"Web Age Speaks!

" Webinar Series

API Management
Introduction
 Mikhail Vladimirov
 Director, Curriculum Architecture
 [email protected]
Web Age Solutions
 Providing a broad spectrum of regular and
customized training classes in
programming, system administration and
architecture to our clients across the world
for over ten years

©WebAgeSolutions.com 2
Overview of Talk

 API Management Defined

 Driving Forces
 WSO2 API Manager
 Mashery Portal / Intel SOA Expressway
 Transition Strategy

©WebAgeSolutions.com 3
API Management

API Management Defined

API Management Defined

View of NetBeans IDE

Web Services Facet

©WebAgeSolutions.com 5
Public Web-based API

©WebAgeSolutions.com 6
API Management Defined
 API Management is an integration solution that helps
expose internal system APIs for external/public
consumption in a secure and controlled fashion as a
set of Web APIs (REST or SOAP services). Normally
includes:
Mediation Engine (Service Gateway)
• QoS enforcement
• Security
• Threat and Trust protection
APIs meta information store
• API authoring (publish/update/promote)
• Searchable
 It help you build, execute, monitor and monetize
your APIs

©WebAgeSolutions.com 7
What API Management Is or Is Not
It is not another fad or “cool” thing (people
already find practical applications for it)
It is not going to revolutionize IT as was
promised by CORBA, UDDI, et. al.

©WebAgeSolutions.com 8
We need a solution to answer these questions

 Does any of those APIs enforce secure access?

 Do they provide protection against malicious attacks?
 Are they scalable?
 How is versioning handled?
 Who owns it and where can I find the Service meta
information
 More questions to follow …

©WebAgeSolutions.com 9
API Management Conceptual Architecture

©WebAgeSolutions.com 10
API Management: what else is needed?
API life cycle management (publishing,
versioning)
Store for APIs and related artifacts
Facilitates APIs discovery and use
Promotes system integration and service
orchestration
Security / Access Control
API access key management and distribution
Runtime activity / SLA monitoring
Analytics / Reporting

©WebAgeSolutions.com 11
Should not be too much Prescriptive Technology

Source: @stilkov - http://www.innoq.com/blog/st/

©WebAgeSolutions.com 12
API Management

Driving Forces
Driving Forces
 Grow Business
 Make yourself more easily discoverable by potential clients
(which UDDI failed to deliver)
 Internal Services can generate income if exposed for public
consumption
 Harness ubiquitous communication (mobility, cloud)
 Reduce cost
 Offload security, threat protection, etc. from back-end
systems
 Find cost-effective way to distribute digital assets
 Innovate (your boss will love it)
 E.g. with Web services mash-ups for greater user experience

©WebAgeSolutions.com 14
APIs Proliferation

Netflix recommends movies to its clients

based on the history of previously watched
movies (done through its internal APIs)
Amazon makes product recommendations
based on user’s browsing history (also done
through an API)

©WebAgeSolutions.com 15
Driving Forces

50% of the cost of new application

development will be integration
75% of the Fortune 500 will have Web APIs
by 2014

Source: Gartner Technology Research

©WebAgeSolutions.com 16
API Management

WSO2 API Manager

Who are WSO2?
 WSO2 is a 100% open source application
development software company focused on providing
service-oriented architecture (SOA) solutions for
professional developers

©WebAgeSolutions.com 18
WSO2 API Manager Main Components
 API Publisher
 Web UI for API providers to publish APIs, share
documentation, provision API keys, and gather feedback on
API features, quality and usage.
 API Store
 Web UI for consumers to self-register, discover API
functionality, subscribe to APIs, evaluate them and interact
with API publishers.
 API Gateway
 An ESB-based runtime; secures, protects, manages, and
scales API calls.
 API Key Manager
 Handles all security and key-related operations. When API
Gateway receives API calls, it contacts the API Key Manager
service to verify the validity of tokens.

©WebAgeSolutions.com 19
WSO2 System Collaboration Diagram

Source: http://wso2.com/
©WebAgeSolutions.com 20
API Management

Mashery Portal / Intel SOA Expressway

Collaborative Partnership
 Mashery
 The Inventor of API Management
 Leader in the space (Gartner Research)
 Strong partnership with Intel
 Multi-tenant SaaS (Software as a Service) solution
 APIs are managed like products (not just like technical
integration points)

 Intel SOA Expressway (Service Gateway) software

Appliance
 Direct competition:
IBM DataPower SOA Appliance

©WebAgeSolutions.com 22
Mashery API Management Platform
Community API Portal
Branded service catalog for API meta data & docs,
forums/blogs
API Management
Publishing APIs as products suitable for access by
internal or external developer communities with
full lifecycle versioning and API management
API Security
Threat protection, OAuth, identity token mapping,
data loss prevention, and API key access against
enterprise identity infrastructure

©WebAgeSolutions.com 23
Mashery API Management Platform (cont.)

