SlideShare a Scribd company logo

Lessons Learned from Building Enterprise APIs (Gustaf Nyman)

Nordic APIs
Nordic APIs

This is a session given by Gustaf Nyman at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden. Description: In enterprises the majority of APIs are internal and may count in hundreds. APIs are often implemented in and used from a variety of languages and platforms, and legacy system and protocols are ever-present. As APIs are increasingly part of business strategies, API management becomes an important concern of the whole organisation. Gustaf has spent more than 15 years building API infrastructure for enterprises. In this talk, he shares his thoughts on designing and implementing a long-lasting API management strategy.

Technology
1 of 23
Download to read offline
Lessons learned from building enterprise APIs Gustaf Nyman Apitek Aktiebolag gustaf.nyman@apitek.se as presented at the Nordic APIs 2016 Platform Summit
About Enterprise APIs Enterprises have: • In-house developed systems • Acquired system • External SaaS • Clients as mobiles, tablets etc. Most systems communicate and expose APIs Enterprises has many internal APIs Enterprises has legacy* APIs using old technology
You need API management Single point API gateway: • Route message to backend service • Sometimes convert or translate messages • Necessary if using microservice architecture Administration: • Keep track of routing configuration and metadata Monitoring: • Does it work? If not why? • Is it fast enough? Miscellaneous: • Authentication, throttling, signing, validation, archiving etc.
API gateway Internal API client Internal API server External API serverExternal API client API gateway Internet Intranet Cloud vnet
API gateway Routing of messages to back-end services Protocol translation - to support legacy APIs Keep track of all routing info and metadata • WSDL/XML Schema, Swagger/JSON Schema etc. Logging, monitoring and analytics: • Simplifies monitoring and debugging of connected systems Performance and reliability Admin tool The natural choice for developers and others
Real world: Using legacy API Task 2002: Access legacy API (monolith) using modern tech? Legacy API: • Queue based transport • Text based message format (structure and value) • 70 message types
Solution legacy API Use XML, XML Schema, SOAP and WSDL. Convert between XML and legacy format using XML Schema Generate WSDL/XML Schema from repository
API client Legacy API server XML Schema driven converter XML Schema {getspeakerNordic APIsLesson learned} <getspeaker> <conference>Nordic APIs<conference> <presentation>Lesson learned</presentation> </getspeaker> XML Schema driven converter Queue adapter SOAP/HTTP Text/Queue
API gateway Internal API client Legacy API server External API serverExternal API client API Gateway Internet Intranet Converter
Real World: Using legacy API Task 2015: Access legacy API using modern tech? Legacy API: • SOAP/HTTP based transport • XML message format described in WSDL/XML Schema Move to modern technology, Microservices?
Solution: legacy API Use JSON and Swagger/JSON Schema. Convert between XML and JSON using existing XML Schema Generate Swagger from WSDL using mapping rules
Lesson: Use metadata Description of data, message exchange and contracts: • WSDL/XML schema and Swagger/JSON schema Use of metadata: • Validate data and message exchange • Generate stubs for client and server code • Generate documentation, test data, user interfaces • Data format conversion – with certain constraints But remember: • API/contract needs to be the first thing you design • Think before generating from code or tools • Make sure schemas are comprehensible!
Real World: B2B communication Swedish insurance business 2002: • Documents on paper communicated through surface mail. Task: Define B2B communication guidelines, a ”standard” Business requirements: • Non repudiation • Confidentiality • Simple to implement on any platform/language
Solution: SOAP/WS-Security Use standards, but define how and simplify: • SOAP/HTTPS and WSDL/XML Schema • X509 certificates and WS-Security for signing • X509 client certificates Add what’s missing: • Organization identification header and correlation id • A few standardized message types 10 years later still the natural B2B choice in the Swedish insurance business.
Lesson: Simplify and select If you want things to last.. • Do not use ”everything” technologies provide – select the good stuff! • Read the specifications – do not rely only on ready-made toolkits or frameworks. • Remember: Simple things are easier to migrate and adapt to new technology
Problem: API failures All APIs will eventually fail… Ongoing task: improve analysis and production debugging support
Monitor and log Log types: • Processing logs – what happened? • Data logs – what was the message content at specific point? • Analytics logs – what is the response times and failure rate? Logging subsystem: • Should be always on • Must be high performance and • Must handle large amount of logs • Must correlate and cluster related log data
What to log? “Logga lagom”, i.e. log just enough information • Too much and it becomes incomprehensible and unmanageable • Too little and it is useless Use experience and an evolutionary approach: • You debug a difficult problem – improve log to enable easy identification next time • Always strive to enable less experienced personnel to effectively debug using logs
Real world: Logging subsystem Always on log system logs to disk – remove after 24 hours On API failure related log files are stored in database Web site to: • Access and view error log data • Automatic classification of errors using patterns • Searching and reading logs on disk • View other logs and system parameters
Take care of all your users Your platform should be the natural choice for developers • Cater to their needs. More than developers: • Many more are interested in what you are doing • Many users are not computer savvy – they need simple tools Typical non-technical users: • People responsible for the business • Testers with extensive business skills • Customer service
Problem: Old technology If we only redesign our system with… • RPC • CORBA/MTS • SOAP/SOA • REST/HTTP • Event driven • Microservices • [your choice of the next big thing] We will solve all problems and everything will be much better…
Everything will be legacy …It is just a matter of time. If redesign is not an option, put legacy APIs behind converters, translators and adapters: • Expose the modern API you prefer Be prepared… • Use standards – avoid vendor specific extensions • Be selective – do not use everything • Simplify …mitigate the consequences of systems turning legacy
Summary Use an API gateway Use metadata Simplify and select Monitor and log Prepare for systems turning legacy gustaf.nyman@apitek.se https://www.apitek.se/ Do not miss my talk tomorrow 14.15: Build, Deploy and Test APIs and Microservices with Apitek Prisma

