API Management Buyers Guide. White Paper



Similar documents
The StrikeIron API Management Solution

A Comprehensive Solution for API Management

API Management: Powered by SOA Software Dedicated Cloud

Avoid the Hidden Costs of AD FS with Okta

Helping organizations secure and govern application services for SOA, Web and the Cloud

API Architecture. for the Data Interoperability at OSU initiative

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Cloud Service Brokerage Case Study. Health Insurance Association Launches a Security and Integration Cloud Service Brokerage

Sentinet for BizTalk Server SENTINET

Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com

Apigee Edge API Services Manage, scale, secure, and build APIs and apps

APIs The Next Hacker Target Or a Business and Security Opportunity?

Getting started with API testing

The Top 5 Federated Single Sign-On Scenarios

Sentinet for BizTalk Server SENTINET 3.1

Hubspan White Paper: Beyond Traditional EDI

The bridge to delivering digital applications across cloud, mobile and partner channels

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

HOW TO BUILD AN ENTERPRISE APl PLATFORM 20 WAYS. TO BETTER DELIVER, MANAGE & SECURE APIs

SaaS A Product Perspective

White Paper: Security and Agility in the API Economy. Optimizing and securing your APIs with ViewDS Identity Solutions and Layer 7

C05 Discovery of Enterprise zsystems Assets for API Management

Feature Guide Elastic Path Subscriptions (toll-free within North America) (outside North America)

MOBILIZING ORACLE APPLICATIONS ERP. An Approach for Building Scalable Mobility Solutions. A RapidValue Solutions Whitepaper

SOA and API Management

How your business can successfully monetize API enablement. An illustrative case study


5 Pillars of API Management with CA Technologies

SaaS-Based Employee Benefits Enrollment System

DEVELOP ROBOTS DEVELOPROBOTS. We Innovate Your Business

Fairsail REST API: Guide for Developers

Installation and Administration Guide

Buyers Guide to ERP Business Management Software

Clearing the Fog: Understanding z Systems Cloud Technology Options

Mobile Data Virtualization. From Managing Devices, to Apps, to Business Data through Mobile Data Access APIs

Extending the Benefits of SOA beyond the Enterprise

Accelerating Business Value by

A new Breed of Managed Hosting for the Cloud Computing Age. A Neovise Vendor White Paper, Prepared for SoftLayer

Choosing the Best Mobile Backend

Sage Integration Cloud Technology Whitepaper

How To Integrate With Salesforce Crm

Is Liferay Right for Your Organization? Seven Things to Consider When Choosing a Portal Platform

Why Choose a Cloud ERP and Financial Solution?

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Looking for a fast, easy and effective way to create your company website? Look no further. Kentico CMS

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

Deploy. Friction-free self-service BI solutions for everyone Scalable analytics on a modern architecture

3scale Plus Amazon API Gateway Equals Full Complement API Program Management

Integrating Single Sign-on Across the Cloud By David Strom

Realize More Success with Software-plus-Services. Cloud-based software from Microsoft Dynamics ERP

BUSINESS INTELLIGENCE. Keywords: business intelligence, architecture, concepts, dashboards, ETL, data mining

IBM API Management Overview IBM Corporation

The increasing popularity of mobile devices is rapidly changing how and where we

Is Your Mobile App Platform RFP Asking The Right Questions?

Oracle Cloud Platform. For Application Development

Sentinet for Windows Azure SENTINET

Oracle Public Cloud - An Enterprise Cloud for Business Critical Applications

Building The Business Case For Launching an App Store

Microsoft Power BI. Nov 21, 2015

White paper Contents

IBM WebSphere Application Server

Middleware- Driven Mobile Applications

Simplify Software as a Service (SaaS) integration

Donky Technical Overview

Extend and Enhance AD FS

Cloud-Era File Sharing and Collaboration

An Oracle White Paper Dec Oracle Access Management Security Token Service

W H I T E P A P E R C l o u d E n a b l i n g P l a t f o r m s f o r S e r v i c e P r o v i d e r s, U p d a t e (

The Role of the Operating System in Cloud Environments

Integrating Enterprise Reporting Seamlessly Using Actuate Web Services API

Table of Contents. Abstract. Cloud computing basics. The app economy. The API platform for the app economy

Requirement Priority Name Requirement Text Response Comment

Customer Cloud Architecture for Mobile

Customer Cloud Architecture for Mobile

White Paper: Cloud Identity is Different. World Leading Directory Technology. Three approaches to identity management for cloud services

VIEW POINT. Accelerate Digital Connectedness through API Management. Abstract

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

REAL ESTATE PORTAL SOLUTION. Ver 1.11

Interoperability and Portability for Cloud Computing: A Guide

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy

SAGE 300 ERP ADD-ONS. GreyMatrix. Salesforce. Integration. Auto Revise Quote. ecommerce Magento. Integration. Document.

