SlideShare une entreprise Scribd logo
1  sur  31
1	

Tél : +33 (0)1 58 56 10 00
Fax : +33 (0)1 58 56 10 01
www.octo.com© OCTO 2015
50, avenue des Champs-Elysées
75008 Paris - FRANCE
Top 7 wrong common beliefs
about Enterprise API
implementation
2	

Mohamed KISSA
API	
  Consultant	
  
	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  mkissa@octo.com	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  @MedKissa	
  
Antoine CHANTALOU
Head	
  of	
  WOA	
  &	
  API	
  
	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  achantalou@octo.com	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  @achantalou	
  
3	

#1. API ?
I already have 800 SOAP services !
4	

SOAP
vs
REST
5	

Nick Gall [VP Gartner Group]
! “WS-* style Web Services are "Web" in name only…
! The W3C should extricate itself from further direct work on SOAP, WDSL, or
any other WS-* specifications”
David Orchard [Web Services standards – BEA]
! “Given the complexity of just SOAP and WSDL, how many developers will
really be able to move to the full stack?...
! The promise of WSDL 2.0 has not materialized and is unlikely to do so”
Paul Downey [Technical Architect at the Government Digital Service]
! “The SOAP "stack" is a mess, and currently only the simplest of services are
able to interoperate”
Steve Loughran [Apache Axis commiter]
! “The only place SOAP survives is in the enterprise because you can control
both ends of the conversation, you can use the same toolkit and eliminate
interop”
Steve Vinoski [Former VP & Chief Architect of IONA Technologies]
! “if I were an enterprise architect today…I’d be looking to solve everything I
possibly could with dynamic languages and REST
! I’d avoid ESBs and the typical enterprise middleware frameworks unless I had a
problem that really required them. I’d also try to totally avoid SOAP and WS-*”
SOAP vs REST
6	

SOAP vs REST
It’s about architecture
Style
7	

SOAP vs REST
RPC & SOAP
• Are operation/service oriented
• Tend to unify locale and remote
computation
• Are contract & server oriented
REST
• Is resource oriented
• Explicitly use WEB distributed
architecture
• Is developer oriented
8	

SOAP vs REST
Integrating your legacy SOA
implementations in your
API Strategy
…could end up into
URBANIZATION Strategy
•  Monitoring
•  Accounting
Focusing on the REST
approach inspired by Web
Giants
…may end up by building a
state of the Art API
•  RESTful
•  Developer portal
•  TTFAC* & DX**
•  X-device / X-channel
* “Time To First API Call” is the time a developer needs to consume the API in production after reading the documentation on the developer portal!
We target 5 minutes.
** “Developer experience”. The API is used by humans. We target a massive adoption. API needs to be crafted with love.
Which API Strategy ?
9	

SOAP vs REST
10	

#2. An API strategy
…is only about buying
a product
11	

Build vs Buy
Cheaper resources
Unique,
differentiating
Perceived
as a
competitive
advantage
Common to all
companies in the sector
Perceived as a
production asset
BPO*
Common to all companies
Perceived as a resource
Strategic assets and fast innovation
*Business Process Outsourcing
API PORTALS & SECURITY
API
! The API becomes the main entry point
to your CORE IT
! Critical & differentiating components
! A Key to a competitive advantage
! API Management are ineffective to
build good API
! API Management portal
! Resource publication & versioning
! Usage Statistics
! Quotas
! Developers’ portal
! Developers enrolment
! API documentation
! Security
! OAuth2 / OpenID connect
12	

#3. API Management
…it’s an ESB right?
13	

Anatomy of
API Management
solutions
API
Management
is not an ESB
Security
API_KEY
OAuth2 / OIDC
API Facade
(ESB)
API Management
portal
Users enrolment
Publication/ versioning
Usage statistics
Quotas
Developer portal
Self-enrolment
API Doc / Try-it interface
14	

ESB et API Management
API MANAGEMENT
•  Entry point of the IS for
external/internal use
•  May offers light
transformation/mapping
features
•  Focused on API consumer:
enrollment, developer
portal, try-it console, etc.
ESB
•  Supposed to be in the heart
of the IS
•  Offer advanced
transformation/mappings
over several protocols
•  Limited feature for
consumers
15	

#4. Opening my API to the WEB ?
The web is not secure !
16	

HTTPS
þ  All requests are secured with TLS (RFC5246).
Authorization
þ  API_KEY authorize clients on public resources
þ  OAuth2 (RFC6749) authorize both clients and users on private resources
Authentication
þ  OpenID connect authenticate users on private API resources
API securityMandatory
Optional
17	

« Everything
should be
made as
simple as
possible,
but not
simpler.»
A.Einstein
API security
18	

Beware of OAuth2
complexity
v  OAuth2 out-of-the-box
implementation almost
never work without
specifics developments
v  OAuth2 flows are
often partially
implemented
v  Four flows must be
POCed
API security
19	

API security
What about other
protocols ?
•  Don’t use other legacy protocols
•  OAuth1, SAML2, etc.
•  Don’t use encryption/signatures on
the applicative side
•  Don’t implement customs security
solutions
20	