Recommended

The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
Michael Kuehne-Schlinkert
 
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays
 
Achieving Microservices Maturity
Achieving Microservices MaturityAchieving Microservices Maturity
Achieving Microservices Maturity
Nordic APIs
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Nordic APIs
 
INTERFACE, by apidays - Building contextualized API specifications by Boris ...
INTERFACE, by apidays - Building contextualized API specifications by Boris ...INTERFACE, by apidays - Building contextualized API specifications by Boris ...
INTERFACE, by apidays - Building contextualized API specifications by Boris ...
apidays
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re Everywhere
Nordic APIs
 
Evolution of API Management in the BBC
Evolution of API Management in the BBCEvolution of API Management in the BBC
Evolution of API Management in the BBC
Nordic APIs
 

Recommended

The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
Michael Kuehne-Schlinkert
 
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays
 
Achieving Microservices Maturity
Achieving Microservices MaturityAchieving Microservices Maturity
Achieving Microservices Maturity
Nordic APIs
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Nordic APIs
 
INTERFACE, by apidays - Building contextualized API specifications by Boris ...
INTERFACE, by apidays - Building contextualized API specifications by Boris ...INTERFACE, by apidays - Building contextualized API specifications by Boris ...
INTERFACE, by apidays - Building contextualized API specifications by Boris ...
apidays
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re Everywhere
Nordic APIs
 
Evolution of API Management in the BBC
Evolution of API Management in the BBCEvolution of API Management in the BBC
Evolution of API Management in the BBC
Nordic APIs
 
apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...
apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...
apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...
apidays
 
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Nordic APIs
 
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays
 
API Design Collaboration
API Design CollaborationAPI Design Collaboration
API Design Collaboration
Uchit Vyas ☁
 
Api gateway
Api gatewayApi gateway
Api gateway
enyert
 
Serverless Functions and Machine Learning: Putting the AI in APIs
Serverless Functions and Machine Learning: Putting the AI in APIsServerless Functions and Machine Learning: Putting the AI in APIs
Serverless Functions and Machine Learning: Putting the AI in APIs
Nordic APIs
 
apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
apidays
 
API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?
Nordic APIs
 
Life After Microservices – Shifting the Boundaries
Life After Microservices – Shifting the BoundariesLife After Microservices – Shifting the Boundaries
Life After Microservices – Shifting the Boundaries
Nordic APIs
 
