SlideShare a Scribd company logo

Z101666 best practices for delivering hybrid cloud capability with apis

Download as PPTX, PDF
Teodoro Cipresso
Teodoro Cipresso

Best practices for API development, devops, and IMS security with z/OS Connect.

Software
1 of 33
2018 IBM Systems Technical University May 14-18, 2018 London, UK z101666: Best Practices for Delivering Hybrid Cloud Capability with APIs — Teodoro Cipresso z/OS Connect EE API toolkit Lead Haley Fung IBM IMS Offering Manager
2IBM IMS / May 9, 2018 / © 2018 IBM Corporation Introductions Haley Fung IMS Offering Manager Ted Cipresso z/OS Connect EE API toolkit lead
Please note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice and at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. Replace the footer with text from the PPT-Updater. Instructions are included in that file. 3
Please complete the session survey! 4Replace the footer with text from the PPT-Updater. Instructions are included in that file.
© 2018 IBM Corporation Best Practices for API and Service Development IBM z/OS Connect Enterprise Edition Teodoro Cipresso z/OS Connect EE API toolkit Lead cipresso@us.ibm.com
What process should I adopt for developing APIs and services? 6 © 2018 IBM Corporation
Service Development with API toolkit 7 Test service Check service project into SCM/VCS Design interfaces & specify properties “Right click” Deploy service project to dev server Service Developer Service exists? Create new service project Check out service project from SCM/VCS Workflow for a z/OS Connect service developer DevOps with z/OS Connect SARs Service projects Yes No
8 Test API operation Check API project into SCM/VCS Design and implement API operation “Right click” Deploy API project to Dev server API Developer API exists ? Create new API project Check out API project from SCM/VCS Yes No Download or Check out SARs to import API Development with API toolkit Workflow for a z/OS Connect EE API developer DevOps with z/OS Connect AARs API projects
z/OS Connect EE 9 Automate the development and deployment of services, APIs, and API requesters for continuous integration and delivery. • The build toolkit supports the generation of service archives and API archives from projects created in the z/OS Connect EE API toolkit • The build toolkit also supports the use of properties files to generate API requester archives • Run the build toolkit from a build script to generate these archive files • Deploy them to z/OS Connect servers by copying them to their dropins folders or by using the REST Admin API ibm.biz/zosconnect-devops DevOps using z/OS Connect EE © 2018 IBM Corporation
z/OS Connect EE 10ibm.biz/zosconnect-devops DevOps Pipeline using z/OS Connect EE © 2018 IBM Corporation
z/OS Connect EE 11ibm.biz/zosconnect-devops DevOps Pipeline using z/OS Connect EE Example pipeline technologies © 2018 IBM Corporation
What options do I have for versioning APIs? 12
Sampling API Versioning Articles 13 Same or similar strategies, but no consensus on which one to use RESTful API Versioning Insights https://blog.restcase.com/restful-api-versioning-insights Your API versioning is wrong, […] I decided to do it 3 different wrong ways https://www.troyhunt.com/your-api-versioning-is-wrong-which-is Introduction to API Versioning Best Practices https://nordicapis.com/introduction-to-api-versioning-best-practices RESTful API Versioning Best Practices: Why v1 is #1 https://www.sparkpost.com/blog/api-versioning-best-practices Versioning a REST API http://www.baeldung.com/rest-versioning REST API Versioning - Is There a Right Answer? https://dzone.com/articles/rest-api-versioning-is-there-a-right-answer Interesting point of view that it might be possible to be V1 forever…
Options for Versioning APIs 14 Discuss some versioning options from the literature Augment JSON API Accept Header Accept: application/vnd.bankapi.v20+json Use a query parameter https://host:port/bankapi/account?version=2.0 Specify the version in the URL https://host:port/bankapi/v20/account Doesn’t break existing clients, easy to use, but has a URI footprint. Honorable mention: Domain versioning…(v2.host:port) Use a custom request header X-API-Version: 2.0 Preserves the URI across versions of the API, but has low affordance (not obvious). JSON:API is a spec for formatting JSON responses. This takes liberty of the spec. Not clear what is being versioned here. The overall API or the account resource?
How can I verify that my API design is RESTful? 15
API Design Checklist 16 Quick and simple API design validation points URIs should resolve to a resource, sub resource or collection POST /api/customers, /api/customers/{cid}/orders POST /api/createCustomer, /api/createOrder?cid Provide ways to limit the amount of data returned GET /api/customers?limit, /api/customers/{cid}/orders?limit GET /api/customers, /api/customers/orders
API Design Checklist 17 Quick and simple API design validation points Allow for filtering and pagination of data GET /api/customers/{cid}/orders?offset&limit GET /api/customers/orders DELETE /api/customers/{cid}, /api/customers/{cid}/orders/{oid} DELETE /api/customers, /api/customers/orders Try to avoid DELETE with collections
API Design Checklist 18 Quick and simple API design validation points If possible, wait to version your API until after V1 https://../bankapi/../, https://../bankapi/v2/../ https://../bankapi/v1/../ Do not version resources, only version the API https://../api/v2/customers/{cid}/orders https://../api/v2/customers/{cid}/v1.1/orders
© 2018 IBM Corporation Configuring z/OS Connect for IMS IBM z/OS Connect Enterprise Edition Haley Fung IMS Offering Manager hfung@us.ibm.com
How can I configure z/OS Connect and IMS to meet my security audit requirements? 20
z/OS Connect Security 21 Encryption • TLS/SSL Authentication • Basic • client certificates • 3rd party authentication Authorization • API and Services Role and group access ID propagation • Propagate ID to the backend subsystem. For example, • IMS Connect authentication • IMS transaction authorization
Authentication Third-Party AuthenticationBasic Authentication Client Certificate Server prompts for ID/PW Client supplies ID/PW Server checks registry:  Basic (server.xml)  LDAP  SAF REST Client z/OS Connect EE ID/PW Okay! REST Client z/OS Connect EE Okay! TLS Client Cert Could be a trusted server Server prompts for cert. Client supplies certificate Server validates cert and maps to an identity Trusted Server z/OS Connect EE Token (JWT, LTPA, other) REST Client 3rd Party ID/PW Auth Okay = 'FRED' Identity Mapping Client authenticates to 3rd party sever Client receives a trusted 3rd party token Token flows to Liberty z/OS across trusted connection and is mapped to an identity
End-to-End Security and ID propagation Considerations 23 Internet Banking Customer Internal User RACF User ID / password Internet Banking Secure Gateway Customer IMS Connect IMS z/OS Connect z/OS Internet User ID / password z/OS Connect Authentication ? IMS Connect Authentication ? IMS Authorization ?
Scenario #1 – Shared ID with IMS Connect RACF=Y Connection Profile UserID, Pwd SID SPWD zCEE HTTPS Already authenticated CID IMS Connect AT-TLS TCP/IP RACF = Y SID SPWD RACF Authentication SID SPWD IMS Authorization SID SID SID SPWD = A Shared User ID/Password specified in the connection profile CID CPWD = User ID/Password of the originating client RID = RACF Mapped ID (No Password) Client Secure Gateway Authenticate
Scenario #2 – Client ID and IMS Connect RACF = N CID CPWD = User ID, Password of the originating client IMS CID Authorization CID RACF CID (No CPWD) Authentication CID CPWD IMS Connect AT-TLS TCP/IP RACF = N CID (No Authentication) Connection Profile UserID, Pwd (No AuthData) Best for POC zCEE HTTPS CID CPWDClient
Scenario #3 – Client ID and IMS Connect RACF = Y 26 IMS RID Authorization RID RACF Authentication CID CPWD ID Mapping CID -> RACF ID RID CID CPWD = User ID, Password of the originating client RID = RACF Mapped ID Connection Profile UserID, Pwd (No Authdata) IMS Connect AT-TLS TCP/IP RACF = Y RID Required: Modify HWSJAVA0 to check if incoming request is from zCEE and set TrustedUser flag to True to bypass authentication Authentication (Bypass Authentication for zCEE request) zCEE HTTPS CID CPWDClient
Scenario #4 – Future Requirement – Client UToken 27 IMS UTOKEN Authorization UTOKEN UTOKEN (Sync-to-OS-Thread) CID -> UTOKEN RACF Authentication CID CPWD CID CID CPWD = User ID, Password of the originating client RID = RACF Mapped ID (No Password) UTOKEN = Identity of originating client Connection Profile UserID, Pwd (No Auth data) IMS Connect AT-TLS TCP/IP RACF = Y UTOKEN Optional: Modify the HWSJAVA0 to set Trusted User Flag to True to bypass RACF check. Otherwise, IMS Connect will authenticate UTOKEN Authentication (Optionally bypass if Trusted User flag = True) zCEE HTTPS CID CPWDClient
Scenario #5 – Future Requirement – Client User ID/Pwd + RACF=Y 28 Client UserID, Pwd CID CPWD IMS CID Authorization CID CID CPWD = User ID, Password of the originating client RID = RACF Mapped ID (No Password) Connection Profile UserID, Pwd (No Authdata) IMS Connect AT-TLS TCP/IP RACF = Y CID CPWD RACF Authentication CID CPWD Authentication CID CPWD ID Mapping CID -> RID RID RACF zCEE HTTPS CID CPWDClient
How can I configure z/OS Connect and IMS to handle the API workload? 29
High Availability 30
High Availability with IMS 31 SysplexDistributor IMS Connect IMS Connect IMS IMS
Thank you 32 Teodoro Cipresso z/OS Connect EE API toolkit Lead cipresso@us.ibm.com Haley Fung IBM IMS Offering Manager hfung@us.ibm.com
33

