Role of API Management in an API led Digital Economy
1. Role of API Management in an API led
Digital Economy
Nadeesha Gamage - Solutions Architect @ WSO2
2. Important Facts About APIs
APIs now account for 25% of the Internet’s traffic.
$1 trillion is up for grabs through the redistribution of
revenue through APIs (McKinsey 2017).
25% of revenue flows through APIs (Vanson Bourne 2018).
4. What is the Digital Economy?
● Economic activity that results from billions of everyday online connections
among people, businesses, devices, data, and processes.
● The backbone of the digital economy is connectivity; Growing
interconnectedness of people, organisations, and machines.
● Interconnectivity allows organizations assets, processes and data to be easily
consumed by other stakeholders in the value chain.
9. ● A channel to expose information to a wide variety of customers in an effective
manner.
● A standard way to communicate between apps, data, and services.
● Build tailored customer experiences on top of business assets to improve the
overall experience.
Why APIs?
10. ● Explosion in the number of connected devices.
● Integrating the value chain. Integration with partners, suppliers, etc.
● Rise of consumers who are empowered by technology. Demanding more from
businesses.
Your audience will probably be much bigger than you think it is.
What Drives the Need for APIs?
11. It’s no longer about companies owning a particular asset. It's about how the asset can
be made available to consumers, when, where, and how they want it.
What Drives the Need for APIs?
12. ● Provides opportunities to scale the business without physically expanding.
● Reach customer segments who are unreachable through existing channels.
● Enable indirect sales via third-party apps.
APIs as a Business Channel
14. ● How APIs can be exposed in a standard way that can easily be used by different
stakeholders?
● How can these APIs be secured?
● How can the usage be tracked and monetized?
● How can internal stakeholders easily publish and manage APIs?
● How can you make the adoption processes easier for your API consumers?
Business Concerns
15. ● How can we protect internal assets to ensure only authorized persons have
access?
● How can we push changes to APIs without impacting consumers who are using
them?
● How can we make APIs reliable?
● How can we scale APIs as usage increases?
Technical Concerns
18. ● Exposing all APIs through a central gateway(s).
● Enforcing access control via this gateway.
● Easy to design and publish APIs for API developers.
● Easy to discover, tryout, and use APIs for API consumers.
● Provide reliability, high availability, and backward compatibility for APIs.
● Understand usage, trends, and monetize APIs.
API Management
20. Leader in the Forrester Wave:
API Management Solutions Q3, 2020
“...the only fully open source solution in our
Wave analysis, WSO2 provides good
breadth across all evaluation criteria.”
21. ● How to ensure APIs are not accessed in an ad hoc manner.
● How to ensure APIs are accessed only by authorized users (able to authenticate
and authorize users)
● How to ensure your APIs are not exploited or overused.
API Security
22. ● All API requests come in via the API Gateway.
● The API Gateway becomes the Policy Enforcement Point for APIs.
● Backend services can delegate authentication and authorization to the API
Gateway.
API Security - Single Point of Entry
25. ● Authentication and Authorization via OAuth 2.0, JWT, API Keys, Mutual Auth and
Basic Auth.
● Delegate authentication to 3rd party identity providers.
● Authorization to APIs and resources based on user roles.
● Extensibility with a XACML entitlement server for attribute-based authorization.
API Security - Authentication and Authorization
27. ● Usage control based on a subscription.
● Multiple levels of subscription with different usage plans.
● Usage control based on the number of requests or bandwidth.
● Throttling and burst control to provide fair usage of APIs.
● Protect the backend against overuse.
API Security - Throttling and Rate Limiting
28. ● A portal to create, publish, and manage APIs.
● Create APIs from Open API Specification (Swagger).
● API lifecycle management.
● Versioning of APIs to support backward compatibility.
● Admin APIs to programmatically publish and manage APIs.
● API-first development methodology.
Ease of Management
30. ● A portal to discover APIs.
● Lists API definitions, related documentation, and usage instructions.
● SDKs for easy integration with applications.
● The ability to try out APIs before adoption.
● Productized APIs to package commonly used API resources together.
Easy Adoption
32. ● Make the system highly available and fault tolerant.
● Eliminate single point of failures.
● Flexibility to deploy on multiple deployment zones.
Availability and Reliability
34. ● Statistics available for API consumers, publishers and administrators.
● Understand the usage patterns of your APIs.
● Monitor service availability and trigger alerts.
● Monetize the API usage.
Monitor and Monetize