API Design Best Practices & Tech Talk : API Craft Meetup @ Apigee
API Design Best Practices & Tech Talk : API Craft Meetup @ ApigeeAPI Design Best Practices & Tech Talk : API Craft Meetup @ Apigee
API Design Best Practices & Tech Talk : API Craft Meetup @ ApigeeAnil Sagar
 
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays
 
How to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyHow to Build an Effective API Security Strategy
How to Build an Effective API Security Strategy
Nordic APIs
 
Azure API Management - why should I care?
Azure API Management - why should I care?Azure API Management - why should I care?
Azure API Management - why should I care?
Jouni Heikniemi
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc Site
Pronovix
 
Developer Support Models: Calibrating Service Level to Commitment
Developer Support Models: Calibrating Service Level to CommitmentDeveloper Support Models: Calibrating Service Level to Commitment
Developer Support Models: Calibrating Service Level to Commitment
Nordic APIs
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management Architectures
Nordic APIs
 
TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)
TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)
TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)
Nordic APIs
 
Microservices architecture overview v2
Microservices architecture overview v2Microservices architecture overview v2
Microservices architecture overview v2
Dmitry Skaredov
 

More Related Content

What's hot

apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...
apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...
apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...
apidays
 
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Nordic APIs
 
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays
 
API Design Collaboration
API Design CollaborationAPI Design Collaboration
API Design Collaboration
Uchit Vyas ☁
 
Api gateway
Api gatewayApi gateway
Api gateway
enyert
 
Serverless Functions and Machine Learning: Putting the AI in APIs
Serverless Functions and Machine Learning: Putting the AI in APIsServerless Functions and Machine Learning: Putting the AI in APIs
Serverless Functions and Machine Learning: Putting the AI in APIs
Nordic APIs
 
apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
apidays
 
API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?
Nordic APIs
 
Life After Microservices – Shifting the Boundaries
Life After Microservices – Shifting the BoundariesLife After Microservices – Shifting the Boundaries
Life After Microservices – Shifting the Boundaries
Nordic APIs
 
API Design Best Practices & Tech Talk : API Craft Meetup @ Apigee
API Design Best Practices & Tech Talk : API Craft Meetup @ ApigeeAPI Design Best Practices & Tech Talk : API Craft Meetup @ Apigee
API Design Best Practices & Tech Talk : API Craft Meetup @ ApigeeAnil Sagar
 
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays
 
How to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyHow to Build an Effective API Security Strategy
How to Build an Effective API Security Strategy
Nordic APIs
 
Azure API Management - why should I care?
Azure API Management - why should I care?Azure API Management - why should I care?
Azure API Management - why should I care?
Jouni Heikniemi
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc Site
Pronovix
 
Developer Support Models: Calibrating Service Level to Commitment
Developer Support Models: Calibrating Service Level to CommitmentDeveloper Support Models: Calibrating Service Level to Commitment
Developer Support Models: Calibrating Service Level to Commitment
Nordic APIs
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management Architectures
Nordic APIs
 

What's hot (20)

apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...
apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...
apidays Paris 2019 - How Do Async APIs Survive in a Rest World? by Luca Ferra...
 
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
 
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
apidays LIVE Paris - Innovation and rejuvenation combined: a beneficial appro...
 
API Design Collaboration
API Design CollaborationAPI Design Collaboration
API Design Collaboration
 
Api gateway
Api gatewayApi gateway
Api gateway
 
Serverless Functions and Machine Learning: Putting the AI in APIs
Serverless Functions and Machine Learning: Putting the AI in APIsServerless Functions and Machine Learning: Putting the AI in APIs
Serverless Functions and Machine Learning: Putting the AI in APIs
 
apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
 
API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?
 
