Architec(ng

an enterprise
API management strategy

APIdays Sydney
February 2015

Mifan Careem
Director, Solu0ons Architecture
WSO2
Mifan AT WSO2.com
 Agenda

Introduc0on and case studies

API Economy and factors
API Management Overview
API Management within a plaJorm
API Management demo
Reference Architectures
APIs at the edge and IoT
APIs Everywhere
Applica0on Governance
Source: XKCD.com

WSO2 Who we are
We help
customers
become a
Connected
Business
with enterprise
middleware
Source: http://www.content-loop.com/a-company-without-apis-is-like-a-computer-without-internet/
Managed APIs and
Enterprises
o An API is a business capability
delivered over the Internet to
internal or external consumers
o Network accessible function
o Available using standard web protocols
o With well-defined interfaces
o Designed for access by third-parties

o A Managed API is:

o Actively advertised and subscribe-able
o Available with SLAs
o Secured, authenticated, authorized and
protected
o Monitored and monetized with analytics
 Strategy factors
API as a product vs API based
products = API as a strategy vs
API as a tactic
External API management vs
internal API management
Developer ecosytem API
ecosystem vs cloud-devops
API management and the
enterprise
Business model Pay as you
go, revshare, freemium,..
Characteristics of Business APIs
Protocols & Styles
API as the main product
API as the brand
Business Model -
Mone0za0on
API Sta0s0cs
Authen0ca0on &
Authoriza0on
ThroTling
Caching
Deployment Models
Architectural factors
Deployment model
Distributed
deployment, access
token caching,
On-premise vs cloud
vs hybrid, Cloud to
enterprise access
Federated
architecture
Large scale APIs
Edge API
management
API Centric SOA

APIs

API Faade

Services Services Services

BU-1 BU-2 BU-3

API Centric Capabili0es
WSO2 API Manager Components

o Create APIs
o Find and
subscribe/buy
APIs
o API Store and
Governance

o Manage, secure
and protect
APIs
o API Management and
Gateway

o Monitor and
Mone0ze APIs
o API Monitoring and
Analy0cs
WSO2 API Manager : API Publisher
Publish APIs to external consumers
and partners, as well as internal
users; SOAP and REST services are
supported
Manage API versions (several
versions can be deployed in
parallel)
Govern the API lifecycle (publish,
deprecate, re0re)
ATach documenta0on (les,
external URLs) to APIs
Apply Security policies to APIs
(authen0ca0on, authoriza0on)
ATach SLAs
Provision and Manage API keys
Track consumers per API
Monitor API usage and
performance, SLA compliance
Gather consumers requirements

WSO2 API Manager : API Consumers via API Store
Find useful APIs by browsing or
searching through the API Store:
view top rated, top used and
featured APIs
Explore API documenta0on and
ask ques0ons to publisher
Register applica0ons and obtain
API keys
Subscribe to API changes and
receive news
Evaluate APIs, rate APIs, and share
comments
Request features and
improvements from publishers
Par0cipate in online forums
OAuth2 support for API access
Personalized Experience
API Gateway Processing Flow
 API Access Tokens
o OAuth2 standard compliant
o Supports mul0ple grant types
o SAML, IWA/NTLM
o Client creden0al, Implicit, Password

o Pre-generated Access Token: can be used from an applica0on, to iden0fy the applica0on
itself
o On-demand Access Token: generated via API call, using Consumer Key and Consumer Secret
- Iden0es the end user of an applica0on (web applica0ons, mobile applica0ons)

19
 The big picture

Source: hTps://www.ickr.com/photos/photosighJaces/13144863085
The Open Enterprise is much more
than just APIs

Credit: KuppingerCole

API Management within an orthogonal
toolset
API Manager Product and PlaJorm

24
 Analy0cs means business models
Build condence in
o API Manager supports out of the box: the API model
Understand your
o Google Analy0cs customer
o WSO2 Business Ac0vity Monitor Analy0cs Not just the
developer but
also the end-
user
Help manage services
and versions
Understand
when
deprecated
services can be
re0red
Plan beTer
Monitor the
growth of
aggregated API
trac
Monitor the
growth of
specic apps
2
Scalable Deployment
Distributed Deployment
From edge API management to large
scale distributed API management
Reference
Architecture
API as a strategic
product
Collabora0ve business
model
Scalable horizontal
deployment
Orthogonal toolset for
ver0cal use cases
Federated
architecture

Source: ickr.com
 Developer Eco-system for Telco U0lize partners to
sell APIs
Newer business
models revenue
share from customer
Empower eco-
system for RAD
Subscribers Enterprise Developers Applica0ons OTT Customers

API Management

WebRTC Payment Messaging Iden0ty Loca0on

NFC
M2M,
Telco API Management

Developer
Ecosystem

Audi0ng and API Gateway API Store API Publisher Operator Portal
Repor0ng

Transforma0on Iden0ty Workows Event Processing

Adapters

Backend Backend
Systems Systems
(Diameter) (CRM)
 Federated Architecture and the Telco ecosystem

Subscribers Enterpris Developer Applica0ons OTT

e s Customers

Audi0ng and API Gateway API Store API Publisher Developer Portal
Repor0ng

Discovery and Iden0ty Workows Event Processing

Rou0ng

Standard API

Telco API Mgmt Telco API Mgmt

NFC Payment Messaging Iden0ty

 API Management at the Edge

Raw devices can expose functionality as

APIs
Functional capabilities (actuators) Function
APIs
Administration capabilities (management)
Management APIs
Monitoring capabilities (sensor data) Sensor
APIs
E.g: GET hTp://{ip}/{loca0onid}/sensors/temperature

Augment device capability

ThroTling
Caching
Request rou0ng
Stats collec0on and monitoring
Decision making
Security
Authoriza0on based on token (Oauth)
API
Management End User
and IoT App
Iden(ty
Management

Device Authoriza(on
Gateway Manager

Media(on/ Sta(s(cs
Rou(ng Processing

Device Queue Device

Management

Devi
ce Devi Device Hub Devi
Devi ce
*
* ce
 WSO2- Reference Architecture for IoT

*
 Application Services Governance and
APIs Everywhere
One click API
capability
Governance of
API, Services,
resources
within an
enterprise with
Unified
Governance
Life cycle
automation
with WSO2
Appfactory
WSO2 Appfactory, WSO2 Private PaaS and
WSO2 App Manager

IdP (WSO2 Business

(WSO2 Iden(ty Ac(vity
Server) Monitor)
 Summary

Introduc0on and case studies

API Economy and factors
API Management Overview
API Management within a plaJorm
API Management demo
Reference Architectures
APIs at the edge and IoT
APIs Everywhere
Applica0on Governance

Contact Us