SlideShare a Scribd company logo

Best Practices for API Management

WSO2
WSO2

Successful development and deployment best practices of WSO2 customers to secure, monitor, and manage APIs

TechnologyBusiness
1 of 39
Download to read offline
Last Updated: March 2014 Director,  Product  Management,  WSO2 Isabelle  Mauny Best  Prac1ces   for  API  Management Thursday, March 27, 14
About  the  speaker... ๏ French  na)ve ๏ Living  in  Spain ๏ Works  mostly  with  Sri  Lanka ๏ 18  years  of  IBM,  4  years  in  startups ๏ Managing  the  overall  WSO2  porDolio ๏ Linux  command  line  user 2 Thursday, March 27, 14
Who  is  WSO2  ?   ๏ Open  Source  Middleware   Pla2orm  Provider ๏ Apache  2.0  License ๏ Provides  Integra?on,  API   Management  and  Mobile   enterprise  management   products ๏ Main  contributor  to  Apache   Stratos  PaaS ๏ Creators  of  DevOps   “AppFactory”  cloud  solu?on 3 Thursday, March 27, 14
Business  Model 4 Thursday, March 27, 14
Define  a  Business  Model 5 ๏ What  are  the  business  goals  ?   ๏ Enable  3rd-­‐party  Mobile  Apps  development  ?   ๏ Increase  brand  recogni)on  ? ๏ Open  new  revenue  channels  ? ๏ Define  Mone)za)on  model   ๏ Free  ?   ๏ Pay  per  usage  ? ๏ Free  APIs,  but  paid  via  Ads Thursday, March 27, 14
Development 6 Thursday, March 27, 14
๏ Service  deals  with  implementa)on ๏ API  deals  with  subscrip)on  (consumer) ๏ Two  very  dis)nct  life  cycles  ! ๏ You  don’t  need  the  service  to  create  the  API... Services  and  APIs 7 Thursday, March 27, 14
Building  a  Managed  API ๏ Crea)ng  APIs  (interface,  docs,  samples,etc.) ๏ Adver)sing  APIs ๏ Making  APIs  subscribe-­‐able  by  consumers ๏ Associa)ng  SLAs ๏ Securing  APIs ๏ Mone)za)on  and  Analy)cs 8 Thursday, March 27, 14
API  Security 9 Thursday, March 27, 14
API  Security   ๏ Security  is  not  an  aYer  thought  !   ๏ APIs  are  part  of  a  much  larger  enterprise  picture ๏ How  will  consumers  request  an  access  token  ?   ๏ Using  a  SAML  2.0  asser)on  ?   ๏ Using  client_creden)als  ?   ๏ Using  userid/password  ?   ๏ Make  sure  you  document  thoroughly  how  developers   need  to  manage  tokens: ๏ Tokens  are  like  passwords! ๏ Always  use  SSL  for  token  transporta)on  ! ๏ Use  Domain  restric)ons  (WSO2  API  Manager) 10 Thursday, March 27, 14
Fine-­‐grained  access  to  APIs ๏ OAuth2  is  all  about  access  control:  a  token  is  associated  to  a  scope. ๏ XACML  (eXtensible  Access  Control  Markup  Language)  is  the  de-­‐ facto  standard  for  fine-­‐grained  access  control. ๏ OAuth  scope  can  be  represented  in  XACML  policies ๏ Provides  fine  grain  control  over  what  a  user/applica?on  can  do   (  i.e.  you  can  call  GET  but  not  POST  on  an  API)   11 Thursday, March 27, 14
Passing  Auth  Informa6on  to  back-­‐end  services ๏ Using  JSON  Web  Tokens  (JWT)   ๏ Lightweight ๏ Can  be  signed ๏ Easy  to  parse  and  consume ๏ Standard API Gateway API Management Layer Services Layer Internal and External Applications OAuth 2 Access Token JSON Web Token 12 Thursday, March 27, 14
Token  Format ๏ JWT  Structure   {token  info}.{claims  list}.{signature}   ๏ Base-­‐64  Encoded   13 Thursday, March 27, 14
What  are  Claims  ?   ๏ Claims  are  a  set  of   aTributes  about  a   user,  mapped  to  the   underlying  user   store. ๏ A  set  of  claims  is   called  a  dialect 14 Thursday, March 27, 14
Publishing 15 Thursday, March 27, 14
