The document discusses strategies for architecting an enterprise API management strategy. It covers factors to consider like whether to treat APIs as a product or tactic. It also discusses API management components like the API publisher and store. The document outlines reference architectures like using API management within an orthogonal toolset. It provides examples of API management for use cases like within a telecommunications ecosystem.
Architecting an Enterprise API Management Strategy
1. Architec(ng
an
enterprise
API
management
strategy
Mifan
Careem
Director,
Solu0ons
Architecture
WSO2
Mifan
AT
WSO2.com
APIdays
Sydney
February
2015
2. Agenda
• Introduc0on
and
case
studies
• API
Economy
and
factors
• API
Management
Overview
• API
Management
within
a
plaJorm
• API
Management
demo
• Reference
Architectures
• APIs
at
the
edge
and
IoT
• APIs
Everywhere
• Applica0on
Governance
Source:
XKCD.com
7. Managed APIs and
Enterprises
o An
API is a business capability
delivered over the Internet to
internal or external consumers
o Network accessible function
o Available using standard web protocols
o With well-defined interfaces
o Designed for access by third-parties
o A
Managed
API is:
o Actively advertised and subscribe-able
o Available with SLAs
o Secured, authenticated, authorized and
protected
o Monitored and monetized with analytics
8. Strategy factors
• API as a product vs API based
products = API as a strategy vs
API as a tactic
• External API management vs
internal API management
• Developer ecosytem – API
ecosystem vs cloud-devops
• API management and the
enterprise
• Business model – Pay as you
go, revshare, freemium,..
9. Characteristics of Business APIs
● Protocols
&
Styles
● API
as
the
main
product
● API
as
the
brand
● Business
Model
-‐
Mone0za0on
● API
Sta0s0cs
● Authen0ca0on
&
Authoriza0on
● ThroTling
● Caching
● Deployment
Models
10. Architectural factors
• Deployment model
• Distributed
deployment, access
token caching,…
• On-premise vs cloud
vs hybrid, Cloud to
enterprise access
• Federated
architecture
• Large scale APIs
• Edge API
management
11.
12. API
Centric
SOA
BU-‐1
BU-‐2
BU-‐3
Services
Services
Services
APIs
API
Façade
14. WSO2
API
Manager
Components
o Create
APIs
o Find
and
subscribe/buy
APIs
o API
Store
and
Governance
o Manage,
secure
and
protect
APIs
o API
Management
and
Gateway
o Monitor
and
Mone0ze
APIs
o API
Monitoring
and
Analy0cs
15.
• Publish
APIs
to
external
consumers
and
partners,
as
well
as
internal
users;
SOAP
and
REST
services
are
supported
• Manage
API
versions
(several
versions
can
be
deployed
in
parallel)
• Govern
the
API
lifecycle
(publish,
deprecate,
re0re)
• ATach
documenta0on
(files,
external
URLs)
to
APIs
• Apply
Security
policies
to
APIs
(authen0ca0on,
authoriza0on)
• ATach
SLAs
• Provision
and
Manage
API
keys
• Track
consumers
per
API
• Monitor
API
usage
and
performance,
SLA
compliance
• Gather
consumers
requirements
WSO2
API
Manager
:
API
Publisher
16. • Find
useful
APIs
by
browsing
or
searching
through
the
API
Store:
view
top
rated,
top
used
and
featured
APIs
• Explore
API
documenta0on
and
ask
ques0ons
to
publisher
• Register
applica0ons
and
obtain
API
keys
• Subscribe
to
API
changes
and
receive
news
• Evaluate
APIs,
rate
APIs,
and
share
comments
• Request
features
and
improvements
from
publishers
• Par0cipate
in
online
forums
• OAuth2
support
for
API
access
WSO2
API
Manager
:
API
Consumers
via
API
Store
19. API
Access
Tokens
o OAuth2
standard
compliant
o Supports
mul0ple
grant
types
o SAML,
IWA/NTLM
o Client
creden0al,
Implicit,
Password
o Pre-‐generated
Access
Token:
can
be
used
from
an
applica0on,
to
iden0fy
the
applica0on
itself
o On-‐demand
Access
Token:
generated
via
API
call,
using
Consumer
Key
and
Consumer
Secret
-‐
Iden0fies
the
end
user
of
an
applica0on
(web
applica0ons,
mobile
applica0ons)
19
20.
