Why are APIs a key enabler of the digital transformation?
Why is API Management mandatory to correctly govern your assets?
How to secure an API Management project?
5. |
E-Government
Secured API for Portal
Additional Services
API Aggregation
Container Tracking
API Modernization
NDC Program
API Standard
Digital Transformation Drivers
Feb 2019SmartWave - API Management Event 5
Customer
Satisfaction & Loyalty Revenue Growth Operational Efficiency
Partner Contribution &
Ecosystem
6. |
Once upon an API…
Feb 2019SmartWave - API Management Event 6
Stakeholders
API Platform
Admin
Integration
Specialist
App
Developer
Business Owner
CIO
App
Owner
Network
Admin
Backend
Developer
Sponsor
Solution
Architect
Partners
Employee
Enterprise
Architect
Infrastructure
Officer
Public
Developer
System
Admin
Security
Specialist
Backend Owner
DevOps
Officer
Innovation
Public User
Security
Officer
API Platform
Specialist
Digital Officer
7. |
API journey failings
Feb 2019SmartWave - API Management Event 7
Single digital project
• Unsecure APIs
• Unclear responsibilities & risks
• Nothing built for the next consumers
Recycle integration / SOA
competency center
• Reusing SOA Governance
• Not “consumer oriented”
• Organisational Bottleneck
8. |
Need for Governance & Architecture
Feb 2019SmartWave - API Management Event 8
Governance Architecture
9. |
API Management Solution
Feb 2019SmartWave - API Management Event
API Management
API
Transformation
API Control
API Security
API Monitoring
API
Management
(incl. API
Development
Lifecycle)
API
Administration
• API Customer management
• Self service
• Developer
• Application
• API documentation
• Versioning
• Throttling,
• SLA monitoring
• Content routing
• Quota management
• Traceability
• Quality of service
• Cache management
• Token mediation
• OAuth security
• API Firewalling
• Blacklisting, attack prevention, etc.
• Data security : Encryption /
Tokenization/Signature
• Key management
• SSL Terminations
• API usage monitoring and analysis
• SLA Management
• End to end audit
• Real time transaction correction
• API life cycle management
• API catalog management
• Partner management
• Application authorization
management
• REST API administration
9
• Protocol mediation
• Message transformation
• Rule based mediation
• Service virtualization
10. |
Many vendors see strong potentials
Feb 2019SmartWave - API Management Event 10
11. |
1. APIs are now strong enablers for Digital Transformation in Switzerland
2. APIs need API Management
Key Points
Feb 2019SmartWave - API Management Event 11
13. |
Two main approaches
Feb 2019SmartWave - API Management Event 13
STRATEGIC
• Initial full Governance
• Initial full API Platform
• Promotion of API Solution
• Implementation of use cases
TACTIC
• Incremental Governance
• Incremental API Platform
• Early implementation of use
cases
• Promotion of API Solution
16. |
Governance Methodology
Feb 2019SmartWave - API Management Event 16
Best PracticesProcessesRACIKPI
Business
Cases
Drivers
API
Management
Concept
Stakeholder
Map
Stakeholder Map Use Cases KPI Governance
Analysis Design
Best Practices
18. |
KPI
Feb 2019SmartWave - API Management Event 18
KPI
Traffic
Total Call
Quota Fault
Developers
Total Developers
Total Apps
Satisfaction
TTFHW (Time To
First "Hello World")
Service Performance
Availability
Responses Time
Error rates
Support Tickets
Response Time
Business
Direct Revenue
Indirect Revenue
Costs
Customer
Satisfaction
Net Promoter Score
Churn
API Maturity
Stability
Change rate
Innovation
Total apps
Speed to market
Channel
Total Channel
Volume by channel
Revenue by channel
20. |
Foundation & Pilot Methodology
Feb 2019SmartWave - API Management Event 20
Support
Operational &
Installation
Guide
UT / IQ / OQ /
PQ / UAT
Security Policies
Platform & Pilot
Implementation
Component &
Physical
Architecture
Functional &
Non-Functional
Requirements
Specification Test Report Documentation
Analysis Design Build Transition Production
23. |
Change Management Methodology
Feb 2019SmartWave - API Management Event 24
API Provider
training
API
Consumer
training
Technical
resources
training
Governance
promotion
Communication Kit
Training
Material
Transverse
26. |
1. SmartWave Methodology is modular, template based and vendor
agnostic
2. It provide unified governance and platform with stakeholder
commitment and shared responsibilities
Key Points
Feb 2019SmartWave - API Management Event 27
28. |
Additional related topics
Feb 2019SmartWave - API Management Event 29
• Analytics to measure, evaluate and promote the solution
• Industrialization to scale, secure and delegate deployment
• Security to secure and facilitate the API consumption
29. |
• Define consumer and provider oriented metrics
• Make the metrics visible in dashboards
• Take the opportunity to promote APIs to IT & business
Analytics
Feb 2019SmartWave - API Management Event 30
30. |
• Implement CI and CD pipelines to deploy API
• Integrate Quality Gates and Change Management Validation
• Various deployment models
Industrialization
Feb 2019SmartWave - API Management Event 31
31. |
• Integrate Identity and Access Management
• Adopt a API Security Standard
• Implement the defence in depth principle for our APIs and data
Security
Feb 2019SmartWave - API Management Event 32
32. |
1. Take additional topics into consideration depending on your situation
2. Additional topics need cross skill and real expertise
Key Points
Feb 2019SmartWave - API Management Event 33
34. |
1. Promote APIs as a strong enablers for digital transformation in your
organization.
2. Identify existing APIs then establish a API platform and governance with
stakeholder commitment.
3. Improve the API Experience with additional topics.
Our next steps!
Feb 2019SmartWave - API Management Event 35