This document discusses the 5 pillars of API management: 1) Exposing enterprise data and functionality in API-friendly formats like RESTful APIs, 2) Protecting information assets exposed via APIs to prevent misuse, 3) Authorizing secure and seamless access for valid identities using standards like OAuth, 4) Optimizing system performance and managing the API lifecycle, and 5) Engaging, onboarding, educating and managing developers. It provides an overview of each pillar and why it is important for effective API management.
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2
Most of the current enterprise integration architecture involves applications communicating each other through SOA services. APIs allow the services offered outside enterprise to devices, web apps, messaging and file based consumers, partners integrated seamlessly with enterprise, additionally featuring analytics, billing, location transparency, threat protection etc. In essence, we have to maintain and manage such services and APIs, especially when they grow in number and are critical for business expansion by being easily accessible to consumers.
In this scenario, it is essential to have a system for governance. It should meet demands such as;
Ease of discovery and access to the enterprise data for rapidly cropping app culture through APIs
Security of the interfaces, dependency charts including services and APIs & notification for changes
SDLC management capability, Search and tag, reporting, versioning and integration capability with enterprise apps
Share in social media, logging and auditing, custom processes implementations
Consultant Robert Broeckelmann shares his experience of implementing API management in a large enterprise and will share how to:
- define API governance
- explore the goals, requirements, implementation of API governance
- look at lessons learned from implementing one enterprise customer's API governance process
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)Sumanth Donthi
In this two-part series, Sumanth Donthi, Associate IO at AIG explains how AIG changed software delivery process with API Governance and how they improved operational efficiencies with GitOps.
ITANA 2016: API Architecture and ImplementationColin Bell
Presentation w/ Zachary Seguin, Kartik Talwar, and Nate Vexler for ITANA (https://spaces.internet2.edu/display/itana/Home) API Group. Covers the University of Waterloo's development of API capabilities starting with a student led Open Data initiative.
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2
Most of the current enterprise integration architecture involves applications communicating each other through SOA services. APIs allow the services offered outside enterprise to devices, web apps, messaging and file based consumers, partners integrated seamlessly with enterprise, additionally featuring analytics, billing, location transparency, threat protection etc. In essence, we have to maintain and manage such services and APIs, especially when they grow in number and are critical for business expansion by being easily accessible to consumers.
In this scenario, it is essential to have a system for governance. It should meet demands such as;
Ease of discovery and access to the enterprise data for rapidly cropping app culture through APIs
Security of the interfaces, dependency charts including services and APIs & notification for changes
SDLC management capability, Search and tag, reporting, versioning and integration capability with enterprise apps
Share in social media, logging and auditing, custom processes implementations
Consultant Robert Broeckelmann shares his experience of implementing API management in a large enterprise and will share how to:
- define API governance
- explore the goals, requirements, implementation of API governance
- look at lessons learned from implementing one enterprise customer's API governance process
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)Sumanth Donthi
In this two-part series, Sumanth Donthi, Associate IO at AIG explains how AIG changed software delivery process with API Governance and how they improved operational efficiencies with GitOps.
ITANA 2016: API Architecture and ImplementationColin Bell
Presentation w/ Zachary Seguin, Kartik Talwar, and Nate Vexler for ITANA (https://spaces.internet2.edu/display/itana/Home) API Group. Covers the University of Waterloo's development of API capabilities starting with a student led Open Data initiative.
API Management Workshop (at Startupbootcamp Berlin)3scale
These are the slides from the API Management Workshop, held at the Startupbootcamp Berlin on October 17.
We covered benefits of APIs for an organisation (regardless of size, sector, stage or purpose) and gave examples of successful deployment of APIs.
We then described the typical API lifecycle:
plan/design > build/integrate > operate/manage > share/engage.
We covered many best practices and tools for each stage and gave practical demos about how to secure and manage APIs.