Choosing  an  API  Management  Pla=orm 16 ๏ What  the  pla2orm  must  do,  at  a  minimum: ๏ Users  Management  (self-­‐sign  up,  profile  management) ๏ API  Publica?on  /  API  Store ๏ API  Security ๏ Sta?s?cs ๏ SLA  control ๏ ThroTling  /  Rate  Limi?ng ๏ API  Versioning ๏ Mone?za?on/Billing ๏ and  more  ! ๏ You  could  build  all  of  this  yourself,  but... Thursday, March 27, 14
Need  for  API  Versioning ๏ Need  to  support  API  evolu)on ๏ While  Maintaining ๏ Backward  compa)bility  -­‐>  Func)onality ๏ Rates/Throhling  agreements ๏ Different  versioning  mechanisms 17 Thursday, March 27, 14
API  Versioning  Strategies ๏ Version  as  a  query  parameter ๏ Ne=lix  -­‐  hTp://api.ne2lix.com/catalog/?tles/series/70023522?v=1.5 ๏ Google  Data  API  -­‐  “GData-­‐Version:  X.0″₺  or  “v=X.0″₺ ๏ Version  as  part  of  URI ๏ Salesforce  -­‐  hTps://na1.salesforce.com/services/data/v20.0/sobjects/Account/ ๏ TwiDer  -­‐  hTps://api.twiTer.com/1.1/statuses/men?ons_?meline.json ๏ Version  as  a  date  in  URI ๏ Twilio  -­‐  /2010-­‐04-­‐01/Accounts/{AccountSid}/Calls ๏ hTp://www.twilio.com/docs/api/rest/making-­‐calls ๏ Version  as  a   ๏ Custom  HTTP  Header ๏ Accept  Header 18 Thursday, March 27, 14
API  Lifecycle ๏ An  API  can  pass  through  mul)ple  states ๏ For  example: ๏ CREATED ๏ PUBLISHED ๏ DEPRECATED ๏ RETIRED ๏ BLOCKED ๏ Should  integrate  with  complete  governance  lifecycle 19 Thursday, March 27, 14
Show  some  developer’s  love  :) 20 ๏ Docs  ,  docs  and  more  docs ๏ API  Samples,  in  many  languages ๏ Embedded  Tes)ng ๏ Provide  sandbox  and  produc)on  run)mes ๏ SDK   ๏ Wraps  API  access,  including  security Thursday, March 27, 14
Deployment 21 Thursday, March 27, 14
Gateway  vs.  ESB 22 ๏ Oh,  but  I  already  have  an  ESB  !  Why  do  I  need  a   gateway  ? ๏ API  Gateway  vs.  Media)on  Layer  (ESB) ๏ Gateway  =  light  ESB  ?   ๏ Think  ESB  as  an  architecture  pahern,  not  a  product! Thursday, March 27, 14
Generic  Facade  PaZern ๏ Pros ๏ No  addi)onal  hop  in  the  network ๏ Single  Server  to  be  managed ๏ More  suited  for  internal  deployments ๏ Cons ๏ Complexity  of  integra)on  at  edge  of  network ๏ API  Management  layer  can’t  really  scale  independently   ๏ Not  appropriate  for  DMZ  deployments  (direct  access  to  backend  services) 23 API Gateway API Management Layer Services Layer Internal and External Applications Thursday, March 27, 14
Separated  Facade  &  Mediaon ๏ API  Gateway  Layer  acts  as  simple  reverse  proxy,  enforcing  basic  policies ๏ Clear  separa?on  of  concern  between  layers ๏ Media?on  layer  and  API  management  layer  scale  independently ๏ Specific  security  checks/protec?on  at  edge  of  the  network ๏ Provides  protocol  transforma?on  to  the  edge  of  the  network 24 API Gateway API Management Layer Services Layer Internal and External Applications API Gateway API Management Layer Services LayerMediation Layer Services Composition Services Orchestration Thursday, March 27, 14
Specific  WSO2  Soluon ๏ Our  API  gateway  is  actually  a  full-­‐blown  ESB  under  the   hood,  constrained  at  UI  level.   ๏ You  can  install  the  missing  ESB  features  on  top  of  API   manager  and  combine  both  architecture  layers  into  a   single  run)me! ๏ Makes  the  choice  a  deployment  one. 25 Thursday, March 27, 14
