API Management Introduction and Principles

Similar documents
perspective Microservices A New Application Paradigm Abstract

BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use

SOA and API Management

5 Pillars of API Management with CA Technologies

Apigee Edge API Services Manage, scale, secure, and build APIs and apps

A Comprehensive Solution for API Management

IBM API Management Overview IBM Corporation

The bridge to delivering digital applications across cloud, mobile and partner channels

API Management: Powered by SOA Software Dedicated Cloud

HP Service Manager software

API Architecture. for the Data Interoperability at OSU initiative

Extend the value of your core business systems.

The ESB and Microsoft BI

WHITE PAPER. Written by: Michael Azoff. Published Mar, 2015, Ovum

ORACLE MOBILE SUITE. Complete Mobile Development Solution. Cross Device Solution. Shared Services Infrastructure for Mobility

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

Enterprise SOA Strategy, Planning and Operations with Agile Techniques, Virtualization and Cloud Computing

Realizing business flexibility through integrated SOA policy management.

Table of Contents. Abstract. Cloud computing basics. The app economy. The API platform for the app economy

Modern IT Operations Management. Why a New Approach is Required, and How Boundary Delivers

FireScope + ServiceNow: CMDB Integration Use Cases

Assuring High Quality of Customer Self-Service with Wily Application Performance Management

Service Virtualization: Managing Change in a Service-Oriented Architecture

DESIGN OF A PLATFORM OF VIRTUAL SERVICE CONTAINERS FOR SERVICE ORIENTED CLOUD COMPUTING. Carlos de Alfonso Andrés García Vicente Hernández

Feature Guide Elastic Path Subscriptions (toll-free within North America) (outside North America)

WHITE PAPER. Five Steps to Better Application Monitoring and Troubleshooting

Oracle SOA Suite/B2B as a Critical Mission Hub for a High Volume Message Use Case

Service Oriented Architecture (SOA) An Introduction

Extending the Benefits of SOA beyond the Enterprise

Service Oriented Architecture and the DBA Kathy Komer Aetna Inc. New England DB2 Users Group. Tuesday June 12 1:00-2:15

White Paper Take Control of Datacenter Infrastructure

AquaLogic Service Bus

Government's Adoption of SOA and SOA Examples

ebay : How is it a hit

Autonomic computing: strengthening manageability for SOA implementations

Building a Federated ESB with Multi-Site High-Availability. Presented By American Electric Power & ProSoft Technology Group Inc October 16 th 2012

Performance Management for Enterprise Applications

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Optimizing your IT infrastructure IBM Corporation

SOLUTION WHITE PAPER. BMC Manages the Full Service Stack on Secure Multi-tenant Architecture

Office Business Applications (OBA) for Healthcare Organizations. Make better decisions using the tools you already know

A new Breed of Managed Hosting for the Cloud Computing Age. A Neovise Vendor White Paper, Prepared for SoftLayer

The Way to SOA Concept, Architectural Components and Organization

Empowering the Enterprise Through Unified Communications & Managed Services Solutions

Global Outsourcing / Infrastructure Management. Instinct 2.0. Bridging the Gap between the Disparate Needs of Organizations and End-Users

Chapter. Solve Performance Problems with FastSOA Patterns. The previous chapters described the FastSOA patterns at an architectural

Federal Enterprise Architecture and Service-Oriented Architecture

SOA REFERENCE ARCHITECTURE: WEB TIER

Use service virtualization to remove testing bottlenecks

White Paper: Security and Agility in the API Economy. Optimizing and securing your APIs with ViewDS Identity Solutions and Layer 7

Fujitsu Service-Oriented Architecture (SOA) A Web Services Framework

Virtual CPE and Software Defined Networking

Beyond ESB Architecture with APIs

Sentinet for BizTalk Server SENTINET

agility made possible

TRANSFORMING TO NEXT-GEN APP DELIVERY FOR COMPETITIVE DIFFERENTIATION

The StrikeIron API Management Solution

Safe Harbor Statement

An Oracle White Paper May Oracle Tuxedo: An Enterprise Platform for Dynamic Languages

Customer Cloud Architecture for Mobile

Fast Innovation requires Fast IT

Oracle Reference Architecture and Oracle Cloud

Intel Service Assurance Administrator. Product Overview

WINDOWS SERVER MONITORING

SONIC ESB 7. KEY CAPABILITIES > Connects, mediates and controls. KEY BENEFITS > Creates new processes using

Methods and tools for data and software integration Enterprise Service Bus

Cloud Service Brokerage Case Study. Health Insurance Association Launches a Security and Integration Cloud Service Brokerage

Cisco Enterprise Mobility Services Platform

A Step-by-Step Guide to Defining Your Cloud Services Catalog

Designing and Implementing Cloud Governance: Cloud, and Cloud Governance, are Emerging Capabilities