Designed a framework for “API Strategy in the cloud” which explains challenges of API,
current trending API management platforms and the role of API management in delivering successful API programs. The report provides the strategy for building API which mainly focuses on the API maturity models, business values, business strategy: Alignment and Usefulness, engagement and usability, scalability and evolvability, manageability and security of APIs.
DevOps needs to consider many different aspects of software quality, including security. The term DevSecOps was developed to highlight that security is a focus of the pipeline, not a second-class citizen.
Fortunately, we can define done for our pipeline so that it includes security. Continuous integration can invoke static analysis tools to test for security errors and check if we are using components with known vulnerabilities. Automated deployments and virtualization make dynamic environments available for testing in a production-like setting. Regression tests can drive traffic through proxies for security analysis. From the code to the systems where we deploy the software, the process can be designed to make sure that we follow security best practices, and not produce insecure software.
Participants will learn how to construct a definition of done that focuses on security in a DevOps pipeline. They will see how to define security practices that build confidence that they are doing DevSecOps, and how those practices and criteria might mature over time.
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...SmartBear
Since 2016, SmartBear has been surveying the State of APIs to better understand the trends and technologies associated with this essential digital building block. We have just completed the State of API 2020 survey and will be sharing the research findings during this live webinar.
We will be sharing research from over 2,000 respondents on how organizations are bringing APIs to market in 2020, what tools they are using, how they view certain trends, and where they see the market going.
Build an api eco-system you can be proud ofCisco DevNet
What do you think of when you hear “Lets build an API for that”? The typical thought process is “Its easy to expose my data/application”. Everyone in the company probably thinks the same– which is great! What happens when we build these API’s though, is that they don’t all follow the same methodology and we don’t think through how to manage their lifecycle.
This presentation presents our perspective and guidance on full life-cycle management and governance of API’s – from defining with the customer in mind, building, publishing on a single platform, supporting and retiring API’s for the business outcomes you’re driving!
Top Three Take-Aways For Participants:
1. Its easy to manage API’s as long as we think through the life-cycle and have a process.
2. The RAML “Design-First” methodology works great for API adoption by application builders.
3. Managing API’s allows easy policy enforcement, security, analytics and monetization opportunities – with benefits across business, technology and operations aspects.
Deploy a system that will empower you to expose APIs in a secure, manageable way
Choosing the right API Management solution can make implementing a successful API strategy much easier and help to ensure your APIs are exposed in a secure, manageable way. Join this Layer 7 webinar to learn the key criteria for selecting an API Management solution and to get a solid understanding of the factors that will impact the success of your API strategy. Everyone who registers for the webinar will receive a complimentary copy of The Forrester Wave: API Management Platforms, Q1 2013.
Are your APIs becoming too complicated and ad hoc? Feeling the need to set up policies for your API? This presentation will give you strategy options for designing and developing your APIs.
The slides provide a quick overview of the API Economy trend. The slides provide summary information, a list of trends to watch and links to additional resources
Enhance your audiences knowledge with this well researched complete deck. Showcase all the important features of the deck with perfect visuals. This deck comprises of total of fifty three slides with each slide explained in detail. Each template comprises of professional diagrams and layouts. Our professional PowerPoint experts have also included icons, graphs and charts for your convenience. All you have to do is DOWNLOAD the deck. Make changes as per the requirement. Yes, these PPT slides are completely customizable. Edit the colour, text and font size. Add or delete the content from the slide. And leave your audience awestruck with the professionally designed Application Programming Interfaces Overview Powerpoint Presentation Slides complete deck. https://bit.ly/3sc6Cx6
Enterprise API : Best practice for World class API ecosystem is an attempt on my part to explain the best practice in deploying API infrastructure in the organization.
API Management Workshop (at Startupbootcamp Berlin)3scale
These are the slides from the API Management Workshop, held at the Startupbootcamp Berlin on October 17.
We covered benefits of APIs for an organisation (regardless of size, sector, stage or purpose) and gave examples of successful deployment of APIs.
We then described the typical API lifecycle:
plan/design > build/integrate > operate/manage > share/engage.