Typical  Deployment 26 Web Tier BPS Server API GatewayLoad balancer API Gateway External APIs Tier Orchestration Layer External Web Application External Mobile Application Token Validation, Policy Decision Point, Users Store Management ESB Server Data Access Layer ESB BPM Data Services Server Identity Server Messaging Layer Message Broker Server API Gateway Load balancer API Gateway Internal APIs Tier Identity Server Thursday, March 27, 14
Users  Store ๏ Separate  admins  /  corporate  users  from  the  developers   users’s  store  (created  via  self-­‐sign  up) 27 Thursday, March 27, 14
You  can’t  manage   what  you  can’t  measure. 28 Thursday, March 27, 14
Why  Analy6cs  and  API  Management  are  important  together? ๏ Build  confidence  in  the  API  model ๏ Understand  your  customer   ๏ Not  just  the  developer  but  also  the  end-­‐user ๏ Help  manage  services  and  versions ๏ Understand  when  deprecated  services  can  be  re?red ๏ Plan  beTer ๏ Monitor  the  growth  of  aggregated  API  traffic ๏ Monitor  the  growth  of  specific  apps ๏ Even  if  you’re  not  going  to  put  analy?cs  in  place,  make  sure   you  capture  all  events  right  from  beginning  of  project. 29 Thursday, March 27, 14
Analycs  101:  Aggregaon • How  to  collect  data   efficiently • How  to  store  data   effec)vely • Choose  which  data  to   capture 30 Thursday, March 27, 14
Analycs  101  :  Analysis • Data  opera)ons • Defining  KPIs  and  analy)cs • Opera)ng  on  large  amounts   of  historical  or  current  data • Crea)ng  intelligence   31 Thursday, March 27, 14
Analycs  101  :  Presentaon • Visualiza)on • Dashboards • Reports 32 Thursday, March 27, 14
Events Collector EVENTS DATASTORE 3rd party Products WRITES EVENTS Report Generator CEP Engine FEEDS EVENTS GENERATE NEW EVENTS Analytics Engine Real Time Decision Engine DEPLOYS LOGIC ANALYTICS DATASTORE User Engagement Server 33 Monitor  And  Analyze ๏ Take  decisions  in  real  ?me  through  Complex  Event  Processing ๏ Create  dashboards  for  both  technical  and  business  monitoring Thursday, March 27, 14
Detecng  Usage  PaZerns ๏ My  API  customer  is  trying  to  steal  my  business  :  let’s   block  them. ๏ A  customer  is  at  80%  of  API  plan  :  let’s  warn  them   ๏ A  customer  is  systema)cally  at  120%  of  the  plan  :   propose  an  upgrade  to  the  premium  plan 34 Thursday, March 27, 14
Demo 35 Thursday, March 27, 14
Demo  Setup 36 Web Tier API Gateway APIs tier Mediation Layer External Web Application Token Validation, Policy Decision Point, IdentityProvider, Users Store Manager ESB Server Services Layer ESB Application Server Messaging Layer Message Broker Server Identity Server Reporting, Logging, Operational Analysis BAM CEP Thursday, March 27, 14
References ๏ Building  an  ecosystem  for  API  Security  (White  Paper) ๏ hhp://wso2.com/whitepapers/wso2-­‐whitepaper-­‐building-­‐an-­‐ecosystem-­‐for-­‐api-­‐ security/ ๏ API  Facade  Pahern  (Webinar) ๏ hhp://wso2.com/library/webinars/2014/01/implemen)ng-­‐api-­‐facade-­‐using-­‐ wso2-­‐api-­‐management-­‐plaDorm/ ๏ API  Management:  missing  link  for  SOA   ๏ hhp://sanjiva.weerawarana.org/2012/08/api-­‐management-­‐missing-­‐link-­‐for-­‐ soa.html ๏ Promo)ng  Service  Reuse   ๏ hhp://wso2.com/whitepapers/promo)ng-­‐service-­‐reuse-­‐within-­‐your-­‐enterprise-­‐ and-­‐maximizing-­‐soa-­‐success/ 37 Thursday, March 27, 14
Download  API  Manager  today! ๏ hhp://wso2.com/products/api-­‐manager/ 38 Thursday, March 27, 14
Contact  us  ! Thursday, March 27, 14

