How to Build a Successful API Program: Best Practices For the Carrier
Download as PPTX, PDF0 likes1,116 views
The document outlines best practices for building successful API programs, emphasizing that APIs require maintenance akin to relationships. Key recommendations include fostering trust among stakeholders, adhering to security protocols, and actively engaging developers. Additionally, it highlights the importance of managing access control and understanding the differences between API and web development.
How to Build a Successful API Program: Best Practices For the Carrier
- 1. How To Build A Successful API Program - Best Practices For The Carrier K Scott Morrison CTO Sept 11, 2012
- 2. Researchers have discovered that the US national divorce rate has been falling since 2006…
- 3. 2007: 3.6 divorces per 1000 people 2008: 3.5 divorces per 1000 people 2009: 3.4 divorces per 1000 people So, does this mean people are getting better at relationships? Source: Slate http://slate.me/wGf9et
- 4. No.
- 5. It’s because of the recession.
- 6. APIs are like a relationship
- 7. They require ^ maintenance. very high high
- 8. This talk is about how to have a successful API relationship.
- 9. Carriers already know how to monetize relationships Now Apply This To APIs
- 10. Piece of Advice #1
- 11. Best Practice #1 It takes two to tango.
- 12. The Web wasn’t a relationship
- 13. Successful relationships are built on trust and equality
- 15. BP #2 Understand and respect the cultural differences.
- 16. Client Server
- 17. Inside Outside
- 18. Contractor Regular
- 19. Partner Contractor Regular
- 20. Partner No Affiliation Regular
- 21. Us Them
- 22. The New Identity Management API Users API Developers External Internal
- 23. APIs change composition of internal teams Product API CFO Manager Developer Business Security Manager Officer
- 24. BP #3 Memorize this simple equation.
- 25. API Development != Web Development
- 26. Beware of habits
- 27. BP #4 Take security away from developers.
- 28. Separation of Concerns API Server API Expert API Proxy Security Expert
- 29. BP #5 Trust, but verify.
- 30. SQL Injection (courtesy XKCD) Exploits of a Mom Source: https://xkcd.com/327/
- 32. BP #6 SSL everywhere.
- 33. It’s Cheap
- 34. BP #7 It’s still all about access control.
- 35. But think hard about tokens
- 36. BP #8 Don’t roll your own.
- 37. Security is hard to get right
- 38. BP #9 Manage misconfiguration risk with appliances.
- 39. Protect the Servers API Client Firewall API Proxy DMZ API Server Secure Zone Enterprise Network
- 40. BP #10 Engage the developers.
- 41. The New Governance Old New Documentation WSDL Wiki/Blog Discovery Reg/Rep Search Approval G10 Platform Email Enforcement Gateway Gateway User Provisioning IAM Portal Community What’s that? Forum
- 42. The Layer 7 API Developer Portal API Client Firewall iPhone API Developer Proxy API API Server Portal Enterprise Network
- 43. To Summarize: The game has changed Clients need attention The security problems are the same But the names have changed Don’t just build APIs Build secure and managed APIs
- 44. Picture Credits Antelope Canyon 4 by klsmith– stock.exchg Band silhouettes by mr_basmt– stock.exchg Check and Statement by kgdsgn– stock.exchg
- 45. For further information: K. Scott Morrison Chief Technology Officer Layer 7 Technologies 1100 Melville St, Suite 405 Vancouver, B.C. V6E 4A6 Canada (800) 681-9377 smorrison@layer7tech.com http://www.layer7tech.com September 2012
Editor's Notes
- #3: Everyone here needs to choose.Ignore the middle groundAre you fearfulOr are you confident?
- #5: Everyone here needs to choose.Ignore the middle groundAre you fearfulOr are you confident?
- #6: Everyone here needs to choose.Ignore the middle groundAre you fearfulOr are you confident?
- #27: Token protection, SSL, etc.
- #40: The new enterprise web is about integration
- #43: The new enterprise web is about integration