API Analytics
API usage reports, performance/latency
monitoring, SLAs checks, utilization metering (for
to billing)

Developer Enablement Tools

Mock-responses for testing APIs. Faster
development and increased security with proven
API management developer tools

©WebAgeSolutions.com 24
Mashery API Management Platform (cont.)

You can run it in the cloud, on premise, and

in a hybrid model

©WebAgeSolutions.com 25
The Complete Picture

©WebAgeSolutions.com 26
What is an ESB?
Enterprise Service Bus (ESB) is an
Architectural Pattern
From the SOA perspective, ESB can be used
as an integration platform that enables
existing IT assets and applications to be
exposed as services
Important part of an SOI (Service Oriented
Infrastructure)

©WebAgeSolutions.com 27
ESB vs. EAI
 Most ESB vendors in the past were also (surprise!)
enterprise application integration (EAI) solution
providers (IBM WebSphere Message Broker, TIBCO
Business Works, and Sonic XQ))
 Two main differences between ESB and EAI:
 ESB implements the bus-based architecture while EI
solutions use hub-and-spoke architecture
 For the most part, EAI solutions used proprietary
technologies and data formats. ESB products use open
standards for communication and data exchange (WSDL,
XSD, XML, SOAP, REST, JMS, JEE Connector Architecture,
etc.)
 JBossESB positions itself as the next generation of
EAI (without vendor lock-in)

©WebAgeSolutions.com 28
ESB – Big Picture

Source: Wikipedia
©WebAgeSolutions.com 29
ESB Distilled

The Service Provider is completely decoupled

from the Consumer
ESB transparently connects consumer(s) with
provider(s)
ESB can introduce such enterprise services as
security, audit, throttling, HA, etc., protecting
the Service Provider
©WebAgeSolutions.com 30
ESB on eBay

©WebAgeSolutions.com 31
ESB Core Functionality
 Message routing (message header/content based; rules-
based)
 Location transparency (service consumer is decoupled
from provider)
 Transport protocol mediation (HTTP, JMS, TCP, File, etc.)
 Connectivity and interoperability (a/synchronous; p2p,
pub/sub)
 Message mediation (via adapters, protocol transformation
and service mapping)
 QoS (security: authentication authorization, encryption;
audit; reliability, extensibility; HA; transactional support;
etc.)
 Message manipulation (transformation from one format
into another) and enhancement
 Monitoring & Management
©WebAgeSolutions.com 32
Service Gateway Functions
 Policy Enforcement Point:
 High performance mediation (between different services
using mediation engine optimized for Intel multi-core)
 Quality of Service Enforcement
 Threat and Trust protection
• Query Parameter Checks
• SQL / Script Injection
• Rate Limiting, DoS throttling
• Raw XML security
• HTTP Basic Authentication
• Credential Mediation
• LDAP / AD / Database Integration
 Custom encryption is a drop-in module
 Can take on security concern from back-end systems

©WebAgeSolutions.com 33
API Management

Transition Strategy
API Management Value Proposition

Generate new leads, open new

channels, help with partner integration
(B2B!), help forge alliances and more!
Clients can find creative ways to use your
APIs!

©WebAgeSolutions.com 35
Transition Strategy
 Identify your existing digital assets and target audiences
(customers, partners, general public)
 Strategize your end goal (put a $$ sticker on it) behind
your APIs
 Assess the gap between where you are and where you
need to be
 Evaluate solutions, build a PoC
 Identify implementation phases and prioritize
 Use an API management solution to manage your APIs
 Enforce access control (based on Identity, geo location, service
invocation method, mobile device's form factor, time/date of the
usage, etc.)
Adapted from:
http://blog.programmableweb.com/2013/03/11/is-the-cmo-now-the-chief-api-officer/

©WebAgeSolutions.com 36
API Management

Our Offerings
API Management Offerings

 WA2230 Overview of API Management

©WebAgeSolutions.com 38
Summary

In this webinar, we:

Reviewed concepts of API Management
Looked at two API Management solutions:
from WSO2 and Intel
Reviewed simple steps to start using API
Management solutions

©WebAgeSolutions.com 39