Recommended

API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy IntroductionDoug Gregory
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the EnterpriseApigee | Google Cloud
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyWSO2
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 
API Governance
API Governance API Governance
API Governance Sunil Kuchipudi
 
API Management
API ManagementAPI Management
API ManagementProlifics
 
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...John Musser
 

Recommended

API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy IntroductionDoug Gregory
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the EnterpriseApigee | Google Cloud
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyWSO2
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 
API Governance
API Governance API Governance
API Governance Sunil Kuchipudi
 
API Management
API ManagementAPI Management
API ManagementProlifics
 
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...John Musser
 
Application Architecture: The Next Wave | MuleSoft
Application Architecture: The Next Wave | MuleSoftApplication Architecture: The Next Wave | MuleSoft
Application Architecture: The Next Wave | MuleSoftMuleSoft
 
API Frenzy: API Strategy 101
API Frenzy: API Strategy 101API Frenzy: API Strategy 101
API Frenzy: API Strategy 101Akana
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Managementjeremysbrown
 
API Business Models
API Business ModelsAPI Business Models
API Business ModelsJohn Musser
 
API Management - Why it matters!
API Management - Why it matters!API Management - Why it matters!
API Management - Why it matters!Sven Bernhardt
 
Guide to an API-first Strategy
Guide to an API-first StrategyGuide to an API-first Strategy
Guide to an API-first StrategyKellton Tech Solutions Ltd
 
API Monetization – It Does Not Mean What You Think It Means. It Is Far More
API Monetization – It Does Not Mean What You Think It Means. It Is Far MoreAPI Monetization – It Does Not Mean What You Think It Means. It Is Far More
API Monetization – It Does Not Mean What You Think It Means. It Is Far MoreNordic APIs
 
Api Gateway
Api GatewayApi Gateway
Api GatewayKhaqanAshraf
 
Effective API Governance: Lessons Learnt
Effective API Governance: Lessons LearntEffective API Governance: Lessons Learnt
Effective API Governance: Lessons LearntPronovix
 
Observability
ObservabilityObservability
ObservabilityMaganathin Veeraragaloo
 
How to Execute a Successful API Strategy
How to Execute a Successful API StrategyHow to Execute a Successful API Strategy
How to Execute a Successful API StrategyMatt McLarty
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API ManagementApigee | Google Cloud
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee | Google Cloud
 
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API PlatformJohannes Ridderstedt
 
Architecture for the API-enterprise
Architecture for the API-enterpriseArchitecture for the API-enterprise
Architecture for the API-enterpriseApigee | Google Cloud
 
WSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture Nadeesha Gamage
 
Azure API Management
Azure API ManagementAzure API Management
Azure API ManagementDaniel Toomey
 
apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...
apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...
apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...apidays
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
 
Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureWSO2
 
Six Steps To Build A Successful API
Six Steps To Build A Successful APISix Steps To Build A Successful API
Six Steps To Build A Successful APIChris Haddad
 

More Related Content

What's hot

Application Architecture: The Next Wave | MuleSoft
Application Architecture: The Next Wave | MuleSoftApplication Architecture: The Next Wave | MuleSoft
Application Architecture: The Next Wave | MuleSoftMuleSoft
 
API Frenzy: API Strategy 101
API Frenzy: API Strategy 101API Frenzy: API Strategy 101
API Frenzy: API Strategy 101Akana
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Managementjeremysbrown
 
API Business Models
API Business ModelsAPI Business Models
API Business ModelsJohn Musser
 
API Management - Why it matters!
API Management - Why it matters!API Management - Why it matters!
API Management - Why it matters!Sven Bernhardt
 
API Monetization – It Does Not Mean What You Think It Means. It Is Far More
API Monetization – It Does Not Mean What You Think It Means. It Is Far MoreAPI Monetization – It Does Not Mean What You Think It Means. It Is Far More
API Monetization – It Does Not Mean What You Think It Means. It Is Far MoreNordic APIs
 
Effective API Governance: Lessons Learnt
Effective API Governance: Lessons LearntEffective API Governance: Lessons Learnt
Effective API Governance: Lessons LearntPronovix
 
How to Execute a Successful API Strategy
How to Execute a Successful API StrategyHow to Execute a Successful API Strategy
How to Execute a Successful API StrategyMatt McLarty
 
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API PlatformJohannes Ridderstedt
 
WSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture Nadeesha Gamage
 
Azure API Management
Azure API ManagementAzure API Management
Azure API ManagementDaniel Toomey
 
apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...
apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...
apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...apidays
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
 

What's hot (20)

Application Architecture: The Next Wave | MuleSoft
Application Architecture: The Next Wave | MuleSoftApplication Architecture: The Next Wave | MuleSoft
Application Architecture: The Next Wave | MuleSoft
 
API Frenzy: API Strategy 101
API Frenzy: API Strategy 101API Frenzy: API Strategy 101
API Frenzy: API Strategy 101
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
 
API Business Models
API Business ModelsAPI Business Models
API Business Models
 
API Management - Why it matters!
API Management - Why it matters!API Management - Why it matters!
API Management - Why it matters!
 