Recommended

Make Your API Catalog Essential with z/OS Connect EE
Make Your API Catalog Essential with z/OS Connect EEMake Your API Catalog Essential with z/OS Connect EE
Make Your API Catalog Essential with z/OS Connect EETeodoro Cipresso
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On WSO2
 
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileAPIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileHitachi, Ltd. OSS Solution Center.
 
ESM Service Layer Developers Guide for ESM 6.8c
ESM Service Layer Developers Guide for ESM 6.8cESM Service Layer Developers Guide for ESM 6.8c
ESM Service Layer Developers Guide for ESM 6.8cProtect724gopi
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
Surendra_Resume
Surendra_ResumeSurendra_Resume
Surendra_Resumesurendra p
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
 
Resume
ResumeResume
ResumeAnup Kumar Shrivastaw
 

Recommended

Make Your API Catalog Essential with z/OS Connect EE
Make Your API Catalog Essential with z/OS Connect EEMake Your API Catalog Essential with z/OS Connect EE
Make Your API Catalog Essential with z/OS Connect EETeodoro Cipresso
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On WSO2
 
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileAPIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileHitachi, Ltd. OSS Solution Center.
 
ESM Service Layer Developers Guide for ESM 6.8c
ESM Service Layer Developers Guide for ESM 6.8cESM Service Layer Developers Guide for ESM 6.8c
ESM Service Layer Developers Guide for ESM 6.8cProtect724gopi
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
Surendra_Resume
Surendra_ResumeSurendra_Resume
Surendra_Resumesurendra p
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
 
Resume
ResumeResume
ResumeAnup Kumar Shrivastaw
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OpenIDFoundation
 
Portlet applications a multi server deployment perspective by mohit kumar(p...
Portlet applications a multi server deployment perspective by mohit kumar(p...Portlet applications a multi server deployment perspective by mohit kumar(p...
Portlet applications a multi server deployment perspective by mohit kumar(p...Mohit Kumar
 
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsAdventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsPriyanka Aash
 
Resume
ResumeResume
ResumeAkash Azad Shrivastav
 
Abdul_Kareem_Resume
Abdul_Kareem_ResumeAbdul_Kareem_Resume
Abdul_Kareem_ResumeAbdul Kareem
 
EnterpriseView 2.0 REST API Developer's Guide
EnterpriseView 2.0 REST API Developer's GuideEnterpriseView 2.0 REST API Developer's Guide
EnterpriseView 2.0 REST API Developer's GuideProtect724gopi
 
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...DevOps for Enterprise Systems
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Taking Control of Your Future: Own Your Service Platforms
Taking Control of Your Future: Own Your Service PlatformsTaking Control of Your Future: Own Your Service Platforms
Taking Control of Your Future: Own Your Service PlatformsAlan Quayle
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Cordova Mobile Application Developer Certification
Cordova Mobile Application Developer CertificationCordova Mobile Application Developer Certification
Cordova Mobile Application Developer CertificationVskills
 
Deploying Enterprise Cordova Windows Phone Apps
Deploying Enterprise Cordova Windows Phone AppsDeploying Enterprise Cordova Windows Phone Apps
Deploying Enterprise Cordova Windows Phone AppsAdam Birr
 
AT&T Enhanced WebRTC API Overview
AT&T Enhanced WebRTC API OverviewAT&T Enhanced WebRTC API Overview
AT&T Enhanced WebRTC API OverviewAT&T Developer Program
 
Shrikant Bhongade - Dot Net Resume
Shrikant Bhongade - Dot Net ResumeShrikant Bhongade - Dot Net Resume
Shrikant Bhongade - Dot Net ResumeShrikant Bhongade
 
