SlideShare una empresa de Scribd logo

5 Pillars of API Management

R
Rich Graham
1 de 22
Descargar para leer sin conexión
2 5 Pillars of API Management with CA Layer 7 Introduction: Managing the new open enterprise Realizing the Opportunities of the API Economy Across industry sectors, the boundaries of the traditional enterprise are blurring, as organizations open up their on-premise data and application functionality to partner organizations, the Web, mobile apps, smart devices and the cloud. APIs (application programming interfaces) form the foundation of this new open enterprise, allowing enterprises to reuse their existing information assets across organizational boundaries. Meeting the Challenges of Secure, Manageable API Publishing APIs empower enterprises to quickly repurpose IT systems, add value to existing offerings and open new revenue streams. It should come as no surprise, though, that exposing on-premise systems via APIs also creates a range of new security and management challenges. The term “API Management” refers to a set of processes and technologies that have emerged in recent years to help enterprises meet these challenges.
3 5 Pillars of API Management with CA Layer 7 API Management solutions aim to make it simple for even the most security-conscious organizations to open their information assets for use by partner organizations, third-party developers, mobile apps and cloud services, without impacting data security or the performance of backend systems. Full-featured API Management solutions also provide functionality for managing the developers who build applications that leverage enterprise APIs.
4 5 Pillars of API Management with CA Layer 7 Overview: 5 Pillars of API Management Expose Enterprise Data & Functionality in API- Friendly Formats Protect Information Assets Exposed via APIs to Prevent Misuse Authorize Secure, Seamless Access for Valid Identities Optimize System Performance & Manage the API Lifecycle Engage, Onboard, Educate & Manage Developers Convert complex on-premise application services into developer-friendly RESTful APIs Ensure that enterprise systems are protected against message-level attack and hijack Deploy strong access control, identity federation and social login functionality Maintain the availability of backend systems for APIs, applications and end users Give developers the resources they need to create applications that deliver real value
5 5 Pillars of API Management with CA Layer 7 Expose Enterprise Data & Functionality in API-Friendly Formats Convert complex on-premise application services into developer- friendly RESTful APIs Enterprise data and applications typically comprise a complex web of standards, protocols, programming languages and file formats. The first stage of API Management is presenting these diverse information assets in a format that developers can understand and leverage. Commonly, this means publishing application programming interfaces that employ the REST protocol (“RESTful APIs”). What
6 5 Pillars of API Management with CA Layer 7 On-premise systems commonly rely on application services delivered in proprietary formats too verbose to work efficiently via the Web or mobile apps. Application services associated with the common SOA (service oriented architecture) style generally employ the SOAP protocol, whereas Web/mobile devs rely on REST. If APIs are not delivered in a format that internal and third- party developers can easily leverage, they will not facilitate the creation of any truly valuable new applications. Why
7 5 Pillars of API Management with CA Layer 7 The most effective API Management solutions include functionality for presenting legacy enterprise services as RESTful APIs. Typically, this will involve using a SOA or API Gateway to automatically convert data from the SOAP-based services into RESTful APIs. To be truly effective, the Gateway should make it possible to efficiently compose RESTful APIs from “mash-ups” of multiple existing application services. API Tech Talk: Simplifying REST Adaptation api.co/RESTadaptation Learn More How
8 5 Pillars of API Management with CA Layer 7 Protect Information Assets Exposed via APIs to Prevent Misuse Ensure that enterprise systems are protected against message-level attack and hijack Opening up enterprise information assets for use in new applications exposes them to many of the same security threats that plague the Web (e.g viruses, DoS attacks). Additionally, APIs create a range of new and unique security challenges that go beyond what enterprises are used to dealing with on the Web. Perhaps the most essential function of API Management is the creation of a security layer to ensure that hackers are unable to access, misuse or attack exposed systems. What