Guide to an API-first Strategy
Guide to an API-first StrategyGuide to an API-first Strategy
Guide to an API-first Strategy
 
API Monetization – It Does Not Mean What You Think It Means. It Is Far More
API Monetization – It Does Not Mean What You Think It Means. It Is Far MoreAPI Monetization – It Does Not Mean What You Think It Means. It Is Far More
API Monetization – It Does Not Mean What You Think It Means. It Is Far More
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
 
Effective API Governance: Lessons Learnt
Effective API Governance: Lessons LearntEffective API Governance: Lessons Learnt
Effective API Governance: Lessons Learnt
 
Observability
ObservabilityObservability
Observability
 
How to Execute a Successful API Strategy
How to Execute a Successful API StrategyHow to Execute a Successful API Strategy
How to Execute a Successful API Strategy
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API Management
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
 
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API Platform
 
Architecture for the API-enterprise
Architecture for the API-enterpriseArchitecture for the API-enterprise
Architecture for the API-enterprise
 
WSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and Roadmap
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
 
apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...
apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...
apidays Paris 2022 - Generating APIs from business models, Frederic Fontanet,...
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy Presentation
 

Similar to Best Practices for API Management

Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureWSO2
 
Six Steps To Build A Successful API
Six Steps To Build A Successful APISix Steps To Build A Successful API
Six Steps To Build A Successful APIChris Haddad
 
Six Steps to Build Successful APIs
Six Steps to Build Successful APIsSix Steps to Build Successful APIs
Six Steps to Build Successful APIsWSO2
 
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons LearntOracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons Learntluisw19
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceKasun Indrasiri
 
Melbourne Virtual MuleSoft Meetup June 2022
Melbourne Virtual MuleSoft Meetup June 2022Melbourne Virtual MuleSoft Meetup June 2022
Melbourne Virtual MuleSoft Meetup June 2022Daniel Soffner
 
A Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionA Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices Edition3scale
 
A Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionA Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionSteven Willmott
 
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led ConnectivityMuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led ConnectivityJitendra Bafna
 
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...WSO2
 
Top 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementationTop 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementationOCTO Technology
 
The B2B Perspective :: APIs and Services for Fleet Management
The B2B Perspective :: APIs and Services for Fleet ManagementThe B2B Perspective :: APIs and Services for Fleet Management
The B2B Perspective :: APIs and Services for Fleet ManagementToralf Richter
 
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...Angel Alberici
 
Melbourne Virtual MuleSoft Meetup November 2020
Melbourne Virtual MuleSoft Meetup November 2020Melbourne Virtual MuleSoft Meetup November 2020
Melbourne Virtual MuleSoft Meetup November 2020Daniel Soffner
 
Sharing Best Practices and Recommendations from the Integration Battlefield
Sharing Best Practices and Recommendations from the Integration BattlefieldSharing Best Practices and Recommendations from the Integration Battlefield
Sharing Best Practices and Recommendations from the Integration BattlefieldWSO2
 
Microservices & anypoint service mesh calgary mule soft meetup
Microservices & anypoint service mesh calgary mule soft meetupMicroservices & anypoint service mesh calgary mule soft meetup
Microservices & anypoint service mesh calgary mule soft meetupJimmy Attia
 
MuleSoft Madrid Meetup #3 slides 2nd July 2020
MuleSoft Madrid Meetup #3 slides 2nd July 2020MuleSoft Madrid Meetup #3 slides 2nd July 2020
MuleSoft Madrid Meetup #3 slides 2nd July 2020Ieva Navickaite
 

Similar to Best Practices for API Management (20)

Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric Architecture
 
Six Steps To Build A Successful API
Six Steps To Build A Successful APISix Steps To Build A Successful API
Six Steps To Build A Successful API
 
Six Steps to Build Successful APIs
Six Steps to Build Successful APIsSix Steps to Build Successful APIs
Six Steps to Build Successful APIs
 
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons LearntOracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
 
Open APIs Design
Open APIs DesignOpen APIs Design
Open APIs Design
 
Melbourne Virtual MuleSoft Meetup June 2022
Melbourne Virtual MuleSoft Meetup June 2022Melbourne Virtual MuleSoft Meetup June 2022
Melbourne Virtual MuleSoft Meetup June 2022
 
A Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionA Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices Edition
 
A Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionA Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices Edition
 
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led ConnectivityMuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
 
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...
 
