This document discusses API management for Internet of Things devices. It describes how devices can expose functionality through APIs to enable new applications. Properly managing these APIs is important for security and control. The document outlines several patterns for placing API management capabilities near devices, such as within the device itself or in edge gateways. It also notes the need for standards for accessing heterogeneous devices at scale. WSO2 products are mentioned as supporting API management and other capabilities relevant to the Internet of Things.

1. API Management
and
Internet of Things
Sumedha Rubasinghe
Director, API Architecture

2. **
Things, Devices
Source: http://www.control4.com/blog/2014/03/the-internet-of-things-and-the-connected-home

3. **
APIs
Source:http://blog.programmableweb.com/2011/05/25/who-belongs-to-the-api-billionaires-club/
Source : http://blog.programmableweb.com/2011/05/25/who-belongs-to-the-api-billionaires-club/

4. **
Anatomy of a Device
● Piece of hardware
● Built for a purpose
● Capable of a limited functionality
● Control interface
● Input/output
● Power

5. **
Apps & APIs

6. **
Drivers for API Economy
● Mobile Applications
● Internal Innovation
● Unleash External Developer Innovation
● New Channels
● New Business Models

7. **
API Management
● Dumb API -> Intelligent API
● Authentication & Authorization
○ Subscription Management
○ Access Provisioning
● How to control access?
○ Throttling
● Monitoring & SLA

8. **
Devices as APIs
● will provide more creative combinations of
Apps

9. **
Anatomy of a Device (Functional)
● Functional Capabilities
● Administration Capabilities
● Monitoring Capabilities

10. **
Need of standard access layer (API)
● Heterogeneous Devices
● In large numbers too
● Proprietary ...
○ Protocols
○ Access Control Mechanisms
○ Data Models

11. **
Modeling Device capabilities as
HTTP Resources
● Temperature Sensor
○ http://{ip}/{locationid}/sensors/temperature1 - GET
● Motor
○ http://{ip}/{locationid}/actuators/motor1/rotate/{turns}/
{direction} - GET
○ http://{ip}/{locationid}/actuators/motor1/status - GET

12. **
Using OAuth2 to Authorize Device
Access
● OAuth2
● Token per Sensor endpoint
● Token provisioning
● Revocation/Refreshing

13. **
API should be ‘Managed’
● Why?
○ Exposing raw device
○ With no control
● Managed API
○ proper access control
○ subscription capabilities

14. **
Devices need more services..
● Throttling
● Caching
● Request Routing
● Buffering
● Stats collection & monitoring
● Alerting
● Decision Making

15. **
API Management @ the edge
● More closer to where device is
● Or inside device itself
● Several patterns

16. **
Pattern #1
Device
Single device, having all API Management
capabilities.

17. **
Pattern #2
Authorization
Manager
Device
1
2

18. **
Pattern #3
Apps End Users Devices
Device Gateway
/Authorization
Device
1
2
4
3

19. **
Pattern #4
Apps End Users Devices
Device
Gateway
Authorization
Manager
Device
Stats Collection
& Processing
1
2
3
6
5
4

20. **
Pattern #5
Apps End Users Devices
Device
Gateway
Mediation
/Routing
Authorization
Manager
Device
Stats
Collection &
Processing
1
2
3
4
8
7
6
5

21. **
Pattern #6
Apps End Users Devices
Device
Gateway
Mediation
/Routing
Authorization
Manager
Message
Queue
Device
Stats
Collection &
Processing
1
2
3
4
5
9
8
7
6
10

22. **
Pattern #7
Apps End Users Devices
Device
Gateway
Mediation
/Routing
Authorization
Manager
Message
Queue
Device
Identity Mgt
Stats
Collection
& Processing
Device
Management
Device Device Device
Register
1
2
3
4
5
9
8
7
6
10
Register
Register
Register

23. **
WSO2 Platform Support
● API Manager
● Identity Server
● Business Activity Monitor
● Complex Event Processor
● Enterprise Mobility Manager
● Enterprise Service Bus
● Support for Cloud

24. **
Barcelona Digital - Case Study

25. Contact us !