Service Virtualization

Wilhelmenia Ravenell IT Manager Eli Lilly and Company

Oracle Service Bus: - When to use, where to use and when not to use

Roadmap from On-Premise to Cloud based Integration solutions from SAP

Service Mediation. The Role of an Enterprise Service Bus in an SOA

OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0

Increasing Business Efficiency and Agility for ATGbased. Systems. the business challenge: upgrading the development pipeline

Enabling ITIL Best Practices Through Oracle Enterprise Manager, Session # Ana Mccollum Enterprise Management, Product Management

The Importance of Information Delivery in IT Operations

About Us. 2 Managed Services E: sales@ironcovesolutions.com T: W: Our Mission. What We Do

Unlocking the Power of SOA with Business Process Modeling

Cisco Cloud Web Security

Improve business agility with WebSphere Message Broker

Service-Oriented Architecture and Software Engineering

Integrating Siebel CRM 8 with Oracle Applications

Transcription:

API Management Introduction and Principles by Vijay Alagarasan, Principal Architect, Enterprise Architecture and Strategy of Asurion Abstract: This article is focused on providing solutions for common problems faced by large enterprises implementing SOA when they try to transform digitally as the market demands. It covers pain points commonly faced by such enterprises, and how API management product capabilities can be used to eliminate issues. In addition, the article also provides a set of principles to keep in mind when implementing API management for an enterprise. Challenges faced by the Enterprises as they Transform Digitally Today, enterprises that have adopted SOA in the past want their information assets and capabilities exposed without any boundaries as they transform digitally. Change at the speed of innovation drives enterprises to be flexible, adaptable, and accessible, with varying levels of security. Product development teams are aimed to get the new products into the market within a few weeks, and are prepared to fail fast and go back. On the other hand, service providers are trying to meet those new demands and timelines. Large enterprises are desired to transform digitally and improve their agility in responding to market feedback. They want to get new features into the market within a week or so, just like startups. Enterprises want their minimal viable product (MVP) out before their competitors, and deliver the changes/features incrementally. This style of working demands small independent releases and favors A/B experiments in order to keep up with customer satisfaction. While experimenting with new techniques, they must somehow preserve their established market share and revenue streams that still run on legacy applications where the core business rules and processes are bundled. Most enterprises spent their dollars building SOA platforms in the last decade or so, and some of them are still in the migration process. Most of them bought expensive SOA suites, adopted one technology and built large SOAP web services. As their market expectations shift towards MVP, fail fast and faster response to customer feedback, first generation SOA principles are getting compromised at the service layer and the room for innovation is pushed out by a myopic focus on availability and stability. It's not just application-to-application or business-to-business communication anymore. Today, it can be between thing-to-thing, i.e. machine-to-machine. To meet such demands, the services have to be mobile friendly, for example RESTful Web APIs. Large SOAP Web services are not mobile or machine friendly. Some of the common challenges and question asked are: Contract inflexibility by forcing consumers to adapt to single contract, i.e. can you expose the same service as REST? Security mechanism inflexibility, i.e. do we have multiple authentication choices? The same service is exposed to more than one type of consumer. Data formatting inflexibility, i.e. can we expose the same service to the public and suppress PII? Documentation gaps due to ungoverned service profiles, i.e. do you have documentation for your service? Consumers don't have time to talk to your expert. Unable to allocate system capacity based on the consumer's value proposition, i.e. can services allocate more of their resources to agent applications than mobile applications? We don't to want to break existing customer satisfaction while we are trying something new. 1 www.servicetechmag.com

Unable to govern consumers, i.e. do you know who is consuming what? Can we handle unknown consumers? We are planning to drive innovation from third party developers. Trend analysis on consumer and provider behavior, i.e. is there a way to block a consumer? Forcing the consumer to upgrade due to service provider upgrade, i.e. why should the consumer change if they are not really impacted? They don't have time. Now product teams are all of a sudden expecting service operations and development teams to do this, and of course, they don't express in technical terms. If they have not yet asked for your enterprise, they will soon ask for it. So, how do we address these? It's not the best idea to solve these concerns for every service individually, or by the technology by which they were developed, or by the environment in which they were hosted. None of these options will drive consistency. It will become more expensive and will end up in more overheads to service providers and operations. Solving the problem may add more weight than the problem itself. API Management is the Remedy So, how do we enable the enterprises to reach their goals? An API management solution, which resolves these pain points in a centralized fashion, represents the Big SOA services as a slim-down API that has real, meaningful agility results. A range of enterprise-level API management solutions are now available in the market, like CA Layer 7, Apigee Edge, SOA Software, Intel Mashrey, TIBCO API Exchange, Microsoft API Management, etc. The enabling technology should at least include capabilities around: Appropriate user authorization access in securing API and service endpoints Dynamic routing and transformation for legacy solutions, including sensitive information protection in motion and at rest Mobile platform access to legacy enterprise queuing mechanisms Consumer quota management of resource consumption so shared services can guarantee a quality of service to all consumers Consumer/provider usage monitoring to aid in incident resolution and operational readiness Consumer self-service for service integration and consumption to accelerate new consumption models Service cataloging for API and service capability discovery to encourage service reuse API Management: Conceptual View Each API management solution available in the market achieves these capabilities differently. Each of them has different logical and physical product architecture. In general, there are four components: API Gateway API Developer Portal API Analytics Portal API Service Development UI 2 www.servicetechmag.com

