Evolution of API Management in the BBC
0 likes214 views
The document outlines the evolution of API management at the BBC, emphasizing the transition from centralized to decentralized systems for enhanced scalability and reliability. Key features include end-to-end encryption, automated TLS certificate rotation, and the integration of a developer portal for improved authorization and service monitoring. Future developments aim to refine user identity processes and enhance security without relying on API keys.
Evolution of API Management in the BBC
- 1. Design Engineering+ Evolution of API Management at the
- 2. Break title to something else
- 3. Design Engineering+ Children’s Bitesize iPlayer Sounds Homepage News Sports Weather
- 4. Design Engineering+ Today’s focus is on engineering
- 6. Design Engineering+ • Autonomous agile teams • Offices across the United Kingdom and further • Distributed teams allowing for members to work in any region Teams across the UK
- 7. Design Engineering+ Service components 2000+ Daily deployments 1200+
- 8. Design Engineering+ Nathan Brock Rafal Jachimczyk Senior software engineerPrincipal software engineer BBC API Management BBC API Management
- 10. Design Engineering+ Before API Management
- 11. Design Engineering+ • Discover • Onboard • Identify • Report Why API Management?
- 12. Design Engineering+ • Default authentication mechanism • Very secure • End-to-End encryption for data in transit • Rotation of the TLS certificates • Automated by BBC Cosmos service Mutual TLS
- 13. Design Engineering+ So, we bought an off the shelf solution
- 14. Design Engineering+ Centralised API Management
- 15. Design Engineering+ Requests 2.2 Billion Platform APIs 70+
- 16. Design Engineering+ • Simple to setup and roll out • Limited service impact • Organisation level analytics • Developer Portal out-of-the-box • GUI setup All roads lead to central
- 17. Design Engineering+ Centralised API Management
- 18. Design Engineering+ Centralised API Management
- 21. Design Engineering+ API Management Independently scalable
- 25. Design Engineering+ API Management Cost effective
- 26. Design Engineering+ Centralised API Management
- 27. Design Engineering+ Decentralising API Management
- 28. Design Engineering+ • Build in Node.js • Packaged as RPM • Published to yum repository • Delivered into the cloud • Managed and configured by API teams Proxy technology
- 29. Design Engineering+ • Developer Portal important to our future roadmap • Integration with BBC processes and authentication • Improved authorisation model • Control over internal data model BBC Developer Portal
- 30. Design Engineering+ • Added value using existing datasets • Identified internal requirement • Exposing uptime and quality of requests • Historic record of SLAs for the organisation SLA Monitoring
- 34. Design Engineering+ • Enable Authorisation on User level • Simplified Authorization-Code OIDC flow out of the box. • Similar deployment style to API Management proxy • Similar concepts to Google’s Identity Aware Proxy and AWS’s ALB User Identity
- 35. Design Engineering+ User Identity Humans / Time Lords
- 36. Design Engineering+ User Identity Service identity SoftwareHumans / Time Lords
- 37. Design Engineering+ • Enhance (augument) BBC’s default mTLS security • Move away from API Keys for identification • Improve service registry • Authorisation engine (ABAC) API Service Management
- 38. Design Engineering+ Would we do it again?
- 40. Design Engineering+ Before API Management
- 41. Design Engineering+ Centralised API Management
- 42. Design Engineering+ Decentralising API Management
- 44. Break title to something else