#5. API facade is the right pattern !
21	

+ Short time to market (good for a
MVP)
- Put dependency toward the API
Management/ESB editor
- May not handle the complexity of
your business logic
- A performance overhead should be
considered
- The API Management/ESB and your
existing service become highly
coupled
IS
Existing Services
API Management
Gateway or plugin
accounting, authorization,
statistics, etc.
Transformation/mapping
to REST
Scenario 1: API Facade through an API Management
Transformation
22	

+ Short time to market (good for a
MVP)
+ Will handle the complexity of
your business logic
- A performance overhead should be
considered
- The facade and your existing
services become highly coupledIS
Existing Services
API Facade
API Management Gateway or plugin
accounting, authorization,
statistics, etc.
Transformation/mapping
to REST
Scenario 2: Custom API Facade
23	

A great API on
bad services
is lipstick on a pig
API Facade pattern
24	

Scenario 3: Microservice pattern
+ No dependency toward an
editor
+ Will handle the complexity
of your business logic
+ No performance overhead
+ Fastest pattern to scale
your API once MVP is
validated
- Not time to market for your
API at stage one (MVP)
IS
API
API Management
Microservices
Gateway or plugin
accounting, authorization,
statistics, etc.
API API
25	

#6. API strategy?
It’s just
technical !
26	

API technical stakes
•  Security, stateless, asyncronisme, non-transactional,
microservices, cloud hosting, ect.
API functional stakes
•  API design
•  Identify enterprise’ resources (X-channels, X-device)
•  Building a REST API state diagram
•  HATEOAS
API organizational stakes
•  Conway’s Law : “Any organization that designs a system
[...] will inevitably produce a design whose structure is a
copy of the organization's communication structure”
•  Organize your teams as you would like your IT system to
be !
API 360 impacts
API 360 impacts
27	

API 360 impacts
API is not about technical implementation, it’s not a short-time project, it's
about building a product!•  “Did you already heard that Gmail development was finished and that it
was send under MRO (maintain, repair and operations) ?”
Consider a small autonomous and empowered agile team
28	

API 360 impacts
Product Owner [Business]
•  Sync development with other
teams
•  Responsible for API success
•  Define Follow-up indicators
•  Mesure, learn and build
Tech-lead / Devs [IT]
•  Design & develop API
resources
•  Write API documentation
•  Measure and improve API
performance
•  Write unit automated test
A
P
I
S
Q
U
A
D
Business analysts
[Business/IT]
•  Co-design API resources
•  Write automated
functional tests (TDR)
OPS [IT]
•  Automated testing
•  Automated deployment
•  Scalability (elasticity)
and SLA
Community manager
[Marketing]
•  Animate External Developers
community (API users)
•  Social networking
•  Administrate developer portal
29	

#7. I want to build an API for me & my partners,
but I’m NOT interested in OPEN API !
30	

v  The main difference lies in the way you need to industrialize the enrolment
process and the quality that is required for your API
v  You should target Open API from the beginning :
v  So that you can fully industrialize the way developers consume your “services” on your
developer portal : https://developers.fakecompany.com!
v  This is the only way to offer good enrolment, TTFAC & online support
Level 1 « Internal API»
API used by the company
Level 2 « Partners API »
API used by internal developers &
partners developers
Level 3 « Open API »
API used by internal developers, partners
developers & external developers
31	

Tél : +33 (0)1 58 56 10 00
Fax : +33 (0)1 58 56 10 01
www.octo.com© OCTO 2015
50, avenue des Champs-Elysées
75008 Paris - FRANCE
Thank you !
Mohamed KISSA
API	
  Consultant	
  
@OCTO	
  Technology	
  
	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  mkissa@octo.com	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  @MedKissa	
  
Antoine CHANTALOU
Head	
  of	
  WOA	
  &	
  API	
  
@OCTO	
  Technology	
  
	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  achantalou@octo.com	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  @achantalou	
  

Contenu connexe

Tendances

Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 
How to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyHow to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyNordic APIs
 
API Management and why it matters (Oracle API Platform)
API Management and why it matters (Oracle API Platform) API Management and why it matters (Oracle API Platform)
API Management and why it matters (Oracle API Platform) OPITZ CONSULTING Deutschland
 
ProgrammableWeb's eSignature API Research Report
ProgrammableWeb's eSignature API Research ReportProgrammableWeb's eSignature API Research Report
ProgrammableWeb's eSignature API Research ReportProgrammableWeb
 
API-first, going beyond SOA, ESB & Integration
API-first, going beyond SOA, ESB & IntegrationAPI-first, going beyond SOA, ESB & Integration
API-first, going beyond SOA, ESB & IntegrationApigee | Google Cloud
 
Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Nordic APIs
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SitePronovix
 
Bringing API Management to AWS Powered Backends
Bringing API Management to AWS Powered BackendsBringing API Management to AWS Powered Backends
Bringing API Management to AWS Powered BackendsApigee | Google Cloud
 
apidays LIVE JAKARTA - How we Build APIs and Workflows at Slack by Bear Douglas
apidays LIVE JAKARTA - How we Build APIs and Workflows at Slack by Bear Douglasapidays LIVE JAKARTA - How we Build APIs and Workflows at Slack by Bear Douglas
apidays LIVE JAKARTA - How we Build APIs and Workflows at Slack by Bear Douglasapidays
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...apidays
 
