API Management
Download as PPTX, PDF2 likes1,846 views
This document discusses API management. It defines an API as an application programming interface that exposes data and services to customers and partners through lightweight interfaces. It notes that API management provides business value by enabling organizations to expose their data and services in a secure and controlled manner. The document also covers API documentation standards, best practices for API design, common API types, API security, and provides examples of API management architectures.
API Management
- 1. API Management Roger van de Kimmenade
- 2. 6/26/2014 | 2 | ©2014 Ciber, Inc.
- 3. 6/26/2014 | 3 | ©2014 Ciber, Inc. What is an API ? • API = Application Programming Interface • API = SaaS? • API = SOA Service? • API alias Open API, public API, webapi • API = Lightweight interface • API = Exposing data for customers/partners • API can act as façade to SOA
- 4. 6/26/2014 | 4 | ©2014 Ciber, Inc. What are the business values of APIs ?
- 5. 6/26/2014 | 5 | ©2014 Ciber, Inc. What are the business values of APIs ?
- 6. 6/26/2014 | 6 | ©2014 Ciber, Inc. API Business Models
- 7. 6/26/2014 | 7 | ©2014 Ciber, Inc. API types
- 8. 6/26/2014 | 8 | ©2014 Ciber, Inc. What is API Management ?
- 9. 6/26/2014 | 9 | ©2014 Ciber, Inc. API can come in many forms • http • https • REST • SOAP • Plain Text • XML • JSON • Other media
- 10. 6/26/2014 | 10 | ©2014 Ciber, Inc. API Documentation • SOAP -> WSDL • REST -> Swagger (a specification and framework implementation for describing, producing, consuming, and visualizing RESTful web services) • REST -> I/O Docs, APIary.io • JSON Home document • ALPS, Application Level Profile Semantics
- 11. 6/26/2014 | 11 | ©2014 Ciber, Inc. What makes a good API? • Granularity • Thin interfaces • No versioning (backward compatibility) • Focus on the message rather than on the client or server
- 12. 6/26/2014 | 12 | ©2014 Ciber, Inc. API Granularity ServiceDomainEnterprise Enterprise API GetKlanten API geefKlant Boekenplank Content API geefBoek Zoek API zoekBoek
- 13. 6/26/2014 | 13 | ©2014 Ciber, Inc. Item Enterprise Domain Service Services All services in 1 API Services within domein Several APIs 1 service within 1API Explosion of APIs Authorization - Whole API - Not flexible - Policies for whole API - Can be domain specific - More Flexible - Very flexible - Maintenance hell Versioning - Whole API changes - API can be versioned - Versioning per service Data filtering - Complex - - Data filtering per service Governance - Complex, difficult overview - Better to maintain - Easier to set responsibilities - Maintenance hell - Overview difficult API Granularity
- 14. 6/26/2014 | 14 | ©2014 Ciber, Inc. Externe Consumer API Gateway Klanten Service Interne BNL Consumer 3 Consumers Service Interface KlantAPI CRM Service ESB Consumer Consumer KlantService Service Impl. API Services
- 15. 6/26/2014 | 15 | ©2014 Ciber, Inc. Internal and/or external Item Internal (services) External (APIs) protocol Standardize on 1 protocol More protocol needed Data security Less important? More under control Sometimes crucial Data format Easier to standardize Multiple formats needed (JSON/XML/Plain) Versioning Can change more often Need for stable interfaces Support of multiple versions needed Security More control internally (No SSL, encryption, throttling) DDOS attacks Throttling needed Auditing Authentication en autorization Services Service Repository More services (i.e. CRM) Through ESB API Store Only external services Through DMZ and API Gateway
- 16. 6/26/2014 | 16 | ©2014 Ciber, Inc. API Management architecture
- 17. 6/26/2014 | 17 | ©2014 Ciber, Inc. API Components Component Functionality API Gateway • Authentication (OAuth, HTTP Auth, SSL) • Authorization • Data filtering • Throttling • Data transformation • Protocol transformation • Routing • Sandbox API Manager • Managing users/partners • Publish API • API development cycle API Store • Searching of API services • Registration of partners • Subscribing on API • API documentation/interface • Sandbox
- 18. 6/26/2014 | 18 | ©2014 Ciber, Inc. Security • Authentication - Basic Authentication - OAuth 2.0 - SAML - NLTM - Social login • Authorization - OAuth • SLA - Throttling - Scaling - Billing
- 19. 6/26/2014 | 19 | ©2014 Ciber, Inc. API Authenticatie/Autorisatie • OAuth als API Token en Klant autorisatie Partner App API Gateway Klanten Service API Oauth Token KlantenService Check Klant Oauth token Klant Oauth Token Klant Oauth Token
- 20. 6/26/2014 | 20 | ©2014 Ciber, Inc. Governance? • What to govern? • Commitment to clients for a certain amount of time • Don’t break clients • Managing the life-cyle • Versioning
- 21. 6/26/2014 | 21 | ©2014 Ciber, Inc. API vs SOA
- 22. 6/26/2014 | 22 | ©2014 Ciber, Inc. API Examples
- 23. 6/26/2014 | 23 | ©2014 Ciber, Inc. PayPal API
- 24. 6/26/2014 | 24 | ©2014 Ciber, Inc. API Architecture
- 25. 6/26/2014 | 25 | ©2014 Ciber, Inc. References • https://www.youtube.com/watch?v=Yu4vr_5JP0Q • WebAPI en API Management (youtube)
Editor's Notes
- #2: Thank you for the opportunity to meet with you today. Before I tell you a little bit about Ciber, I want to explain Ciber’s approach to doing business. We don’t see ourselves as consultants or technology vendors. We see ourselves as partners, and that impacts everything we do. That’s why we’re client focused. We listen to your challenges and goals. They’re what drive our solutions and guide everything we do. And, we’re results driven. We measure success by results … the same way you do. This approach – client focused, results driven – is how Ciber transforms engagements into long-term partnerships … which gives our clients the reassurance of doing business with someone they know and trust. Nearly 97 percent of our clients say they’d use Ciber again. During the next XX minutes, I’ll show you who we are and why our clients stay with us.