Life After Microservices – Shifting the Boundaries
Life After Microservices – Shifting the BoundariesLife After Microservices – Shifting the Boundaries
Life After Microservices – Shifting the Boundaries
 
API Design Best Practices & Tech Talk : API Craft Meetup @ Apigee
API Design Best Practices & Tech Talk : API Craft Meetup @ ApigeeAPI Design Best Practices & Tech Talk : API Craft Meetup @ Apigee
API Design Best Practices & Tech Talk : API Craft Meetup @ Apigee
 
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
 
How to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyHow to Build an Effective API Security Strategy
How to Build an Effective API Security Strategy
 
Azure API Management - why should I care?
Azure API Management - why should I care?Azure API Management - why should I care?
Azure API Management - why should I care?
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc Site
 
Developer Support Models: Calibrating Service Level to Commitment
Developer Support Models: Calibrating Service Level to CommitmentDeveloper Support Models: Calibrating Service Level to Commitment
Developer Support Models: Calibrating Service Level to Commitment
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management Architectures
 

Viewers also liked

TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)
TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)
TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)
Nordic APIs
 
Microservices architecture overview v2
Microservices architecture overview v2Microservices architecture overview v2
Microservices architecture overview v2
Dmitry Skaredov
 
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Nordic APIs
 
APIs as The Source of Truth (Zane Claes)
APIs as The Source of Truth (Zane Claes)APIs as The Source of Truth (Zane Claes)
APIs as The Source of Truth (Zane Claes)
Nordic APIs
 
HTTP Services & REST API Security
HTTP Services & REST API SecurityHTTP Services & REST API Security
HTTP Services & REST API Security
Taiseer Joudeh
 
Top 5 Ways To Increase API Adoption
Top 5 Ways To Increase API AdoptionTop 5 Ways To Increase API Adoption
Top 5 Ways To Increase API Adoption
ProgrammableWeb
 
Integrated social solutions, the power and pitfalls of mashups
Integrated social solutions, the power and pitfalls of mashupsIntegrated social solutions, the power and pitfalls of mashups
Integrated social solutions, the power and pitfalls of mashups
Nordic APIs
 
Rapid Api Prototyping
Rapid Api PrototypingRapid Api Prototyping
Rapid Api Prototyping
Kong Inc.
 
State of APIs: API trends from Nordic APIs Copenhagen & Sundsvall
State of APIs: API trends from Nordic APIs Copenhagen & SundsvallState of APIs: API trends from Nordic APIs Copenhagen & Sundsvall
State of APIs: API trends from Nordic APIs Copenhagen & Sundsvall
Andreas Krohn
 
Running an API 24/365
Running an API 24/365Running an API 24/365
Running an API 24/365
Nordic APIs
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
Nordic APIs
 
Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)
Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)
Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)
Nordic APIs
 
Public Transport APIs – How we are using and creating long lasting APIs at No...
Public Transport APIs – How we are using and creating long lasting APIs at No...Public Transport APIs – How we are using and creating long lasting APIs at No...
Public Transport APIs – How we are using and creating long lasting APIs at No...
Nordic APIs
 
Apinf Open Api Management
Apinf Open Api Management Apinf Open Api Management
Apinf Open Api Management
Taija Björklund
 
Platform Security that will Last for Decades (Travis Spencer)
Platform Security that will Last for Decades (Travis Spencer)Platform Security that will Last for Decades (Travis Spencer)
Platform Security that will Last for Decades (Travis Spencer)
Nordic APIs
 
API Creation to Iteration without the Frustration
API Creation to Iteration without the FrustrationAPI Creation to Iteration without the Frustration
API Creation to Iteration without the Frustration
Nordic APIs
 
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
Nordic APIs
 
Automotive Grade APIs – designing for longevity
Automotive Grade APIs – designing for longevityAutomotive Grade APIs – designing for longevity
Automotive Grade APIs – designing for longevity
Nordic APIs
 
Why should i care about hypermedia
Why should i care about hypermediaWhy should i care about hypermedia
Why should i care about hypermedia
Nordic APIs
 
Distribute and Monetize APIs
Distribute and Monetize APIsDistribute and Monetize APIs
Distribute and Monetize APIs
Kong Inc.
 

