Customer case: AE

ae nv/sa

Interleuvenlaan 27b, B-3001 Heverlee

T +32 16 39 30 60 - F +32 16 39 30 70

www.ae.be

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

APIsA mandatory part of your digital strategy

[email protected]@gvanhumbeeck

mailto:[email protected]

Company confidential – Do not distribute without notice ©AE 2015 Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

What is happening

• Applications 2010

• Internal

– Employees

• External

– B2B

• Applicaties 2015 & beyond

• Internal– Employees

• External– Mobile Customer-facing Employee– Mobile Customer– Partners– 3td Parties– Things– Multi-device– Multi-channel– Micro moments– B2B

• All using the same business logic


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

Positioning APIs in the Target Customer Engagement Platform

Technical View

Client Tier

Interaction Tier

Systems of Record Tier

Engagement Tier

Mobile Applications

Native iOS, Android, Windows

Web Site and Content Management

Api Management

Gateway & portal, throttling, versioning, discovery, billing, transformation, …

Security

Federated authentication, single sign-on, adaptive access control, digital identity

Data CaptureClick-streaming, sensor data, social media

Customer-Oriented APIInnovative, faster pace, a/b testing, personalisation, agile

Service

Bu

s &

Inte

grationEnterprise Data Hub

Relational-, non-relational-, in-memory storage technologiesBig dataStreaming event processingSearch

AnalyticsEmbedded Analytics, DWH-BI integration

Enterprise Applications and Services – Systems of Record

Back-end systems like SAP, Peoplesoft, Oracle, custom-built Java or .NET applications, and Saas solutions like SalesForce.com

Channels & MediaExternal

DevelopersPartners

Security and Integration Layers

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

seB

uild

ing

blo

cks

for

the

Dig

ital

En

terp

rise

Monitoring& Measure

API Management Layer

Internal routing on specific conditions (based on content, origin, ...)

API Gateway aspects(not exhaustive)

Manage & ApplyCustomer Specific Policies

(act on incoming and outgoing messages)

Protect fromSecurity Attacks(authentication, limit call rate, HTML header check, ...)

Protocol translation(e.g. REST<->SOAPJSON<->XML)

Limit access to specificAPI consumers (e.g. Partners)

• API throttling and/or rate limiting• API traffic prioritization• Limit API access based on user, time of day

and/or IP address• Route API traffic based on geography,

IP address and/or backend response times

../API Management/Layer7/Whitepapers and eBooks/Whitepaper Key Criteria for Selecting an API Management Solution.pdf


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

APIS IN A BROADER CONTEXT

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

seB

uild

ing

blo

cks

for

the

Dig

ital

En

terp

rise

Although traditional architectures were once state-of-the-art, today they are relics of the past.

Traditional application architectures cannot support modern requirements.


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

App

Svc

Svc

Svc

Svc

Svc

SvcApp

App

Svc

Svc

App

Svc

App

Svc

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

Application redefined

Touchpoint

Svc

Private Service

Partner Service

Public Service


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se Systems of Record

Front-Ends

APIs


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

Front End EngineeringUI

APIs – API Design - API Management & Governance

Webscale Back End &Servitized Systems of Record

Sprinters

Marathon Runners

BI-M

od

al IT

Front EndFactory

Front End Engineers

APIFactory

API Engineers

Back EndFactory

Back End Engineers

Organize & Deliver

Design for the CustomerDesign for the Customer-Facing Emlployee

Design for collaboration

Accept two speedsRenovate the Core

Exploit the New

Digital Platform

Customer Engagement

Platform

“Application” redefined: (Forget

that an application is a silo consisting of screens, business logic, data & infrastructure)

An application is what the user sees, experiences where and when he needs it. The front end consumes the back end services through APIs.

ServiceThing


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

Application 1 Application 2 SaaS

Inner APIs Inner APIs SaaS APIs

Svc Svc Svc Svc Svc Svc Svc Svc Svc

Integration Layer

Thing Service UI

API Management Layer

Outer APIs

“Application” redefined: (Forget

that an application is a silo consisting of screens, business logic, data & infrastructure)

An application is what the user sees, experiences where and when he needs it. The front end consumes the back end services through APIs.

DataHub

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

BEYOND API MANAGEMENT

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

seB

uild

ing

blo

cks

for

the

Dig

ital

En

terp

rise


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

API Manager in your Security Architecture


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

3P : Private, Partner, Public

http://www.slideshare.net/fullscreen/AndreasKrohn/business-impact-of-private-partner-and-public-ap-is/19

http://nordicapis.com/business-impact-of-private-partner-and-public-apis/

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

API Architectural Governance

Business-Centered API Strategy

API Identification from Business

API’s legal & technical contracts

API Publishing

API Marketing

API Developer Toolbox – SDK TTFSC – Sandboxes

API Key Management

API Target Model

API Interface Design

API Development Principles & Guidelines

API Policy Management, Design & Implementation

API Implementation

API Testing

API SDLC & Deployment

API Interface Versioning

API Implementation Versioning

API Monitoring & Operational Management

API Monetization


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

API as a Product

The right APIs for the right purpose

Business goal driven

Use Personas to determine how your API will be consumed

Segmentation of your API consumers

• Internal use

• Partners

• Public

Impacts e.g. API interface

• Example• HR-XML for consumer companies

• Simplified structure for consumer “home”-developers

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

API Value Generation

4 business models

Free (and still make money)

IpayU

UpayMe

Indirect: you pay for what you get

Marketing is a must

Make sure people find your API

Make sure people start using your API

Make sure people keep using your API

Minimize TTFSC (Time to First Successful Call)

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

API value generation – Balance Value vs Cost

Example

Value Cost (Run)API Usage Revenu 3d party Licensing (software & services)

Customer Loyalty Elastic Infrastructure

New Partners Storage

Internal Cost Reduction Computing

Extra Revenu Streams (non API) Bandwidth

New Customers External API usage cost

Visibility - Branding Staffing

Multi-Channel platform

Instant Partnerships

International Exposure

APIs - Balance Value versus Cost

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

API operational aspects

You must operate as a service provider

Back-office infrastructure must be ready

Operations & Infrastructure :

• Foresee non-functional requirements

• Elastic

Set up test & production environments for API consumption – monitor

Design your Customer Engagement Platform

…

Where in your security architecture does your API management fit

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

API Contractual Aspects

Legal Terms of Service

https://dev.twitter.com/overview/terms/agreement-and-policy

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

https://dev.twitter.com/overview/terms/agreement-and-policy


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

API Legal

Samples• who is allowed to access the Web API

• certification aspects

• Data usage, data that is provided by the API • limits on volume

• Limits on usage e.g. you cannot sell the data received from the API

• Do you want to be mentioned in the application or not: branding e.g. “VDAB Inside” or “Powered by VDAB”

• SLAs of the Web API the consumer may expect and is entitled to

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

Take aways

APIs are digital products – value generator

Think before act

API Management is a strategic component

Set up API Factory TTFSC

Beware of Operational Aspects

Position API manager in your Security Architecture

Beware of legal aspects

Bu

ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

SOA, Integration architecture and API management

API Management


ildin

g b

lock

s fo

r th

e D

igit

al E

nte

rpri

se

Documents

Customer case: AE