9 5 Pillars of API Management with CA Layer 7 APIs are windows to applications and data, potentially providing hackers with a view into the inner workings of enterprise systems and a route to accessing those systems. This creates the increased possibility that hackers will be able to steal confidential data, hijack public-facing interfaces for nefarious purposes or crash critical systems. Conventional online security solutions designed for the Web do not cover all the potential threats created by API publishing, so specific API security must be implemented. Why
10 5 Pillars of API Management with CA Layer 7 Arguably the key function of the type of API Gateway mentioned above is to inspect and filter all API traffic to identify then neutralize common or emerging threats. To be effective, the Gateway should be designed and certified to tackle message-level, API-specific threats such as SQL Injection, Denial of Service attacks and viruses. The Gateway’s security functionality and threat profiles should also be easily updateable, to tackle new types of threats as they emerge. White Paper: Protecting Your APIs Against Attack & Hijack api.co/APIsecurity How Learn More
11 5 Pillars of API Management with CA Layer 7 Authorize Secure, Seamless Access for Valid Identities Deploy strong access control, identity federation and social login functionality Any enterprise that wants to fully secure its APIs against attack must give developers a framework for controlling how users access enterprise assets via these APIs. This framework should balance backend security with end user experience by leveraging key identity and access management (IAM) standards such as OAuth. For the best balance, the framework should be able to use existing IAM infrastructure and allow end users to gain access via enterprise single sign-on (SSO) or social logins. What
12 5 Pillars of API Management with CA Layer 7 Access control is the cornerstone of API security – the key is to prevent unauthorized users from gaining inappropriate levels of access to enterprise assets. OAuth is especially useful as it allows publishers to flexibly implement appropriate levels of security and federate identities from existing IAM systems and social accounts. Leveraging existing IAM infrastructure also cuts costs, reduces setup time and maximizes long-term manageability by preventing the creation of identity silos. Why
13 5 Pillars of API Management with CA Layer 7 An API Gateway should feature out-of-the-box functionality for building an API-centric access control infrastructure using key standards and existing resources. The Gateway should be able to integrate seamlessly with leading IAM systems like CA SiteMinder® , Oracle Access Manager, Microsoft Active Directory and IBM Tivoli. It should also include configurable templates for implementing access control, SSO and social login in typical use cases, based on OAuth and other key standards. EBook: 5 OAuth Essentials for API Access Control api.co/oauthebook Learn More How
14 5 Pillars of API Management with CA Layer 7 Optimize System Performance & Manage the API Lifecycle Maintain the availability of backend systems for APIs, applications and end users API traffic must be dealt with efficiently to ensure applications built against APIs work consistently and the performance of backend systems is not compromised. Data from backend systems must be delivered in lightweight formats, optimized for usage patterns and filtered appropriately. For long-term application viability, it is also necessary to carefully manage the lifecycle of APIs as they move through development, testing and production. What
15 5 Pillars of API Management with CA Layer 7 The introduction of Web and mobile apps that leverage backend systems can lead to sudden growth in IT traffic that can result in crashes and consequent unavailability. It is vital to optimize the flow of API traffic, to ensure a satisfying and consistent user experience for developers, users of API-dependent apps and internal users alike. Managing the API lifecycle, meanwhile, is crucial to ensuring existing applications do not break when APIs, clients and operating systems are updated. Why
16 5 Pillars of API Management with CA Layer 7 An API Gateway should feature out-of-the-box functionality for building an API-centric access control infrastructure using key standards and existing resources. The Gateway should be able to integrate seamlessly with leading IAM systems like CA SiteMinder, Oracle Access Manager, Microsoft Active Directory and IBM Tivoli. It should also include configurable templates for implementing access control, SSO and social login in typical use cases, based on OAuth and other key standards. API Tech Talk: Caching & API Optimization api.co/APIoptimization Learn More How