Viewers also liked (20)

TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)
TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)
TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)
 
Microservices architecture overview v2
Microservices architecture overview v2Microservices architecture overview v2
Microservices architecture overview v2
 
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
 
APIs as The Source of Truth (Zane Claes)
APIs as The Source of Truth (Zane Claes)APIs as The Source of Truth (Zane Claes)
APIs as The Source of Truth (Zane Claes)
 
HTTP Services & REST API Security
HTTP Services & REST API SecurityHTTP Services & REST API Security
HTTP Services & REST API Security
 
Top 5 Ways To Increase API Adoption
Top 5 Ways To Increase API AdoptionTop 5 Ways To Increase API Adoption
Top 5 Ways To Increase API Adoption
 
Integrated social solutions, the power and pitfalls of mashups
Integrated social solutions, the power and pitfalls of mashupsIntegrated social solutions, the power and pitfalls of mashups
Integrated social solutions, the power and pitfalls of mashups
 
Rapid Api Prototyping
Rapid Api PrototypingRapid Api Prototyping
Rapid Api Prototyping
 
State of APIs: API trends from Nordic APIs Copenhagen & Sundsvall
State of APIs: API trends from Nordic APIs Copenhagen & SundsvallState of APIs: API trends from Nordic APIs Copenhagen & Sundsvall
State of APIs: API trends from Nordic APIs Copenhagen & Sundsvall
 
Running an API 24/365
Running an API 24/365Running an API 24/365
Running an API 24/365
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
 
Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)
Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)
Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)
 
Public Transport APIs – How we are using and creating long lasting APIs at No...
Public Transport APIs – How we are using and creating long lasting APIs at No...Public Transport APIs – How we are using and creating long lasting APIs at No...
Public Transport APIs – How we are using and creating long lasting APIs at No...
 
Apinf Open Api Management
Apinf Open Api Management Apinf Open Api Management
Apinf Open Api Management
 
Platform Security that will Last for Decades (Travis Spencer)
Platform Security that will Last for Decades (Travis Spencer)Platform Security that will Last for Decades (Travis Spencer)
Platform Security that will Last for Decades (Travis Spencer)
 
API Creation to Iteration without the Frustration
API Creation to Iteration without the FrustrationAPI Creation to Iteration without the Frustration
API Creation to Iteration without the Frustration
 
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
 
Automotive Grade APIs – designing for longevity
Automotive Grade APIs – designing for longevityAutomotive Grade APIs – designing for longevity
Automotive Grade APIs – designing for longevity
 
Why should i care about hypermedia
Why should i care about hypermediaWhy should i care about hypermedia
Why should i care about hypermedia
 
Distribute and Monetize APIs
Distribute and Monetize APIsDistribute and Monetize APIs
Distribute and Monetize APIs
 

Similar to Lessons Learned from Building Enterprise APIs (Gustaf Nyman)

Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?
Katherine Golovinova
 
Lifecycle Management with SharePoint Apps and Solutions
Lifecycle Management with SharePoint Apps and SolutionsLifecycle Management with SharePoint Apps and Solutions
Lifecycle Management with SharePoint Apps and Solutions
SPC Adriatics
 
Praxistaugliche notes strategien 4 cloud
Praxistaugliche notes strategien 4 cloudPraxistaugliche notes strategien 4 cloud
Praxistaugliche notes strategien 4 cloud
Roman Weber
 
Five Ways to Fix Your SQL Server Dev-Test Problems
Five Ways to Fix Your SQL Server Dev-Test Problems Five Ways to Fix Your SQL Server Dev-Test Problems
Five Ways to Fix Your SQL Server Dev-Test Problems
Catalogic Software
 
Servicedesk plus 8 Overview
Servicedesk plus 8 OverviewServicedesk plus 8 Overview
Servicedesk plus 8 Overview
Netrunner Tecnologia
 
code talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating Systemcode talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating System
Adelina Todeva
 
