Download - Customer case: AE
ae nv/sa
Interleuvenlaan 27b, B-3001 Heverlee
T +32 16 39 30 60 - F +32 16 39 30 70
www.ae.be
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
APIsA mandatory part of your digital strategy
[email protected]@gvanhumbeeck
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
What is happening
• Applications 2010
• Internal
– Employees
• External
– B2B
• Applicaties 2015 & beyond
• Internal– Employees
• External– Mobile Customer-facing Employee– Mobile Customer– Partners– 3td Parties– Things– Multi-device– Multi-channel– Micro moments– B2B
• All using the same business logic
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Positioning APIs in the Target Customer Engagement Platform
Technical View
Client Tier
Interaction Tier
Systems of Record Tier
Engagement Tier
Mobile Applications
Native iOS, Android, Windows
Web Site and Content Management
Api Management
Gateway & portal, throttling, versioning, discovery, billing, transformation, …
Security
Federated authentication, single sign-on, adaptive access control, digital identity
Data CaptureClick-streaming, sensor data, social media
Customer-Oriented APIInnovative, faster pace, a/b testing, personalisation, agile
Service
Bu
s &
Inte
grationEnterprise Data Hub
Relational-, non-relational-, in-memory storage technologiesBig dataStreaming event processingSearch
AnalyticsEmbedded Analytics, DWH-BI integration
Enterprise Applications and Services – Systems of Record
Back-end systems like SAP, Peoplesoft, Oracle, custom-built Java or .NET applications, and Saas solutions like SalesForce.com
Channels & MediaExternal
DevelopersPartners
Security and Integration Layers
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
seB
uild
ing
blo
cks
for
the
Dig
ital
En
terp
rise
Monitoring& Measure
API Management Layer
Internal routing on specific conditions (based on content, origin, ...)
API Gateway aspects(not exhaustive)
Manage & ApplyCustomer Specific Policies
(act on incoming and outgoing messages)
Protect fromSecurity Attacks(authentication, limit call rate, HTML header check, ...)
Protocol translation(e.g. REST<->SOAPJSON<->XML)
Limit access to specificAPI consumers (e.g. Partners)
• API throttling and/or rate limiting• API traffic prioritization• Limit API access based on user, time of day
and/or IP address• Route API traffic based on geography,
IP address and/or backend response times
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
APIS IN A BROADER CONTEXT
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
seB
uild
ing
blo
cks
for
the
Dig
ital
En
terp
rise
Although traditional architectures were once state-of-the-art, today they are relics of the past.
Traditional application architectures cannot support modern requirements.
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
App
Svc
Svc
Svc
Svc
Svc
SvcApp
App
Svc
Svc
App
Svc
App
Svc
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Application redefined
Touchpoint
Svc
Private Service
Partner Service
Public Service
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se Systems of Record
Front-Ends
APIs
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Front End EngineeringUI
APIs – API Design - API Management & Governance
Webscale Back End &Servitized Systems of Record
Sprinters
Marathon Runners
BI-M
od
al IT
Front EndFactory
Front End Engineers
APIFactory
API Engineers
Back EndFactory
Back End Engineers
Organize & Deliver
Design for the CustomerDesign for the Customer-Facing Emlployee
Design for collaboration
Accept two speedsRenovate the Core
Exploit the New
Digital Platform
Customer Engagement
Platform
“Application” redefined: (Forget
that an application is a silo consisting of screens, business logic, data & infrastructure)
An application is what the user sees, experiences where and when he needs it. The front end consumes the back end services through APIs.
ServiceThing
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Application 1 Application 2 SaaS
Inner APIs Inner APIs SaaS APIs
Svc Svc Svc Svc Svc Svc Svc Svc Svc
Integration Layer
Thing Service UI
API Management Layer
Outer APIs
“Application” redefined: (Forget
that an application is a silo consisting of screens, business logic, data & infrastructure)
An application is what the user sees, experiences where and when he needs it. The front end consumes the back end services through APIs.
DataHub
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
BEYOND API MANAGEMENT
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
seB
uild
ing
blo
cks
for
the
Dig
ital
En
terp
rise
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
API Manager in your Security Architecture
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
3P : Private, Partner, Public
http://www.slideshare.net/fullscreen/AndreasKrohn/business-impact-of-private-partner-and-public-ap-is/19
http://nordicapis.com/business-impact-of-private-partner-and-public-apis/
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
API Architectural Governance
Business-Centered API Strategy
API Identification from Business
API’s legal & technical contracts
API Publishing
API Marketing
API Developer Toolbox – SDK TTFSC – Sandboxes
API Key Management
API Target Model
API Interface Design
API Development Principles & Guidelines
API Policy Management, Design & Implementation
API Implementation
API Testing
API SDLC & Deployment
API Interface Versioning
API Implementation Versioning
API Monitoring & Operational Management
API Monetization
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
API as a Product
The right APIs for the right purpose
Business goal driven
Use Personas to determine how your API will be consumed
Segmentation of your API consumers
• Internal use
• Partners
• Public
Impacts e.g. API interface
• Example• HR-XML for consumer companies
• Simplified structure for consumer “home”-developers
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
API Value Generation
4 business models
Free (and still make money)
IpayU
UpayMe
Indirect: you pay for what you get
Marketing is a must
Make sure people find your API
Make sure people start using your API
Make sure people keep using your API
Minimize TTFSC (Time to First Successful Call)
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
API value generation – Balance Value vs Cost
Example
Value Cost (Run)API Usage Revenu 3d party Licensing (software & services)
Customer Loyalty Elastic Infrastructure
New Partners Storage
Internal Cost Reduction Computing
Extra Revenu Streams (non API) Bandwidth
New Customers External API usage cost
Visibility - Branding Staffing
Multi-Channel platform
Instant Partnerships
International Exposure
APIs - Balance Value versus Cost
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
API operational aspects
You must operate as a service provider
Back-office infrastructure must be ready
Operations & Infrastructure :
• Foresee non-functional requirements
• Elastic
Set up test & production environments for API consumption – monitor
Design your Customer Engagement Platform
…
Where in your security architecture does your API management fit
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
API Contractual Aspects
Legal Terms of Service
https://dev.twitter.com/overview/terms/agreement-and-policy
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
API Legal
Samples• who is allowed to access the Web API
• certification aspects
• Data usage, data that is provided by the API • limits on volume
• Limits on usage e.g. you cannot sell the data received from the API
• Do you want to be mentioned in the application or not: branding e.g. “VDAB Inside” or “Powered by VDAB”
• SLAs of the Web API the consumer may expect and is entitled to
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Take aways
APIs are digital products – value generator
Think before act
API Management is a strategic component
Set up API Factory TTFSC
Beware of Operational Aspects
Position API manager in your Security Architecture
Beware of legal aspects
Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
Company confidential – Do not distribute without notice ©AE 2015 Bu
ildin
g b
lock
s fo
r th
e D
igit
al E
nte
rpri
se
SOA, Integration architecture and API management
API Management