We covered many best practices and tools for each stage and gave practical demos about how to secure and manage APIs.
Designed a framework for “API Strategy in the cloud” which explains challenges of API,
current trending API management platforms and the role of API management in delivering successful API programs. The report provides the strategy for building API which mainly focuses on the API maturity models, business values, business strategy: Alignment and Usefulness, engagement and usability, scalability and evolvability, manageability and security of APIs.
DevOps needs to consider many different aspects of software quality, including security. The term DevSecOps was developed to highlight that security is a focus of the pipeline, not a second-class citizen.
Fortunately, we can define done for our pipeline so that it includes security. Continuous integration can invoke static analysis tools to test for security errors and check if we are using components with known vulnerabilities. Automated deployments and virtualization make dynamic environments available for testing in a production-like setting. Regression tests can drive traffic through proxies for security analysis. From the code to the systems where we deploy the software, the process can be designed to make sure that we follow security best practices, and not produce insecure software.
Participants will learn how to construct a definition of done that focuses on security in a DevOps pipeline. They will see how to define security practices that build confidence that they are doing DevSecOps, and how those practices and criteria might mature over time.
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...SmartBear
Since 2016, SmartBear has been surveying the State of APIs to better understand the trends and technologies associated with this essential digital building block. We have just completed the State of API 2020 survey and will be sharing the research findings during this live webinar.
We will be sharing research from over 2,000 respondents on how organizations are bringing APIs to market in 2020, what tools they are using, how they view certain trends, and where they see the market going.
Build an api eco-system you can be proud ofCisco DevNet
What do you think of when you hear “Lets build an API for that”? The typical thought process is “Its easy to expose my data/application”. Everyone in the company probably thinks the same– which is great! What happens when we build these API’s though, is that they don’t all follow the same methodology and we don’t think through how to manage their lifecycle.
This presentation presents our perspective and guidance on full life-cycle management and governance of API’s – from defining with the customer in mind, building, publishing on a single platform, supporting and retiring API’s for the business outcomes you’re driving!
Top Three Take-Aways For Participants:
1. Its easy to manage API’s as long as we think through the life-cycle and have a process.
2. The RAML “Design-First” methodology works great for API adoption by application builders.
3. Managing API’s allows easy policy enforcement, security, analytics and monetization opportunities – with benefits across business, technology and operations aspects.
Deploy a system that will empower you to expose APIs in a secure, manageable way
Choosing the right API Management solution can make implementing a successful API strategy much easier and help to ensure your APIs are exposed in a secure, manageable way. Join this Layer 7 webinar to learn the key criteria for selecting an API Management solution and to get a solid understanding of the factors that will impact the success of your API strategy. Everyone who registers for the webinar will receive a complimentary copy of The Forrester Wave: API Management Platforms, Q1 2013.
Are your APIs becoming too complicated and ad hoc? Feeling the need to set up policies for your API? This presentation will give you strategy options for designing and developing your APIs.
The slides provide a quick overview of the API Economy trend. The slides provide summary information, a list of trends to watch and links to additional resources
Enhance your audiences knowledge with this well researched complete deck. Showcase all the important features of the deck with perfect visuals. This deck comprises of total of fifty three slides with each slide explained in detail. Each template comprises of professional diagrams and layouts. Our professional PowerPoint experts have also included icons, graphs and charts for your convenience. All you have to do is DOWNLOAD the deck. Make changes as per the requirement. Yes, these PPT slides are completely customizable. Edit the colour, text and font size. Add or delete the content from the slide. And leave your audience awestruck with the professionally designed Application Programming Interfaces Overview Powerpoint Presentation Slides complete deck. https://bit.ly/3sc6Cx6
Enterprise API : Best practice for World class API ecosystem is an attempt on my part to explain the best practice in deploying API infrastructure in the organization.
Whether you’re an IT professional or a tech entrepreneur, it’s hard to talk about modern API management and development without mentioning the role of the API gateway.
APIs are the lynchpin to the success of your digital business. Explore how you can effectively design, secure, monitor and manage APIs across the enterprise.