Key takeaways for SAP PI Integration 2018
Key takeaways for SAP PI Integration 2018Key takeaways for SAP PI Integration 2018
Key takeaways for SAP PI Integration 2018
Daniel Graversen
 
MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021
Ieva Navickaite
 
(ATS6-DEV02) Web Application Strategies
(ATS6-DEV02) Web Application Strategies(ATS6-DEV02) Web Application Strategies
(ATS6-DEV02) Web Application Strategies
BIOVIA
 
Skill_Level_ Strider
Skill_Level_ StriderSkill_Level_ Strider
Skill_Level_ StriderTushar R
 
dtechnClouologyassociatepart2
dtechnClouologyassociatepart2dtechnClouologyassociatepart2
dtechnClouologyassociatepart2
Anne Starr
 
Correlate Log Data with Business Metrics Like a Jedi
Correlate Log Data with Business Metrics Like a JediCorrelate Log Data with Business Metrics Like a Jedi
Correlate Log Data with Business Metrics Like a Jedi
Trevor Parsons
 
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
TechWell
 
API Economy, Realizing the Business Value of APIs
API Economy, Realizing the Business Value of APIsAPI Economy, Realizing the Business Value of APIs
API Economy, Realizing the Business Value of APIs
ColdFusionConference
 
#Techorama belgium 2018 vincent biret deep dive with the #MicrosoftGraph
#Techorama belgium 2018 vincent biret deep dive with the #MicrosoftGraph#Techorama belgium 2018 vincent biret deep dive with the #MicrosoftGraph
#Techorama belgium 2018 vincent biret deep dive with the #MicrosoftGraph
Vincent Biret
 
Identity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationIdentity and Access Lifecycle Automation
Identity and Access Lifecycle Automation
Hitachi ID Systems, Inc.
 
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
Piyush Kumar
 
Our trading infrastructure for next generation trading with quant and automat...
Our trading infrastructure for next generation trading with quant and automat...Our trading infrastructure for next generation trading with quant and automat...
Our trading infrastructure for next generation trading with quant and automat...Bryan Downing
 
SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!
SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!
SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!
Richard Robinson
 

Similar to Lessons Learned from Building Enterprise APIs (Gustaf Nyman) (20)

Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?
 
Lifecycle Management with SharePoint Apps and Solutions
Lifecycle Management with SharePoint Apps and SolutionsLifecycle Management with SharePoint Apps and Solutions
Lifecycle Management with SharePoint Apps and Solutions
 
Praxistaugliche notes strategien 4 cloud
Praxistaugliche notes strategien 4 cloudPraxistaugliche notes strategien 4 cloud
Praxistaugliche notes strategien 4 cloud
 
Five Ways to Fix Your SQL Server Dev-Test Problems
Five Ways to Fix Your SQL Server Dev-Test Problems Five Ways to Fix Your SQL Server Dev-Test Problems
Five Ways to Fix Your SQL Server Dev-Test Problems
 
Servicedesk plus 8 Overview
Servicedesk plus 8 OverviewServicedesk plus 8 Overview
Servicedesk plus 8 Overview
 
code talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating Systemcode talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating System
 
Key takeaways for SAP PI Integration 2018
Key takeaways for SAP PI Integration 2018Key takeaways for SAP PI Integration 2018
Key takeaways for SAP PI Integration 2018
 
MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021
 
(ATS6-DEV02) Web Application Strategies
(ATS6-DEV02) Web Application Strategies(ATS6-DEV02) Web Application Strategies
(ATS6-DEV02) Web Application Strategies
 
Skill_Level_ Strider
Skill_Level_ StriderSkill_Level_ Strider
Skill_Level_ Strider
 
dtechnClouologyassociatepart2
dtechnClouologyassociatepart2dtechnClouologyassociatepart2
dtechnClouologyassociatepart2
 
