api management - practical enterprise implementation experience

1Copyright © 2016 Capgemini and Sogeti – Internal use only. All Rights Reserved.

Presentation Title | Date

API ManagementPractical Enterprise Implementation Experience

Narinder Sahota Chief Architect - CapgeminiDavid Rutter Solutions Architect - Capgemini

2Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.

API Management | #CWIN16 Sept 2016

Agenda

Overview

Why APIs matter What is API Management What does an architect consider Vendor landscape Our project and what we have delivered Lessons and takeaways

Q&A



1. All teams will henceforth expose their data and functionality through service interfaces.

2. Teams must communicate with each other through these interfaces.

3. There will be no other form of interprocess communication…no back-doors whatsoever. It doesn’t matter what technology they use. HTTP, Corba, Pubsub, … — doesn’t matter.

4. All service interfaces, without exception, must be designed from the ground up to be externalizable. That is to say, the team must plan and design to be able to expose the interface to developers in the outside world. No exceptions.

API MANDATE

Anyone who doesn’t do this will be fired.Jeff Bezos



“The application is the API. The interfaces to your core applications are the key to both liberating your existing IT estate and enabling its innovation and growth. May the best API win!” Joakim Lindbom

Bring your application services as APIs to the outside world and let it create solutions

and new value in ways you never anticipated.

Capgemini Technovision Ron Tolido

Search over 15,859 APIs

API Access to 8,200 storesRevenue share model

Source: https://goo.gl/IoZz0u

HBR: The Strategic Value of APIs – Bala Iyer, Mohan Subramaniam

%Revenue From APIs

60%

50%

90%



Business Goals1. Accelerated customer

onboarding for APIs2. Increased visibility of

APIs and usage 3. Improved business

customer satisfaction 4. Revenue growth

through new channels

Context



“If you build it, he will come”



What is API Management?

Developer Portal• Self Service, Approval Workflows• Self-documenting APIs• Test harness

API Gateway• Access Control• Data Transformations

Routing, AggregationLocal Processing

API Manager Portal• Lifecycle• Service & Support• Analytics

Monitoring

Business Application APIs

AnalyticsLocal

Processing

Internal/ExternalApp Developer

APIBusiness Owner

API ManagementDev Team

ServiceManagement

APIDev Team



Architectural Considerations

• API, Messaging, Files• SOAP, REST, GraphQL• Routing• Aggregation

What

HowWith What

Who

• New BusinessProcesses

• Who will consume?

• API IdentificationTOGAF, IAF, DDD

• Documentation• Environments• Tool



API Management Landscape has two distinct approaches

API Management

Integration



API Management Landscape has two distinct approachesAPIm Pure players being bought by Integration players

API Management



Following a Vendor evaluation, the client selected IBM API Management (now called API Connect)

Business Partner

AppsMobile & Web Apps

Enterprise Internal Apps

Internet of Things

Cloud Service

Application Server

ESB / Middleware

Data Store

Mic

rose

rvic

es T

raffi

c

API Traffic

API Gateway3

(DataPower/MicroGW)

Microservices App Computer Runtime6

(Node.js/Java)

Developer Portal1

API Management Node2

Collective Controller5

Developer4 Toolkit

External App Developer

Internal App Developer

Partner App Developer



IBM API Connect Capabilities

... On prem, Dedicated Bluemix, Public Bluemix, 3rd Party Cloud

• Node.js & Java Microservice application runtime

• Node.js & Java integrated runtime management

• Enterprise HA & scaling• On-cloud & on-premises staging

of Microservice applications

• Policy enforcement• Enterprise security• Quota mgmt. & rate limiting• Content-based routing• Response caching, load-balancing

and offload processing• Message format & transport protocol

mediation

• API discovery• API, Plan & Product policy creation• API, Plan & Product lifecycle

management• Self-service, customizable,

developer portal• Advanced Analytics• Subscription & community

management

• Rapid model-driven API creation• Data-source to API mapping

automation• Standards-based visual API spec

creation in Swagger 2.0• Local API creation and testing• On-cloud & on-prem staging

of APIs, Products & Plans

Create Run

ManageSecure



Key Elements of the API Management project:

Technology: IBM APIm

Agile Project• Distributed,

multi-discipline team

• Joint Capgemini + Client

• Prioritize Risk Mitigation

Collaboration Tools: • Atlassian and Slack

Test Driven development• Test origin API => SOAPUI• Adapt tests for Dev and UAT• Import tests into AlertSite

Monitoring dashboard and Alerting

APIs transitioned to offshore 24x7 support New APIs built using a factory model

“I consider the APIM Capability delivery to be a great example of how partnering with Capgemini maximises our ability to achieve our outcomes“.

Technology Programme Director

API Monitoring

… from intro to development within 6 hours compared to the 10 day SLA prior to APIm. Impressive!

Customer Solutions

Over 200 developers registered for APIsin first few months

API Management

User Portal



Monetization & Non-Repudiation & SecurityServer, Consumer and Unauthenticated Access

API Management

HTTPSClient Id +

Client SecretREST or SOAP

3rd Party, + Partners

ServiceProvider

HTTPSClient Id

REST or SOAP

API Management

3a HTTPSAuth Token

ServiceProvider

4 HTTPSAuth

Token

1 HTTPS getToken

(usernamepassword)

IdentityManagement

2 HTTPSAuth

Token

4b ValidateAuth

Token

3b ValidateAuth

Token

Desktop, MobileBrowser

Mobile + Tablet Apps

API Management

HTTPSClient Id +

IP Address +HTTP REFERRER

ServiceProvider

HTTPSClient Id

Desktop, MobileBrowser

Throttle,CORS



Messaging more appropriate than APIs for some scenarios

Public/Private Cloud

Internal NetworksGateway

Events APIs: SOAP, REST

Business Customers

Message Hub API Management

APIs:SOAP, RESTSubscribed Events

AMQP

APIs: SOAP, REST Events, MQ, Tib

Management



Lessons Learnt



Recognise APIs are about business change: Utilise Integration Competency Centre approach



Development by policy/configuration Needs same rigour as a coding project



Technology is evolving and risk mitigations needed



Service Management and External Monitoring designed in from beginningEnsure rapid resolution when things go wrong



Architecture Governance requiredAgreement on Principles and Patterns for Integration & Security



Contrast with Lessons from Other projects

Built custom Digital Enablement PortalFocus on Developers

Sophisticated ELK stack based MonitoringAnalytics to drive consumption

Web Sockets based push model for in-gameSupporting High demand

models

Established API competencycentre with Agile lifecycleWell-defined referencearchitecture



Contact information

NarinderSahotaChief Architect, Account [email protected]

uk.linkedin.com/in/nssahota@NarinderSahota

DavidRutterSolution [email protected]

uk.linkedin.com/in/drutter@DavidRutterUK

Insert contact picture Insert contact picture

mailto:[email protected]

https://twitter.com/NarinderSahota

https://twitter.com/NarinderSahota

mailto:[email protected]

mailto:@DavidRutterUK

mailto:@DavidRutterUK

api management - practical enterprise implementation experience

Presentations & Public Speaking