Data Sheet
IBM Cloud
Accelerating digital
transformation with
IBM API Connect
Securely unlock enterprise data and services for the
digital economy with an integrated API foundation
2. 2
5 Pillars of API Management with CA Layer 7
Introduction:
Managing the new open enterprise
Realizing the Opportunities of the API Economy
Across industry sectors, the boundaries of the traditional enterprise are blurring, as organizations
open up their on-premise data and application functionality to partner organizations, the Web, mobile
apps, smart devices and the cloud. APIs (application programming interfaces) form the foundation of
this new open enterprise, allowing enterprises to reuse their existing information assets across
organizational boundaries.
Meeting the Challenges of Secure, Manageable API Publishing
APIs empower enterprises to quickly repurpose IT systems, add value to existing offerings and open
new revenue streams. It should come as no surprise, though, that exposing on-premise systems via
APIs also creates a range of new security and management challenges. The term “API Management”
refers to a set of processes and technologies that have emerged in recent years to help enterprises meet
these challenges.
3. 3
5 Pillars of API Management with CA Layer 7
API Management solutions aim to make it simple for even the most security-conscious organizations to
open their information assets for use by partner organizations, third-party developers, mobile apps and
cloud services, without impacting data security or the performance of backend systems. Full-featured API
Management solutions also provide functionality for managing the developers who build applications
that leverage enterprise APIs.
4. 4
5 Pillars of API Management with CA Layer 7
Overview:
5 Pillars of API Management
Expose Enterprise Data
& Functionality in API-
Friendly Formats
Protect Information
Assets Exposed via APIs
to Prevent Misuse
Authorize Secure,
Seamless Access for
Valid Identities
Optimize System
Performance & Manage
the API Lifecycle
Engage, Onboard,
Educate & Manage
Developers
Convert complex on-premise application services into
developer-friendly RESTful APIs
Ensure that enterprise systems are protected against
message-level attack and hijack
Deploy strong access control, identity federation and social
login functionality
Maintain the availability of backend systems for APIs,
applications and end users
Give developers the resources they need to create
applications that deliver real value
5. 5
5 Pillars of API Management with CA Layer 7
Expose Enterprise Data &
Functionality in API-Friendly Formats
Convert complex on-premise application services into developer-
friendly RESTful APIs
Enterprise data and applications typically comprise a
complex web of standards, protocols, programming
languages and file formats.
The first stage of API Management is presenting these
diverse information assets in a format that developers can
understand and leverage.
Commonly, this means publishing application programming
interfaces that employ the REST protocol (“RESTful APIs”).
What
6. 6
5 Pillars of API Management with CA Layer 7
On-premise systems commonly rely on application
services delivered in proprietary formats too verbose to
work efficiently via the Web or mobile apps.
Application services associated with the common SOA
(service oriented architecture) style generally employ the
SOAP protocol, whereas Web/mobile devs rely on REST.
If APIs are not delivered in a format that internal and third-
party developers can easily leverage, they will not facilitate
the creation of any truly valuable new applications.
Why
7. 7
5 Pillars of API Management with CA Layer 7
The most effective API Management solutions include
functionality for presenting legacy enterprise services as
RESTful APIs.
Typically, this will involve using a SOA or API Gateway to
automatically convert data from the SOAP-based services into
RESTful APIs.
To be truly effective, the Gateway should make it possible
to efficiently compose RESTful APIs from “mash-ups” of
multiple existing application services.
API Tech Talk: Simplifying REST Adaptation
api.co/RESTadaptation
Learn More
How
8. 8
5 Pillars of API Management with CA Layer 7
Protect Information Assets Exposed
via APIs to Prevent Misuse
Ensure that enterprise systems are protected against
message-level attack and hijack
Opening up enterprise information assets for use in new
applications exposes them to many of the same security
threats that plague the Web (e.g viruses, DoS attacks).
Additionally, APIs create a range of new and unique security
challenges that go beyond what enterprises are used to
dealing with on the Web.