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

Build Your Mobile Strategy Not Just Your Mobile Apps

Harnessing the Power of the Microsoft Cloud for Deep Data Analytics

BUILDING SAAS APPLICATIONS ON WINDOWS AZURE

Apigee Gateway Specifications

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation

Datameer Cloud. End-to-End Big Data Analytics in the Cloud

Why Redknee s Pre-Integrated Real-Time Billing and Customer Care Solution is the Right Choice for CSPs

Symantec Managed PKI Service Deployment Options

How To Build A Digital Business From The Ground Up

ENTERPRISE MOBILE BACKEND AS A SERVICE EVALUATION CHECKLIST

Open ebay Apps Jumpstart

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

Cloud computing with the Azure platform

SkySight: New Capabilities to Accelerate Your Journey to the Cloud

Securing the Digital Enterprise

E-GUIDE. Cloud Services Brokerage: An Educational Brief

The Technical Differential: Why Service Providers Choose VMware for Cloud-Hosted Desktops as a Service

REST web services. Representational State Transfer Author: Nemanja Kojic

Transcription:

API Management Buyers Guide White Paper

What Is an API? The value of your software, data, or other digital assets can be dramatically increased by reaching new audiences. This is possible through the use of APIs, or Application Programming Interfaces. APIs have been used for decades to connect the functionality of one piece of software or data to another. APIs allow you to make your data or software compatible, secure, and easily available to a larger market. Web APIs in particular are more recent and gaining in popularity. Some of the connections made possible by web APIs include mobile applications, software-as-a-service applications, on-premises software (only accessible within the internal organization s network), and IoT (Internet of Things) devices. These connections would not be easy, or even possible, without API management. Why Do I Need API Management? API management gives you control over security, user provisioning/revocation, authentication, authorization, usage limitations, billing, and backend hosting. You also gain the tools needed to enable your API consumers to understand and integrate the APIs into their own applications. An API management platform enables you to provide the front end management, backend hosting and operational support for web APIs. The most important management issue when using an API is security to protect you and your end user s information. The most important management issue when using an API is security to protect you and your end user s information. Security flaws in web APIs have made the news as they become more prevalent. For example, car manufacturer Tesla Motors installed an API on one of its car models that allowed customers to control their car s features using their cellphones. In August 2013 it was reported that third parties could use security flaws in the Tesla API to potentially gain control of the car s automatic locks, change climate controls, flash headlights, and even honk the horn. Good API security measures could have prevented these issues and could have prevented Tesla Motors from negative publicity. If you are interested in making your digital assets available through an API, choosing the right API management solution is critical for secure, managed access to your assets. This paper outlines where to begin your search for an API management solution that fits your high-level strategy, lists the essential buying criteria you can use to evaluate solutions, and provides next-steps and additional resources.

Begin by Defining Metrics, Target Audiences, and Go-to-Market Prior to evaluating API management solutions, you should create a high-level strategy. First, you should think about what your success criteria are for your API. What goals and success metrics will you use to measure your progress against these goals? A critical part in establishing your success metrics is understanding the audience who will be consuming your API, as well as your go-to-market strategy. There are three main API audiences: internal, partner, and public. Internal APIs are meant to only be consumed inside of the digital asset owner s organization. For example, an internal API may enable your organization s salespeople to see inventory from within a private mobile application. Typically, organizations do not charge for internal APIs, although there are cases where usage could be applied to cost center accounting. Partner APIs are created to share information and data with a partner s controlled systems. For example, a supplier s partner API may be used to provide a reseller s sales team with inventory data for the supplier s products in mobile applications. Normally, partner APIs are not monetized, although there are cases where costs could be charged to the partners or the suppliers. Finally, public APIs are developed to be consumed by a much wider community. Provisioning of these APIs can vary from automatic approval of anyone who expresses interest to manual approval, including contract negotiations. These APIs can either be free to use, or the developer (or even end user) can be charged. There are many business models that are used in the case of paid APIs. Another key aspect of your API strategy is go-to-market. Your go-to-market strategy will depend on the goals and audience for your API, but your plan for driving awareness and demand for your API is critical to reaching your goals. Perhaps your API is an overlay to your existing business which can leverage the same go-tomarket strategy that has made your core business successful. Alternatively, your API may be a new product with a new set of customers, so your go-to-market strategy may be completely new. Creating a set of goals and metrics to measure your success towards these goals is the first step in choosing an API management solution. Once your strategy is outlined, you can use the following set of buying criteria to find a solution that fits your needs. Buying Criteria The API management market is rapidly evolving with a variety of vendors and products. Some vendors have come from the service-oriented architecture (SOA) space and morphed their solutions into more general API management solutions. Others are focused around building commercially-consumable APIs as a key foundation for your business covering operational and business models comprehensively. Some solutions are geared towards a low cost-higher effort customization. In the interest of an unbiased approach, this guide will not include specific vendor recommendations. Instead, it provides a set of criteria that will enable you to hone in on the solution that best meets your business needs. These criteria include hosting, provisioning,