WEB API Gateway
WEB API GatewayWEB API Gateway
WEB API GatewayKumaresh Chandra Baruri
 
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...Vidyasagar Machupalli
 
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...DevOps for Enterprise Systems
 
Revolutionize the API Economy with IBM WebSphere Connect
Revolutionize the API Economy with IBM WebSphere ConnectRevolutionize the API Economy with IBM WebSphere Connect
Revolutionize the API Economy with IBM WebSphere ConnectArthur De Magalhaes
 
What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019IBM DataPower Gateway
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 

More Related Content

What's hot

OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OpenIDFoundation
 
Portlet applications a multi server deployment perspective by mohit kumar(p...
Portlet applications a multi server deployment perspective by mohit kumar(p...Portlet applications a multi server deployment perspective by mohit kumar(p...
Portlet applications a multi server deployment perspective by mohit kumar(p...Mohit Kumar
 
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsAdventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsPriyanka Aash
 
Abdul_Kareem_Resume
Abdul_Kareem_ResumeAbdul_Kareem_Resume
Abdul_Kareem_ResumeAbdul Kareem
 
EnterpriseView 2.0 REST API Developer's Guide
EnterpriseView 2.0 REST API Developer's GuideEnterpriseView 2.0 REST API Developer's Guide
EnterpriseView 2.0 REST API Developer's GuideProtect724gopi
 
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...DevOps for Enterprise Systems
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Taking Control of Your Future: Own Your Service Platforms
Taking Control of Your Future: Own Your Service PlatformsTaking Control of Your Future: Own Your Service Platforms
Taking Control of Your Future: Own Your Service PlatformsAlan Quayle
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Cordova Mobile Application Developer Certification
Cordova Mobile Application Developer CertificationCordova Mobile Application Developer Certification
Cordova Mobile Application Developer CertificationVskills
 
Deploying Enterprise Cordova Windows Phone Apps
Deploying Enterprise Cordova Windows Phone AppsDeploying Enterprise Cordova Windows Phone Apps
Deploying Enterprise Cordova Windows Phone AppsAdam Birr
 
Shrikant Bhongade - Dot Net Resume
Shrikant Bhongade - Dot Net ResumeShrikant Bhongade - Dot Net Resume
Shrikant Bhongade - Dot Net ResumeShrikant Bhongade
 
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...Vidyasagar Machupalli
 

What's hot (16)

OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
 
Portlet applications a multi server deployment perspective by mohit kumar(p...
Portlet applications a multi server deployment perspective by mohit kumar(p...Portlet applications a multi server deployment perspective by mohit kumar(p...
Portlet applications a multi server deployment perspective by mohit kumar(p...
 
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsAdventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
 
Resume
ResumeResume
Resume
 
Abdul_Kareem_Resume
Abdul_Kareem_ResumeAbdul_Kareem_Resume
Abdul_Kareem_Resume
 
EnterpriseView 2.0 REST API Developer's Guide
EnterpriseView 2.0 REST API Developer's GuideEnterpriseView 2.0 REST API Developer's Guide
EnterpriseView 2.0 REST API Developer's Guide
 
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
Taking Control of Your Future: Own Your Service Platforms
Taking Control of Your Future: Own Your Service PlatformsTaking Control of Your Future: Own Your Service Platforms
Taking Control of Your Future: Own Your Service Platforms
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Cordova Mobile Application Developer Certification
Cordova Mobile Application Developer CertificationCordova Mobile Application Developer Certification
Cordova Mobile Application Developer Certification
 
Deploying Enterprise Cordova Windows Phone Apps
Deploying Enterprise Cordova Windows Phone AppsDeploying Enterprise Cordova Windows Phone Apps
Deploying Enterprise Cordova Windows Phone Apps
 
AT&T Enhanced WebRTC API Overview
AT&T Enhanced WebRTC API OverviewAT&T Enhanced WebRTC API Overview
AT&T Enhanced WebRTC API Overview
 
Shrikant Bhongade - Dot Net Resume
Shrikant Bhongade - Dot Net ResumeShrikant Bhongade - Dot Net Resume
Shrikant Bhongade - Dot Net Resume
 
WEB API Gateway
WEB API GatewayWEB API Gateway
WEB API Gateway
 
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
 

Similar to Z101666 best practices for delivering hybrid cloud capability with apis

IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...DevOps for Enterprise Systems
 
