Introducing API Management as a co-existing solution

Nuwan Bandara - Associate Director / Solutions ArchitectNadeesha Gamage - Associate Technical Lead

Agenda❏ Complexities in modern IT landscape.❏ Do organizations need API Management?❏ What does it mean by “API Management as a co-existing

solution”?❏ API Design approaches.❏ Benefits of using API Management

❏ Analytics❏ Traceability❏ QoS

❏ Challenges

Complexities in modern IT landscape❏ Systems communicate through multiple standards, protocols and

message formats.

❏ Legacy Applications, SaaS Applications and Microservices.

❏ Organizations look to reduce time to market.

❏ Improve service reusability.

❏ Increase service exposure

outside organizational

boundaries.

http://technologyandarchitecture.blogspot.com/

Do organizations need API Management?

❏ Do you want to expose your services as APIs?

❏ Do you want to centrally manage these APIs?

❏ How do you secure/limit API usage?

❏ How will APIs be discovered?

❏ How do you know the usage of your APIs?

❏ How do you make changes to the APIs without impacting its

current users?

API Management would provide

❏ A single point to access services.

❏ Secure, authenticate and authorize API access.

❏ Enforce SLA on exposed APIs.

❏ Advertise APIs and improve

reusability.

❏ Manage lifecycle and versioning

of APIs.

❏ Monitor and Monetize APIs.

API Management as a co-existing solution!

❏ API Management itself is not a new paradigm.

❏ It is not an afterthought any more.

❏ API Management to complement existing services.

❏ API Management completes the enterprise IT landscape.

❏ API Design a key factor in defining the scope of APIs.

How important is API Design?

❏ API Design would determine how a service is

exposed to its consumers.

❏ API Design determines the adaptability of a service.

❏ Two main approaches ❏ API 1st design.

❏ Making existing services API ready.

Approach 1: API 1st Design

❏ API Centric design approach, design backend services based on

the requirements of API consumers.

❏ Strong linkage between services, APIs and service consumer

expectations.

❏ Better adaptability and reusability of API.

❏ Can be done when designing new services or re-architecting

existing services.

API Management as a 1st class citizen

❏ In-line with the API 1st design paradigm.

❏ Create planned APIs rather than ad-hoc APIs.

❏ Design API security up-front inline with the general organization

practices.

❏ API Management considered as a core-component rather than an

auxiliary capability.

Approach 2: Making existing services API ready

❏ APIs are designed based on service requirements.

❏ Greater role played by a service integration layer to

orchestrate and aggregate services.

❏ More applicable for rigid organizations that cannot re-design

their existing services.

Which approach is better?

❏ Depends on which approach is most applicable.

❏ Use API 1st design whenever possible.

❏ If services are rigid, build the API Management around existing

services.

❏ Objective is to achieve an API centric organization.

Comprehensive / end to end analytics

❏ APIs are the front face of the business

transaction

❏ The intelligence that can be gathered at

the API layer is vast compared to any

downstream system monitoring

❏ Analytics and monitoring at the API layer

provide best of both worlds - business

intel and technical intel

Traceability & troubleshoot

❏ Operational analytics -

❏ What is your TPS ?

❏ Are you correctly provisioned ?

❏ Tracing and correlating a business transaction

❏ Correlating through a service compositions

❏ APIs as operational tools

❏ Platform APIs

Quality of services - Throttling❏ API Management as a traffic controller

to the backend

❏ Safeguarding the backend business

systems at high throughput

❏ Safely recovering the

transactions

❏ Warning clients

❏ Warning platform teams

❏ Traffic shaping and priority based

routing http://sanjeewamalalgoda.blogspot.com/2016/05/new-api-manager-throttling.html

Quality of services - Security

❏ As the front controller for security

❏ Creating a trusted sub-system with the backend systems

❏ Security protocol transformation and bridging

❏ Entitlements and granular rules

Quality of services - Reliability

❏ No lost transaction policies

❏ Queuing instead of throttling out

❏ Auto scaling / auto provisioning

Quality of services - Transactions

❏ Compensation for RESTful distributed systems

❏ Try / Confirm / Cancel like implementations

https://www.infoq.com/presentations/Transactions-HTTP-REST

Self service / Intuitiveness

❏ API Consumer Portal as a catalogue of enterprise services

❏ Easier to search and reuse

❏ Standard way to subscribe and consumer

❏ Minimum supervision and self service

❏ Less rules enabling a shared ecosystem

Challenges

❏ Complexity ?

❏ Performance ?

❏ Moving pieces

Thank You !

Questions ?

Contact us !