyond the perimeter of the enterprise and into the mobile sphere. Similarly, as the API economy continues to expand, organizations are realizing that they are providing services to new users, new stakeholders that may or may not fit into the security & control realms that have been previously established.
The dramatic growth in adoption of mobile, cloud, and social computing presents many security & control challenges for the multi-channel enterprise. There exists an increased demand to be able to control access to systems and resources that were previously only available from within the enterprise. However, as these applications are opened up to new business channels, and made accessible across the Internet, enterprises must control who is accessing those systems and under what context.
In addition to the SoE discussion weâve had today, itâs important to note that SoR will continue to be important for many applications. Our goal is to continue to provide the middleware that supports reliable Systems of Record, to build a platform for rapidly building Systems of Engagement, and to provide tools that integrate the two environments. This is where products like WMB, DataPower, WAS and MQ will continue to provide value for our customers.
Letâs look at the Cars.com mobile app as an example.
Cars.com is a consumer of APIs, and has assembled several 3rd party apis together to form the base function of their cars app.
For example, they use a Map Provider API to provide a âstore locator functionâ
APIs from a car dealer data aggregator for availability of certain makes and models.
They use APIs from a Bank to offer Loan calculators and origination
Auto insurance from an Insurance companies APIs
And can imagine them using the new Xtify API from IBM to provide notifications, that a car they were looking for was now found.
Now, letâs look at the API Economy from the Providers perspective
The Bank can extend itâs reach beyond customers doing on-line banking.
By offering an API, that includes Mortgage Calculators, Lon Origination, On-line Payment, and Account Query
the bank can reach new mobile app providers link Cars.com (automotive sales), Zillow (on line real-estate), and Mint (financial data aggregator)
WhichâŚ
You as an API Provider need to make sure you focus on not only providing secure and managed APIs but also ensuring a self-service and rich developer experience for your API consumers
IBM API Mgmt provides the management platform, while IBM DataPower provides the API Gateway to enforce API security and control . IBM APIM sits on a server as a virtual appliance, while DataPower can be a virtual appliance or a physical appliance
* Not applicable for on cloud offering
This is a common pattern for exposing APIs to External Developers and Partners.
For API requests, DataPower acting as the API Gateway sits in the DMZ. It can also be used as a consolidated Load Balancer or optionally, an external Load Balancer could be facing it.
The API Gateway, in the DMZ, needs access to Internal Services, the User Registry used for Authentication and the Management Cluster. For that firewall ports need to be opened as shown in the picture. The Management Cluster also needs access to the Gateway Clusters to configure them (and monitor their status).
In this case of Extenral APIs, the API Portal also needs to be externalized. That can be achieved by using a Revert Proxy or DataPower, proxying external Portal requests through the DMZ.
When exposing Internal and External APIs, supporting Internal and External Developers, a good alternative is to host the Gateway Clusters in the Trusted Zone. A Load Balancer of a DataPower Security Gateway would sit in the DMZ to provide external access to the same cluster
When exposing Internal and External APIs, supporting Internal and External Developers, a good alternative is to host the Gateway Clusters in the Trusted Zone. A Load Balancer of a DataPower Security Gateway would sit in the DMZ to provide external access to the same cluster
This option shows an alternative of separating Environments in different Gateway Clusters. Sandbox and Testing environments are published to an internal Gateway Cluster, while the production systems for APIs are configured as different clusters.
Easy out of the box setup.
LDAP or internal identity provider support.