Revolutionize the API Economy with IBM WebSphere Connect
Revolutionize the API Economy with IBM WebSphere ConnectRevolutionize the API Economy with IBM WebSphere Connect
Revolutionize the API Economy with IBM WebSphere ConnectArthur De Magalhaes
 
What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019IBM DataPower Gateway
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 
18 facets of the OpenAPI specification - Cisco Live US 2023
18 facets of the OpenAPI specification - Cisco Live US 202318 facets of the OpenAPI specification - Cisco Live US 2023
18 facets of the OpenAPI specification - Cisco Live US 2023Cisco DevNet
 
Progetta, crea e gestisci Modern Application per web e mobile su AWS
Progetta, crea e gestisci Modern Application per web e mobile su AWSProgetta, crea e gestisci Modern Application per web e mobile su AWS
Progetta, crea e gestisci Modern Application per web e mobile su AWSAmazon Web Services
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6Jack Carnes
 
RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminar RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminarcontest-theta360
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?LaunchAny
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceKasun Indrasiri
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsTom Johnson
 
Deep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupDeep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupNeerajKumar1965
 
IBM API management Philip Little
IBM API management Philip LittleIBM API management Philip Little
IBM API management Philip LittleValeri Illescas
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
OpenWhisk Introduction
OpenWhisk IntroductionOpenWhisk Introduction
OpenWhisk IntroductionIoana Baldini
 
WebSphere sMash June Product Review
WebSphere sMash June Product ReviewWebSphere sMash June Product Review
WebSphere sMash June Product ReviewProject Zero
 

Similar to Z101666 best practices for delivering hybrid cloud capability with apis (20)

IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
 
Revolutionize the API Economy with IBM WebSphere Connect
Revolutionize the API Economy with IBM WebSphere ConnectRevolutionize the API Economy with IBM WebSphere Connect
Revolutionize the API Economy with IBM WebSphere Connect
 
What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei server
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
18 facets of the OpenAPI specification - Cisco Live US 2023
18 facets of the OpenAPI specification - Cisco Live US 202318 facets of the OpenAPI specification - Cisco Live US 2023
18 facets of the OpenAPI specification - Cisco Live US 2023
 
Progetta, crea e gestisci Modern Application per web e mobile su AWS
Progetta, crea e gestisci Modern Application per web e mobile su AWSProgetta, crea e gestisci Modern Application per web e mobile su AWS
Progetta, crea e gestisci Modern Application per web e mobile su AWS
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6
 
RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminar RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminar
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
 
GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIs
 
Deep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupDeep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up Group
 
IBM API management Philip Little
IBM API management Philip LittleIBM API management Philip Little
IBM API management Philip Little
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
OpenWhisk Introduction
OpenWhisk IntroductionOpenWhisk Introduction
OpenWhisk Introduction
 
WebSphere sMash June Product Review
WebSphere sMash June Product ReviewWebSphere sMash June Product Review
WebSphere sMash June Product Review
 

More from Teodoro Cipresso

Why z/OS is a great platform for developing and hosting APIs
Why z/OS is a great platform for developing and hosting APIsWhy z/OS is a great platform for developing and hosting APIs
Why z/OS is a great platform for developing and hosting APIsTeodoro Cipresso
 
Why z/OS is a Great Platform for Developing and Hosting APIs
Why z/OS is a Great Platform for Developing and Hosting APIsWhy z/OS is a Great Platform for Developing and Hosting APIs
Why z/OS is a Great Platform for Developing and Hosting APIsTeodoro Cipresso
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
Reengineering and Reuse of Legacy Software
Reengineering and Reuse of Legacy SoftwareReengineering and Reuse of Legacy Software
Reengineering and Reuse of Legacy SoftwareTeodoro Cipresso
 
Applying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine CodeApplying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine CodeTeodoro Cipresso
 
Reversing and Patching Machine Code
Reversing and Patching Machine CodeReversing and Patching Machine Code
Reversing and Patching Machine CodeTeodoro Cipresso
 
Applying Anti-Reversing Techniques to Java Bytecode
Applying Anti-Reversing Techniques to Java BytecodeApplying Anti-Reversing Techniques to Java Bytecode
Applying Anti-Reversing Techniques to Java BytecodeTeodoro Cipresso
 
Reversing and Patching Java Bytecode
Reversing and Patching Java BytecodeReversing and Patching Java Bytecode
Reversing and Patching Java BytecodeTeodoro Cipresso
 
Introduction to Software Reverse Engineering
Introduction to Software Reverse EngineeringIntroduction to Software Reverse Engineering
Introduction to Software Reverse EngineeringTeodoro Cipresso
 
