schiphol implementing the api strategy
TRANSCRIPT
Implementing the API Strategy Schiphol case
11 October 2016 Pim Gaemers, Sander Majoor
Pim Gaemers [email protected] Integration Specialist from Rubix Hired by Schiphol for:
Integration architecture API Management (technical side)
Sander Majoor [email protected] Freelance Project manager / ICT consultant
Over 20 years of experience in ICT Currently: Project manager for Schiphol to implement the API Strategy and API Management
Introducing key speakers
Objectives for this session
Presenting the Schiphol Case and challenges for implementing an API strategy.
How did Schiphol implement API Management with the Red Hat 3Scale product.
Lesson learned
API Strategy
New Revenues
Innovation
Business models
Economy Mobile
first
Asset & Data management
Marketing & Promotion
API Management
Governance
Portfolio & Roadmap
Schiphol API Strategy Objectives
World leading digital Airport (DAP)
Stimulate internal and cross sector innovation
Provide seamless passenger journey with open data and leading technology
Enable (cost)efficient operations with open data and leading technology
Schiphol API Economy
Private API’s Sector API’s Public API’s
Schiphol Digital Channels Operations Projects ….
Airlines Customs Airports Travel Agencies …..
Start ups Developers Google …..
Assets & Data management
Value stream
Agile teams
API Support Team
Data Board
API Design Authority
API Development Teams
Business Owners
Portfolio & Roadmap
Product Owner/Business Owner/Representatives
Objectives API Developer portal
Innovation Economy
Marketing & Promotion
Accounts
Logging &
Metrics
API Documentation
Developer community
Developer portal
Treat the developer portal
as a digital channel for your organization.
API Management
Gateway Throttling Marketing & Promotion
Security Accounts Logging &
Metrics
Governance Policies & Guidelines Architecture
Life Cycle Management
Portal
Policies & Guidelines
Onboarding API standard and guidelines Architecture Cloud vs On premise, Caching etc.
Designing the API
Data/ Assets Functionality
Mobile & Apps
Developer incentive
API monitization
API Scalability
& limits
Security
Policies & Guidelines
Architecture
Economy
API Design & provisioning workflow
Infrastructure and components
API Gateway
Used as an access point for your API calls Essentially a reverse proxy Used for:
Authentication Authorization Metrics Throttling Forwarding requests to API’s
API Management portal
Setup API’s for the API Gateway Account management Application plans (used for throttling) Configuring the API Gateway
Key features Schiphol 3 Scale implementation
Access control Usage policies Analytics and reporting Developer portal Interactive API documentation
Cloud infrastructure & components
Lesson learned
Start Bi-modal Create showcases A governing data board Create Agile teams & Portfolio management Create Organization mindset
Everything must be an API Push and notification API’s
To cache or not to cache (and more important where) What about infrastructure?
Organization mindset Organization mindset, organization is used to react to customer propositions
Now pro actively thinking about the API value. Thinking about business models (pay per hit, monthly subscription, free)
Lesson: Create business awareness around API’s. What makes a good API.
Lesson: Get key business decision makers in the API team from the start.
Everything must be an API
Every business opportunity and request comes in: “We need an API for this” (don’t hype it)
Other and better solutions may exist
Lesson: Get involved in the design process early on. Get the right people on board in an API design/support team
Lesson: come with clear cut best practices and guidelines to help the teams (don’t allow different styles of making api’s)
Push API
That Rest API is wonderful, but we need to have push notifications…”
Push API’s are challenging from technical
perspective and still cutting edge. Manage connections Manage subscriptions Queries No standardized technology Oldskool resync?
Lesson: Manage expectations and design early on. Make sure the API onboarding processes is in place.
Caching To Cache or not to cache
Where to cache (http caching in the API gateway, application
specific cache in the application layer) http caching is limited in functionality and requires plain http (think
about cache hits)
Lessons: Think about caching possibilities and strategy from the beginning. Using it as a patch to quickly improve performance might not be a good idea
Infrastructure
Infrastructure is complex Cloud vs on-premise Where to host the gateway Where to host the API (and data) Where to place caching What form of security is required for infra and for the API’s
Lesson: Take time to design a good infrastructure with the right
people (networking, infrastructure, security, API team). Also take legal issues into consideration when storing data outside the network