Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Liberating your Data with APIs and how Business...

API Strategy & Practice Conference
April 24, 2015
Technology
1
150

Liberating your Data with APIs and how Businesses are succeeding through the API Economy

API Strategy & Practice Conference

April 24, 2015
Tweet

More Decks by API Strategy & Practice Conference

See All by API Strategy & Practice Conference
APIStrat 2016 | The end of polling: why and how to transform a REST API into a Data Streaming API (Audrey Neveu)
apistrat
12
280
APIStrat 2016 | OpenAPI Trek: Beyond API Documentation (Arnaud Lauret)
apistrat
5
220
APIStrat 2016 | Flying Dreams: Real-Time Communication from the Edge of Space (Jonathan Barton, Neha Abrol)
apistrat
1
120
APIStrat 2016 | On-prem support? That was so 1982 (Charlie Ozinga)
apistrat
0
99
APIStrat 2016 | Effortless microservices in production with Kubernetes (Ken Wronkiewicz)
apistrat
0
130
Song by Tony Blank
apistrat
0
150
API Lifecycle Manager by Steve Fonseca
apistrat
2
220
APIs In The Enterprise: How Walgreens Formed It's Digital Business by Drew Schweinfurth
apistrat
1
360
Developers Are Difficult by Andrew Noonan
apistrat
0
120

Other Decks in Technology

See All in Technology
re:Invent 2024 Innovation Talks(NET201)で語られた大切なこと
shotashiratori
0
310
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
180
AI時代のデータセンターネットワーク
lycorptech_jp
PRO
1
280
2024年にチャレンジしたことを振り返るぞ
mitchan
0
140
祝!Iceberg祭開幕!re:Invent 2024データレイク関連アップデート10分総ざらい
kniino
3
260
Amazon Kendra GenAI Index 登場でどう変わる? 評価から学ぶ最適なRAG構成
naoki_0531
0
110
生成AIをより賢く エンジニアのための RAG入門 - Oracle AI Jam Session #20
kutsushitaneko
4
220
KubeCon NA 2024 Recap / Running WebAssembly (Wasm) Workloads Side-by-Side with Container Workloads
z63d
1
250
大幅アップデートされたRagas v0.2をキャッチアップ
os1ma
2
530
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
150
Postman と API セキュリティ / Postman and API Security
yokawasa
0
200
LINEヤフーのフロントエンド組織・体制の紹介【24年12月】
lycorp_recruit_jp
0
530

Featured

See All Featured
The World Runs on Bad Software
bkeepers
PRO
65
11k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Reflections from 52 weeks, 52 projects
jeffersonlam
347
20k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
17
2.3k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
5
450
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
810
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
2
290
Rails Girls Zürich Keynote
gr2m
94
13k
Into the Great Unknown - MozCon
thekraken
33
1.5k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
How to Ace a Technical Interview
jacobian
276
23k

Transcript

  1. © 2015 Axway | Confidential 1 Liberating your Data with

    APIs and how Businesses are succeeding through the API Economy Philipp Schöne #PhSchoene Solution Lead API Management, Axway #APIDays Berlin 2015

  2. © 2015 Axway | Confidential 2 Chapter: 1.Digital Business

  3. © 2015 Axway | Confidential 3 Digital Business Changes Everything

  4. © 2015 Axway | Confidential 5 Digital Business Changes Everything

  5. © 2015 Axway | Confidential 6 Digital Business has no

    Border • Digital products are King • Omni-channel experiences require a new approach • Architecting for Mobile isn’t enough

  6. © 2015 Axway | Confidential 7 Digital Business has no

    Speed Limit

  7. © 2015 Axway | Confidential 8 But it has a

    connection… • Transport: – http(s) • Format: – XML – JSON – … • Style: – SOAP / SOA – REST – …

  8. © 2015 Axway | Confidential 10 Chapter: 2. “DaaS Success

    Stories”

  9. © 2015 Axway | Confidential 11 D&B Direct – Data

    as a Service (DaaS) • New Channel for integration • API Portal and API Gateway

  10. © 2015 Axway | Confidential 12 DaaS Use Cases •

    Lead Form • Supplier Risk Mitigation • Credit/Fraud Risk Evaluation • Master Data Management

  11. © 2015 Axway | Confidential 13 End-to-End Business Visibility Importance

    of end-to-end IT and business visibility for APIs

  12. © 2015 Axway | Confidential 14 DaaS APIs changeing customer

    interaction Before: After: 5 days 8-16 o‘clock 365 days 24h

  13. © 2015 Axway | Confidential 15 DaaS APIs fuelling innovation

  14. © 2015 Axway | Confidential 16 Public Services through API

    Backplane

  15. © 2015 Axway | Confidential 17 Customers can search –

    Online and via mobile apps – for nearby charging stations to ‘fuel’ their electric vehicle. They can differentiate on type and availability and even monitor the status during charging. All data is fetched and stored dynamically via services exposed via Amazon Web Services Powering Mobile Apps

  16. © 2015 Axway | Confidential 19 Chapter: 3. “API First”

  17. © 2015 Axway | Confidential 20 API First vs. SOA

    The API is the contract …and the product WSDL is the Contract Backend App is the Product APIs SOA/ESB Courtesy of Kevin Kohut, Accenture ( @Kkohut )

  18. © 2015 Axway | Confidential 21 The API First Equation

    The API is the Contract APIs are a product API First! Courtesy of Kevin Kohut, Accenture ( @Kkohut )

  19. © 2015 Axway | Confidential 22 API First hiding legacy

    • The API Mullet – APIs in the Front, Business in the Back • Enables “API First”

  20. © 2015 Axway | Confidential 23 Chapter: 4. Security

  21. © 2015 Axway | Confidential 24 APIs – A soft

    underbelly? Security vulnerabilities related to APIs

  22. © 2015 Axway | Confidential 25 API Security 18th Aug

    '13 - (yes, 2013!) Initial contact made with vendor. After a few e-mails back and fourth their reasoning was legacy code and they'll "get right on it". 26th Sep '14 - Follow up e-mail. Issue still not resolved. ETA "before Christmas" 5th Jan '15 - Vulnerability still exists with ample amount of time given to vendor to fix the issue. Bad stories continue…

  23. © 2015 Axway | Confidential 26 Call for Action….

  24. © 2015 Axway | Confidential 27 Call for an „API

    Firewall“

  25. © 2015 Axway | Confidential 28 Security/Threat protection Threat Mitigation

    •API Firewalling •Embedded AV •Thortteling and Quotas •Deny by Default Transport Security •Secure by Default Assistance •SSL / TLS •HSM Integration Fine grained Access Control •IAM Connectors •OAuth (Client+Server) •OpenID Connect Data Integrity •Signature •Encryption •Schema Validation Certification and Compliance •FIPS 140-2 •CC-EAL2 •CSPN •PCI • Central Security Configuration and Control • Visibility at all Levels • Integration with exsisting Security Infrastructure like SIEM • Supports Scenarios with high Compliance Mandates like PCI or HIPPA • Allows Fine grained Access Control based on exisiting IAM

  26. © 2015 Axway | Confidential 29 Full API Management in

    Action API Portal Register Connect Developers Production Apps API Gateways Manage Admins Secure Policy Metrics End-Users Use Production Development Connect Secure Development Apps Test Get API Keys, OAuth Client IDs and Client Secrets

  27. © 2015 Axway | Confidential 30 keep in touch @PhSchoene

    [email protected] Linkedin.com Xing.com