crafting an api strategy with an api marketplace
TRANSCRIPT
What we will discuss• API management and why it is a mandatory• API marketplaces and its benefits• Components of building an API marketplace• Promoting the use of API marketplaces• Some real world scenarios • Beyond API marketplaces
Benefits of API Management● Expose legacy services and data in a
standard, reusable format
● Leverage API usage statistics and
patterns to gain business insight
● Provide ease of consuming business
functionality in a secure manner
● Rapid creation of old and new digital
assets
● Drive digital transformation Source: Forrester Research
Emergence of Platforms
• Platforms have become proven business models – E.g. Amazon, Uber, Youtube, etc.
• Value creation is at a flatter structure – Platform users create and consume
• The platform itself is a technology creation – Focused on providing value for the stakeholders
• Stakeholders can be external as well as internal– Employees, partners, customers, and even competitors
• New revenue models are discovered
An enterprise API Marketplace is a Platform to effectively connect API Producers with API Consumers and create Value through available Tools on that platform which areTechnology and Activities
Benefits of an API Marketplace● Discovery of APIs by API consumers
● Encourage reuse of APIs
● Social features encourage
participation and feedback loop
● Evangelism to encourage app dev and
API dev
● Promote participation via incentives
● Encourage governance and standards
● Cross division usage and monetization
Defining Your API Strategy• API first vs usage or service first
– What is the priority?• Accessibility
– Who is going to use the APIs and what for?– Internal reuse, external collaboration/monetization
• Deployment– Where will this run?– On the cloud, on-premise or hybrid– Scaling factors – Self managed or hosted
Identifying Your API Technology Strategy• Which components are most important?
– Developer portal, security• What type of security is needed based on accessibility?
– Ability to federate into multiple security providers• What type of extensibility is needed?
– Is there any complex pre-processing needed?• Who is the best technology provider?
Producers - Publisher: Creating APIs● Start with an existing endpoint/contract or design and prototype a new API
● Exposing SOAP services (convert to REST or as a passthrough)
● Exposing streaming APIs (websocket endpoints)
Producers - Publisher: Governance
● Ensure that the correct lifecycle
stages exist and proper audit
prevails
● Manage API visibility
● Versioning of APIs based on
need
● Support for custom lifecycles
● Ability to modify governance
aspects based on analytics
Consumers - Developer Portal● Searchable (with context): by name, tag,
description, author, etc.
● Social features: tagging, commenting, rating
● Minimalistic forum
● Themeable: change color, logo, view
● Configure alerts for application developers
● Application based API analytics
● OAuth2 application management
● API monetization
Security: API Protection● Protecting for applications and users
● Controlling access and entitlement with scope
● Multi-tier subscription model
Consumers: Client Tips and Testing
● Encapsulate the client application
● Associates OAuth2 keys
● Support different integration
patterns for application security
through OAuth grant types
● Pre-generated access tokens for
testing
Access Control: Traffic Management● Tier based simple model
○ Application developer selects the tier at
app registration which has a policy to
specify quota
○ Tiers can be applied at the application, API
or at the API resource level
● Advance rule-based models○ Policies containing IP conditions, message
attribute based conditions, transport header based conditions
○ Complex real-time pattern based conditions
Engage and Evangelize• Stakeholders are the key• Ensure API developers publish more APIs
– Enable producers to create APIs and group them as needed
– Provide social ratings and tools for documenting usage • Ensure application developers consume more APIs
– Organize hackathons, workshops and tutorials– Provide code snippets for consumption– Lunch n’ Learn sessions, webinars
Promote Use Through Incentives• Financial incentives and gamifications• Leaderboards showcasing top consumers, most
consumed APIs, highest throughput APIs, highlighted developer and more
• Identify KPIs for incentives
Analyze API Usage● Analytics dashboard on API stats
○ API usage / response times
/ backend latency /
geo-location, etc.
● Stats on applications for
application owners (subscribers)
● Stats on subscriptions
● Alerts on emergencies or
doubtful situations
● Pattern detection
Monetization: Actual or Virtual• External APIs can be sold to third party application
developers • Partner APIs will encourage new business users
from a wider base• Internal APIs used across business units
encourages enterprise contribution• Analytics collected can in turn be used for new
revenue models provided as APIs
Govern and Manage• Make use of analytics information to detect
patterns • Identify improvements on overall governance
patterns• Identify security improvements• Evolve
Requirement● Dialog Axiata needed to unify the multiple development
teams and internal app and service development and reuse
● Needed a digital strategy to compete with new over the air providers and launch new digital products
● Provide the basis of the telco wide digital transformation
Solution● Built an internal and external enterprise API
marketplace using WSO2 API Manager and related technologies
● A number of evangelism events and incentives that promote application development are organized around the APIs: hackathons, workshops, seminars, prizes, and leaderboards
● The API marketplace is coupled with full ecosystem management for end to end API and app development
● https://www.ideabiz.lk/store/
Application Marketplaces• A successful API marketplace implies the need for an
application marketplace • Connect application producers and consumers over an
application store• Provide typical marketplace capabilities such as
– Discovery– Social rating– Try-it trials
Ecosystem Management
• An application marketplace requires an ecosystem
• Security provisioning for application users• Single sign-on (SSO) across multiple applications• Analytics and governance over usage• Application proxies
Steps in Crafting a Marketplace Driven API Strategy1. Define the organization’s desired API strategy2. Identify the API technology strategy to use3. Work on activities to promote usage4. Analyze API usage to draw insight5. Use monetization channels identified through the
marketplace to improve6. Govern, manage and evolve