api management - practical enterprise implementation experience
TRANSCRIPT
1Copyright © 2016 Capgemini and Sogeti – Internal use only. All Rights Reserved.
Presentation Title | Date
API ManagementPractical Enterprise Implementation Experience
Narinder Sahota Chief Architect - CapgeminiDavid Rutter Solutions Architect - Capgemini
2Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Agenda
Overview
Why APIs matter What is API Management What does an architect consider Vendor landscape Our project and what we have delivered Lessons and takeaways
Q&A
3Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
1. All teams will henceforth expose their data and functionality through service interfaces.
2. Teams must communicate with each other through these interfaces.
3. There will be no other form of interprocess communication…no back-doors whatsoever. It doesn’t matter what technology they use. HTTP, Corba, Pubsub, … — doesn’t matter.
4. All service interfaces, without exception, must be designed from the ground up to be externalizable. That is to say, the team must plan and design to be able to expose the interface to developers in the outside world. No exceptions.
API MANDATE
Anyone who doesn’t do this will be fired.Jeff Bezos
4Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
“The application is the API. The interfaces to your core applications are the key to both liberating your existing IT estate and enabling its innovation and growth. May the best API win!” Joakim Lindbom
Bring your application services as APIs to the outside world and let it create solutions
and new value in ways you never anticipated.
Capgemini Technovision Ron Tolido
Search over 15,859 APIs
API Access to 8,200 storesRevenue share model
Source: https://goo.gl/IoZz0u
HBR: The Strategic Value of APIs – Bala Iyer, Mohan Subramaniam
%Revenue From APIs
60%
50%
90%
5Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Business Goals1. Accelerated customer
onboarding for APIs2. Increased visibility of
APIs and usage 3. Improved business
customer satisfaction 4. Revenue growth
through new channels
Context
6Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
“If you build it, he will come”
7Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
What is API Management?
Developer Portal• Self Service, Approval Workflows• Self-documenting APIs• Test harness
API Gateway• Access Control• Data Transformations
Routing, AggregationLocal Processing
API Manager Portal• Lifecycle• Service & Support• Analytics
Monitoring
Business Application APIs
AnalyticsLocal
Processing
Internal/ExternalApp Developer
APIBusiness Owner
API ManagementDev Team
ServiceManagement
APIDev Team
8Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Architectural Considerations
• API, Messaging, Files• SOAP, REST, GraphQL• Routing• Aggregation
What
HowWith What
Who
• New BusinessProcesses
• Who will consume?
• API IdentificationTOGAF, IAF, DDD
• Documentation• Environments• Tool
9Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
API Management Landscape has two distinct approaches
API Management
Integration
10Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
API Management Landscape has two distinct approachesAPIm Pure players being bought by Integration players
API Management
11Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Following a Vendor evaluation, the client selected IBM API Management (now called API Connect)
Business Partner
AppsMobile & Web Apps
Enterprise Internal Apps
Internet of Things
Cloud Service
Application Server
ESB / Middleware
Data Store
Mic
rose
rvic
es T
raffi
c
API Traffic
API Gateway3
(DataPower/MicroGW)
Microservices App Computer Runtime6
(Node.js/Java)
Developer Portal1
API Management Node2
Collective Controller5
Developer4 Toolkit
External App Developer
Internal App Developer
Partner App Developer
12Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
IBM API Connect Capabilities
... On prem, Dedicated Bluemix, Public Bluemix, 3rd Party Cloud
• Node.js & Java Microservice application runtime
• Node.js & Java integrated runtime management
• Enterprise HA & scaling• On-cloud & on-premises staging
of Microservice applications
• Policy enforcement• Enterprise security• Quota mgmt. & rate limiting• Content-based routing• Response caching, load-balancing
and offload processing• Message format & transport protocol
mediation
• API discovery• API, Plan & Product policy creation• API, Plan & Product lifecycle
management• Self-service, customizable,
developer portal• Advanced Analytics• Subscription & community
management
• Rapid model-driven API creation• Data-source to API mapping
automation• Standards-based visual API spec
creation in Swagger 2.0• Local API creation and testing• On-cloud & on-prem staging
of APIs, Products & Plans
Create Run
ManageSecure
13Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Key Elements of the API Management project:
Technology: IBM APIm
Agile Project• Distributed,
multi-discipline team
• Joint Capgemini + Client
• Prioritize Risk Mitigation
Collaboration Tools: • Atlassian and Slack
Test Driven development• Test origin API => SOAPUI• Adapt tests for Dev and UAT• Import tests into AlertSite
Monitoring dashboard and Alerting
APIs transitioned to offshore 24x7 support New APIs built using a factory model
“I consider the APIM Capability delivery to be a great example of how partnering with Capgemini maximises our ability to achieve our outcomes“.
Technology Programme Director
API Monitoring
… from intro to development within 6 hours compared to the 10 day SLA prior to APIm. Impressive!
Customer Solutions
Over 200 developers registered for APIsin first few months
API Management
User Portal
14Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Monetization & Non-Repudiation & SecurityServer, Consumer and Unauthenticated Access
API Management
HTTPSClient Id +
Client SecretREST or SOAP
3rd Party, + Partners
ServiceProvider
HTTPSClient Id
REST or SOAP
API Management
3a HTTPSAuth Token
ServiceProvider
4 HTTPSAuth
Token
1 HTTPS getToken
(usernamepassword)
IdentityManagement
2 HTTPSAuth
Token
4b ValidateAuth
Token
3b ValidateAuth
Token
Desktop, MobileBrowser
Mobile + Tablet Apps
API Management
HTTPSClient Id +
IP Address +HTTP REFERRER
ServiceProvider
HTTPSClient Id
Desktop, MobileBrowser
Throttle,CORS
15Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Messaging more appropriate than APIs for some scenarios
Public/Private Cloud
Internal NetworksGateway
Events APIs: SOAP, REST
Business Customers
Message Hub API Management
APIs:SOAP, RESTSubscribed Events
AMQP
APIs: SOAP, REST Events, MQ, Tib
Management
16Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Lessons Learnt
17Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Recognise APIs are about business change: Utilise Integration Competency Centre approach
18Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Development by policy/configuration Needs same rigour as a coding project
19Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Technology is evolving and risk mitigations needed
20Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Service Management and External Monitoring designed in from beginningEnsure rapid resolution when things go wrong
21Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Architecture Governance requiredAgreement on Principles and Patterns for Integration & Security
22Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Contrast with Lessons from Other projects
Built custom Digital Enablement PortalFocus on Developers
Sophisticated ELK stack based MonitoringAnalytics to drive consumption
Web Sockets based push model for in-gameSupporting High demand
models
Established API competencycentre with Agile lifecycleWell-defined referencearchitecture
23Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
24Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
API Management | #CWIN16 Sept 2016
Contact information
NarinderSahotaChief Architect, Account [email protected]
uk.linkedin.com/in/nssahota@NarinderSahota
DavidRutterSolution [email protected]
uk.linkedin.com/in/drutter@DavidRutterUK
Insert contact picture Insert contact picture