Perhaps the most essential function of API Management is
the creation of a security layer to ensure that hackers are
unable to access, misuse or attack exposed systems.
What
9. 9
5 Pillars of API Management with CA Layer 7
APIs are windows to applications and data, potentially
providing hackers with a view into the inner workings of
enterprise systems and a route to accessing those systems.
This creates the increased possibility that hackers will be able
to steal confidential data, hijack public-facing interfaces for
nefarious purposes or crash critical systems.
Conventional online security solutions designed for the
Web do not cover all the potential threats created by API
publishing, so specific API security must be implemented.
Why
10. 10
5 Pillars of API Management with CA Layer 7
Arguably the key function of the type of API Gateway
mentioned above is to inspect and filter all API traffic to
identify then neutralize common or emerging threats.
To be effective, the Gateway should be designed and certified
to tackle message-level, API-specific threats such as SQL
Injection, Denial of Service attacks and viruses.
The Gateway’s security functionality and threat profiles
should also be easily updateable, to tackle new types of
threats as they emerge.
White Paper: Protecting Your APIs Against
Attack & Hijack
api.co/APIsecurity
How
Learn More
11. 11
5 Pillars of API Management with CA Layer 7
Authorize Secure, Seamless Access
for Valid Identities
Deploy strong access control, identity federation and
social login functionality
Any enterprise that wants to fully secure its APIs against
attack must give developers a framework for controlling how
users access enterprise assets via these APIs.
This framework should balance backend security with
end user experience by leveraging key identity and access
management (IAM) standards such as OAuth.
For the best balance, the framework should be able to use
existing IAM infrastructure and allow end users to gain access
via enterprise single sign-on (SSO) or social logins.
What
12. 12
5 Pillars of API Management with CA Layer 7
Access control is the cornerstone of API security – the key is
to prevent unauthorized users from gaining inappropriate
levels of access to enterprise assets.
OAuth is especially useful as it allows publishers to flexibly
implement appropriate levels of security and federate
identities from existing IAM systems and social accounts.
Leveraging existing IAM infrastructure also cuts
costs, reduces setup time and maximizes long-term
manageability by preventing the creation of identity silos.
Why
13. 13
5 Pillars of API Management with CA Layer 7
An API Gateway should feature out-of-the-box functionality
for building an API-centric access control infrastructure using
key standards and existing resources.
The Gateway should be able to integrate seamlessly with
leading IAM systems like CA SiteMinder®
, Oracle Access
Manager, Microsoft Active Directory and IBM Tivoli.
It should also include configurable templates for
implementing access control, SSO and social login in
typical use cases, based on OAuth and other key standards.
EBook: 5 OAuth Essentials for API Access Control
api.co/oauthebook
Learn More
How
14. 14
5 Pillars of API Management with CA Layer 7
Optimize System Performance &
Manage the API Lifecycle
Maintain the availability of backend systems for APIs,
applications and end users
API traffic must be dealt with efficiently to ensure
applications built against APIs work consistently and the
performance of backend systems is not compromised.
Data from backend systems must be delivered in lightweight
formats, optimized for usage patterns and filtered
appropriately.
For long-term application viability, it is also necessary to
carefully manage the lifecycle of APIs as they move through
development, testing and production.
What
15. 15
5 Pillars of API Management with CA Layer 7
The introduction of Web and mobile apps that leverage
backend systems can lead to sudden growth in IT traffic that
can result in crashes and consequent unavailability.
It is vital to optimize the flow of API traffic, to ensure a
satisfying and consistent user experience for developers,
users of API-dependent apps and internal users alike.
Managing the API lifecycle, meanwhile, is crucial to ensuring
existing applications do not break when APIs, clients and
operating systems are updated.
Why
16. 16
5 Pillars of API Management with CA Layer 7
An API Gateway should feature out-of-the-box functionality
for building an API-centric access control infrastructure using
key standards and existing resources.
