Point of view on API Management

1. API Management – an Infosys Perspective
Ravish Rao, Senior Technology Architect
No matter what industry you’re in, internet is changing your priorities. The growth in mobile apps, cloud
services, internet of things and external developer community, has driven enterprises to open up
internal data and resources through APIs. An API is the cornerstone of what is widely seen as the next
iteration of business development, where having a well-developed API is poised to be the way in which
business relationship are established and maintained in a online, 24/7 digital economy. For example,
Expedia gets over $2 billion of its revenue by selling hotel rooms via its affiliate API program. Similarly,
by cultivating an external developer base, Netflix is able to offer service on more than 800 physical
devices, at a fraction of the cost of internal development.
Unfortunately most companies treat their API as an afterthought or a checkbox on their project list
rather than a core IT feature that drives business strategy. As a result, APIs are not well designed and
end up costing both the company and its API users thousands of dollars in ongoing change requests. It
is very important to get API definition (API catalog, operations, signature, security, etc.) correct the
very first time. Frequent major revisions to the API definition can cause your internal/external partners
and developer community to look around for alternate API providers.
Why build API? Common reasons we hear out clients tell us:
• Partnering with other businesses to extend market.
• Scaling Development and Empowering Users – B2C for new revenue stream.
• Device Proliferation – new ways to engage with customers.
• Establish Governance in SOA initiative – improve internal development efficiency.
Most API management platforms provide comprehensive solution, offering features such as:
• API development and runtime platform
• Portal for API discovery and subscription
• API security and protocol mediation
• Memory management and caching for
service performance
• Usage analytics
• On-premise and On-cloud option
• API lifecycle management and versioning
Early vendors in the API management space
such as Apigee and Mashery, demonstrate
strong capability in providing infrastructure to
support external developer community, cloud
deployment option and API brokering. Vendors
such as IBM, Vordel and Layer7, who come with rich enterprise application integration (EAI) and SOA
background, have traditionally offered strong on premise service gateway solutions. Over the last 18
months, these vendors have evolved their service gateway offerings, to incorporate strong API
management/governance capabilities and cloud deployment options.

2. Relevance of API management in the Retail vertical
The diagram to the left shows various
deployment options available. The
deployment option that best suits your
company will depend upon your
companies API business model, cloud
adoption roadmap, current application
landscape, and existing investment on
service/SOA infrastructure. Most
vendors offer cloud and on premise
deployment model, with options to
interoperate your APIs across the
models without making code changes.
In 2013, 30% of e-commerce traffic came from the mobile channel. Retailers are also increasingly
collaborating by exchanging data with other retailers/partners to cross sell merchandise. This trend is
forcing IT departments to quickly extend capability of existing systems to support new emerging
channels. Adding to this complexity, legacy channels such as brick and mortar, online website, were
initially established as independent lines of business with separate logistics, inventory management and
customer policies. As a result, beyond the initial impetus of garnering increased revenues through new
channels, providing a seamless customer experience across these channels is a challenge.
Infosys has been helping retailers address this challenge by leveraging its Omni channel Integration
Hub solution. In this solution, API management plays a key role as the enabler to deliver business
services to various channels. To contextualize this better, diagram below gives common application
layout seen at most retailing companies.
• How to meter API usage by business partners.
Traditionally, access to enterprise
business services hosted on internal
ecommerce and order fulfillment systems,
was restricted within the boundaries of an
enterprise. The advent of new channels
has posed the following IT challenges:
• How to assemble API's leveraging
investments already made in
developing business services (e.g.:
create order, inventory lookup web
services), for the legacy channel.
• How to host, secure and provide
access control to business services
when exposed to the internet.
• How to document, socialize and
market API's.
An API management platform such as IBM API Management, deployed in the DMZ or the cloud,
provides the design time and runtime capabilities needed to address the above mentioned retail vertical
challenges.