17 5 Pillars of API Management with CA Layer 7 Engage, Onboard, Educate & Manage Developers Give developers the resources they need to create applications that deliver real value Much of the true value of an organization’s APIs comes from the developers who build Web and mobile applications or new enterprise systems against these APIs. It is essential to target developers with the tools and materials they need in order to discover, learn about, try out and build apps against the organization’s APIs. These developers may be internal employees, partners, contactors or independent “long-tail” devs. Each group will require a particular set of resources targeted at its needs. What
18 5 Pillars of API Management with CA Layer 7 Developers are the lifeblood of any API publishing strategy. API publishers need devs to create apps that employees, partners and customers can actually use and benefit from. To get developers creating truly valuable applications, the publisher must be able to attract talented developers and provide them with the tools needed to leverage the APIs. The more engaging and interactive the tools provided by the API publisher to enable and educate developers, the more useful the applications these developers deliver will be. Why
19 5 Pillars of API Management with CA Layer 7 For internal and external developers alike, the most effective way to engage and educate developers is through a branded, interactive online portal. This portal should make it simple for developers to register for APIs and access interactive documentation, sample apps, code examples, testing tools and discussion forums. Effective API Management solutions include functionality that makes it simple to build a full-featured developer portal, pre-integrated into the API Gateway. Webinar: Developers, Developers, Developers – Why API Management Should be Important to You api.co/DevManagement How Learn More
20 5 Pillars of API Management with CA Layer 7 Conclusion: Deploying a Complete Solution for API Management With Web, mobile and cloud technologies becoming increasingly essential to how the world does business, the API is emerging a key enabler for smart enterprises. To realize the value of APIs and avoid the pitfalls of exposing enterprise systems, it is vital to deploy technology that enables and simplifies key API Management processes related to service composition, security, performance optimization, lifecycle management and developer engagement. The CA Layer 7 API Management Suite provides all the components required for effective, enterprise-level API Management, including a range of API Gateways designed to simplify all key API security and management processes. The API Management Suite also includes an API Portal for developer engagement and management and an OAuth Toolkit for ensuring secure, standards-based access management for enterprise APIs. Additionally, the API Management Suite offers: • A choice of on-premise, cloud or hybrid deployments • Military-grade data and application security • Analytics on API usage • Operations management that can span distributed datacenters and clouds • Application adaptation and interface management with advanced SOA connectivity
21 5 Pillars of API Management with CA Layer 7 About CA CA Layer 7 The API economy is exploding, mobile devices are proliferating across the workplace and large organizations are moving critical IT infrastructure to the cloud. This is creating the need for technology able to securely connect with external developers, mobile apps and cloud services. CA Layer 7 is at the cutting edge of this red-hot market. CA Layer 7’s industry-leading Gateway products make it simple for enterprises to share data with customers, mobile apps and cloud services. Delivered as hardware networking appliances, virtual appliances or as software, our products are helping large organizations open up to the Web, mobile networks and the cloud, without jeopardizing security or performance. Data Sheet: CA Layer 7 API Management Suite api.co/MgmtSuite Learn More In February 2013, CA Layer 7 was recognized as a Leader in the API Management space by top analyst firm Forrester Research, in its The Forrester Wave: API Management Platforms report. In June 2013, CA Layer 7 was acquired by CA Technologies, which provides solutions for enterprises that need to secure and manage complex IT environments to support agile business processes.
CA Technologies (NASDAQ: CA) provides IT management solutions that help customers manage and secure complex IT environments to support agile business services. Organizations leverage CA Technologies software and SaaS solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to the cloud. Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document “as is” without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages.

