Architecting an Enterprise API Management Strategy

Download Architecting an Enterprise API Management Strategy

Post on 15-Jul-2015




0 download


  • Architec(ng an enterprise API management strategy

    Mifan Careem Director, Solu0ons Architecture

    WSO2 Mifan AT

    APIdays Sydney February 2015

  • Agenda

    Introduc0on and case studies API Economy and factors API Management Overview API Management within a plaJorm API Management demo Reference Architectures APIs at the edge and IoT APIs Everywhere Applica0on Governance


  • WSO2 Who we are

  • We help customers become a Connected Business with enterprise middleware

  • Source:

  • Managed APIs and Enterprises

    o An API is a business capability delivered over the Internet to internal or external consumers

    o Network accessible function o Available using standard web protocols

    o With well-defined interfaces o Designed for access by third-parties

    o A Managed API is: o Actively advertised and subscribe-able o Available with SLAs o Secured, authenticated, authorized and

    protected o Monitored and monetized with analytics

  • Strategy factors

    API as a product vs API based products = API as a strategy vs API as a tactic

    External API management vs internal API management

    Developer ecosytem API ecosystem vs cloud-devops

    API management and the enterprise

    Business model Pay as you go, revshare, freemium,..

  • Characteristics of Business APIs Protocols & Styles API as the main product API as the brand Business Model -

    Mone0za0on API Sta0s0cs Authen0ca0on &

    Authoriza0on ThroTling Caching Deployment Models

  • Architectural factors Deployment model

    Distributed deployment, access token caching,

    On-premise vs cloud vs hybrid, Cloud to enterprise access

    Federated architecture

    Large scale APIs Edge API management

  • API Centric SOA


    BU-1 BU-2 BU-3

    Services Services Services


    API Faade

  • API Centric Capabili0es

  • WSO2 API Manager Components

    o Create APIs o Find and

    subscribe/buy APIs o API Store and


    o Manage, secure and protect APIs o API Management and


    o Monitor and Mone0ze APIs o API Monitoring and


  • Publish APIs to external consumers and partners, as well as internal users; SOAP and REST services are supported

    Manage API versions (several versions can be deployed in parallel)

    Govern the API lifecycle (publish, deprecate, re0re)

    ATach documenta0on (les, external URLs) to APIs

    Apply Security policies to APIs (authen0ca0on, authoriza0on)

    ATach SLAs Provision and Manage API keys Track consumers per API Monitor API usage and

    performance, SLA compliance Gather consumers requirements

    WSO2 API Manager : API Publisher

  • Find useful APIs by browsing or searching through the API Store:

    view top rated, top used and

    featured APIs

    Explore API documenta0on and ask ques0ons to publisher

    Register applica0ons and obtain API keys

    Subscribe to API changes and receive news

    Evaluate APIs, rate APIs, and share comments

    Request features and improvements from publishers

    Par0cipate in online forums OAuth2 support for API access

    WSO2 API Manager : API Consumers via API Store

  • Personalized Experience

  • API Gateway Processing Flow

  • API Access Tokens o OAuth2 standard compliant o Supports mul0ple grant types

    o SAML, IWA/NTLM o Client creden0al, Implicit, Password

    o Pre-generated Access Token: can be used from an applica0on, to iden0fy the applica0on itself

    o On-demand Access Token: generated via API call, using Consumer Key and Consumer Secret - Iden0es the end user of an applica0on (web applica0ons, mobile applica0ons)


  • The big picture

    Source: hTps://

  • The Open Enterprise is much more than just APIs Credit: KuppingerCole

  • API Management within an orthogonal toolset

  • API Manager Product and PlaJorm


  • Analy0cs means business models

    o API Manager supports out of the box: o Google Analy0cs o WSO2 Business Ac0vity Monitor Analy0cs


    Build condence in the API model

    Understand your customer

    Not just the developer but also the end-user

    Help manage services and versions

    Understand when deprecated services can be re0red

    Plan beTer Monitor the

    growth of aggregated API trac

    Monitor the growth of specic apps

  • Scalable Deployment

  • Distributed Deployment

  • From edge API management to large scale distributed API management

  • Reference Architecture

    API as a strategic product

    Collabora0ve business model

    Scalable horizontal deployment

    Orthogonal toolset for ver0cal use cases

    Federated architecture


  • Developer Eco-system for Telco

    API Management

    Payment Messaging Iden0ty Loca0on WebRTC NFC M2M,

    Enterprise Developers Applica0ons Subscribers

    U0lize partners to sell APIs

    Newer business models revenue share from customer

    Empower eco-system for RAD

    OTT Customers

  • Telco API Management

    API Gateway API Store Operator Portal

    Transforma0on Adapters

    Backend Systems (CRM)

    Backend Systems



    API Publisher


    Audi0ng and Repor0ng

    Developer Ecosystem

    Event Processing

  • Federated Architecture and the Telco ecosystem

    Telco API Mgmt

    API Gateway API Store Developer Portal


    API Publisher


    Audi0ng and Repor0ng

    Event Processing Discovery and Rou0ng

    Standard API

    NFC Payment Messaging Iden0ty

    Telco API Mgmt



    Applica0ons Subscribers OTT Customers

  • API Management at the Edge

    Raw devices can expose functionality as APIs

    Functional capabilities (actuators) Function APIs

    Administration capabilities (management) Management APIs

    Monitoring capabilities (sensor data) Sensor APIs E.g: GET hTp://{ip}/{loca0onid}/sensors/temperature

    Augment device capability ThroTling Caching Request rou0ng Stats collec0on and monitoring Decision making Security

    Authoriza0on based on token (Oauth)

  • * *

    API Management and IoT

    Device Queue

    Media(on/ Rou(ng

    Device Gateway


    End User

    Authoriza(on Manager

    Sta(s(cs Processing


    Device Hub Device



    Device Management

    Iden(ty Management

  • * *

    WSO2- Reference Architecture for IoT

  • Application Services Governance and APIs Everywhere

    One click API capability

    Governance of API, Services, resources within an enterprise with Unified Governance

    Life cycle automation with WSO2 Appfactory

  • WSO2 Appfactory, WSO2 Private PaaS and WSO2 App Manager


    IdP (WSO2 Iden(ty


    (WSO2 Business Ac(vity Monitor)

  • Summary

    Introduc0on and case studies API Economy and factors API Management Overview API Management within a plaJorm API Management demo Reference Architectures APIs at the edge and IoT APIs Everywhere Applica0on Governance

  • Contact Us


View more >