Architecting an Enterprise API Management Strategy

Architec(ng  an  enterprise  API  management  strategy  

Mifan  Careem  

Director,  Solu0ons  Architecture  WSO2  

Mifan  AT  WSO2.com  

APIdays    Sydney  February  2015  

Agenda  

•  Introduc0on  and  case  studies  •  API  Economy  and  factors  •  API  Management  Overview  •  API  Management  within  a  plaJorm  •  API  Management  demo  •  Reference  Architectures  •  APIs  at  the  edge  and  IoT  •  APIs  Everywhere    •  Applica0on  Governance  

Source:  XKCD.com  

WSO2 – Who we are

We help customers become a Connected Business with enterprise middleware

Source: http://www.content-loop.com/a-company-without-apis-is-like-a-computer-without-internet/

Managed APIs and Enterprises

o  An  API is a business capability delivered over the Internet to internal or external consumers

o  Network accessible function o  Available using standard web protocols

o  With well-defined interfaces o  Designed for access by third-parties

o  A  Managed  API is: o  Actively advertised and subscribe-able o  Available with SLAs o  Secured, authenticated, authorized and

protected o  Monitored and monetized with analytics

Strategy factors

•  API as a product vs API based products = API as a strategy vs API as a tactic

•  External API management vs internal API management

• Developer ecosytem – API ecosystem vs cloud-devops

•  API management and the enterprise

•  Business model – Pay as you go, revshare, freemium,..

Characteristics of Business APIs ●  Protocols  &  Styles  ●  API  as  the  main  product  ●  API  as  the  brand  ●  Business  Model  -­‐  

Mone0za0on  ●  API  Sta0s0cs  ●  Authen0ca0on  &  

Authoriza0on  ●  ThroTling  ●  Caching  ●  Deployment  Models  

Architectural factors •  Deployment model

•  Distributed deployment, access token caching,…

•  On-premise vs cloud vs hybrid, Cloud to enterprise access

•  Federated architecture

•  Large scale APIs •  Edge API management

API  Centric  SOA  

12  

BU-­‐1   BU-­‐2   BU-­‐3  

Services   Services   Services  

APIs  

API  Façade    

API  Centric  Capabili0es  

WSO2  API  Manager  Components  

o  Create  APIs  o  Find  and  

subscribe/buy  APIs  o  API  Store  and  

Governance  

o  Manage,  secure  and  protect  APIs  o  API  Management  and  

Gateway    

o  Monitor  and  Mone0ze  APIs  o  API  Monitoring  and  

Analy0cs  

•  Publish  APIs  to  external  consumers  and  partners,  as  well  as  internal  users;  SOAP  and  REST  services  are  supported  

•  Manage  API  versions  (several  versions  can  be  deployed  in  parallel)  

•  Govern  the  API  lifecycle  (publish,  deprecate,  re0re)  

•  ATach  documenta0on  (files,  external  URLs)  to  APIs  

•  Apply  Security  policies  to  APIs  (authen0ca0on,  authoriza0on)  

•  ATach  SLAs  •  Provision  and  Manage  API  keys  •  Track  consumers  per  API  •  Monitor  API  usage  and  

performance,  SLA  compliance  •  Gather  consumers  requirements  

WSO2  API  Manager  :  API  Publisher  

•  Find  useful  APIs  by  browsing  or  

searching  through  the  API  Store:  

view  top  rated,  top  used  and  

featured  APIs  

•  Explore  API  documenta0on  and  

ask  ques0ons  to  publisher  

•  Register  applica0ons  and  obtain  

API  keys  

•  Subscribe  to  API  changes  and  

receive  news  

•  Evaluate  APIs,  rate  APIs,  and  share  

comments  

•  Request  features  and  

improvements  from  publishers  

•  Par0cipate  in  online  forums  

•  OAuth2  support  for  API  access  

WSO2  API  Manager  :  API  Consumers  via  API  Store  

Personalized  Experience  

API  Gateway  Processing  Flow  

API  Access  Tokens  o  OAuth2  standard  compliant  

o  Supports  mul0ple  grant  types    o  SAML,  IWA/NTLM  

o  Client  creden0al,  Implicit,  Password  

o  Pre-­‐generated  Access  Token:  can  be  used  from  an  applica0on,  to  iden0fy  the  applica0on  itself  

o  On-­‐demand  Access  Token:  generated  via  API  call,  using  Consumer  Key  and  Consumer  Secret  -­‐  Iden0fies  the  end  user  of  an  applica0on  (web  applica0ons,  mobile  applica0ons)  