Recomendados

WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2
 
API Governance
API Governance API Governance
API Governance Sunil Kuchipudi
 
Monetizing on APIs with better API management and monitoring
Monetizing on APIs with better API management and monitoringMonetizing on APIs with better API management and monitoring
Monetizing on APIs with better API management and monitoringNuwan Bandara
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the EnterpriseApigee | Google Cloud
 
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)Sumanth Donthi
 
Ex Libris REST API Governance Thresholds
Ex Libris REST API Governance ThresholdsEx Libris REST API Governance Thresholds
Ex Libris REST API Governance Thresholdsjoshmweisman
 
ITANA 2016: API Architecture and Implementation
ITANA 2016: API Architecture and ImplementationITANA 2016: API Architecture and Implementation
ITANA 2016: API Architecture and ImplementationColin Bell
 
5 Tips for Scaling API Governance
5 Tips for Scaling API Governance5 Tips for Scaling API Governance
5 Tips for Scaling API GovernanceJohn Phenix
 

Recomendados

WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2
 
API Governance
API Governance API Governance
API Governance Sunil Kuchipudi
 
Monetizing on APIs with better API management and monitoring
Monetizing on APIs with better API management and monitoringMonetizing on APIs with better API management and monitoring
Monetizing on APIs with better API management and monitoringNuwan Bandara
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the EnterpriseApigee | Google Cloud
 
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)Sumanth Donthi
 
Ex Libris REST API Governance Thresholds
Ex Libris REST API Governance ThresholdsEx Libris REST API Governance Thresholds
Ex Libris REST API Governance Thresholdsjoshmweisman
 
ITANA 2016: API Architecture and Implementation
ITANA 2016: API Architecture and ImplementationITANA 2016: API Architecture and Implementation
ITANA 2016: API Architecture and ImplementationColin Bell
 
5 Tips for Scaling API Governance
5 Tips for Scaling API Governance5 Tips for Scaling API Governance
5 Tips for Scaling API GovernanceJohn Phenix
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API ManagementJames Farley-Sutton
 
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...apidays
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)3scale
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)Apigee | Google Cloud
 
API Strategy in Cloud
API Strategy in CloudAPI Strategy in Cloud
API Strategy in CloudPavanPardeshi1
 
APIdays London 2019 - Selecting the best API Governance for your organisation...
APIdays London 2019 - Selecting the best API Governance for your organisation...APIdays London 2019 - Selecting the best API Governance for your organisation...
APIdays London 2019 - Selecting the best API Governance for your organisation...apidays
 
Mapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesMapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesApigee | Google Cloud
 
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...apidays
 
Design Time and Run Time Governance
Design Time and Run Time Governance Design Time and Run Time Governance
Design Time and Run Time Governance WSO2
 
APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...
APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...
APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...apidays
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management DemystifiedManmohan Gupta
 
Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022Ravi Tamada
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOpsGene Gotimer
 
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...SmartBear
 
Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud ofCisco DevNet
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management SolutionCA API Management
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy IntroductionDoug Gregory
 
Coursera Developing API with GCP Apigee API Platform
Coursera Developing API with GCP Apigee API PlatformCoursera Developing API with GCP Apigee API Platform
Coursera Developing API with GCP Apigee API PlatformMaharaja P
 
API Economy: 2016 Horizonwatch Trend Brief
API Economy: 2016 Horizonwatch Trend BriefAPI Economy: 2016 Horizonwatch Trend Brief
API Economy: 2016 Horizonwatch Trend BriefBill Chamberlin
 
Application Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesApplication Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesSlideTeam
 
Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practiceSanjay Roy
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfFahmiDzikrullah
 

Más contenido relacionado

La actualidad más candente

APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...apidays
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)3scale
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)Apigee | Google Cloud
 
APIdays London 2019 - Selecting the best API Governance for your organisation...
APIdays London 2019 - Selecting the best API Governance for your organisation...APIdays London 2019 - Selecting the best API Governance for your organisation...
APIdays London 2019 - Selecting the best API Governance for your organisation...apidays
 
Mapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesMapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesApigee | Google Cloud
 
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...apidays
 
Design Time and Run Time Governance
Design Time and Run Time Governance Design Time and Run Time Governance
Design Time and Run Time Governance WSO2
 
APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...
APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...
APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...apidays
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management DemystifiedManmohan Gupta
 
Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022Ravi Tamada
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOpsGene Gotimer
 
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...SmartBear
 
Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud ofCisco DevNet
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management SolutionCA API Management
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy IntroductionDoug Gregory
 
Coursera Developing API with GCP Apigee API Platform
Coursera Developing API with GCP Apigee API PlatformCoursera Developing API with GCP Apigee API Platform
Coursera Developing API with GCP Apigee API PlatformMaharaja P
 
API Economy: 2016 Horizonwatch Trend Brief
API Economy: 2016 Horizonwatch Trend BriefAPI Economy: 2016 Horizonwatch Trend Brief
API Economy: 2016 Horizonwatch Trend BriefBill Chamberlin
 
Application Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesApplication Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesSlideTeam
 

La actualidad más candente (20)

5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
 
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)
 
API Strategy in Cloud
API Strategy in CloudAPI Strategy in Cloud
API Strategy in Cloud
 
APIdays London 2019 - Selecting the best API Governance for your organisation...
APIdays London 2019 - Selecting the best API Governance for your organisation...APIdays London 2019 - Selecting the best API Governance for your organisation...
APIdays London 2019 - Selecting the best API Governance for your organisation...
 
Mapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesMapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slides
 
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
 
Design Time and Run Time Governance
Design Time and Run Time Governance Design Time and Run Time Governance
Design Time and Run Time Governance
 
APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...
APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...
APIdays Paris 2019 - The API Operating Model: A Playbook for Value Release by...
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management Demystified
 
Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOps
 
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
 
Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud of
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management Solution
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy Introduction
 
Coursera Developing API with GCP Apigee API Platform
Coursera Developing API with GCP Apigee API PlatformCoursera Developing API with GCP Apigee API Platform
Coursera Developing API with GCP Apigee API Platform
 
API Economy: 2016 Horizonwatch Trend Brief
API Economy: 2016 Horizonwatch Trend BriefAPI Economy: 2016 Horizonwatch Trend Brief
API Economy: 2016 Horizonwatch Trend Brief
 
Application Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesApplication Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation Slides
 

Similar a 5 Pillars of API Management

Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practiceSanjay Roy
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfFahmiDzikrullah
 
API Gateway_ A Quick Overview (1).pdf
API Gateway_ A Quick Overview (1).pdfAPI Gateway_ A Quick Overview (1).pdf
API Gateway_ A Quick Overview (1).pdfJamesToddSmith1
 
Role of API Gateways in API Management.pdf
Role of API Gateways in API Management.pdfRole of API Gateways in API Management.pdf
Role of API Gateways in API Management.pdfBahaa Al Zubaidi
 
Meetup 2022 - API Gateway landscape.pdf
Meetup 2022 - API Gateway landscape.pdfMeetup 2022 - API Gateway landscape.pdf
Meetup 2022 - API Gateway landscape.pdfRed Hat
 
API Best Practices
API Best PracticesAPI Best Practices
API Best PracticesSai Koppala
 
Microservices&ap imanagement
Microservices&ap imanagementMicroservices&ap imanagement
Microservices&ap imanagementpramodkumards
 
Mule esb api layer
Mule esb api layerMule esb api layer
Mule esb api layerirfan1008
 
Mule esb–api layer
Mule esb–api layerMule esb–api layer
Mule esb–api layercharan teja R
 
Mule esb–api layer
Mule esb–api layerMule esb–api layer
Mule esb–api layerhimajareddys
 
Mule esb api layer
Mule esb api layer Mule esb api layer
Mule esb api layer javeed_mhd
 
Mule esb api layer
Mule esb api layerMule esb api layer
Mule esb api layerAnand kalla
 
Mule esb api layer
Mule esb api layerMule esb api layer
Mule esb api layerKhasim Saheb
 

Similar a 5 Pillars of API Management (20)

Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practice
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdf
 
API Gateway_ A Quick Overview (1).pdf
API Gateway_ A Quick Overview (1).pdfAPI Gateway_ A Quick Overview (1).pdf
API Gateway_ A Quick Overview (1).pdf
 
Role of API Gateways in API Management.pdf
Role of API Gateways in API Management.pdfRole of API Gateways in API Management.pdf
Role of API Gateways in API Management.pdf
 
Meetup 2022 - API Gateway landscape.pdf
Meetup 2022 - API Gateway landscape.pdfMeetup 2022 - API Gateway landscape.pdf
Meetup 2022 - API Gateway landscape.pdf
 
API Best Practices
API Best PracticesAPI Best Practices
API Best Practices
 
Microservices&ap imanagement
Microservices&ap imanagementMicroservices&ap imanagement
Microservices&ap imanagement
 
API Connect from IBM
API Connect from IBMAPI Connect from IBM
API Connect from IBM
 