business model support & billing, technology support, security, and developer enablement tools. If you have any questions or comments on any of these criteria or any recommendations, please do not hesitate to contact StrikeIron, Inc. via the contact information listed at the end of this paper. Hosting One of the first questions you need to answer, even before you consider API management vendors, is where you are going to host the data and/or software that will be producing the API. These are the four basic API management models: API Management and Back-End-as-a-Service Model Profile: This is the most complete API management solution. The API management vendor is fully responsible for hosting both the endpoint (where the end user accesses the API) and the infrastructure with the back-end data or software for the API. Benefits: A turnkey solution to create and manage an API without having to invest in the operational burden of providing 24/7/365 support, managing scalability, and other functions. Risks: Finding a vendor you can trust to maintain your API infrastructure reliably. Cloud Proxy / Façade Model Profile: The user endpoint for the API is hosted in a public cloud environment and managed by the API management vendor. The user endpoint API then calls your internal API that you are responsible for hosting. Benefits: If you already have an unmanaged API, the time to market for a managed API is very small. Risks: Puts the burden of managing the API infrastructure, including uptime, scalability, and support on you. Gateway Model Profile: You onboard and host the API management platform in your existing infrastructure. You will be responsible for all user endpoints as well as full operational support of the API end-toend. Benefits: You control the entire API infrastructure. Risks: Hosting and controlling the entire API infrastructure is a large operational burden. Instrumented Model Profile: You are responsible for hosting the API, the user endpoints and instrument your code for callouts to the API management vendor for operations like authentication and usage tracking. Benefits: You control the user endpoints. Risks: You manage the API infrastructure while also being exposed to potential downtime issues from the API management vendor. Another downside is that you have to modify your source code, typically in many places, for full support.

Provisioning Provisioning users with access to your API is a critical task that, depending on your strategy, may behave in different ways. (The same is true for revocation of users.) For example, you may want to provision API consumers automatically for a free, limited trial, and then later require your sales or sales operations team to sign them up for a paid subscription. Alternatively, you could require approval for each API consumer. You may even want to enable an e-commerce self-service type of environment for your API consumers, so they can purchase paid subscriptions. Provisioning can also occur from a management portal or via an API that is integrated into your CRM, ERP, or other systems. The API management solution you choose should map to your strategy while providing the flexibility to support a wide assortment of provisioning options. The API management solution you choose should map to your strategy while providing the flexibility to support a wide assortment of provisioning options. Business Model Support and Billing If you want to monetize your API, support for different business models will be a primary consideration. You should create a hypothesis about the business model(s) you plan on supporting when creating your API strategy, but make sure to choose an API management vendor that supports a variety of models. The models that resonate most with your customer base may not be what you initially expected. Commercial APIs are typically monetized with one or more of the following business models. In arrears / pay-as-you-go At the end of a time period, typically a month, the customer is billed for usage. Monthly The customer is billed monthly for either unlimited usage or based on a subscription tier (e.g. 1,000,000 API calls per month). Annual The customer is billed annually for either unlimited usage or based on a subscription tier (e.g. 10,000,000 API calls per month). Bucket The customer buys a bucket of transactions that they can consume over time. The bucket may or may not expire. Each model can have an overage amount that is applied at a different rate. Additionally, each model will have to support different prices for each customer, subscription tiers, etc. A freemium model (providing free access but charging for advanced optional features) can be layered on each of the business models above.