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...Teodoro Cipresso
 

More from Teodoro Cipresso (10)

Why z/OS is a great platform for developing and hosting APIs
Why z/OS is a great platform for developing and hosting APIsWhy z/OS is a great platform for developing and hosting APIs
Why z/OS is a great platform for developing and hosting APIs
 
Why z/OS is a Great Platform for Developing and Hosting APIs
Why z/OS is a Great Platform for Developing and Hosting APIsWhy z/OS is a Great Platform for Developing and Hosting APIs
Why z/OS is a Great Platform for Developing and Hosting APIs
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
 
Reengineering and Reuse of Legacy Software
Reengineering and Reuse of Legacy SoftwareReengineering and Reuse of Legacy Software
Reengineering and Reuse of Legacy Software
 
Applying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine CodeApplying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine Code
 
Reversing and Patching Machine Code
Reversing and Patching Machine CodeReversing and Patching Machine Code
Reversing and Patching Machine Code
 
Applying Anti-Reversing Techniques to Java Bytecode
Applying Anti-Reversing Techniques to Java BytecodeApplying Anti-Reversing Techniques to Java Bytecode
Applying Anti-Reversing Techniques to Java Bytecode
 
Reversing and Patching Java Bytecode
Reversing and Patching Java BytecodeReversing and Patching Java Bytecode
Reversing and Patching Java Bytecode
 
Introduction to Software Reverse Engineering
Introduction to Software Reverse EngineeringIntroduction to Software Reverse Engineering
Introduction to Software Reverse Engineering
 
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
 

Recently uploaded

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 

Recently uploaded (20)