Mule api
Mule apiMule api
Mule api
 
Mule api
Mule apiMule api
Mule api
 
Mule esb api layer
Mule esb api layerMule esb api layer
Mule esb api layer
 
Mule esb–api layer
Mule esb–api layerMule esb–api layer
Mule esb–api layer
 
Mule esb api layer
Mule esb api layerMule esb api layer
Mule esb api layer
 
API Layer
API LayerAPI Layer
API Layer
 
Mule esb–api layer
Mule esb–api layerMule esb–api layer
Mule esb–api layer
 
Mule esb–api layer
Mule esb–api layerMule esb–api layer
Mule esb–api layer
 
Mule esb api layer
Mule esb api layer Mule esb api layer
Mule esb api layer
 
Mule esb api layer
Mule esb api layerMule esb api layer
Mule esb api layer
 
Mule esb api layer
Mule esb api layerMule esb api layer
Mule esb api layer
 
Mule esb api layer
Mule esb api layerMule esb api layer
Mule esb api layer
 

5 Pillars of API Management

  • 1.
  • 2. 2 5 Pillars of API Management with CA Layer 7 Introduction: Managing the new open enterprise Realizing the Opportunities of the API Economy Across industry sectors, the boundaries of the traditional enterprise are blurring, as organizations open up their on-premise data and application functionality to partner organizations, the Web, mobile apps, smart devices and the cloud. APIs (application programming interfaces) form the foundation of this new open enterprise, allowing enterprises to reuse their existing information assets across organizational boundaries. Meeting the Challenges of Secure, Manageable API Publishing APIs empower enterprises to quickly repurpose IT systems, add value to existing offerings and open new revenue streams. It should come as no surprise, though, that exposing on-premise systems via APIs also creates a range of new security and management challenges. The term “API Management” refers to a set of processes and technologies that have emerged in recent years to help enterprises meet these challenges.
  • 3. 3 5 Pillars of API Management with CA Layer 7 API Management solutions aim to make it simple for even the most security-conscious organizations to open their information assets for use by partner organizations, third-party developers, mobile apps and cloud services, without impacting data security or the performance of backend systems. Full-featured API Management solutions also provide functionality for managing the developers who build applications that leverage enterprise APIs.
  • 4. 4 5 Pillars of API Management with CA Layer 7 Overview: 5 Pillars of API Management Expose Enterprise Data & Functionality in API- Friendly Formats Protect Information Assets Exposed via APIs to Prevent Misuse Authorize Secure, Seamless Access for Valid Identities Optimize System Performance & Manage the API Lifecycle Engage, Onboard, Educate & Manage Developers Convert complex on-premise application services into developer-friendly RESTful APIs Ensure that enterprise systems are protected against message-level attack and hijack Deploy strong access control, identity federation and social login functionality Maintain the availability of backend systems for APIs, applications and end users Give developers the resources they need to create applications that deliver real value
  • 5. 5 5 Pillars of API Management with CA Layer 7 Expose Enterprise Data & Functionality in API-Friendly Formats Convert complex on-premise application services into developer- friendly RESTful APIs Enterprise data and applications typically comprise a complex web of standards, protocols, programming languages and file formats. The first stage of API Management is presenting these diverse information assets in a format that developers can understand and leverage. Commonly, this means publishing application programming interfaces that employ the REST protocol (“RESTful APIs”). What
  • 6. 6 5 Pillars of API Management with CA Layer 7 On-premise systems commonly rely on application services delivered in proprietary formats too verbose to work efficiently via the Web or mobile apps. Application services associated with the common SOA (service oriented architecture) style generally employ the SOAP protocol, whereas Web/mobile devs rely on REST. If APIs are not delivered in a format that internal and third- party developers can easily leverage, they will not facilitate the creation of any truly valuable new applications. Why
  • 7. 7 5 Pillars of API Management with CA Layer 7 The most effective API Management solutions include functionality for presenting legacy enterprise services as RESTful APIs. Typically, this will involve using a SOA or API Gateway to automatically convert data from the SOAP-based services into RESTful APIs. To be truly effective, the Gateway should make it possible to efficiently compose RESTful APIs from “mash-ups” of multiple existing application services. API Tech Talk: Simplifying REST Adaptation api.co/RESTadaptation Learn More How