The diagram below purely represents the conceptual view of API management. API Gateway: It's a logical and physical entity that sits between consumer and provider (backend services). Service providers are not visible to the consumers anymore; therefore all transactions must pass through the gateway services or proxy. In general, gateway exposes the backend services, such as Web APIs. However, it's not limited to Web APIs; they can also mediate SOAP, JMS, XMPP, AMQP, and WebSocket services. These capabilities will vary based on the API product, so the right product should be picked based on the enterprise needs. The key capabilities that it provides include, but are not limited to, the security, transformation, throttling, caching and routing. It separates concerns from service providers and allows the enterprise to manage them centrally. It also reduces cost for backend service providers and improves consistency across organizations. 3 www.servicetechmag.com

API Developer Portal: It's a self-servicing portal through which developers can register themselves to gain access to the Web APIs. Every API must be published to the portal. The primary goal of such a portal is to eliminate human dependency quickly onboard the known and unknown API consumers/developers. Of course, APIs should meet the consumer requirements for whatever product that they are aiming to build. Some of the key capabilities that are accomplished by the portal are API Key Management, Consumer/User Management, Subscription Management, API Discovery, API Lifecycle and API Documentation. API Analytics: Every gateway proxy or service must be hooked up with at least basic analytics. Most API products collect inbound and outbound metrics as soon as the API is published or enabled, which is essential to measure the API consumption trend. Analytics provide transparency around consumer behavior and the backend service behavior, and allows the API owner to proactively identify and allocate necessary capacity and resources based on the consumption trend. API Development UI: It's a user interface where the API services are developed, deployed, un-deployed and migrated. The API development UI, in general, comes with several built-in policies that can be configured to build services. Policies are building blocks for a gateway service. However, when there are no built-in policies available for a specific need, developers can also build custom policies. API Types APIs are required to be classified based on their visibility and scope. This allows for layout of a strategy, security, SLA, and to measure their performance based on their objective. Private APIs: These APIs are not visible outside of an enterprise. They are available only to the internal applications. Consumers are known. In general, the objective of these APIs is to drive down the cost. Public APIs: Public APIs are visible outside of an enterprise, i.e. they are publicly available for anyone to use. There are known and unknown consumers. In general, the objective for these APIs is monetizing the assets exposed to mobile, Telemetry collection, and drive innovation. Partner APIs: These APIs are visible only to partners. Consumers are known. In general, the objective for these APIs is collaborative business process and operation. These APIs sometimes fall under the realm of Private API when they are shared. Applied Principles for API Management For any new components that are introduced in software architecture, it's good to define the boundary conditions so that the solutions are implemented only for the intended purposes. This provides a scale to measure the solution quality and measure the criticality of the violation in terms of impact to the enterprise goals and benefits. Further, it enables technical debts to be logged and resolved as part of subsequent iterations. Likewise, there are 8 applied principles, which should be kept in mind when developing and implementing an API management solution for the enterprise. 4 www.servicetechmag.com

Name Description Rationale Implication API Gateway is lightweight API Gateway service includes the policies that are only related to: security, routing, caching, transformation and throttling. Having complex policy logics in API Gateway services degrades overall solution performance and will increase maintenance cost, leads to scalability concerns. API Gateway services should not include complex policy logics (e.g.: XPATH transformation rules, parsing the message body for routing), transformation rules, and business process orchestration. API Gateway layer may validate the consumers, apply data representation transformation, route the requests between backend services, and secure the backend services. Transport Headers and URL parameters are the only ones that should be used for routing, throttling, and security policies. API Gateway is Performant API Gateway services are designed and configured so that the API layer will perform with exceptionally low latency. API management should not add latency in order to keep up with the customer satisfaction and existing QoS agreement. Operations should monitor API usage and consumption and proactively add more nodes as the business grows. Eliminates the need for every backend service to implement caching and throttling to improve performance. Data from backend systems should be considered to deliver in lightweight formats for better performance. Consider reducing the data transformation complexity to improve performance. 5 www.servicetechmag.com