Top 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementationTop 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementation
 
Octo API-days 2015
Octo API-days 2015Octo API-days 2015
Octo API-days 2015
 
The B2B Perspective :: APIs and Services for Fleet Management
The B2B Perspective :: APIs and Services for Fleet ManagementThe B2B Perspective :: APIs and Services for Fleet Management
The B2B Perspective :: APIs and Services for Fleet Management
 
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
 
Melbourne Virtual MuleSoft Meetup November 2020
Melbourne Virtual MuleSoft Meetup November 2020Melbourne Virtual MuleSoft Meetup November 2020
Melbourne Virtual MuleSoft Meetup November 2020
 
Sharing Best Practices and Recommendations from the Integration Battlefield
Sharing Best Practices and Recommendations from the Integration BattlefieldSharing Best Practices and Recommendations from the Integration Battlefield
Sharing Best Practices and Recommendations from the Integration Battlefield
 
Microservices & anypoint service mesh calgary mule soft meetup
Microservices & anypoint service mesh calgary mule soft meetupMicroservices & anypoint service mesh calgary mule soft meetup
Microservices & anypoint service mesh calgary mule soft meetup
 
Getting Started with API Management
Getting Started with API ManagementGetting Started with API Management
Getting Started with API Management
 
MuleSoft Madrid Meetup #3 slides 2nd July 2020
MuleSoft Madrid Meetup #3 slides 2nd July 2020MuleSoft Madrid Meetup #3 slides 2nd July 2020
MuleSoft Madrid Meetup #3 slides 2nd July 2020
 

More from WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

More from WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Best Practices for API Management

