Upload
coldfusionconference
View
75
Download
3
Embed Size (px)
Citation preview
ADOBE COLDFUSION SUMMIT 2016
Elishia Dvorak | AdobeAPI Economy: Realizing The Business Value of APIs Through Adobe API Management
API Economy
• Treat your APIS as one of your value added products• Added value service for your customers• Monetization of new services through business models• Flexibility for future transitions
• Additional revenue streams• What are businesses core assets?
• Customer data• Processes• Functionality• Content
• Future Business Opportunities• Leverage core assets + External Services
2
Business Value
Added value
services
Core Assets
Core Assets + External Services
How To Monetize an API?
• Analytics expose metrics• Access Control
• API call to exposed analytics and reporting services• Every component of APIM is exposed as a REST API
3
Monetization: Transactional
• Transactional Processing• Micropayment solutions• Revenue based on volume• Fee per transaction• API (fee per call)
• Global Cash Card• Experian• Paypal• Google Maps API
4
Monetization: Subscription
• Subscription Packages• Premium Services
• Different SLAs
5
Free
• Minimum SLA
• Entry Level
• Freemium
Tier 1
• Unlimited SLA
• Paid• Unlimited• Premium
Tier 2
• Medium SLA
• Paid• Basic
Monetization: Marketplace
• Drive growth in services through vendor products• API Services to increase vendor visibility• Subscriptions• Commissions
6
Marketplace
Vendor Vendor Vendor You
Monetization: Partnership
• Partnership Expansion • Strategic distribution through revenue sharing• Growth in numbers
• Groupon• Market America shop.com
7
Why API Management?
Access Control Versioning Analytics Documentation
PortalsTestingCaching
Manual• Build your own
• Multiple methods• API Key• Oauth2• Basic
• Be a security expert• Ensure update schedule• Manually manage edits
Managed• Choose method
• API Key | Oauth2 | Basic• Publish your API• Global configuration settings
• Easily updated• Managed software
• Regular update schedule
Access Control
Manual• Build a manual approach
• Stick with it
• Manually update connected consumers of changes
• Create a notification system for URI changes
Managed• Specify the version number
in publish workflow• Choose Lifecycle
• Draft• Published• Deprecated• Retired
• Notifications happen automatically
Versioning & Lifecycle
Manual• Potentially leverage an
analytics API• Build your own
• Complex• High effort level
Managed• Auto-generated• Customized Views/Reports
• Drag and drop
• Detailed statistics• Drill-down click through
Analytics
Manual• Manually Implement
documentation framework• Swagger• RAML
Managed• Integrated Swagger• Subscribers can view
formatted details of APIs• Lifecycle of API• Version/Description• Security Level• Resources
Documentation
Manual• Create a cache layer
• How to cache?• Where to store cache?• What to cache?
Managed• Click the box and specify
timeouts
• Cache response (GET)• Method level caching
Caching
Manual• Build test platform for user
roles• Creating API• Consuming API
Managed• Available Interface for testing
based on role• Publisher testing at creation• Subscriber testing via portal• View
• Inputs & Request details• Returned JSON/XML
details• Status codes
Testing
Manual• Build a new site for
developers to view APIs• Complex project• Resourcing• High effort level
Managed• Roles based portal available
• Publisher Role• Create APIs• Manage subscribers• Metrics Dashboard
• Subscriber Role• Explore APIs• Register Applications• Subscribe to API
Portals
API Management Platform 2016
6
Throughput: single node – More than a billion requests per day!
Negligible latency for thousands of concurrent users < 30ms
Throughput: 1.8x per additional node Users: 2x more per additional node Latency: continues to be < 30ms
Simplified API workflows Intuitive user interface Easy analytics interface
Speedy SimpleScalable
Request Flow of an API Manager7
</>
API Gatew
ay
API Portal
REST
REST
REST
SOAP
Partner
IoT
People
Adobe ColdFusion
Intranet App Server
Cloud Network
Demo
Future Updates and Plans
• Update release target mid-November 2016• Primary Focus on Threat Protection
• Track a range of vulnerabilities• Maximum request size associated with an API• Restrict access to the API based on a range of IP address• Validation of XML/JSON data based on the number of nested levels of data
• configurable by the publisher • DOS, can have many nested levels to break API• specify the schema of what is acceptable
• Prevention of XSS by encoding the input to an API • Protection against CSRF• Ability to enforce HTTPS for the API request to the gateway• 2 way SSL (between API Manager and End point)
9
Future Updates and Plans
• Basic and Oauth added to Test Workflow• Multiple test end points: support for Oauth• Error response in JSON/XML format rather than HTML• Unbundled Installer• User Management:
• SAML Integration for Portals • role-driven
• Multitenancy – Sandboxed Partners• different portals and different administrators• organization level concept with own policies
• JSON to XML and XML to JSON choice
0
Proof of Concept Opportunity
1
21
API Manager
POC
Direct EngineeringResources
No License Required
Hot Fix Support
Step by Step
Guidance
Contact: [email protected]
More API Focused Sessions
• Powering Adobe PhoneGap Applications with ColdFusion APIs• Monday 2:45-3:45pm
• Build your own secure and real-time Dashboard for mobile and web• Monday 4 -5pm
• Customer Showcase: Bringing the API manager into your existing stack• Monday 4 -5pm
• Deep Dive into new API Manager : Hands on Approach (BYOL – VM install prerequisite)• Tuesday 10:15 -12:30 (Walkthrough)
• Security and Access Control for APIs using ColdFusion API Manager• Tuesday 4 -5pm
2