APIs are a key foundation of digital transformation. This slide deck explores API management designs and best practices, their benefits and drawbacks and how APIs can assist an enterprise in their digital transformation journey.
ICT role in 21st century education and its challenges
APIs: The Gateway to Digital Transformation
1. APIs: The Gateway to Digital
Transformation
Nuwan Dias
Director - WSO2
February 22, 2018
2. Agenda
● What is digital transformation
● Why and how APIs play a key role in digital transformation
● The key performance factors of an API ecosystem
● Deployment options for your API ecosystem
2
12. 12
● Start with an existing endpoint/contract or design and prototype a new API
● Exposing SOAP services (convert to REST or as a passthrough)
● Exposing streaming APIs (Websocket endpoints)
Creating APIs
13. 13
● API Design - Over the wizard & with Swagger
Creating APIs
14. 14
● Point to a production backend or prototype at the gateway
Implementing and Publishing
18. Security: Access Delegation
● Secure Trusted Clients
● Secure Untrusted Clients
● Unsecure Clients
● System to System Auth/z
18
People Apps
19. 19
● Resource Owner Password Credentials
● Client Credentials
● Authorization Code
● Implicit Grant
OAuth 2.0 Grant Types
20. 20
● The resource owner password credentials grant type is suitable in
cases where the resource owner has a trust relationship with the
client (e.g. a service’s own mobile client) and in situations where
client can obtain the resource owner credentials.
Resource Owner Password Credentials
21. 21
● This grant is suitable for machine-to-machine authentication or for a
client making requests to an API that does not require the user’s
permission. This grant should be allowed for use only by trusted
clients.
Client Credentials
22. 22
● The authorization code grant type is optimized for confidential
clients.
● This grant type is suitable when the resource owner is a user and the
client is a website.
Authorization Code
24. 24
● The implicit grant type is optimized for public clients known to
operate a particular redirection URI.
● It is mainly used for clients that are not capable of keeping the
client’s own credentials secret; for example a 'JavaScript only'
application
Implicit Grant
28. Rate Limiting: Front End
● Monetization
● Burst Control
● Fair Usage Policy
● Geographical Distribution
● Distribution by Device Type
28
People Apps Gateway
29. Rate Limiting: Back-End
● Prevent Total Service Outage at Peaks
● Back-End Server Maintenance
29
Gateway
Services
and Data
34. API Management: Deployment Options
On-premise
● Fast!
● Tight security
● Complete control
● Limited to available infrastructure
● Need to handle updates and upgrades
34
35. API Management: Deployment Options
Cloud
● Can leverage cloud infrastructure
● No infrastructure costs
● No maintenance costs
35
Apps Gateway Cloud Services
36. API Management: Deployment Options
Hybrid Cloud
36
Apps Management Cloud Services
Local
Gateway
Internal Services
Cloud
Gateway
37. Micro Gateways: For Microservices
37
Gateway 1
Gateway 2
Gateway n
Service 1
Service 2
Service n