  • 1. Last Updated: March 2014 Director,  Product  Management,  WSO2 Isabelle  Mauny Best  Prac1ces   for  API  Management Thursday, March 27, 14
  • 2. About  the  speaker... ๏ French  na)ve ๏ Living  in  Spain ๏ Works  mostly  with  Sri  Lanka ๏ 18  years  of  IBM,  4  years  in  startups ๏ Managing  the  overall  WSO2  porDolio ๏ Linux  command  line  user 2 Thursday, March 27, 14
  • 3. Who  is  WSO2  ?   ๏ Open  Source  Middleware   Pla2orm  Provider ๏ Apache  2.0  License ๏ Provides  Integra?on,  API   Management  and  Mobile   enterprise  management   products ๏ Main  contributor  to  Apache   Stratos  PaaS ๏ Creators  of  DevOps   “AppFactory”  cloud  solu?on 3 Thursday, March 27, 14
  • 5. Define  a  Business  Model 5 ๏ What  are  the  business  goals  ?   ๏ Enable  3rd-­‐party  Mobile  Apps  development  ?   ๏ Increase  brand  recogni)on  ? ๏ Open  new  revenue  channels  ? ๏ Define  Mone)za)on  model   ๏ Free  ?   ๏ Pay  per  usage  ? ๏ Free  APIs,  but  paid  via  Ads Thursday, March 27, 14
  • 7. ๏ Service  deals  with  implementa)on ๏ API  deals  with  subscrip)on  (consumer) ๏ Two  very  dis)nct  life  cycles  ! ๏ You  don’t  need  the  service  to  create  the  API... Services  and  APIs 7 Thursday, March 27, 14
  • 8. Building  a  Managed  API ๏ Crea)ng  APIs  (interface,  docs,  samples,etc.) ๏ Adver)sing  APIs ๏ Making  APIs  subscribe-­‐able  by  consumers ๏ Associa)ng  SLAs ๏ Securing  APIs ๏ Mone)za)on  and  Analy)cs 8 Thursday, March 27, 14
  • 10. API  Security   ๏ Security  is  not  an  aYer  thought  !   ๏ APIs  are  part  of  a  much  larger  enterprise  picture ๏ How  will  consumers  request  an  access  token  ?   ๏ Using  a  SAML  2.0  asser)on  ?   ๏ Using  client_creden)als  ?   ๏ Using  userid/password  ?   ๏ Make  sure  you  document  thoroughly  how  developers   need  to  manage  tokens: ๏ Tokens  are  like  passwords! ๏ Always  use  SSL  for  token  transporta)on  ! ๏ Use  Domain  restric)ons  (WSO2  API  Manager) 10 Thursday, March 27, 14
  • 11. Fine-­‐grained  access  to  APIs ๏ OAuth2  is  all  about  access  control:  a  token  is  associated  to  a  scope. ๏ XACML  (eXtensible  Access  Control  Markup  Language)  is  the  de-­‐ facto  standard  for  fine-­‐grained  access  control. ๏ OAuth  scope  can  be  represented  in  XACML  policies ๏ Provides  fine  grain  control  over  what  a  user/applica?on  can  do   (  i.e.  you  can  call  GET  but  not  POST  on  an  API)   11 Thursday, March 27, 14
  • 12. Passing  Auth  Informa6on  to  back-­‐end  services ๏ Using  JSON  Web  Tokens  (JWT)   ๏ Lightweight ๏ Can  be  signed ๏ Easy  to  parse  and  consume ๏ Standard API Gateway API Management Layer Services Layer Internal and External Applications OAuth 2 Access Token JSON Web Token 12 Thursday, March 27, 14
  • 13. Token  Format ๏ JWT  Structure   {token  info}.{claims  list}.{signature}   ๏ Base-­‐64  Encoded   13 Thursday, March 27, 14
  • 14. What  are  Claims  ?   ๏ Claims  are  a  set  of   aTributes  about  a   user,  mapped  to  the   underlying  user   store. ๏ A  set  of  claims  is   called  a  dialect 14 Thursday, March 27, 14
  • 16. Choosing  an  API  Management  Pla=orm 16 ๏ What  the  pla2orm  must  do,  at  a  minimum: ๏ Users  Management  (self-­‐sign  up,  profile  management) ๏ API  Publica?on  /  API  Store ๏ API  Security ๏ Sta?s?cs ๏ SLA  control ๏ ThroTling  /  Rate  Limi?ng ๏ API  Versioning ๏ Mone?za?on/Billing ๏ and  more  ! ๏ You  could  build  all  of  this  yourself,  but... Thursday, March 27, 14
  • 17. Need  for  API  Versioning ๏ Need  to  support  API  evolu)on ๏ While  Maintaining ๏ Backward  compa)bility  -­‐>  Func)onality ๏ Rates/Throhling  agreements ๏ Different  versioning  mechanisms 17 Thursday, March 27, 14
  • 18. API  Versioning  Strategies ๏ Version  as  a  query  parameter ๏ Ne=lix  -­‐  hTp://api.ne2lix.com/catalog/?tles/series/70023522?v=1.5 ๏ Google  Data  API  -­‐  “GData-­‐Version:  X.0″₺  or  “v=X.0″₺ ๏ Version  as  part  of  URI ๏ Salesforce  -­‐  hTps://na1.salesforce.com/services/data/v20.0/sobjects/Account/ ๏ TwiDer  -­‐  hTps://api.twiTer.com/1.1/statuses/men?ons_?meline.json ๏ Version  as  a  date  in  URI ๏ Twilio  -­‐  /2010-­‐04-­‐01/Accounts/{AccountSid}/Calls ๏ hTp://www.twilio.com/docs/api/rest/making-­‐calls ๏ Version  as  a   ๏ Custom  HTTP  Header ๏ Accept  Header 18 Thursday, March 27, 14
  • 19. API  Lifecycle ๏ An  API  can  pass  through  mul)ple  states ๏ For  example: ๏ CREATED ๏ PUBLISHED ๏ DEPRECATED ๏ RETIRED ๏ BLOCKED ๏ Should  integrate  with  complete  governance  lifecycle 19 Thursday, March 27, 14
  • 20. Show  some  developer’s  love  :) 20 ๏ Docs  ,  docs  and  more  docs ๏ API  Samples,  in  many  languages ๏ Embedded  Tes)ng ๏ Provide  sandbox  and  produc)on  run)mes ๏ SDK   ๏ Wraps  API  access,  including  security Thursday, March 27, 14
  • 22. Gateway  vs.  ESB 22 ๏ Oh,  but  I  already  have  an  ESB  !  Why  do  I  need  a   gateway  ? ๏ API  Gateway  vs.  Media)on  Layer  (ESB) ๏ Gateway  =  light  ESB  ?   ๏ Think  ESB  as  an  architecture  pahern,  not  a  product! Thursday, March 27, 14