Design-first API Development using Swagger and Node
Design-first API Development using Swagger and NodeDesign-first API Development using Swagger and Node
Design-first API Development using Swagger and NodeApigee | Google Cloud
 
Why API Ops is the Next Wave of DevOps
Why API Ops is the Next Wave of DevOpsWhy API Ops is the Next Wave of DevOps
Why API Ops is the Next Wave of DevOpsJohn Musser
 
apidays LIVE Australia - API Design in Fintech: Challenges and Opportunities ...
apidays LIVE Australia - API Design in Fintech: Challenges and Opportunities ...apidays LIVE Australia - API Design in Fintech: Challenges and Opportunities ...
apidays LIVE Australia - API Design in Fintech: Challenges and Opportunities ...apidays
 
APIs in the Enterprise -Lessons Learned
APIs in the Enterprise -Lessons LearnedAPIs in the Enterprise -Lessons Learned
APIs in the Enterprise -Lessons LearnedApigee | Google Cloud
 
apidays LIVE JAKARTA - Productising APIs: A journey in how we built API produ...
apidays LIVE JAKARTA - Productising APIs: A journey in how we built API produ...apidays LIVE JAKARTA - Productising APIs: A journey in how we built API produ...
apidays LIVE JAKARTA - Productising APIs: A journey in how we built API produ...apidays
 
Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...
Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...
Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...Nordic APIs
 
Maintainable API Docs and Other Rainbow Colored Unicorns
Maintainable API Docs and Other Rainbow Colored UnicornsMaintainable API Docs and Other Rainbow Colored Unicorns
Maintainable API Docs and Other Rainbow Colored UnicornsNeil Mansilla
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...apidays
 

Tendances (19)

Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
 
How to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyHow to Build an Effective API Security Strategy
How to Build an Effective API Security Strategy
 
API Management and why it matters (Oracle API Platform)
API Management and why it matters (Oracle API Platform) API Management and why it matters (Oracle API Platform)
API Management and why it matters (Oracle API Platform)
 
ProgrammableWeb's eSignature API Research Report
ProgrammableWeb's eSignature API Research ReportProgrammableWeb's eSignature API Research Report
ProgrammableWeb's eSignature API Research Report
 
API-first, going beyond SOA, ESB & Integration
API-first, going beyond SOA, ESB & IntegrationAPI-first, going beyond SOA, ESB & Integration
API-first, going beyond SOA, ESB & Integration
 
Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc Site
 
Bringing API Management to AWS Powered Backends
Bringing API Management to AWS Powered BackendsBringing API Management to AWS Powered Backends
Bringing API Management to AWS Powered Backends
 
apidays LIVE JAKARTA - How we Build APIs and Workflows at Slack by Bear Douglas
apidays LIVE JAKARTA - How we Build APIs and Workflows at Slack by Bear Douglasapidays LIVE JAKARTA - How we Build APIs and Workflows at Slack by Bear Douglas
apidays LIVE JAKARTA - How we Build APIs and Workflows at Slack by Bear Douglas
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
 
Design-first API Development using Swagger and Node
Design-first API Development using Swagger and NodeDesign-first API Development using Swagger and Node
Design-first API Development using Swagger and Node
 
Why API Ops is the Next Wave of DevOps
Why API Ops is the Next Wave of DevOpsWhy API Ops is the Next Wave of DevOps
Why API Ops is the Next Wave of DevOps
 
apidays LIVE Australia - API Design in Fintech: Challenges and Opportunities ...
apidays LIVE Australia - API Design in Fintech: Challenges and Opportunities ...apidays LIVE Australia - API Design in Fintech: Challenges and Opportunities ...
apidays LIVE Australia - API Design in Fintech: Challenges and Opportunities ...
 
APIs in the Enterprise -Lessons Learned
APIs in the Enterprise -Lessons LearnedAPIs in the Enterprise -Lessons Learned
APIs in the Enterprise -Lessons Learned
 
apidays LIVE JAKARTA - Productising APIs: A journey in how we built API produ...
apidays LIVE JAKARTA - Productising APIs: A journey in how we built API produ...apidays LIVE JAKARTA - Productising APIs: A journey in how we built API produ...
apidays LIVE JAKARTA - Productising APIs: A journey in how we built API produ...
 
Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...
Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...
Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...
 
