INTERNAL

Sven Huberti, Senior Solution Specialist

SAP API ManagementTechnical Presentation

2INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

Agenda

Topic SlideOverview 3Personas 6Features and Functions 9Components 19Architecture 29Additional Information 38

Overview

4INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP Cloud PlatformAPI ManagementSAP Cloud Platform API management provides simple, scalable and secure access to digital assets through applicationprogramming interfaces (APIs) and enables developer communities to consume these.

Key capabilitiesü Unified standards-based API access of REST/OData or SOAP

services

ü Enterprise Grade Security for the APIs against attacks like DoS,CSRF, XSS etc. and robust traffic management

ü Real-time insights & analytics on the APIs traffic, usage, errorreporting and monitoring

ü Developer services to enable developers to try, subscribe, useand manage API consumption

Benefitsü Platform for engaging with and enabling employees and

developers - internal and external

Read more: SAP Cloud Platform API management

5INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP API ManagementTypical use cases

1. Enterprise-wide governance andsecurity for REST APIs

2. Omni-channel experience forcustomers and employees

3. Low-touch Open Integrations withpartners, suppliers andmarketplaces

Partners Customers

Backends

API Management

6INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

§ Best of breed engine with streamlined admin anddeveloper experience in SAP Cloud Platform

§ Increased productivity with to OData

§ Agnostic REST/OData or SOAP services management

§ Enterprise Grade Security for the APIs against attackslike DoS, CSRF, XSS etc. and robust traffic management

§ Secure connection to on-premise systems with Cloudconnector

§ Integration with SAP Cloud Platform services such asSAP API Business Hub, mobile service, WebIDE,Leonardo IoT etc.

§ Platform for engaging with, and enabling employees anddevelopers – internal and external

§ Real-time insights & analytics on the APIs traffic, usage,error reporting and monitoring

Read more: SAP Cloud Platform, API management

Highlights

Personas and interactions

8INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

Personas and interactions

Cloud Service

Database

Backend

Design, Implement

Manage, Meter, Monetize

Engage

Apps ( Mobile, Web,Devices…)

Consume

SOAP/REST/OData APIs,Microservices,

Data Integration,

SAP APIManagement

API Designer

API Portal

API Gateway

Developer Portal

Application Developer

API Admin, Owner

API Developer

9INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

ContentPublishers

Design Implement Manage Analyze andMonetize Engage

API Designer

Design easy touse APIs

API Portal

Secure, govern, document and publish APIsAnalyze and gain insights

App Services

IntegrationService

PersistenceServices

MessagingService

Implement highly scalable APIs andmicroservices using platform services

Developer PortalSearch, discover, test and subscribe to the right APIs

API Business HubMarketplace for enterprise APIs

Apps and digital interactionspowered by APIs

On-premises | SaaS apps | PaaS

APIs as digitalbuilding blocks

API Gateway

On-premisesmiddleware

MobileServices

WebIDE

CloudConnector

Full lifecycle API Management with SAP

Mobile apps Marketplaces Partners Devices and Things

Devices and ThingsData Processes

APITeam

AppDevelopers

Backends

AppDevelopers

API ProductManager

API Developer

Features and functions

11INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

- OpenAPI support

- Import your APIs from:- RAML- Odata

- Generate Server Stubs- NodeJS- JAX-RS- Spring

- Generate API in API Management

API Portal: API Designer

Design-first approach

12INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

API Portal: Proxies

API Implementation

Host: myserverPort: 443URL: /myTechnicalAPI

GET/PUT/POST/DEL

API Proxy

Host: mydomain.comPort: 80URL: /v1/myAPIs/

GET/PUT

SAP APIManagementBackend

Mobile apps

Marketplaces

Partners

Hide internal information and add specific behavior

13INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

API Portal: configure the runtime of the API

TrafficManagement

API mediation

Coding

Security

14INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

API Portal: re-use configurations through templates

Package and reuse existing policy sets

Policy Templates

Custom Template

System Template

Functional TemplatePolicy 1 Policy 2 Policy 3

Template

API Proxy

Policy 1 Policy 2 Policy 3

Policy 1 Policy 2 Policy 3

Policy 1 Policy 2 Policy 3 Policy 4

API Business Hub

Customer Tenant

Copy

15INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

API Portal: Security on all levels

Threat protection

Authenticationand authorization

Role-basedaccess control

16INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

Developerself-registration API Subscription

API Portal – Developer Portal: publish APIs

Documentationand testing

SecureBundlePublish

Self-registerBrowseTestSubscribe

Developer Portal

API Owner Developer

17INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

Track developer and application API usage through the API Key

API Portal – Developer Portal: integrated API key

API Key VerificationApplication and Developer Identification

3ApplicationDeployment2API Key

Generation1

ApplicationDeveloper

3rd partybackend

WebApps

MobileDevices

Systems

SAP

Cloud

DeveloperPortal

API Portal

API Gateway

4 Aggregate and presentanalytical data

API ProductAdmin

API ProductManager

18INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

API Portal: Analytics

Technical Analysis API Program Analysis Custom Dashboards

19INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

API Management: Monetize

Create flexible rate plans Provide billing to API users

20INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

1. Custom TemplatesRe-use enterprise-wide API patterns: centralize governance.

2. Pre-defined Policy TemplatesTypical operations such as data filtering, CORS, SQL ThreatProtection, URL Masking, error handling, quota, … are available out-of-the-box from SAP: speed-up configuration.