  • 23. Generic  Facade  PaZern ๏ Pros ๏ No  addi)onal  hop  in  the  network ๏ Single  Server  to  be  managed ๏ More  suited  for  internal  deployments ๏ Cons ๏ Complexity  of  integra)on  at  edge  of  network ๏ API  Management  layer  can’t  really  scale  independently   ๏ Not  appropriate  for  DMZ  deployments  (direct  access  to  backend  services) 23 API Gateway API Management Layer Services Layer Internal and External Applications Thursday, March 27, 14
  • 24. Separated  Facade  &  Mediaon ๏ API  Gateway  Layer  acts  as  simple  reverse  proxy,  enforcing  basic  policies ๏ Clear  separa?on  of  concern  between  layers ๏ Media?on  layer  and  API  management  layer  scale  independently ๏ Specific  security  checks/protec?on  at  edge  of  the  network ๏ Provides  protocol  transforma?on  to  the  edge  of  the  network 24 API Gateway API Management Layer Services Layer Internal and External Applications API Gateway API Management Layer Services LayerMediation Layer Services Composition Services Orchestration Thursday, March 27, 14
  • 25. Specific  WSO2  Soluon ๏ Our  API  gateway  is  actually  a  full-­‐blown  ESB  under  the   hood,  constrained  at  UI  level.   ๏ You  can  install  the  missing  ESB  features  on  top  of  API   manager  and  combine  both  architecture  layers  into  a   single  run)me! ๏ Makes  the  choice  a  deployment  one. 25 Thursday, March 27, 14
  • 26. Typical  Deployment 26 Web Tier BPS Server API GatewayLoad balancer API Gateway External APIs Tier Orchestration Layer External Web Application External Mobile Application Token Validation, Policy Decision Point, Users Store Management ESB Server Data Access Layer ESB BPM Data Services Server Identity Server Messaging Layer Message Broker Server API Gateway Load balancer API Gateway Internal APIs Tier Identity Server Thursday, March 27, 14
  • 27. Users  Store ๏ Separate  admins  /  corporate  users  from  the  developers   users’s  store  (created  via  self-­‐sign  up) 27 Thursday, March 27, 14
  • 28. You  can’t  manage   what  you  can’t  measure. 28 Thursday, March 27, 14
  • 29. Why  Analy6cs  and  API  Management  are  important  together? ๏ Build  confidence  in  the  API  model ๏ Understand  your  customer   ๏ Not  just  the  developer  but  also  the  end-­‐user ๏ Help  manage  services  and  versions ๏ Understand  when  deprecated  services  can  be  re?red ๏ Plan  beTer ๏ Monitor  the  growth  of  aggregated  API  traffic ๏ Monitor  the  growth  of  specific  apps ๏ Even  if  you’re  not  going  to  put  analy?cs  in  place,  make  sure   you  capture  all  events  right  from  beginning  of  project. 29 Thursday, March 27, 14
  • 30. Analycs  101:  Aggregaon • How  to  collect  data   efficiently • How  to  store  data   effec)vely • Choose  which  data  to   capture 30 Thursday, March 27, 14
  • 31. Analycs  101  :  Analysis • Data  opera)ons • Defining  KPIs  and  analy)cs • Opera)ng  on  large  amounts   of  historical  or  current  data • Crea)ng  intelligence   31 Thursday, March 27, 14
  • 32. Analycs  101  :  Presentaon • Visualiza)on • Dashboards • Reports 32 Thursday, March 27, 14
  • 33. Events Collector EVENTS DATASTORE 3rd party Products WRITES EVENTS Report Generator CEP Engine FEEDS EVENTS GENERATE NEW EVENTS Analytics Engine Real Time Decision Engine DEPLOYS LOGIC ANALYTICS DATASTORE User Engagement Server 33 Monitor  And  Analyze ๏ Take  decisions  in  real  ?me  through  Complex  Event  Processing ๏ Create  dashboards  for  both  technical  and  business  monitoring Thursday, March 27, 14
  • 34. Detecng  Usage  PaZerns ๏ My  API  customer  is  trying  to  steal  my  business  :  let’s   block  them. ๏ A  customer  is  at  80%  of  API  plan  :  let’s  warn  them   ๏ A  customer  is  systema)cally  at  120%  of  the  plan  :   propose  an  upgrade  to  the  premium  plan 34 Thursday, March 27, 14
  • 36. Demo  Setup 36 Web Tier API Gateway APIs tier Mediation Layer External Web Application Token Validation, Policy Decision Point, IdentityProvider, Users Store Manager ESB Server Services Layer ESB Application Server Messaging Layer Message Broker Server Identity Server Reporting, Logging, Operational Analysis BAM CEP Thursday, March 27, 14
  • 37. References ๏ Building  an  ecosystem  for  API  Security  (White  Paper) ๏ hhp://wso2.com/whitepapers/wso2-­‐whitepaper-­‐building-­‐an-­‐ecosystem-­‐for-­‐api-­‐ security/ ๏ API  Facade  Pahern  (Webinar) ๏ hhp://wso2.com/library/webinars/2014/01/implemen)ng-­‐api-­‐facade-­‐using-­‐ wso2-­‐api-­‐management-­‐plaDorm/ ๏ API  Management:  missing  link  for  SOA   ๏ hhp://sanjiva.weerawarana.org/2012/08/api-­‐management-­‐missing-­‐link-­‐for-­‐ soa.html ๏ Promo)ng  Service  Reuse   ๏ hhp://wso2.com/whitepapers/promo)ng-­‐service-­‐reuse-­‐within-­‐your-­‐enterprise-­‐ and-­‐maximizing-­‐soa-­‐success/ 37 Thursday, March 27, 14
  • 38. Download  API  Manager  today! ๏ hhp://wso2.com/products/api-­‐manager/ 38 Thursday, March 27, 14