Implementing the API Strategy Schiphol case

11 October 2016 Pim Gaemers, Sander Majoor

Pim Gaemers pim@rubix.nl   Integration Specialist from Rubix   Hired by Schiphol for:

  Integration architecture   API Management (technical side)

Sander Majoor smajoor@nivium.nl   Freelance Project manager / ICT consultant

  Over 20 years of experience in ICT   Currently: Project manager for Schiphol to implement the API Strategy and API Management

Introducing key speakers

Objectives for this session

  Presenting the Schiphol Case and challenges for implementing an API strategy.

  How did Schiphol implement API Management with the Red Hat 3Scale product.

  Lesson learned

API Strategy

New Revenues

Innovation

Business models

Economy Mobile

first

Asset & Data management

Marketing & Promotion

API Management

Governance

Portfolio & Roadmap

Schiphol API Strategy Objectives

World leading digital Airport (DAP)

Stimulate internal and cross sector innovation

Provide seamless passenger journey with open data and leading technology

Enable (cost)efficient operations with open data and leading technology

Schiphol API Economy

Private API’s Sector API’s Public API’s

Schiphol Digital Channels Operations Projects ….

Airlines Customs Airports Travel Agencies …..

Start ups Developers Google …..

Assets & Data management

Value stream

Agile teams

API Support Team

Data Board

API Design Authority

API Development Teams

Business Owners

Portfolio & Roadmap

Product Owner/Business Owner/Representatives

Objectives API Developer portal

Innovation Economy

Marketing & Promotion

Accounts

Logging &

Metrics

API Documentation

Developer community

Developer portal

  Treat the developer portal

as a digital channel for your organization.

API Management

Gateway Throttling Marketing & Promotion

Security Accounts Logging &

Metrics

Governance Policies & Guidelines Architecture

Life Cycle Management

Portal

Policies & Guidelines

  Onboarding   API standard and guidelines   Architecture Cloud vs On premise, Caching etc.

Designing the API

Data/ Assets Functionality

Mobile & Apps

Developer incentive

API monitization

API Scalability

& limits

Security

Policies & Guidelines

Architecture

Economy

API Design & provisioning workflow

Infrastructure and components

API Gateway

  Used as an access point for your API calls   Essentially a reverse proxy   Used for:

  Authentication   Authorization   Metrics   Throttling   Forwarding requests to API’s

API Management portal

  Setup API’s for the API Gateway   Account management   Application plans (used for throttling)   Configuring the API Gateway

Key features Schiphol 3 Scale implementation

  Access control   Usage policies   Analytics and reporting   Developer portal   Interactive API documentation

Cloud infrastructure & components

Lesson learned

  Start Bi-modal   Create showcases   A governing data board   Create Agile teams & Portfolio management   Create Organization mindset

  Everything must be an API   Push and notification API’s

  To cache or not to cache (and more important where)   What about infrastructure?

Organization mindset   Organization mindset, organization is used to react to customer propositions

  Now pro actively thinking about the API value.   Thinking about business models (pay per hit, monthly subscription, free)

  Lesson: Create business awareness around API’s. What makes a good API.

  Lesson: Get key business decision makers in the API team from the start.

Everything must be an API

  Every business opportunity and request comes in: “We need an API for this” (don’t hype it)

  Other and better solutions may exist

  Lesson: Get involved in the design process early on. Get the right people on board in an API design/support team

  Lesson: come with clear cut best practices and guidelines to help the teams (don’t allow different styles of making api’s)

Push API

  That Rest API is wonderful, but we need to have push notifications…”

  Push API’s are challenging from technical

perspective and still cutting edge.   Manage connections   Manage subscriptions   Queries   No standardized technology Oldskool resync?

  Lesson: Manage expectations and design early on. Make sure the API onboarding processes is in place.

Caching   To Cache or not to cache

  Where to cache (http caching in the API gateway, application

specific cache in the application layer)   http caching is limited in functionality and requires plain http (think

about cache hits)

  Lessons: Think about caching possibilities and strategy from the beginning. Using it as a patch to quickly improve performance might not be a good idea

Infrastructure

  Infrastructure is complex   Cloud vs on-premise   Where to host the gateway   Where to host the API (and data)   Where to place caching   What form of security is required for infra and for the API’s

  Lesson: Take time to design a good infrastructure with the right

people (networking, infrastructure, security, API team). Also take legal issues into consideration when storing data outside the network