Correlate Log Data with Business Metrics Like a Jedi
Correlate Log Data with Business Metrics Like a JediCorrelate Log Data with Business Metrics Like a Jedi
Correlate Log Data with Business Metrics Like a Jedi
 
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
 
API Economy, Realizing the Business Value of APIs
API Economy, Realizing the Business Value of APIsAPI Economy, Realizing the Business Value of APIs
API Economy, Realizing the Business Value of APIs
 
#Techorama belgium 2018 vincent biret deep dive with the #MicrosoftGraph
#Techorama belgium 2018 vincent biret deep dive with the #MicrosoftGraph#Techorama belgium 2018 vincent biret deep dive with the #MicrosoftGraph
#Techorama belgium 2018 vincent biret deep dive with the #MicrosoftGraph
 
Identity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationIdentity and Access Lifecycle Automation
Identity and Access Lifecycle Automation
 
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
 
Our trading infrastructure for next generation trading with quant and automat...
Our trading infrastructure for next generation trading with quant and automat...Our trading infrastructure for next generation trading with quant and automat...
Our trading infrastructure for next generation trading with quant and automat...
 
NVReddy
NVReddyNVReddy
NVReddy
 
SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!
SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!
SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!
 

More from Nordic APIs

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
Nordic APIs
 
The Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at ApitureThe Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at Apiture
Nordic APIs
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
Nordic APIs
 
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Nordic APIs
 
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
Nordic APIs
 
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLAPI Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
Nordic APIs
 
API Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, GraylogAPI Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, Graylog
Nordic APIs
 
Productizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, MoseifProductizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, Moseif
Nordic APIs
 
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosSecurely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Nordic APIs
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.io
Nordic APIs
 
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
Nordic APIs
 
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Nordic APIs
 
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Nordic APIs
 
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyEstablish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Nordic APIs
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Nordic APIs
 
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsGoing Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Nordic APIs
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Nordic APIs
 
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerGenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
Nordic APIs
 
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
Nordic APIs
 
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
Nordic APIs
 

More from Nordic APIs (20)

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
 
The Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at ApitureThe Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at Apiture
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
 
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
 
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
 
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLAPI Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
 
API Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, GraylogAPI Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, Graylog
 
Productizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, MoseifProductizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, Moseif
 
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosSecurely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.io
 
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
 
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
 
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
 
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyEstablish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
 
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsGoing Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
 
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerGenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
 
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
 
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
 

Recently uploaded

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 

Recently uploaded (20)

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 

Lessons Learned from Building Enterprise APIs (Gustaf Nyman)