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 

Z101666 best practices for delivering hybrid cloud capability with apis

  • 1. 2018 IBM Systems Technical University May 14-18, 2018 London, UK z101666: Best Practices for Delivering Hybrid Cloud Capability with APIs — Teodoro Cipresso z/OS Connect EE API toolkit Lead Haley Fung IBM IMS Offering Manager
  • 2. 2IBM IMS / May 9, 2018 / © 2018 IBM Corporation Introductions Haley Fung IMS Offering Manager Ted Cipresso z/OS Connect EE API toolkit lead
  • 3. Please note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice and at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. Replace the footer with text from the PPT-Updater. Instructions are included in that file. 3
  • 4. Please complete the session survey! 4Replace the footer with text from the PPT-Updater. Instructions are included in that file.
  • 5. © 2018 IBM Corporation Best Practices for API and Service Development IBM z/OS Connect Enterprise Edition Teodoro Cipresso z/OS Connect EE API toolkit Lead cipresso@us.ibm.com
  • 6. What process should I adopt for developing APIs and services? 6 © 2018 IBM Corporation
  • 7. Service Development with API toolkit 7 Test service Check service project into SCM/VCS Design interfaces & specify properties “Right click” Deploy service project to dev server Service Developer Service exists? Create new service project Check out service project from SCM/VCS Workflow for a z/OS Connect service developer DevOps with z/OS Connect SARs Service projects Yes No
  • 8. 8 Test API operation Check API project into SCM/VCS Design and implement API operation “Right click” Deploy API project to Dev server API Developer API exists ? Create new API project Check out API project from SCM/VCS Yes No Download or Check out SARs to import API Development with API toolkit Workflow for a z/OS Connect EE API developer DevOps with z/OS Connect AARs API projects
  • 9. z/OS Connect EE 9 Automate the development and deployment of services, APIs, and API requesters for continuous integration and delivery. • The build toolkit supports the generation of service archives and API archives from projects created in the z/OS Connect EE API toolkit • The build toolkit also supports the use of properties files to generate API requester archives • Run the build toolkit from a build script to generate these archive files • Deploy them to z/OS Connect servers by copying them to their dropins folders or by using the REST Admin API ibm.biz/zosconnect-devops DevOps using z/OS Connect EE © 2018 IBM Corporation
  • 10. z/OS Connect EE 10ibm.biz/zosconnect-devops DevOps Pipeline using z/OS Connect EE © 2018 IBM Corporation
  • 11. z/OS Connect EE 11ibm.biz/zosconnect-devops DevOps Pipeline using z/OS Connect EE Example pipeline technologies © 2018 IBM Corporation
  • 12. What options do I have for versioning APIs? 12
  • 13. Sampling API Versioning Articles 13 Same or similar strategies, but no consensus on which one to use RESTful API Versioning Insights https://blog.restcase.com/restful-api-versioning-insights Your API versioning is wrong, […] I decided to do it 3 different wrong ways https://www.troyhunt.com/your-api-versioning-is-wrong-which-is Introduction to API Versioning Best Practices https://nordicapis.com/introduction-to-api-versioning-best-practices RESTful API Versioning Best Practices: Why v1 is #1 https://www.sparkpost.com/blog/api-versioning-best-practices Versioning a REST API http://www.baeldung.com/rest-versioning REST API Versioning - Is There a Right Answer? https://dzone.com/articles/rest-api-versioning-is-there-a-right-answer Interesting point of view that it might be possible to be V1 forever…
  • 14. Options for Versioning APIs 14 Discuss some versioning options from the literature Augment JSON API Accept Header Accept: application/vnd.bankapi.v20+json Use a query parameter https://host:port/bankapi/account?version=2.0 Specify the version in the URL https://host:port/bankapi/v20/account Doesn’t break existing clients, easy to use, but has a URI footprint. Honorable mention: Domain versioning…(v2.host:port) Use a custom request header X-API-Version: 2.0 Preserves the URI across versions of the API, but has low affordance (not obvious). JSON:API is a spec for formatting JSON responses. This takes liberty of the spec. Not clear what is being versioned here. The overall API or the account resource?
  • 15. How can I verify that my API design is RESTful? 15
  • 16. API Design Checklist 16 Quick and simple API design validation points URIs should resolve to a resource, sub resource or collection POST /api/customers, /api/customers/{cid}/orders POST /api/createCustomer, /api/createOrder?cid Provide ways to limit the amount of data returned GET /api/customers?limit, /api/customers/{cid}/orders?limit GET /api/customers, /api/customers/orders
