What is Feeding Your Mobile Apps? How to Deliver and Secure Mobile Enabled APIs. Enterprises are building mobile applications for customers, partners, employees, and vendors. Whether the applications are for Apple, Android or Windows powered devices, these applications increasingly need to communicate with enterprise applications, transmit sensitive data and perform business transactions. To enable rich capabilities for mobile applications, the backend APIs supporting these applications must be delivered in a secured and scalable manner. In this session we will discuss how to deliver mobile enabled APIs for enterprise applications in a way that is secure, scalable and manageable. Ed King, Vice President of Product Marketing- Vordel

1. What Is Feeding Your Mobile Apps?
How
to
Deliver
and
Secure
Mobile
Enabled
APIs
Ed
King
Vice
President,
Product
Marke>ng
Vordel

2. APIs Power Mobile Applications
2

3. Which Type of API Do You Have?
Consumer APIs Enterprise APIs
§ Social media, content delivery, § Business or consumer transactions
shopping, public service § Transmit sensitive data
§ Do not transmit sensitive data § Covered by compliance mandates
§ User has data ownership § Contract-binding quality obligations
§ No service quality obligations § National security or public safety
§ Commodity, low switching cost implications
§ No/low barrier for access § Authorized access only
§ Differentiate on ease of adoption § Strong security & audit
§ Minimal security & audit § Meet compliance requirements
§ Minimal integrations § Support existing systems,
§ Business usage statistics processes, & integration
§ Operational support
3

4. All-In-One Consumer API Portal
Developers Applications API Owners
§ Simple solution for limited
consumer APIs distribution
API
Self-Service
§ Business ownership without
Configuration
much IT support
Application
Documentation
Registration
Forum & § 24x7 self-service without
Credentials
Community internal process
API Proxy Business
dependencies
Lite Transformation Reporting
§ Good standard user
experience out-of-the-box
Own APIs 3rd-Party APIs
4

5. Two-Tier Enterprise API Delivery Platform
Partners API Owners Applications
§ Leverage existing systems,
processes, & relationships
Partner Internal § Support multiple portals
Developer Developer
Portal Portal
from a single infrastructure
§ Convert backend interfaces
into usable external APIs
API Gateway
§ Meet enterprise security,
compliance, & operational
requirements
Own APIs 3rd-Party APIs
5

6. API Aggregation
§ Aggregate APIs across
multiple sources
§ Virtualize & create branded
APIs
§ Simplify adoption of APIs
6

7. API Orchestration
§ Mash-up APIs to create
differentiated services
§ Leverage third-party APIs,
i.e. GoogleMaps, Twitter,
FedEx Tracking
§ Make use of existing B2B
and A2A web services
7

8. API Transformation
§ Transform enterprise
application’s legacy
interfaces to REST /
JSON / OAuth
§ Leverage decade of
Service Oriented
Architecture (SOA)
investment
§ Keep up with the evolution
of mobile & web API
technologies
8

9. API Security
§ Secure communication
channel with signing &
encryption
§ Protect against API &
device vulnerabilities, poor
mobile app design
§ Monitor & prevent data
leakage
9

10. API Authentication & Authorization
§ Extend identity
management platforms to
handle user, application, &
device level authentications
§ Enable “Bring-Your-Own-
Identity” customers with
federation
§ Leverage pre-built
integrations with leading
identity management
platforms & identity provider
services
10

11. API Traffic Control
§ Set quota & meter usage,
route traffic & APIs
§ Uphold service quality &
offer different service levels
§ Protect against “friendly
fire” & “noisy neighbor”
problems
11

12. API Monitoring & Audit
§ Audit end-to-end
transactions
§ Provide audit trail for
compliance, billing, &
service audit
§ Analyze API usage
statistics
12

13. Business Process Integration
§ Integrate with partner on-
boarding, billing, & other
business processes
§ Integrate with sales &
marketing automation,
CRM, ERP, commerce, &
logistics systems
§ Manage APIs as products &
channels
13

14. API Gateway Capabilities
External Virtualized Transformed Aggregated Mash-up
APIs
API Gateway
Traffic Management Security
• Request & response routing • API key & certificate mgmt.
• Throttling & metering • OAuth & SAML federation
• Quota management • Auth’N, auth’Z, & audit
• SLA management • Content firewalling
• Caching
Service Mediation Reporting & Monitoring
• External API virtualization • Transaction logging
• Protocol translation • Service statistics reporting
• Data transformation • SLA monitoring & alerting
• Data redaction & enrichment • Real-time monitoring
Internal
APIs,
Services,
Interfaces
14

15. Linking Applications,
Users, Devices
Hall F, Booth 5343
Win an iPad!
ed.king@vordel.com
www.vordel.com
twitter.com/vordel