21. The
big
picture
Source:
hTps://www.flickr.com/photos/photosighJaces/13144863085
25. Analy0cs
means
business
models
o API
Manager
supports
out
of
the
box:
o Google
Analy0cs
o WSO2
Business
Ac0vity
Monitor
Analy0cs
2
• Build
confidence
in
the
API
model
• Understand
your
customer
• Not
just
the
developer
but
also
the
end-‐
user
• Help
manage
services
and
versions
• Understand
when
deprecated
services
can
be
re0red
• Plan
beTer
• Monitor
the
growth
of
aggregated
API
traffic
• Monitor
the
growth
of
specific
apps
28. From
edge
API
management
to
large
scale
distributed
API
management
29. Reference
Architecture
• API
as
a
strategic
product
• Collabora0ve
business
model
• Scalable
horizontal
deployment
• Orthogonal
toolset
for
ver0cal
use
cases
• Federated
architecture
Source:
flickr.com
30. Developer
Eco-‐system
for
Telco
API
Management
Payment
Messaging
Iden0ty
Loca0on
WebRTC
NFC
M2M,…
Enterprise
Developers
Applica0ons
Subscribers
• U0lize
partners
to
sell
APIs
• Newer
business
models
–
revenue
share
from
customer
• Empower
eco-‐
system
for
RAD
OTT
Customers
31. Telco
API
Management
API
Gateway
API
Store
Operator
Portal
Transforma0on
Adapters
Backend
Systems
(CRM)
Backend
Systems
(Diameter)
Iden0ty
API
Publisher
Workflows
Audi0ng
and
Repor0ng
Developer
Ecosystem
Event
Processing
32. Federated
Architecture
and
the
Telco
ecosystem
Telco
API
Mgmt
API
Gateway
API
Store
Developer
Portal
Iden0ty
API
Publisher
Workflows
Audi0ng
and
Repor0ng
Event
Processing
Discovery
and
Rou0ng
Standard
API
NFC
Payment
Messaging
Iden0ty
Telco
API
Mgmt
Enterpris
e
Developer
s
Applica0ons
Subscribers
OTT
Customers
33. API Management at the Edge
• Raw devices can expose functionality as
APIs
• Functional capabilities (actuators) – Function
APIs
• Administration capabilities (management) –
Management APIs
• Monitoring capabilities (sensor data) – Sensor
APIs
• E.g: GET hTp://{ip}/{loca0onid}/sensors/temperature
• Augment
device
capability
• ThroTling
• Caching
• Request
rou0ng
• Stats
collec0on
and
monitoring
• Decision
making
• Security
• Authoriza0on
based
on
token
(Oauth)
34. *
*
API
Management
and
IoT
Device
Queue
Media(on/
Rou(ng
Device
Gateway
App
End
User
Authoriza(on
Manager
Sta(s(cs
Processing
Devi
ce
Device
Hub
Devi
Devi
ce
Devi
ce
Device
Management
Iden(ty
Management
36. Application Services Governance and
APIs Everywhere
• One click API
capability
• Governance of
API, Services,
resources
within an
enterprise with
Unified
Governance
• Life cycle
automation
with WSO2
Appfactory
37. WSO2
Appfactory,
WSO2
Private
PaaS
and
WSO2
App
Manager
IdP
(WSO2
Iden(ty
Server)
(WSO2
Business
Ac(vity
Monitor)
38. Summary
• Introduc0on
and
case
studies
• API
Economy
and
factors
• API
Management
Overview
• API
Management
within
a
plaJorm
• API
Management
demo
• Reference
Architectures
• APIs
at
the
edge
and
IoT
• APIs
Everywhere
• Applica0on
Governance