  • 17. API Design Checklist 17 Quick and simple API design validation points Allow for filtering and pagination of data GET /api/customers/{cid}/orders?offset&limit GET /api/customers/orders DELETE /api/customers/{cid}, /api/customers/{cid}/orders/{oid} DELETE /api/customers, /api/customers/orders Try to avoid DELETE with collections
  • 18. API Design Checklist 18 Quick and simple API design validation points If possible, wait to version your API until after V1 https://../bankapi/../, https://../bankapi/v2/../ https://../bankapi/v1/../ Do not version resources, only version the API https://../api/v2/customers/{cid}/orders https://../api/v2/customers/{cid}/v1.1/orders
  • 19. © 2018 IBM Corporation Configuring z/OS Connect for IMS IBM z/OS Connect Enterprise Edition Haley Fung IMS Offering Manager hfung@us.ibm.com
  • 20. How can I configure z/OS Connect and IMS to meet my security audit requirements? 20
  • 21. z/OS Connect Security 21 Encryption • TLS/SSL Authentication • Basic • client certificates • 3rd party authentication Authorization • API and Services Role and group access ID propagation • Propagate ID to the backend subsystem. For example, • IMS Connect authentication • IMS transaction authorization
  • 22. Authentication Third-Party AuthenticationBasic Authentication Client Certificate Server prompts for ID/PW Client supplies ID/PW Server checks registry:  Basic (server.xml)  LDAP  SAF REST Client z/OS Connect EE ID/PW Okay! REST Client z/OS Connect EE Okay! TLS Client Cert Could be a trusted server Server prompts for cert. Client supplies certificate Server validates cert and maps to an identity Trusted Server z/OS Connect EE Token (JWT, LTPA, other) REST Client 3rd Party ID/PW Auth Okay = 'FRED' Identity Mapping Client authenticates to 3rd party sever Client receives a trusted 3rd party token Token flows to Liberty z/OS across trusted connection and is mapped to an identity
  • 23. End-to-End Security and ID propagation Considerations 23 Internet Banking Customer Internal User RACF User ID / password Internet Banking Secure Gateway Customer IMS Connect IMS z/OS Connect z/OS Internet User ID / password z/OS Connect Authentication ? IMS Connect Authentication ? IMS Authorization ?
  • 24. Scenario #1 – Shared ID with IMS Connect RACF=Y Connection Profile UserID, Pwd SID SPWD zCEE HTTPS Already authenticated CID IMS Connect AT-TLS TCP/IP RACF = Y SID SPWD RACF Authentication SID SPWD IMS Authorization SID SID SID SPWD = A Shared User ID/Password specified in the connection profile CID CPWD = User ID/Password of the originating client RID = RACF Mapped ID (No Password) Client Secure Gateway Authenticate
  • 25. Scenario #2 – Client ID and IMS Connect RACF = N CID CPWD = User ID, Password of the originating client IMS CID Authorization CID RACF CID (No CPWD) Authentication CID CPWD IMS Connect AT-TLS TCP/IP RACF = N CID (No Authentication) Connection Profile UserID, Pwd (No AuthData) Best for POC zCEE HTTPS CID CPWDClient
  • 26. Scenario #3 – Client ID and IMS Connect RACF = Y 26 IMS RID Authorization RID RACF Authentication CID CPWD ID Mapping CID -> RACF ID RID CID CPWD = User ID, Password of the originating client RID = RACF Mapped ID Connection Profile UserID, Pwd (No Authdata) IMS Connect AT-TLS TCP/IP RACF = Y RID Required: Modify HWSJAVA0 to check if incoming request is from zCEE and set TrustedUser flag to True to bypass authentication Authentication (Bypass Authentication for zCEE request) zCEE HTTPS CID CPWDClient
  • 27. Scenario #4 – Future Requirement – Client UToken 27 IMS UTOKEN Authorization UTOKEN UTOKEN (Sync-to-OS-Thread) CID -> UTOKEN RACF Authentication CID CPWD CID CID CPWD = User ID, Password of the originating client RID = RACF Mapped ID (No Password) UTOKEN = Identity of originating client Connection Profile UserID, Pwd (No Auth data) IMS Connect AT-TLS TCP/IP RACF = Y UTOKEN Optional: Modify the HWSJAVA0 to set Trusted User Flag to True to bypass RACF check. Otherwise, IMS Connect will authenticate UTOKEN Authentication (Optionally bypass if Trusted User flag = True) zCEE HTTPS CID CPWDClient
  • 28. Scenario #5 – Future Requirement – Client User ID/Pwd + RACF=Y 28 Client UserID, Pwd CID CPWD IMS CID Authorization CID CID CPWD = User ID, Password of the originating client RID = RACF Mapped ID (No Password) Connection Profile UserID, Pwd (No Authdata) IMS Connect AT-TLS TCP/IP RACF = Y CID CPWD RACF Authentication CID CPWD Authentication CID CPWD ID Mapping CID -> RID RID RACF zCEE HTTPS CID CPWDClient
  • 29. How can I configure z/OS Connect and IMS to handle the API workload? 29
  • 31. High Availability with IMS 31 SysplexDistributor IMS Connect IMS Connect IMS IMS
  • 32. Thank you 32 Teodoro Cipresso z/OS Connect EE API toolkit Lead cipresso@us.ibm.com Haley Fung IBM IMS Offering Manager hfung@us.ibm.com
  • 33. 33