3. Interpretation of OData metadataOData metadata interpreted in SAP API Management (Resources,Documentation, …): speed-up documentation and reduce errors.

4. SAP API Management APIsAccess artifacts and analytical information of SAP API Managementthrough APIs: automate operations and integration intomonitoring tools.

Additional features

21INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

1. SAP Gateway Hub supportThrough the „Discovery“ feature: automatic creation of APIs includingdocumentation and resources for SAP backend integration: reduceimplementation time and errors.

2. OpenAPI (fka. Swagger) supportAll SAP APIs are available in the API Business Hub as OpenAPIartifacts and API proxies can be created from OpenAPI defintion files:re-use your assets to speed up your API project.

3. CloudFoundry supportAutomatic binding of Cloud Foundry applications to API management,generation of stubs from the API Designer to be deployed directly inCF: centrally manage your APIs from any platform

4. WebIDE supportDiscovery and usage of APIs from the Developer Portal in WebIDE:simplify your Developer‘s work.

A platform approach: integration into SCP

Components

23INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

API Management: Personas and Components

SAP Cloud PlatformMicroservices API Third Party API SAP Backend /

Gateway APIDesigns, Implements and Deploys APIs

API ProxyDefines abstraction of APIs

Defines API behavior API Proxy API Proxy

API ProductGroups APIs into Products

Analyses usage API Product

Application

API ProductAdmin

Explores and subscribes to APIsBuilds Applications

API ProvidersDefines connectivity to Target system

Subscribe

Bundle

APIDeveloper

ApplicationDevelopers

API ProductManager

Developer Portal

API Portal

API Designer

24INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP API Management Platform – API Portal

SAP API Management Portal is the main entry-point for the API Builder / API Owner. From here theAPI Owner can:

Ø Create and manage API Providers

Ø Create and manage API Proxies

Ø Create and manage Products

Ø Analyze the usage of APIs

Ø Create and manage rate plans

25INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP API Management Platform – API Portal – API Provider

- Logical representation of a backend

- Not mandatory

- Simplifies management (eg. transport)

- Simplifies discovery

Syst

em

26INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP API Management Platform – API Portal – API Proxies

- Facade of an existing REST API or SOAPservice

- API Proxy allows for:- Hiding internal implementation information- Versioning- Security, Traffic Management, Transformation- Documentation- Usage analytics- Technical analytics

Syst

em API

Prox

yAP

IPr

oxy

27INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP API Management Platform – API Portal – API Proxies - Policies

Syst

em API

Prox

yAP

IPr

oxy

- Pre-defined, configurable behavior

- Used in the Policy Editor, and positioned onthe request or response

- Preconfigured for:- Security- Traffic Management- Message transformation- Caching

- Coding can be added through Java Script

Policy

Policy

Policy

Policy

28INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

- Bundle of policies that can be re-used

- Can be created and managed individually

- Can be re-used from the SAP APIBusiness Hub

SAP API Management Platform – API Portal – Policy Templates

Syst

em API

Prox

yAP

IPr

oxy

Policy

Policy

29INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

API Product

SAP API Management Platform – API Portal – Product

- Logical bundle of APIs

- Can be configured with Quota:- Premium Product with ilimited use- Standard Product with 1000 API Calls/Month

- Developers subscribe to API Products in theDeveloper Portal

Syst

em API

Prox

yAP

IPr

oxy

Policy

Policy

Policy

Policy

30INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

API ProductAPI Product

SAP API Management Platform – API Portal – Rate Plan

Syst

em API

Prox

yAP

IPr

oxy

Policy

Policy

Policy

Policy

Rate PlanRate Plan- Defines charging of API usage

- Basic: Basic charge + X€ per API Call- Tiered: Basic charge + X€ per Y API Calls

- Is attached to one ore more API products

- API Admin and Developers can see their bills

31INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

API Portal: Monetize

SAP Cloud PlatformMicroservices API Third Party API

SAP Backend /Gateway API

API Proxy API Proxy API Proxy

API Product

Creates Rate Plans for Monetization

API Product

Application

Subscribes to the Rate Plan and ProductSees billing information

Rate Plans

Application

APIAnalytics

Views API Usage Analytics

Views Performance/Error Analytics

API Providers

API ProductAdmin

ApplicationDevelopers

API ProductManager

Developer Portal

API Portal

API Designer

32INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP API Management Platform – Developer Portal

- main entry-point for the application developer

- Developers self-register and can:- Discover available products and the API Proxies

which are included,- Test APIs online,- Subscribe to an API product by creating an

Application (a represenation of the „real“application which he will develop),

- Manage his API keys.

33INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP API Management Platform – Developer Portal – Application

- Applications represent an API consumer

- Applications can be Apps, Web applications, …:it is not relevant.

- Upon subscription, an API key is created

API Product

Syst

em API

Prox

yAP

IPr

oxy

Policy

Policy

Policy

Policy Appl

icat

ion

34INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP API Management Platform – Developer Portal – App Key

- Each Application is tied to a Developer throughan API Key: the API key identifies theApplication, and is used primarily for analytics

- It is a best-practice to use API keys

- API keys are managed by the ApplicationDevelopers

- API Key is not a security feature!

API Product

Syst

em API

Prox

yAP

IPr

oxy

Policy

Policy

Policy

Policy Appl

icat

ion

35INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

Concepts of API Platform for SAP API Management

SAP APIManagement

Account

User Developer

API Provider API Proxy

App Key

Application

1

*

11

1

11

1

1

1

*

*

*

*

**

*

11

1 *Product Rate Plan*

Architecture

37INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP API Management – High-Level Architecture

SOAServices

Backend Backend

API

APIGateway

Backend Backend

Adapter

API API

SOA“API EXPOSURE”

(EG. SAP PO – SAP CP INTEGRATION)

API MANAGEMENT“API CONSUMPTION”

WebService

DeveloperPortal

Mobile apps Marketplaces Partners App Developers

Security MediationTrafficManagement AnalyticsCaching Monetize Developer

Engagement

38INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

High-Level Architecture in an SAP Ecosystem

SAP CP

On-Premises

Partner Systems / Web Applications / Apps

REST APIs

Hana DB

APIs

HTTP/RFC

Backend – noWS/API

Backend – noWS/API

SOA

WS/APIs

Adapter

Custom Custom

Third-partywith WS/API

WS/API

SAP SAP

SAP Gateway Hub

APIs

IWBEP IWBEP

API Management

OdataProvisioning

SAP

IWBEP

SAP Cloud Connector

Security MediationTrafficManagement

AnalyticsCaching DeveloperEngagement

Monetize

39INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

Fiori apps with SAP API Management and Gateway – Web IDE Integrations

INTERNET ON-PREMISE

End user Cloud Connector

or Business Suite

API Management

SAPGateway

Firewall

Fiori Apps

Corporate Identity Provider

SAP Web IDE

Discover APIs

Secure tunnel

Build

ApplicationDeveloper

40INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

SAP API Management and On Premise connectivity

INTERNET ON-PREMISE

Cloud Connector

or Business Suite

API Management

SAPGateway

Firewall

Corporate Identity Provider

Secure tunnel

SAP ProcessIntegration

3rd PartyWeb

Services

3rd Party Datasources

Fiori

Desktop

Mobile

End user

Additional information

47INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

Functions Process Integration API ManagementData Mapping Complex data mapping Limited

Process Orchestration Exhaustive features, support for EAIpatterns, persistence

Request-Reply pattern, Mash-Upcapabilities

Adapters and Connectors Exhaustive list SOAP and APIs over HTTPScalability Good Built from ground up for high

throughput and low latencyAuthentication SAML, Certificates SAML, OAuth

Security WS-Security, Encryption, Decryption,Signature

JSON and XML threat-protection,RegEx threat protection

Message formats Exhaustive list No specific message type, focus onXML and JSON

Developer Portal No Self-service Portal with API catalogcapabilities

Traffic Management No Exhaustive features

One Platform for Process Integration and API ManagementBoth covered in SAP Cloud Platform Integration

48INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

Integration Styles and Patterns

Integration Domains

Technology Mapping

https://blogs.sap.com/2016/03/04/int203-integration-solution-advisor-methodology-isa-m-sap-teched-lecture-of-the-week/

Integration? Integration Solution Advisor - Methodology

49INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

CIO GuideSAP’s Vision for Integrating SAP Applications in Cloud & Hybrid Environments

§ Outlines SAP’s long-term integration strategy

§ Focus on scenarios in the cloud and in hybridenvironments

§ Technology Recommendations§ Process Integration§ Data Integration

§ Outlook & future strategy including applicationdesign and integration technology

Published at SAPPHIRE (May 2017)

50INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

Try it out on SAP Cloud Platform Trial!https://blogs.sap.com/2016/02/10/how-to-use-sap-api-management-on-hcp-trial/

Enterprise Architecture Explorer:https://eaexplorer.hana.ondemand.com/_item.html?id=11470#!/overview

Sap.com:https://www.sap.com/germany/product/technology-platform/api-management.html

Blogs:https://blogs.sap.com/tags/67838200100800006828/

More information…

51INTERNAL© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀPublic

FAST3 days hands-on, onsite training workshop to kick-off

RELEVANTGet a comprensive overview over API Management

PRACTICIALActively work on customer use cases and APIs hands-on

Jump Start Service Package for SAP API Management

Service Category Description Amount Price per Day SUM

G3 Design Service, Education Service 6 1.625,40 EUR 9.752,40 EUR

Thank you! Sven HubertiSven.Huberti@sap.com