Maintainable API Docs and Other Rainbow Colored Unicorns
Maintainable API Docs and Other Rainbow Colored UnicornsMaintainable API Docs and Other Rainbow Colored Unicorns
Maintainable API Docs and Other Rainbow Colored Unicorns
 
Why APIs are not SOA++
Why APIs are not SOA++Why APIs are not SOA++
Why APIs are not SOA++
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
 

Similaire à Top 7 wrong common beliefs about Enterprise API implementation

RefCard API Architecture Strategy
RefCard API Architecture StrategyRefCard API Architecture Strategy
RefCard API Architecture StrategyOCTO Technology
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceKasun Indrasiri
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18Vinay Kumar
 
Creating compelling user experiences through APIs
Creating compelling user experiences through APIsCreating compelling user experiences through APIs
Creating compelling user experiences through APIsJeremy Brown
 
WSO2Con Asia 2014 - Building the API-Centric Enterprise
WSO2Con Asia 2014 - Building the API-Centric EnterpriseWSO2Con Asia 2014 - Building the API-Centric Enterprise
WSO2Con Asia 2014 - Building the API-Centric EnterpriseWSO2
 
apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays Paris 2022 - Adding a mock as a service capability to your API strate...apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays Paris 2022 - Adding a mock as a service capability to your API strate...apidays
 
Your API is your Product - Arun Ravindran, Unisys
Your API is your Product - Arun Ravindran, UnisysYour API is your Product - Arun Ravindran, Unisys
Your API is your Product - Arun Ravindran, Unisysbaconfblr
 
Real-World, Open Source, End-to-End JavaScript in IoT
Real-World, Open Source, End-to-End JavaScript in IoTReal-World, Open Source, End-to-End JavaScript in IoT
Real-World, Open Source, End-to-End JavaScript in IoTAll Things Open
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...Kim Clark
 
Extend soa with api management spoug- Madrid
Extend soa with api management   spoug- MadridExtend soa with api management   spoug- Madrid
Extend soa with api management spoug- MadridVinay Kumar
 
MuleSoft London Community October 2017 - Hybrid and SAP Integration
MuleSoft London Community October 2017 - Hybrid and SAP IntegrationMuleSoft London Community October 2017 - Hybrid and SAP Integration
MuleSoft London Community October 2017 - Hybrid and SAP IntegrationPace Integration
 
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons LearntOracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons Learntluisw19
 
Six Steps To Build A Successful API
Six Steps To Build A Successful APISix Steps To Build A Successful API
Six Steps To Build A Successful APIChris Haddad
 
Six Steps to Build Successful APIs
Six Steps to Build Successful APIsSix Steps to Build Successful APIs
Six Steps to Build Successful APIsWSO2
 
Processes and Telecom APIs
Processes and Telecom APIsProcesses and Telecom APIs
Processes and Telecom APIsAlan Quayle
 
Practical Application of API-First in microservices development
Practical Application of API-First in microservices developmentPractical Application of API-First in microservices development
Practical Application of API-First in microservices developmentChavdar Baikov
 
API Platform Cloud Service best practice - OOW17
API Platform Cloud Service best practice - OOW17API Platform Cloud Service best practice - OOW17
API Platform Cloud Service best practice - OOW17Phil Wilkins
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 

Similaire à Top 7 wrong common beliefs about Enterprise API implementation (20)

RefCard API Architecture Strategy
RefCard API Architecture StrategyRefCard API Architecture Strategy
RefCard API Architecture Strategy
 
Mule ESB Intro
Mule ESB IntroMule ESB Intro
Mule ESB Intro
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18
 
Creating compelling user experiences through APIs
Creating compelling user experiences through APIsCreating compelling user experiences through APIs
Creating compelling user experiences through APIs
 
WSO2Con Asia 2014 - Building the API-Centric Enterprise
WSO2Con Asia 2014 - Building the API-Centric EnterpriseWSO2Con Asia 2014 - Building the API-Centric Enterprise
WSO2Con Asia 2014 - Building the API-Centric Enterprise
 
apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays Paris 2022 - Adding a mock as a service capability to your API strate...apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays Paris 2022 - Adding a mock as a service capability to your API strate...
 
Api design part 1
Api design part 1Api design part 1
Api design part 1
 
Your API is your Product - Arun Ravindran, Unisys
Your API is your Product - Arun Ravindran, UnisysYour API is your Product - Arun Ravindran, Unisys
Your API is your Product - Arun Ravindran, Unisys
 
Real-World, Open Source, End-to-End JavaScript in IoT
Real-World, Open Source, End-to-End JavaScript in IoTReal-World, Open Source, End-to-End JavaScript in IoT
Real-World, Open Source, End-to-End JavaScript in IoT
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
 
Extend soa with api management spoug- Madrid
Extend soa with api management   spoug- MadridExtend soa with api management   spoug- Madrid
Extend soa with api management spoug- Madrid
 
MuleSoft London Community October 2017 - Hybrid and SAP Integration
MuleSoft London Community October 2017 - Hybrid and SAP IntegrationMuleSoft London Community October 2017 - Hybrid and SAP Integration
MuleSoft London Community October 2017 - Hybrid and SAP Integration
 
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons LearntOracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
 
Six Steps To Build A Successful API
Six Steps To Build A Successful APISix Steps To Build A Successful API
Six Steps To Build A Successful API
 
Six Steps to Build Successful APIs
Six Steps to Build Successful APIsSix Steps to Build Successful APIs
Six Steps to Build Successful APIs
 
Processes and Telecom APIs
Processes and Telecom APIsProcesses and Telecom APIs
Processes and Telecom APIs
 
Practical Application of API-First in microservices development
Practical Application of API-First in microservices developmentPractical Application of API-First in microservices development
Practical Application of API-First in microservices development
 
API Platform Cloud Service best practice - OOW17
API Platform Cloud Service best practice - OOW17API Platform Cloud Service best practice - OOW17
API Platform Cloud Service best practice - OOW17
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
 