Editor's Notes

  1. Presenter Guidance: Add your photo on the left and your moderator’s photo on the right; as part of your opening statements, tell the attendees.....TBD
  2. This presentation covers: A recap of REST and the Swagger (Open API) specification How z/OS Connect EE enables you to expose z/OS assets as RESTful APIs An overview of installing z/OS Connect EE An overview of how to configure z/OS Connect EE for each supported subsystem (CICS, IMS, DB2, MQ, and WOLA-enabled z/OS applications) An overview of z/OS Connect EE performance and high availability topology An overview of how to call external APIs from z/OS applications Where to try, download, and get information and support for z/OS Connect EE
  3. Here is an example DevOps pipeline Key Points: API and Service projects and properties files to be treated as source code. Changes should be managed by SCM. archive files (.aar, .sar and .ara) should NOT be stored in SCM The API Toolkit UI can build and deploy .aars and .sars. This is intended as a developer tool to help them iterate The Build Toolkit should be used as part of build automation scripts to build .aars and .sars for test and production. Storing built archive files in an artefact repository is fine Deployment Orchestration Automation can be used to deploy stored archive files. This should use with the REST Admin API or the Dropins mechanism (via file copy and refresh command)
  4. This slide shows some of the example technologies that can be used as part of the pipeline. OTHER TECHNOLOGIES ARE AVAILABLE
  5. This presentation covers: A recap of REST and the Swagger (Open API) specification How z/OS Connect EE enables you to expose z/OS assets as RESTful APIs An overview of installing z/OS Connect EE An overview of how to configure z/OS Connect EE for each supported subsystem (CICS, IMS, DB2, MQ, and WOLA-enabled z/OS applications) An overview of z/OS Connect EE performance and high availability topology An overview of how to call external APIs from z/OS applications Where to try, download, and get information and support for z/OS Connect EE