Finally, some APIs are monetized using more traditional business models like servers used or perseat licenses (the number of individual users in a single account), along with other options. While there are other types of API monetization models, most fit into those listed above. In addition to the business models, you will need to be able to bill for the API usage. Typically this is done with either credit card transactions or direct invoicing. Your selected API management solution should be already equipped to support flexible billing options. API Technology Support There are a variety of standards for calling web APIs. There are four main terms to be familiar with when evaluating the types of APIs that an API management solution supports. XML (Extensible Markup Language) One of the two common document types that are used for calling and receiving data with web APIs. Both SOAP and REST support XML (see below). Unless you are completely sure your customers will not want SOAP or XML, it is best to select an API management solution that includes native support for REST, SOAP, XML, and JSON. JSON (Javascript Object Notation) The other common format for exchanging data with web APIs. JSON is only used with REST, not SOAP which is entirely XML-based. REST (Representational State Transfer) A very popular method for implementing and calling web APIs that can use both XML and JSON. Its design goal is to parallel resource-based web pages with a limited, standardized set of operations called verbs. The URI (web address, or Uniform Resource Identifier) is typically used to specify the verb and resource. SOAP (Simple Object Access Protocol) Another popular way to implement web APIs. It is dependent entirely on XML and is more flexible in defining a collection of methods. The downside: It is more complex and results in more data transfer, which is a disadvantage for environments with slow or restricted data transfer like mobile networks. SOAP toolkits exist for most popular programing languages to streamline developer implementation. Although REST and JSON are getting the most attention right now, there is still a population of developers that are more comfortable with other common standards like SOAP and XML. Unless you are completely sure your customers will not want SOAP or XML, it is best to select an API management solution that includes native support for REST, SOAP, XML, and JSON. This enables you to implement your APIs with each variant to streamline integration. Security Security is critical to any API. As APIs become more and more commonplace, API hacking will soon follow. Ensuring a secure API involves two main areas: User endpoint security and infrastructure security. The first (and simplest) rule of user endpoint security is that all user endpoints are called via

HTTPS. This encrypts all traffic over the Internet. While simple, some API consumers ignore this very simple security mechanism and send their information on the Internet unencrypted. There are a variety of security paradigms in place for API calls, including implementation of UserID / Password combinations, license keys, and OAuth. OAuth is gaining popularity due to the extensibility for use in new scenarios where users are allowing applications to interact with their accounts on social networks. For example, if you have given an application like bit.ly, Hootsuite, or many more the ability to post to Twitter or Facebook for you, you used OAuth. All authentication and authorization alternatives have their positives and negatives, so choosing a platform that supports several different mechanisms ensures the most flexible alternative. With the exception of the API Management and back-end-as-a-service model, the burden of infrastructure security rests on you. This means you must make sure your infrastructure is safe from hacking, including SQL injections, open port exploitation, Distributed Denial of Service (DDoS) attacks, and many other security holes. Developer Enablement Developer enablement is critical in getting API consumers to discover and integrate your API, in turn making your assets more valuable. The tactics and tools needed for developer enablement depend on the API audience you are addressing. For example, good documentation, sample source code, and API exploration tools are likely sufficient for internal and partner APIs where the audience is small, controlled, and limited. With public APIs you should make sure your API management vendor knows API adoption and go-tomarket, so they can help you get the most valuable adoption possible for your API. At a minimum, the developer enablement solutions should include: Tools to build a customer portal, including providing customers with visibility into their current API access, subscriptions, and account information; and either gated or un-gated access to developer-enablement toolkits. Sample source code in languages relevant to your audience. Interactive tools to test the API without writing code. Documentation to streamline API adoption. Registration support. Next Steps in Your API Journey The sections in this paper should help you both formulate your API strategy and choose the one solution that best meets your needs. Each vendor s solutions, including StrikeIron s IronCloud platform, has its positives and negatives. As you develop your strategy, you may also want to review the whitepaper Developing, Deploying, and Delivering Web APIs. If you have any questions on getting started or selecting the right API management platform, drop us an email at info@ or +1 919.467.4545.

About StrikeIron StrikeIron serves customers around the world by delivering an end to end API Management cloud platform, IronCloud, and data-driven API solutions. We provide email verification and hygiene, address verification, phone validation, phone append, SMS text messaging, and sales tax solutions to organizations in a variety of markets. StrikeIron solutions are delivered as Web services that can be easily integrated into any application or system. Additionally, our solutions are pre-integrated into leading platforms like: Magento, Marketo, Eloqua, Salesforce.com, Informatica, Oracle CRM On- Demand and more. Visit us on the web at www.. COPYRIGHT STRIKEIRON. ALL RIGHTS PROTECTED AND RESERVED.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information