Plus de OCTO Technology

OCTO Talks - Les IA s'invitent au chevet des développeurs
OCTO Talks - Les IA s'invitent au chevet des développeursOCTO Talks - Les IA s'invitent au chevet des développeurs
OCTO Talks - Les IA s'invitent au chevet des développeursOCTO Technology
 
OCTO Talks - Lancement du livre Culture Test
OCTO Talks - Lancement du livre Culture TestOCTO Talks - Lancement du livre Culture Test
OCTO Talks - Lancement du livre Culture TestOCTO Technology
 
Le Comptoir OCTO - Green AI, comment éviter que votre votre potion magique d’...
Le Comptoir OCTO - Green AI, comment éviter que votre votre potion magique d’...Le Comptoir OCTO - Green AI, comment éviter que votre votre potion magique d’...
Le Comptoir OCTO - Green AI, comment éviter que votre votre potion magique d’...OCTO Technology
 
OCTO Talks - State of the art Architecture dans les frontend web
OCTO Talks - State of the art Architecture dans les frontend webOCTO Talks - State of the art Architecture dans les frontend web
OCTO Talks - State of the art Architecture dans les frontend webOCTO Technology
 
Comptoir OCTO ALD Automotive/Leaseplan
Comptoir OCTO ALD Automotive/LeaseplanComptoir OCTO ALD Automotive/Leaseplan
Comptoir OCTO ALD Automotive/LeaseplanOCTO Technology
 
Le Comptoir OCTO - Comment optimiser les stocks en linéaire par la Data ?
Le Comptoir OCTO - Comment optimiser les stocks en linéaire par la Data ? Le Comptoir OCTO - Comment optimiser les stocks en linéaire par la Data ?
Le Comptoir OCTO - Comment optimiser les stocks en linéaire par la Data ? OCTO Technology
 
Le Comptoir OCTO - Retour sur 5 ans de mise en oeuvre : Comment le RGPD a réi...
Le Comptoir OCTO - Retour sur 5 ans de mise en oeuvre : Comment le RGPD a réi...Le Comptoir OCTO - Retour sur 5 ans de mise en oeuvre : Comment le RGPD a réi...
Le Comptoir OCTO - Retour sur 5 ans de mise en oeuvre : Comment le RGPD a réi...OCTO Technology
 
Le Comptoir OCTO - Affinez vos forecasts avec la planification distribuée et...
Le Comptoir OCTO -  Affinez vos forecasts avec la planification distribuée et...Le Comptoir OCTO -  Affinez vos forecasts avec la planification distribuée et...
Le Comptoir OCTO - Affinez vos forecasts avec la planification distribuée et...OCTO Technology
 
Le Comptoir OCTO - La formation au cœur de la stratégie d’éco-conception
Le Comptoir OCTO - La formation au cœur de la stratégie d’éco-conceptionLe Comptoir OCTO - La formation au cœur de la stratégie d’éco-conception
Le Comptoir OCTO - La formation au cœur de la stratégie d’éco-conceptionOCTO Technology
 
Le Comptoir OCTO - Une vision de plateforme sans leadership tech n’est qu’hal...
Le Comptoir OCTO - Une vision de plateforme sans leadership tech n’est qu’hal...Le Comptoir OCTO - Une vision de plateforme sans leadership tech n’est qu’hal...
Le Comptoir OCTO - Une vision de plateforme sans leadership tech n’est qu’hal...OCTO Technology
 
Le Comptoir OCTO - L'avenir de la gestion du bilan carbone : les solutions E...
Le Comptoir OCTO - L'avenir de la gestion du bilan carbone :  les solutions E...Le Comptoir OCTO - L'avenir de la gestion du bilan carbone :  les solutions E...
Le Comptoir OCTO - L'avenir de la gestion du bilan carbone : les solutions E...OCTO Technology
 
Le Comptoir OCTO - Continuous discovery et continuous delivery pour construir...
Le Comptoir OCTO - Continuous discovery et continuous delivery pour construir...Le Comptoir OCTO - Continuous discovery et continuous delivery pour construir...
Le Comptoir OCTO - Continuous discovery et continuous delivery pour construir...OCTO Technology
 
RefCard Tests sur tous les fronts
RefCard Tests sur tous les frontsRefCard Tests sur tous les fronts
RefCard Tests sur tous les frontsOCTO Technology
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API DesignOCTO Technology
 
LA DUCK CONF 2023 - Journal de bord d’un archi dans l’océan du green
LA DUCK CONF 2023 - Journal de bord d’un archi dans l’océan du greenLA DUCK CONF 2023 - Journal de bord d’un archi dans l’océan du green
LA DUCK CONF 2023 - Journal de bord d’un archi dans l’océan du greenOCTO Technology
 
LA DUCK CONF 2023 - Sous le capot du cloud souverain
LA DUCK CONF 2023 - Sous le capot du cloud souverainLA DUCK CONF 2023 - Sous le capot du cloud souverain
LA DUCK CONF 2023 - Sous le capot du cloud souverainOCTO Technology
 