3. IBM API Management
IBM API Management provides organizations with the tools for assembling, securing and socializing web
APIs. Key Capabilities of IBM API Management solution is:
• Configuration, No coding – easy API assembly, API versioning, quick developer portal configuration
with socialization capability. Client registration, client id and key management.
• Leverages IBM Data Power for API runtime infrastructure. DataPower gives the security and
mediations capabilities.
• Out of the box API usage analytics which can be used to derive business insight.
• Strong on premise solution and revamped cloud offering to be released in mid-2014.
Infosys POV on IBM API Management
IBM’s API management solution has evolved continuously since it was initially introduced in mid-2012.
The initial offering provided a cloud based deployment option which ran on IBM’s Cast Iron Live
infrastructure. The subsequent v2 release in mid-2013 provided an on premise solution that leveraged
IBM DataPower for runtime service gateway and IBM Cast Iron for API assembly. One also needs to
stand up two additional nodes, one for the API portal (called the management node) and other for
analytics. We anticipate next release of IBM API Management to simply the products component
architecture. The API assembly capabilities provided by Cast Iron node will be merged into the
DataPower node. Similarly the Analytics node will be merged with the management node. This greatly
simplifies the deployment and maintenance cost of the solution. We recommend deploying the gateway
node in the DMZ and the management node be deployed behind the internal firewall. All portal traffic
going to the management node can be proxy via the web application policy on the gateway node.
IBM DataPower is the industry leader in
providing secured service gateway
infrastructure. For organizations that
have already deployed IBM DataPower,
upgrading to API Management stack will
provide additional capability to drive
revenue and market reach. The table
gives the list of capabilities IBM API
Management stack brings to your IT
infrastructure compared to DataPower.
Advanced Optimization (AO) capability of
DataPower can be used to self-load
balance API requests across multiple
DataPower nodes. We recommend
complex message transformation be achieved by using multi-protocol gateway service in a separate
domain within the DataPower node.
API Management can also serve as a good option for organizations looking to implement governance to
their internal SOA initiative.
IBM is expected to revamp its cloud API Management offering. This is an option if you are looking at:
• Reducing capital expense
• Experimenting the market with API offering
• Unclear of the infrastructure sizing or having seasonal spike in transaction volume.

4. Our accelerators and frameworks for IBM API Management
• Partner with IBM on the API Management vnext beta program.
• Security Framework - guidelines on implementing security using DataPower
• Administration Framework - achieve routine DataPower admin activities through SOMA and CLI
scripts
• Error Handling, Logging and Automated Deployment framework
• Reusable artefacts that can save effort and reduce build, testing time considerably. Ex: DataPower
SSO solution, DataPower design pattern references, highly reusable configuration sets and
DataPower Performance Testing tool etc.
• Templates and Checklist - Architecture templates, Integration requirement and Detailed Design
templates, Data Mapping templates and Review checklists.
Case Study
A leading fashion retailer is working on launching a mobile shopping application in under 6 months. A
decision was made to leverage existing functionality of its e-commerce website and order fulfillment
services hosted by legacy order management system. Integration challenges put forward are:
• Provide security while exposing key real-time business services as APIs, at the edge of the
network.
• APIs should mediate between frontend RESTFful JSON protocol and backend JSP/SOAP web
services.
• Support OAuth, Key Management and Single Sign On (SSO) across website and mobile application.
• API response caching to reduce impact on the legacy application capacity.
Infosys helped the customer evaluate various API management solutions in the market. IBM API
Management was chosen as the product stack to support the solution. Infosys is currently working
with the retailer to setup IBM API Management infrastructure and is also responsible for developing
APIs on the new stack.
IBM BPM and Integration Practice at Infosys
• 1000+ consultants with 800+ IBM certifications in Architecture, Technology and Development.
• Strong capability on IBM products – IBM BPM, WODM, Business Modeler, DataPower, IBM API
Management, IIB, WMQ, WTX, WebSphere Cast Iron Cloud Integration, InfoSphere DataStage.
• 45+ active customers, 30+ large programs (100+ interfaces) implementation.
• Engagement Models – Traditional and non-linear, outcome based models.
• Solutions, frameworks and pre-build accelerators for various industries vertical.
• Premier business partnership with IBM provides us access to partner channels, events, beta
programs, education, certifications and project consulting.