architecting an enterprise api management strategy
TRANSCRIPT
Architec(ng an enterprise API management strategy
Mifan Careem
Director, Solu0ons Architecture WSO2
Mifan AT WSO2.com
APIdays Sydney February 2015
Agenda
• Introduc0on and case studies • API Economy and factors • API Management Overview • API Management within a plaJorm • API Management demo • Reference Architectures • APIs at the edge and IoT • APIs Everywhere • Applica0on Governance
Source: XKCD.com
WSO2 – Who we are
We help customers become a Connected Business with enterprise middleware
Source: http://www.content-loop.com/a-company-without-apis-is-like-a-computer-without-internet/
Managed APIs and Enterprises
o An API is a business capability delivered over the Internet to internal or external consumers
o Network accessible function o Available using standard web protocols
o With well-defined interfaces o Designed for access by third-parties
o A Managed API is: o Actively advertised and subscribe-able o Available with SLAs o Secured, authenticated, authorized and
protected o Monitored and monetized with analytics
Strategy factors
• API as a product vs API based products = API as a strategy vs API as a tactic
• External API management vs internal API management
• Developer ecosytem – API ecosystem vs cloud-devops
• API management and the enterprise
• Business model – Pay as you go, revshare, freemium,..
Characteristics of Business APIs ● Protocols & Styles ● API as the main product ● API as the brand ● Business Model -‐
Mone0za0on ● API Sta0s0cs ● Authen0ca0on &
Authoriza0on ● ThroTling ● Caching ● Deployment Models
Architectural factors • Deployment model
• Distributed deployment, access token caching,…
• On-premise vs cloud vs hybrid, Cloud to enterprise access
• Federated architecture
• Large scale APIs • Edge API management
API Centric SOA
12
BU-‐1 BU-‐2 BU-‐3
Services Services Services
APIs
API Façade
API Centric Capabili0es
WSO2 API Manager Components
o Create APIs o Find and
subscribe/buy APIs o API Store and
Governance
o Manage, secure and protect APIs o API Management and
Gateway
o Monitor and Mone0ze APIs o API Monitoring and
Analy0cs
• Publish APIs to external consumers and partners, as well as internal users; SOAP and REST services are supported
• Manage API versions (several versions can be deployed in parallel)
• Govern the API lifecycle (publish, deprecate, re0re)
• ATach documenta0on (files, external URLs) to APIs
• Apply Security policies to APIs (authen0ca0on, authoriza0on)
• ATach SLAs • Provision and Manage API keys • Track consumers per API • Monitor API usage and
performance, SLA compliance • Gather consumers requirements
WSO2 API Manager : API Publisher
• Find useful APIs by browsing or
searching through the API Store:
view top rated, top used and
featured APIs
• Explore API documenta0on and
ask ques0ons to publisher
• Register applica0ons and obtain
API keys
• Subscribe to API changes and
receive news
• Evaluate APIs, rate APIs, and share
comments
• Request features and
improvements from publishers
• Par0cipate in online forums
• OAuth2 support for API access
WSO2 API Manager : API Consumers via API Store
Personalized Experience
API Gateway Processing Flow
API Access Tokens o OAuth2 standard compliant
o Supports mul0ple grant types o SAML, IWA/NTLM
o Client creden0al, Implicit, Password
o Pre-‐generated Access Token: can be used from an applica0on, to iden0fy the applica0on itself
o On-‐demand Access Token: generated via API call, using Consumer Key and Consumer Secret -‐ Iden0fies the end user of an applica0on (web applica0ons, mobile applica0ons)
19
The big picture
Source: hTps://www.flickr.com/photos/photosighJaces/13144863085
The Open Enterprise is much more than just APIs Credit: KuppingerCole
API Management within an orthogonal toolset
API Manager Product and PlaJorm
24
Analy0cs means business models
o API Manager supports out of the box: o Google Analy0cs o WSO2 Business Ac0vity Monitor Analy0cs
25
• Build confidence in the API model
• Understand your customer
• Not just the developer but also the end-‐user
• Help manage services and versions
• Understand when deprecated services can be re0red
• Plan beTer • Monitor the
growth of aggregated API traffic
• Monitor the growth of specific apps
Scalable Deployment
Distributed Deployment
From edge API management to large scale distributed API management
Reference Architecture
• API as a strategic product
• Collabora0ve business model
• Scalable horizontal deployment
• Orthogonal toolset for ver0cal use cases
• Federated architecture
Source: flickr.com
Developer Eco-‐system for Telco
API Management
Payment Messaging Iden0ty Loca0on WebRTC NFC M2M,…
Enterprise Developers Applica0ons Subscribers
• U0lize partners to sell APIs
• Newer business models – revenue share from customer
• Empower eco-‐system for RAD
OTT Customers
Telco API Management
API Gateway API Store Operator Portal
Transforma0on Adapters
Backend Systems (CRM)
Backend Systems
(Diameter)
Iden0ty
API Publisher
Workflows
Audi0ng and Repor0ng
Developer Ecosystem
Event Processing
Federated Architecture and the Telco ecosystem
Telco API Mgmt
API Gateway API Store Developer Portal
Iden0ty
API Publisher
Workflows
Audi0ng and Repor0ng
Event Processing Discovery and Rou0ng
Standard API
NFC Payment Messaging Iden0ty
Telco API Mgmt
Enterprise
Developers
Applica0ons Subscribers OTT Customers
API Management at the Edge
• Raw devices can expose functionality as APIs
• Functional capabilities (actuators) – Function APIs
• Administration capabilities (management) – Management APIs
• Monitoring capabilities (sensor data) – Sensor APIs • E.g: GET hTp://{ip}/{loca0onid}/sensors/temperature
• Augment device capability • ThroTling • Caching • Request rou0ng • Stats collec0on and monitoring • Decision making • Security
• Authoriza0on based on token (Oauth)
* *
API Management and IoT
Device Queue
Media(on/ Rou(ng
Device Gateway
App
End User
Authoriza(on Manager
Sta(s(cs Processing
Device
Device Hub Device
Device
Device
Device Management
Iden(ty Management
* *
WSO2-‐ Reference Architecture for IoT
Application Services Governance and APIs Everywhere
• One click API capability
• Governance of API, Services, resources within an enterprise with Unified Governance
• Life cycle automation with WSO2 Appfactory
WSO2 Appfactory, WSO2 Private PaaS and WSO2 App Manager
*
IdP (WSO2 Iden(ty
Server)
(WSO2 Business Ac(vity Monitor)
Summary
• Introduc0on and case studies • API Economy and factors • API Management Overview • API Management within a plaJorm • API Management demo • Reference Architectures • APIs at the edge and IoT • APIs Everywhere • Applica0on Governance
Contact Us