api management
DESCRIPTION
Mobile is hot. Enterprises want to expose data for developers and thats where API Management comes in. I looked into it and this presentation gives a short overview of the items you are faced with.TRANSCRIPT
API Management
Roger van de Kimmenade
6/25/2014 | 2 | ©2014 Ciber, Inc.
6/25/2014 | 3 | ©2014 Ciber, Inc.
What is an API ?
• API = Application Programming Interface• API = SaaS?• API = SOA Service?
• API alias Open API, public API, webapi• API = Lightweight interface• API = Exposing data for customers/partners• API can act as façade to SOA
6/25/2014 | 4 | ©2014 Ciber, Inc.
What are the business values of APIs ?
6/25/2014 | 5 | ©2014 Ciber, Inc.
What are the business values of APIs ?
6/25/2014 | 6 | ©2014 Ciber, Inc.
API Business Models
6/25/2014 | 7 | ©2014 Ciber, Inc.
API types
6/25/2014 | 8 | ©2014 Ciber, Inc.
What is API Management ?
6/25/2014 | 9 | ©2014 Ciber, Inc.
API can come in many forms
• http• https• REST• SOAP
• Plain Text• XML• JSON• Other media
6/25/2014 | 10 | ©2014 Ciber, Inc.
API Documentation
• SOAP -> WSDL• REST -> Swagger (a specification and
framework implementation for describing, producing, consuming, and visualizing RESTful web services)
• REST -> I/O Docs, APIary.io• JSON Home document • ALPS, Application Level Profile Semantics
6/25/2014 | 11 | ©2014 Ciber, Inc.
What makes a good API?
• Granularity• Thin interfaces• No versioning (backward compatibility)• Focus on the message rather than on the
client or server
6/25/2014 | 12 | ©2014 Ciber, Inc.
API Granularity
ServiceDomainEnterprise
Enterprise API
GetKlanten API
geefKlant
Boekenplank
Content API geefBoek
Zoek API zoekBoek
6/25/2014 | 13 | ©2014 Ciber, Inc.
Item Enterprise Domain Service
Services All services in 1 API Services within domeinSeveral APIs
1 service within 1APIExplosion of APIs
Authorization - Whole API- Not flexible- Policies for whole API
- Can be domain specific- More Flexible
- Very flexible- Maintenance hell
Versioning - Whole API changes - API can be versioned - Versioning per service
Data filtering - Complex - - Data filtering per service
Governance - Complex, difficult overview
- Better to maintain- Easier to set responsibilities
- Maintenance hell- Overview difficult
API Granularity
6/25/2014 | 14 | ©2014 Ciber, Inc.
Externe Consumer
API Gateway
Klanten Service
Interne BNL Consumer
3 Consumers
Service InterfaceKlantAPI
CRMService
ESB Consumer
Consumer
KlantService
ServiceImpl.
API Services
6/25/2014 | 15 | ©2014 Ciber, Inc.
Internal and/or externalItem Internal (services) External (APIs)protocol Standardize on 1 protocol More protocol needed
Data security Less important?More under control
Sometimes crucial
Data format Easier to standardize Multiple formats needed (JSON/XML/Plain)
Versioning Can change more often Need for stable interfacesSupport of multiple versions needed
Security More control internally (No SSL, encryption, throttling)
DDOS attacksThrottling neededAuditingAuthentication en autorization
Services Service RepositoryMore services (i.e. CRM)Through ESB
API StoreOnly external servicesThrough DMZ and API Gateway
6/25/2014 | 16 | ©2014 Ciber, Inc.
API Management architecture
6/25/2014 | 17 | ©2014 Ciber, Inc.
API ComponentsComponent Functionality
API Gateway • Authentication (OAuth, HTTP Auth, SSL)• Authorization• Data filtering• Throttling• Data transformation• Protocol transformation• Routing• Sandbox
API Manager • Managing users/partners• Publish API• API development cycle
API Store • Searching of API services• Registration of partners• Subscribing on API• API documentation/interface• Sandbox
6/25/2014 | 18 | ©2014 Ciber, Inc.
Security
• Authentication- Basic Authentication- OAuth 2.0- SAML- NLTM- Social login
• Authorization- OAuth
• SLA- Throttling- Scaling- Billing
6/25/2014 | 19 | ©2014 Ciber, Inc.
API Authenticatie/Autorisatie
• OAuth als API Token en Klant autorisatie
Partner App
API Gateway
Klanten Service
API Oauth Token
KlantenService Check KlantOauth token
Klant Oauth Token
Klant Oauth Token
6/25/2014 | 20 | ©2014 Ciber, Inc.
Governance?
• What to govern?• Commitment to clients for a certain amount of
time• Don’t break clients• Managing the life-cyle• Versioning
6/25/2014 | 21 | ©2014 Ciber, Inc.
API vs SOA
6/25/2014 | 22 | ©2014 Ciber, Inc.
API Examples
6/25/2014 | 23 | ©2014 Ciber, Inc.
PayPal API
6/25/2014 | 24 | ©2014 Ciber, Inc.
API Architecture
6/25/2014 | 25 | ©2014 Ciber, Inc.
References
• https://www.youtube.com/watch?v=Yu4vr_5JP0Q• WebAPI en API Management (youtube)