  • 1. Lessons learned from building enterprise APIs Gustaf Nyman Apitek Aktiebolag gustaf.nyman@apitek.se as presented at the Nordic APIs 2016 Platform Summit
  • 2. About Enterprise APIs Enterprises have: • In-house developed systems • Acquired system • External SaaS • Clients as mobiles, tablets etc. Most systems communicate and expose APIs Enterprises has many internal APIs Enterprises has legacy* APIs using old technology
  • 3. You need API management Single point API gateway: • Route message to backend service • Sometimes convert or translate messages • Necessary if using microservice architecture Administration: • Keep track of routing configuration and metadata Monitoring: • Does it work? If not why? • Is it fast enough? Miscellaneous: • Authentication, throttling, signing, validation, archiving etc.
  • 4. API gateway Internal API client Internal API server External API serverExternal API client API gateway Internet Intranet Cloud vnet
  • 5. API gateway Routing of messages to back-end services Protocol translation - to support legacy APIs Keep track of all routing info and metadata • WSDL/XML Schema, Swagger/JSON Schema etc. Logging, monitoring and analytics: • Simplifies monitoring and debugging of connected systems Performance and reliability Admin tool The natural choice for developers and others
  • 6. Real world: Using legacy API Task 2002: Access legacy API (monolith) using modern tech? Legacy API: • Queue based transport • Text based message format (structure and value) • 70 message types
  • 7. Solution legacy API Use XML, XML Schema, SOAP and WSDL. Convert between XML and legacy format using XML Schema Generate WSDL/XML Schema from repository
  • 8. API client Legacy API server XML Schema driven converter XML Schema {getspeakerNordic APIsLesson learned} <getspeaker> <conference>Nordic APIs<conference> <presentation>Lesson learned</presentation> </getspeaker> XML Schema driven converter Queue adapter SOAP/HTTP Text/Queue
  • 9. API gateway Internal API client Legacy API server External API serverExternal API client API Gateway Internet Intranet Converter
  • 10. Real World: Using legacy API Task 2015: Access legacy API using modern tech? Legacy API: • SOAP/HTTP based transport • XML message format described in WSDL/XML Schema Move to modern technology, Microservices?
  • 11. Solution: legacy API Use JSON and Swagger/JSON Schema. Convert between XML and JSON using existing XML Schema Generate Swagger from WSDL using mapping rules
  • 12. Lesson: Use metadata Description of data, message exchange and contracts: • WSDL/XML schema and Swagger/JSON schema Use of metadata: • Validate data and message exchange • Generate stubs for client and server code • Generate documentation, test data, user interfaces • Data format conversion – with certain constraints But remember: • API/contract needs to be the first thing you design • Think before generating from code or tools • Make sure schemas are comprehensible!
  • 13. Real World: B2B communication Swedish insurance business 2002: • Documents on paper communicated through surface mail. Task: Define B2B communication guidelines, a ”standard” Business requirements: • Non repudiation • Confidentiality • Simple to implement on any platform/language
  • 14. Solution: SOAP/WS-Security Use standards, but define how and simplify: • SOAP/HTTPS and WSDL/XML Schema • X509 certificates and WS-Security for signing • X509 client certificates Add what’s missing: • Organization identification header and correlation id • A few standardized message types 10 years later still the natural B2B choice in the Swedish insurance business.
  • 15. Lesson: Simplify and select If you want things to last.. • Do not use ”everything” technologies provide – select the good stuff! • Read the specifications – do not rely only on ready-made toolkits or frameworks. • Remember: Simple things are easier to migrate and adapt to new technology
  • 16. Problem: API failures All APIs will eventually fail… Ongoing task: improve analysis and production debugging support
  • 17. Monitor and log Log types: • Processing logs – what happened? • Data logs – what was the message content at specific point? • Analytics logs – what is the response times and failure rate? Logging subsystem: • Should be always on • Must be high performance and • Must handle large amount of logs • Must correlate and cluster related log data
  • 18. What to log? “Logga lagom”, i.e. log just enough information • Too much and it becomes incomprehensible and unmanageable • Too little and it is useless Use experience and an evolutionary approach: • You debug a difficult problem – improve log to enable easy identification next time • Always strive to enable less experienced personnel to effectively debug using logs
  • 19. Real world: Logging subsystem Always on log system logs to disk – remove after 24 hours On API failure related log files are stored in database Web site to: • Access and view error log data • Automatic classification of errors using patterns • Searching and reading logs on disk • View other logs and system parameters
  • 20. Take care of all your users Your platform should be the natural choice for developers • Cater to their needs. More than developers: • Many more are interested in what you are doing • Many users are not computer savvy – they need simple tools Typical non-technical users: • People responsible for the business • Testers with extensive business skills • Customer service
  • 21. Problem: Old technology If we only redesign our system with… • RPC • CORBA/MTS • SOAP/SOA • REST/HTTP • Event driven • Microservices • [your choice of the next big thing] We will solve all problems and everything will be much better…
  • 22. Everything will be legacy …It is just a matter of time. If redesign is not an option, put legacy APIs behind converters, translators and adapters: • Expose the modern API you prefer Be prepared… • Use standards – avoid vendor specific extensions • Be selective – do not use everything • Simplify …mitigate the consequences of systems turning legacy
  • 23. Summary Use an API gateway Use metadata Simplify and select Monitor and log Prepare for systems turning legacy gustaf.nyman@apitek.se https://www.apitek.se/ Do not miss my talk tomorrow 14.15: Build, Deploy and Test APIs and Microservices with Apitek Prisma