19  

The  big  picture  

Source:  hTps://www.flickr.com/photos/photosighJaces/13144863085  

The  Open  Enterprise  is  much  more    than  just  APIs  Credit:  KuppingerCole    

API Management within an orthogonal toolset

API  Manager  Product  and  PlaJorm  

24  

Analy0cs  means  business  models  

o  API  Manager  supports  out  of  the  box:  o  Google  Analy0cs  o WSO2  Business  Ac0vity  Monitor  Analy0cs  

25  

•  Build  confidence  in  the  API  model  

•  Understand  your  customer    

•  Not  just  the  developer  but  also  the  end-­‐user  

•  Help  manage  services  and  versions  

•  Understand  when  deprecated  services  can  be  re0red  

•  Plan  beTer  •  Monitor  the  

growth  of  aggregated  API  traffic  

•  Monitor  the  growth  of  specific  apps  

Scalable  Deployment  

Distributed Deployment

From  edge  API  management  to  large  scale  distributed  API  management  

Reference    Architecture  

•  API  as  a  strategic  product  

•  Collabora0ve  business  model  

•  Scalable  horizontal  deployment  

•  Orthogonal  toolset  for  ver0cal  use  cases  

•  Federated  architecture  

Source:  flickr.com  

Developer  Eco-­‐system  for  Telco  

API  Management  

Payment   Messaging   Iden0ty   Loca0on  WebRTC  NFC  M2M,…  

Enterprise   Developers   Applica0ons  Subscribers  

•  U0lize  partners  to  sell  APIs  

•  Newer  business  models  –  revenue  share  from  customer  

•  Empower  eco-­‐system  for  RAD  

OTT  Customers  

Telco  API  Management  

API  Gateway   API  Store   Operator  Portal  

Transforma0on  Adapters  

Backend  Systems  (CRM)  

Backend  Systems  

(Diameter)  

Iden0ty  

API  Publisher  

Workflows  

Audi0ng  and  Repor0ng  

Developer    Ecosystem  

Event  Processing  

Federated  Architecture  and  the  Telco  ecosystem  

Telco  API    Mgmt  

API  Gateway   API  Store   Developer  Portal  

Iden0ty  

API  Publisher  

Workflows  

Audi0ng  and  Repor0ng  

Event  Processing  Discovery  and  Rou0ng  

 Standard  API  

NFC                Payment      Messaging    Iden0ty    

Telco  API  Mgmt  

Enterprise  

Developers  

Applica0ons  Subscribers   OTT  Customers  

API Management at the Edge

•  Raw devices can expose functionality as APIs

•  Functional capabilities (actuators) – Function APIs

•  Administration capabilities (management) – Management APIs

•  Monitoring capabilities (sensor data) – Sensor APIs •  E.g: GET hTp://{ip}/{loca0onid}/sensors/temperature  

•  Augment  device  capability  •  ThroTling  •  Caching  •  Request  rou0ng  •  Stats  collec0on  and  monitoring  •  Decision  making  •  Security  

•  Authoriza0on  based  on  token  (Oauth)  

*  *  

API  Management  and  IoT  

Device  Queue  

Media(on/  Rou(ng  

Device  Gateway  

App  

End  User  

Authoriza(on  Manager  

Sta(s(cs  Processing  

Device  

Device  Hub  Device  

Device  

Device  

Device  Management  

Iden(ty  Management  

*  *  

WSO2-­‐  Reference  Architecture  for  IoT  

Application Services Governance and APIs Everywhere

•  One click API capability

•  Governance of API, Services, resources within an enterprise with Unified Governance

•  Life cycle automation with WSO2 Appfactory

WSO2  Appfactory,  WSO2  Private  PaaS  and  WSO2    App  Manager  

*  

IdP    (WSO2  Iden(ty  

Server)  

(WSO2  Business  Ac(vity  Monitor)  

Summary  

•  Introduc0on  and  case  studies  •  API  Economy  and  factors  •  API  Management  Overview  •  API  Management  within  a  plaJorm  •  API  Management  demo  •  Reference  Architectures  •  APIs  at  the  edge  and  IoT  •  APIs  Everywhere    •  Applica0on  Governance  

Contact  Us