LA DUCK CONF 2023 - Ré-urbanisation d'un SI à travers une archi évolutive
LA DUCK CONF 2023 - Ré-urbanisation d'un SI à travers une archi évolutiveLA DUCK CONF 2023 - Ré-urbanisation d'un SI à travers une archi évolutive
LA DUCK CONF 2023 - Ré-urbanisation d'un SI à travers une archi évolutiveOCTO Technology
 
LA DUCK CONF 2023 - Parce que nos plateformes le valent bien
LA DUCK CONF 2023 - Parce que nos plateformes le valent bienLA DUCK CONF 2023 - Parce que nos plateformes le valent bien
LA DUCK CONF 2023 - Parce que nos plateformes le valent bienOCTO Technology
 
LA DUCK CONF 2023 - Guider, faire, faire faire ? Une solitude partagée entre ...
LA DUCK CONF 2023 - Guider, faire, faire faire ? Une solitude partagée entre ...LA DUCK CONF 2023 - Guider, faire, faire faire ? Une solitude partagée entre ...
LA DUCK CONF 2023 - Guider, faire, faire faire ? Une solitude partagée entre ...OCTO Technology
 

Plus de OCTO Technology (20)

OCTO Talks - Les IA s'invitent au chevet des développeurs
OCTO Talks - Les IA s'invitent au chevet des développeursOCTO Talks - Les IA s'invitent au chevet des développeurs
OCTO Talks - Les IA s'invitent au chevet des développeurs
 
OCTO Talks - Lancement du livre Culture Test
OCTO Talks - Lancement du livre Culture TestOCTO Talks - Lancement du livre Culture Test
OCTO Talks - Lancement du livre Culture Test
 
Le Comptoir OCTO - Green AI, comment éviter que votre votre potion magique d’...
Le Comptoir OCTO - Green AI, comment éviter que votre votre potion magique d’...Le Comptoir OCTO - Green AI, comment éviter que votre votre potion magique d’...
Le Comptoir OCTO - Green AI, comment éviter que votre votre potion magique d’...
 
OCTO Talks - State of the art Architecture dans les frontend web
OCTO Talks - State of the art Architecture dans les frontend webOCTO Talks - State of the art Architecture dans les frontend web
OCTO Talks - State of the art Architecture dans les frontend web
 
Refcard GraphQL
Refcard GraphQLRefcard GraphQL
Refcard GraphQL
 
Comptoir OCTO ALD Automotive/Leaseplan
Comptoir OCTO ALD Automotive/LeaseplanComptoir OCTO ALD Automotive/Leaseplan
Comptoir OCTO ALD Automotive/Leaseplan
 
Le Comptoir OCTO - Comment optimiser les stocks en linéaire par la Data ?
Le Comptoir OCTO - Comment optimiser les stocks en linéaire par la Data ? Le Comptoir OCTO - Comment optimiser les stocks en linéaire par la Data ?
Le Comptoir OCTO - Comment optimiser les stocks en linéaire par la Data ?
 
Le Comptoir OCTO - Retour sur 5 ans de mise en oeuvre : Comment le RGPD a réi...
Le Comptoir OCTO - Retour sur 5 ans de mise en oeuvre : Comment le RGPD a réi...Le Comptoir OCTO - Retour sur 5 ans de mise en oeuvre : Comment le RGPD a réi...
Le Comptoir OCTO - Retour sur 5 ans de mise en oeuvre : Comment le RGPD a réi...
 
Le Comptoir OCTO - Affinez vos forecasts avec la planification distribuée et...
Le Comptoir OCTO -  Affinez vos forecasts avec la planification distribuée et...Le Comptoir OCTO -  Affinez vos forecasts avec la planification distribuée et...
Le Comptoir OCTO - Affinez vos forecasts avec la planification distribuée et...
 
Le Comptoir OCTO - La formation au cœur de la stratégie d’éco-conception
Le Comptoir OCTO - La formation au cœur de la stratégie d’éco-conceptionLe Comptoir OCTO - La formation au cœur de la stratégie d’éco-conception
Le Comptoir OCTO - La formation au cœur de la stratégie d’éco-conception
 
Le Comptoir OCTO - Une vision de plateforme sans leadership tech n’est qu’hal...
Le Comptoir OCTO - Une vision de plateforme sans leadership tech n’est qu’hal...Le Comptoir OCTO - Une vision de plateforme sans leadership tech n’est qu’hal...
Le Comptoir OCTO - Une vision de plateforme sans leadership tech n’est qu’hal...
 
Le Comptoir OCTO - L'avenir de la gestion du bilan carbone : les solutions E...
Le Comptoir OCTO - L'avenir de la gestion du bilan carbone :  les solutions E...Le Comptoir OCTO - L'avenir de la gestion du bilan carbone :  les solutions E...
Le Comptoir OCTO - L'avenir de la gestion du bilan carbone : les solutions E...
 
Le Comptoir OCTO - Continuous discovery et continuous delivery pour construir...
Le Comptoir OCTO - Continuous discovery et continuous delivery pour construir...Le Comptoir OCTO - Continuous discovery et continuous delivery pour construir...
Le Comptoir OCTO - Continuous discovery et continuous delivery pour construir...
 
