introducing api management as a coexisting solution
TRANSCRIPT
Introducing API Management as a co-existing solution
Nuwan Bandara - Associate Director / Solutions ArchitectNadeesha Gamage - Associate Technical Lead
Agenda❏ Complexities in modern IT landscape.❏ Do organizations need API Management?❏ What does it mean by “API Management as a co-existing
solution”?❏ API Design approaches.❏ Benefits of using API Management
❏ Analytics❏ Traceability❏ QoS
❏ Challenges
Complexities in modern IT landscape❏ Systems communicate through multiple standards, protocols and
message formats.
❏ Legacy Applications, SaaS Applications and Microservices.
❏ Organizations look to reduce time to market.
❏ Improve service reusability.
❏ Increase service exposure
outside organizational
boundaries.
http://technologyandarchitecture.blogspot.com/
Do organizations need API Management?
❏ Do you want to expose your services as APIs?
❏ Do you want to centrally manage these APIs?
❏ How do you secure/limit API usage?
❏ How will APIs be discovered?
❏ How do you know the usage of your APIs?
❏ How do you make changes to the APIs without impacting its
current users?
API Management would provide
❏ A single point to access services.
❏ Secure, authenticate and authorize API access.
❏ Enforce SLA on exposed APIs.
❏ Advertise APIs and improve
reusability.
❏ Manage lifecycle and versioning
of APIs.
❏ Monitor and Monetize APIs.
API Management as a co-existing solution!
❏ API Management itself is not a new paradigm.
❏ It is not an afterthought any more.
❏ API Management to complement existing services.
❏ API Management completes the enterprise IT landscape.
❏ API Design a key factor in defining the scope of APIs.
How important is API Design?
❏ API Design would determine how a service is
exposed to its consumers.
❏ API Design determines the adaptability of a service.
❏ Two main approaches ❏ API 1st design.
❏ Making existing services API ready.
Approach 1: API 1st Design
❏ API Centric design approach, design backend services based on
the requirements of API consumers.
❏ Strong linkage between services, APIs and service consumer
expectations.
❏ Better adaptability and reusability of API.
❏ Can be done when designing new services or re-architecting
existing services.
API Management as a 1st class citizen
❏ In-line with the API 1st design paradigm.
❏ Create planned APIs rather than ad-hoc APIs.
❏ Design API security up-front inline with the general organization
practices.
❏ API Management considered as a core-component rather than an
auxiliary capability.
Approach 2: Making existing services API ready
❏ APIs are designed based on service requirements.
❏ Greater role played by a service integration layer to
orchestrate and aggregate services.
❏ More applicable for rigid organizations that cannot re-design
their existing services.
Which approach is better?
❏ Depends on which approach is most applicable.
❏ Use API 1st design whenever possible.
❏ If services are rigid, build the API Management around existing
services.
❏ Objective is to achieve an API centric organization.
Comprehensive / end to end analytics
❏ APIs are the front face of the business
transaction
❏ The intelligence that can be gathered at
the API layer is vast compared to any
downstream system monitoring
❏ Analytics and monitoring at the API layer
provide best of both worlds - business
intel and technical intel
Traceability & troubleshoot
❏ Operational analytics -
❏ What is your TPS ?
❏ Are you correctly provisioned ?
❏ Tracing and correlating a business transaction
❏ Correlating through a service compositions
❏ APIs as operational tools
❏ Platform APIs
Quality of services - Throttling❏ API Management as a traffic controller
to the backend
❏ Safeguarding the backend business
systems at high throughput
❏ Safely recovering the
transactions
❏ Warning clients
❏ Warning platform teams
❏ Traffic shaping and priority based
routing http://sanjeewamalalgoda.blogspot.com/2016/05/new-api-manager-throttling.html
Quality of services - Security
❏ As the front controller for security
❏ Creating a trusted sub-system with the backend systems
❏ Security protocol transformation and bridging
❏ Entitlements and granular rules
Quality of services - Reliability
❏ No lost transaction policies
❏ Queuing instead of throttling out
❏ Auto scaling / auto provisioning
Quality of services - Transactions
❏ Compensation for RESTful distributed systems
❏ Try / Confirm / Cancel like implementations
https://www.infoq.com/presentations/Transactions-HTTP-REST
Self service / Intuitiveness
❏ API Consumer Portal as a catalogue of enterprise services
❏ Easier to search and reuse
❏ Standard way to subscribe and consumer
❏ Minimum supervision and self service
❏ Less rules enabling a shared ecosystem