The Gateway should be able to integrate seamlessly with
leading IAM systems like CA SiteMinder, Oracle Access
Manager, Microsoft Active Directory and IBM Tivoli.
It should also include configurable templates for
implementing access control, SSO and social login in
typical use cases, based on OAuth and other key standards.
API Tech Talk: Caching & API Optimization
api.co/APIoptimization
Learn More
How
17. 17
5 Pillars of API Management with CA Layer 7
Engage, Onboard, Educate &
Manage Developers
Give developers the resources they need to create
applications that deliver real value
Much of the true value of an organization’s APIs comes from
the developers who build Web and mobile applications or
new enterprise systems against these APIs.
It is essential to target developers with the tools and
materials they need in order to discover, learn about, try out
and build apps against the organization’s APIs.
These developers may be internal employees, partners,
contactors or independent “long-tail” devs. Each group will
require a particular set of resources targeted at its needs.
What
18. 18
5 Pillars of API Management with CA Layer 7
Developers are the lifeblood of any API publishing strategy.
API publishers need devs to create apps that employees,
partners and customers can actually use and benefit from.
To get developers creating truly valuable applications, the
publisher must be able to attract talented developers and
provide them with the tools needed to leverage the APIs.
The more engaging and interactive the tools provided by the
API publisher to enable and educate developers, the more
useful the applications these developers deliver will be.
Why
19. 19
5 Pillars of API Management with CA Layer 7
For internal and external developers alike, the most effective
way to engage and educate developers is through a branded,
interactive online portal.
This portal should make it simple for developers to register
for APIs and access interactive documentation, sample apps,
code examples, testing tools and discussion forums.
Effective API Management solutions include functionality
that makes it simple to build a full-featured developer portal,
pre-integrated into the API Gateway.
Webinar: Developers, Developers, Developers –
Why API Management Should be Important to You
api.co/DevManagement
How
Learn More
20. 20
5 Pillars of API Management with CA Layer 7
Conclusion: Deploying a
Complete Solution for API
Management
With Web, mobile and cloud
technologies becoming increasingly
essential to how the world does
business, the API is emerging a key
enabler for smart enterprises. To realize
the value of APIs and avoid the pitfalls
of exposing enterprise systems, it is
vital to deploy technology that enables
and simplifies key API Management
processes related to service
composition, security, performance
optimization, lifecycle management
and developer engagement.
The CA Layer 7 API Management
Suite provides all the components
required for effective, enterprise-level
API Management, including a range
of API Gateways designed to simplify
all key API security and management
processes. The API Management Suite also includes an API
Portal for developer engagement and management and an
OAuth Toolkit for ensuring secure, standards-based access
management for enterprise APIs.
Additionally, the API Management Suite offers:
• A choice of on-premise, cloud or hybrid deployments
• Military-grade data and application security
• Analytics on API usage
• Operations management that can span distributed
datacenters and clouds
• Application adaptation and interface management with
advanced SOA connectivity
21. 21
5 Pillars of API Management with CA Layer 7
About CA CA Layer 7
The API economy is exploding, mobile
devices are proliferating across the
workplace and large organizations are
moving critical IT infrastructure to the
cloud. This is creating the need for
technology able to securely connect
with external developers, mobile apps
and cloud services. CA Layer 7 is at the
cutting edge of this red-hot market.
CA Layer 7’s industry-leading Gateway
products make it simple for enterprises
to share data with customers, mobile
apps and cloud services. Delivered as
hardware networking appliances, virtual
appliances or as software, our products
are helping large organizations open
up to the Web, mobile networks and
the cloud, without jeopardizing security
or performance.
Data Sheet: CA Layer 7 API Management Suite
api.co/MgmtSuite
Learn More
In February 2013, CA Layer 7 was recognized as a Leader in
the API Management space by top analyst firm Forrester
Research, in its The Forrester Wave: API Management
Platforms report. In June 2013, CA Layer 7 was acquired by
CA Technologies, which provides solutions for enterprises
that need to secure and manage complex IT environments
to support agile business processes.