  • 8. 8 5 Pillars of API Management with CA Layer 7 Protect Information Assets Exposed via APIs to Prevent Misuse Ensure that enterprise systems are protected against message-level attack and hijack Opening up enterprise information assets for use in new applications exposes them to many of the same security threats that plague the Web (e.g viruses, DoS attacks). Additionally, APIs create a range of new and unique security challenges that go beyond what enterprises are used to dealing with on the Web. Perhaps the most essential function of API Management is the creation of a security layer to ensure that hackers are unable to access, misuse or attack exposed systems. What
  • 9. 9 5 Pillars of API Management with CA Layer 7 APIs are windows to applications and data, potentially providing hackers with a view into the inner workings of enterprise systems and a route to accessing those systems. This creates the increased possibility that hackers will be able to steal confidential data, hijack public-facing interfaces for nefarious purposes or crash critical systems. Conventional online security solutions designed for the Web do not cover all the potential threats created by API publishing, so specific API security must be implemented. Why
  • 10. 10 5 Pillars of API Management with CA Layer 7 Arguably the key function of the type of API Gateway mentioned above is to inspect and filter all API traffic to identify then neutralize common or emerging threats. To be effective, the Gateway should be designed and certified to tackle message-level, API-specific threats such as SQL Injection, Denial of Service attacks and viruses. The Gateway’s security functionality and threat profiles should also be easily updateable, to tackle new types of threats as they emerge. White Paper: Protecting Your APIs Against Attack & Hijack api.co/APIsecurity How Learn More
  • 11. 11 5 Pillars of API Management with CA Layer 7 Authorize Secure, Seamless Access for Valid Identities Deploy strong access control, identity federation and social login functionality Any enterprise that wants to fully secure its APIs against attack must give developers a framework for controlling how users access enterprise assets via these APIs. This framework should balance backend security with end user experience by leveraging key identity and access management (IAM) standards such as OAuth. For the best balance, the framework should be able to use existing IAM infrastructure and allow end users to gain access via enterprise single sign-on (SSO) or social logins. What
  • 12. 12 5 Pillars of API Management with CA Layer 7 Access control is the cornerstone of API security – the key is to prevent unauthorized users from gaining inappropriate levels of access to enterprise assets. OAuth is especially useful as it allows publishers to flexibly implement appropriate levels of security and federate identities from existing IAM systems and social accounts. Leveraging existing IAM infrastructure also cuts costs, reduces setup time and maximizes long-term manageability by preventing the creation of identity silos. Why
  • 13. 13 5 Pillars of API Management with CA Layer 7 An API Gateway should feature out-of-the-box functionality for building an API-centric access control infrastructure using key standards and existing resources. The Gateway should be able to integrate seamlessly with leading IAM systems like CA SiteMinder® , Oracle Access Manager, Microsoft Active Directory and IBM Tivoli. It should also include configurable templates for implementing access control, SSO and social login in typical use cases, based on OAuth and other key standards. EBook: 5 OAuth Essentials for API Access Control api.co/oauthebook Learn More How
  • 14. 14 5 Pillars of API Management with CA Layer 7 Optimize System Performance & Manage the API Lifecycle Maintain the availability of backend systems for APIs, applications and end users API traffic must be dealt with efficiently to ensure applications built against APIs work consistently and the performance of backend systems is not compromised. Data from backend systems must be delivered in lightweight formats, optimized for usage patterns and filtered appropriately. For long-term application viability, it is also necessary to carefully manage the lifecycle of APIs as they move through development, testing and production. What
  • 15. 15 5 Pillars of API Management with CA Layer 7 The introduction of Web and mobile apps that leverage backend systems can lead to sudden growth in IT traffic that can result in crashes and consequent unavailability. It is vital to optimize the flow of API traffic, to ensure a satisfying and consistent user experience for developers, users of API-dependent apps and internal users alike. Managing the API lifecycle, meanwhile, is crucial to ensuring existing applications do not break when APIs, clients and operating systems are updated. Why
  • 16. 16 5 Pillars of API Management with CA Layer 7 An API Gateway should feature out-of-the-box functionality for building an API-centric access control infrastructure using key standards and existing resources. The Gateway should be able to integrate seamlessly with leading IAM systems like CA SiteMinder, Oracle Access Manager, Microsoft Active Directory and IBM Tivoli. It should also include configurable templates for implementing access control, SSO and social login in typical use cases, based on OAuth and other key standards. API Tech Talk: Caching & API Optimization api.co/APIoptimization Learn More How