RefCard Tests sur tous les fronts
RefCard Tests sur tous les frontsRefCard Tests sur tous les fronts
RefCard Tests sur tous les fronts
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API Design
 
LA DUCK CONF 2023 - Journal de bord d’un archi dans l’océan du green
LA DUCK CONF 2023 - Journal de bord d’un archi dans l’océan du greenLA DUCK CONF 2023 - Journal de bord d’un archi dans l’océan du green
LA DUCK CONF 2023 - Journal de bord d’un archi dans l’océan du green
 
LA DUCK CONF 2023 - Sous le capot du cloud souverain
LA DUCK CONF 2023 - Sous le capot du cloud souverainLA DUCK CONF 2023 - Sous le capot du cloud souverain
LA DUCK CONF 2023 - Sous le capot du cloud souverain
 
LA DUCK CONF 2023 - Ré-urbanisation d'un SI à travers une archi évolutive
LA DUCK CONF 2023 - Ré-urbanisation d'un SI à travers une archi évolutiveLA DUCK CONF 2023 - Ré-urbanisation d'un SI à travers une archi évolutive
LA DUCK CONF 2023 - Ré-urbanisation d'un SI à travers une archi évolutive
 
LA DUCK CONF 2023 - Parce que nos plateformes le valent bien
LA DUCK CONF 2023 - Parce que nos plateformes le valent bienLA DUCK CONF 2023 - Parce que nos plateformes le valent bien
LA DUCK CONF 2023 - Parce que nos plateformes le valent bien
 
LA DUCK CONF 2023 - Guider, faire, faire faire ? Une solitude partagée entre ...
LA DUCK CONF 2023 - Guider, faire, faire faire ? Une solitude partagée entre ...LA DUCK CONF 2023 - Guider, faire, faire faire ? Une solitude partagée entre ...
LA DUCK CONF 2023 - Guider, faire, faire faire ? Une solitude partagée entre ...
 

Dernier

UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 

Dernier (20)

UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 

Top 7 wrong common beliefs about Enterprise API implementation

  • 1. 1 Tél : +33 (0)1 58 56 10 00 Fax : +33 (0)1 58 56 10 01 www.octo.com© OCTO 2015 50, avenue des Champs-Elysées 75008 Paris - FRANCE Top 7 wrong common beliefs about Enterprise API implementation
  • 2. 2 Mohamed KISSA API  Consultant                          mkissa@octo.com                                @MedKissa   Antoine CHANTALOU Head  of  WOA  &  API                          achantalou@octo.com                                @achantalou  
  • 3. 3 #1. API ? I already have 800 SOAP services !
  • 5. 5 Nick Gall [VP Gartner Group] ! “WS-* style Web Services are "Web" in name only… ! The W3C should extricate itself from further direct work on SOAP, WDSL, or any other WS-* specifications” David Orchard [Web Services standards – BEA] ! “Given the complexity of just SOAP and WSDL, how many developers will really be able to move to the full stack?... ! The promise of WSDL 2.0 has not materialized and is unlikely to do so” Paul Downey [Technical Architect at the Government Digital Service] ! “The SOAP "stack" is a mess, and currently only the simplest of services are able to interoperate” Steve Loughran [Apache Axis commiter] ! “The only place SOAP survives is in the enterprise because you can control both ends of the conversation, you can use the same toolkit and eliminate interop” Steve Vinoski [Former VP & Chief Architect of IONA Technologies] ! “if I were an enterprise architect today…I’d be looking to solve everything I possibly could with dynamic languages and REST ! I’d avoid ESBs and the typical enterprise middleware frameworks unless I had a problem that really required them. I’d also try to totally avoid SOAP and WS-*” SOAP vs REST
  • 6. 6 SOAP vs REST It’s about architecture Style
  • 7. 7 SOAP vs REST RPC & SOAP • Are operation/service oriented • Tend to unify locale and remote computation • Are contract & server oriented REST • Is resource oriented • Explicitly use WEB distributed architecture • Is developer oriented
  • 8. 8 SOAP vs REST Integrating your legacy SOA implementations in your API Strategy …could end up into URBANIZATION Strategy •  Monitoring •  Accounting Focusing on the REST approach inspired by Web Giants …may end up by building a state of the Art API •  RESTful •  Developer portal •  TTFAC* & DX** •  X-device / X-channel * “Time To First API Call” is the time a developer needs to consume the API in production after reading the documentation on the developer portal! We target 5 minutes. ** “Developer experience”. The API is used by humans. We target a massive adoption. API needs to be crafted with love. Which API Strategy ?
  • 10. 10 #2. An API strategy …is only about buying a product
  • 11. 11 Build vs Buy Cheaper resources Unique, differentiating Perceived as a competitive advantage Common to all companies in the sector Perceived as a production asset BPO* Common to all companies Perceived as a resource Strategic assets and fast innovation *Business Process Outsourcing API PORTALS & SECURITY API ! The API becomes the main entry point to your CORE IT ! Critical & differentiating components ! A Key to a competitive advantage ! API Management are ineffective to build good API ! API Management portal ! Resource publication & versioning ! Usage Statistics ! Quotas ! Developers’ portal ! Developers enrolment ! API documentation ! Security ! OAuth2 / OpenID connect
  • 13. 13 Anatomy of API Management solutions API Management is not an ESB Security API_KEY OAuth2 / OIDC API Facade (ESB) API Management portal Users enrolment Publication/ versioning Usage statistics Quotas Developer portal Self-enrolment API Doc / Try-it interface
  • 14. 14 ESB et API Management API MANAGEMENT •  Entry point of the IS for external/internal use •  May offers light transformation/mapping features •  Focused on API consumer: enrollment, developer portal, try-it console, etc. ESB •  Supposed to be in the heart of the IS •  Offer advanced transformation/mappings over several protocols •  Limited feature for consumers
  • 15. 15 #4. Opening my API to the WEB ? The web is not secure !
  • 16. 16 HTTPS þ  All requests are secured with TLS (RFC5246). Authorization þ  API_KEY authorize clients on public resources þ  OAuth2 (RFC6749) authorize both clients and users on private resources Authentication þ  OpenID connect authenticate users on private API resources API securityMandatory Optional
  • 17. 17 « Everything should be made as simple as possible, but not simpler.» A.Einstein API security
  • 18. 18 Beware of OAuth2 complexity v  OAuth2 out-of-the-box implementation almost never work without specifics developments v  OAuth2 flows are often partially implemented v  Four flows must be POCed API security
  • 19. 19 API security What about other protocols ? •  Don’t use other legacy protocols •  OAuth1, SAML2, etc. •  Don’t use encryption/signatures on the applicative side •  Don’t implement customs security solutions
  • 20. 20 #5. API facade is the right pattern !
  • 21. 21 + Short time to market (good for a MVP) - Put dependency toward the API Management/ESB editor - May not handle the complexity of your business logic - A performance overhead should be considered - The API Management/ESB and your existing service become highly coupled IS Existing Services API Management Gateway or plugin accounting, authorization, statistics, etc. Transformation/mapping to REST Scenario 1: API Facade through an API Management Transformation
  • 22. 22 + Short time to market (good for a MVP) + Will handle the complexity of your business logic - A performance overhead should be considered - The facade and your existing services become highly coupledIS Existing Services API Facade API Management Gateway or plugin accounting, authorization, statistics, etc. Transformation/mapping to REST Scenario 2: Custom API Facade
  • 23. 23 A great API on bad services is lipstick on a pig API Facade pattern
  • 24. 24 Scenario 3: Microservice pattern + No dependency toward an editor + Will handle the complexity of your business logic + No performance overhead + Fastest pattern to scale your API once MVP is validated - Not time to market for your API at stage one (MVP) IS API API Management Microservices Gateway or plugin accounting, authorization, statistics, etc. API API
  • 25. 25 #6. API strategy? It’s just technical !
  • 26. 26 API technical stakes •  Security, stateless, asyncronisme, non-transactional, microservices, cloud hosting, ect. API functional stakes •  API design •  Identify enterprise’ resources (X-channels, X-device) •  Building a REST API state diagram •  HATEOAS API organizational stakes •  Conway’s Law : “Any organization that designs a system [...] will inevitably produce a design whose structure is a copy of the organization's communication structure” •  Organize your teams as you would like your IT system to be ! API 360 impacts API 360 impacts
  • 27. 27 API 360 impacts API is not about technical implementation, it’s not a short-time project, it's about building a product!•  “Did you already heard that Gmail development was finished and that it was send under MRO (maintain, repair and operations) ?” Consider a small autonomous and empowered agile team
  • 28. 28 API 360 impacts Product Owner [Business] •  Sync development with other teams •  Responsible for API success •  Define Follow-up indicators •  Mesure, learn and build Tech-lead / Devs [IT] •  Design & develop API resources •  Write API documentation •  Measure and improve API performance •  Write unit automated test A P I S Q U A D Business analysts [Business/IT] •  Co-design API resources •  Write automated functional tests (TDR) OPS [IT] •  Automated testing •  Automated deployment •  Scalability (elasticity) and SLA Community manager [Marketing] •  Animate External Developers community (API users) •  Social networking •  Administrate developer portal
  • 29. 29 #7. I want to build an API for me & my partners, but I’m NOT interested in OPEN API !
  • 30. 30 v  The main difference lies in the way you need to industrialize the enrolment process and the quality that is required for your API v  You should target Open API from the beginning : v  So that you can fully industrialize the way developers consume your “services” on your developer portal : https://developers.fakecompany.com! v  This is the only way to offer good enrolment, TTFAC & online support Level 1 « Internal API» API used by the company Level 2 « Partners API » API used by internal developers & partners developers Level 3 « Open API » API used by internal developers, partners developers & external developers
  • 31. 31 Tél : +33 (0)1 58 56 10 00 Fax : +33 (0)1 58 56 10 01 www.octo.com© OCTO 2015 50, avenue des Champs-Elysées 75008 Paris - FRANCE Thank you ! Mohamed KISSA API  Consultant   @OCTO  Technology                          mkissa@octo.com                                @MedKissa   Antoine CHANTALOU Head  of  WOA  &  API   @OCTO  Technology                          achantalou@octo.com                                @achantalou