Measure and monitor the API gateway service latency and backend service latency to continuously improve. Include API Gateway as part of the performance testing, establish the API Gateway service benchmark, and validate the performance requirements. API Gateway availability API gateway is adequately available to handle traffic spikes, works around temporary failures in the enterprise backend, and fails gracefully in the event of a backend outage. The goal is to keep up with the availability requirements as required by the solution. API Gateway should be highly available since it brokers all the transactions between the consumer and provider. Mobile apps that leverage backend systems can lead to sudden growth in IT traffic that can result in crashes and consequent unavailability. API proxies should include policies to throttle incoming requests. Employ monitoring and alerts for the API Gateway and API Portal to ensure the availability of the gateway endpoints, backend service endpoints, gateway nodes, portal services, and portal nodes. Availability and stability is key to establish consumer trust and adoption. API Gateway services are built to handle the backend failures gracefully as needed by the solution. API Life cycle must be Managed API lifecycle has to be carefully governed to provide guidance for creation, assure the quality, and evolve for the needs. There is a need to manage the API changes gracefully for consumers to operate without any downtime. Assures that APIs are rationalized at definition and development, and managed as an asset that has a lifecycle. Define API maturity model and lifecycle stages with clear metrics that need to be obtained in each stage. Run notification and upgrade campaigns to migrate developers to new API versions in order to keep API maintenance cost low. 6 www.servicetechmag.com

Ensuring the APIs for its adherence towards architecture/design principles and QoS that it is required to meet. Manage API catalog in API developer portal so that consumers can API Methods are accessed by authorized consumers API services include policies to verify consumer authorization. The goal is to protect APIs and from unauthorized access appropriately as defined by security requirements. Managing the security in a centralized API management system reduces cost and improves security coverage. Protecting the informational assets from unauthorized users improves enterprise credibility with partners. Consider the API scope (public or private API) and employ the required security needs as needed by enterprise security. Ability to block, blacklist and whitelist the API consumers. API gateway should provide multiple options for consumers to authenticate and authorize, such as IAM systems, API key validation, mutual authentication, and service account-based access. APIs are monitored for utilization and behavior Collect metrics and to monitor APIs for usage, QoS compliance, exceptions, performance, latency, and much more, as needed. The goal is to be transparent with the utilization and behavior of the APIs and their associated backend services. Gain realtime visibility into API performance and trend analysis by tracking metrics overtime. Align the API consumption with the consumer's value proposition. Transparency around API consumption and how they are consumed. Every API gateway service must be hooked up with basic builtin analytics such as usage, exceptions, performance, and latency. Capture the exception information to measure the trend and drive those to resolution. Determining the consumer usage patterns so that the required resources can be allocated accordingly. 7 www.servicetechmag.com

APIs are Published with Documentation APIs are easy to understand and utilize. API developer portal offer interactive documentation and communication tools to make it easy to create and manage the applications built on APIs. Improves agility, as the developers build and test APIs without human dependency. Favors the atmosphere for building new solutions or applications by composing existing APIs faster and more cost effectively. Create and manage technical and interactive documentation for all the APIs and their methods. Self-servicing tools and processes are defined to perform user management, consumer management, key generation, and API provisioning. Manage subscription plans for the consuming applications and users. API roadmap is managed and published to all API consumers. Conclusion API management found its space in larger enterprises to keep them moving towards their digital transformation strategy. It adds a buffer to the transformation process so that the organization can migrate gracefully. In addition, an enterprise should also consider investing in a thoughtful API strategy. This would enable the enterprise to monetize their capabilities and information assets, driving innovation from the third party developer community via Open APIs. 8 www.servicetechmag.com

Vijay Alagarasan Vijay Alagarasan is a Principal Architect in the Enterprise Architecture and Strategy of Asurion, a leading global technology support and protection company (www.asurion.com). As a domain architect, his focus areas are services, API management and integration architecture horizontally across Asurion. His contribution includes defining applied principles, reference architecture, reference implementation, patterns and best practices for services, and API management and integration. He works closely with other domain and solution architects to take the Asurion services for future needs. Vijay Alagarasan specializes in Enterprise Architecture, Service Oriented Architecture, Microservices, API Management and Service Governance. He has also held the roles of Principal Software Engineer, Tech Lead, and Software Developer. He has more than 10 years of IT experience, with a Bachelor of Engineering degree in Computer Science and Engineering from the University of Madras in India. He has worked hands-on in various TIBCO Products, Layer 7, Web Technologies, Java and RDBMS products. His interests include API management, Service Oriented Architecture, Microservices, Internet of things, organic agriculture, environmental improvements, food and travel. Contributions API Management Introduction and Principles 9 www.servicetechmag.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information