  • 17. 17 5 Pillars of API Management with CA Layer 7 Engage, Onboard, Educate & Manage Developers Give developers the resources they need to create applications that deliver real value Much of the true value of an organization’s APIs comes from the developers who build Web and mobile applications or new enterprise systems against these APIs. It is essential to target developers with the tools and materials they need in order to discover, learn about, try out and build apps against the organization’s APIs. These developers may be internal employees, partners, contactors or independent “long-tail” devs. Each group will require a particular set of resources targeted at its needs. What
  • 18. 18 5 Pillars of API Management with CA Layer 7 Developers are the lifeblood of any API publishing strategy. API publishers need devs to create apps that employees, partners and customers can actually use and benefit from. To get developers creating truly valuable applications, the publisher must be able to attract talented developers and provide them with the tools needed to leverage the APIs. The more engaging and interactive the tools provided by the API publisher to enable and educate developers, the more useful the applications these developers deliver will be. Why
  • 19. 19 5 Pillars of API Management with CA Layer 7 For internal and external developers alike, the most effective way to engage and educate developers is through a branded, interactive online portal. This portal should make it simple for developers to register for APIs and access interactive documentation, sample apps, code examples, testing tools and discussion forums. Effective API Management solutions include functionality that makes it simple to build a full-featured developer portal, pre-integrated into the API Gateway. Webinar: Developers, Developers, Developers – Why API Management Should be Important to You api.co/DevManagement How Learn More
  • 20. 20 5 Pillars of API Management with CA Layer 7 Conclusion: Deploying a Complete Solution for API Management With Web, mobile and cloud technologies becoming increasingly essential to how the world does business, the API is emerging a key enabler for smart enterprises. To realize the value of APIs and avoid the pitfalls of exposing enterprise systems, it is vital to deploy technology that enables and simplifies key API Management processes related to service composition, security, performance optimization, lifecycle management and developer engagement. The CA Layer 7 API Management Suite provides all the components required for effective, enterprise-level API Management, including a range of API Gateways designed to simplify all key API security and management processes. The API Management Suite also includes an API Portal for developer engagement and management and an OAuth Toolkit for ensuring secure, standards-based access management for enterprise APIs. Additionally, the API Management Suite offers: • A choice of on-premise, cloud or hybrid deployments • Military-grade data and application security • Analytics on API usage • Operations management that can span distributed datacenters and clouds • Application adaptation and interface management with advanced SOA connectivity
  • 21. 21 5 Pillars of API Management with CA Layer 7 About CA CA Layer 7 The API economy is exploding, mobile devices are proliferating across the workplace and large organizations are moving critical IT infrastructure to the cloud. This is creating the need for technology able to securely connect with external developers, mobile apps and cloud services. CA Layer 7 is at the cutting edge of this red-hot market. CA Layer 7’s industry-leading Gateway products make it simple for enterprises to share data with customers, mobile apps and cloud services. Delivered as hardware networking appliances, virtual appliances or as software, our products are helping large organizations open up to the Web, mobile networks and the cloud, without jeopardizing security or performance. Data Sheet: CA Layer 7 API Management Suite api.co/MgmtSuite Learn More In February 2013, CA Layer 7 was recognized as a Leader in the API Management space by top analyst firm Forrester Research, in its The Forrester Wave: API Management Platforms report. In June 2013, CA Layer 7 was acquired by CA Technologies, which provides solutions for enterprises that need to secure and manage complex IT environments to support agile business processes.
  • 22. CA Technologies (NASDAQ: CA) provides IT management solutions that help customers manage and secure complex IT environments to support agile business services. Organizations leverage CA Technologies software and SaaS solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to the cloud. Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document “as is” without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages.