Liberating your Data with APIs and how Businesses are succeeding through the API Economy

Transcript

1. © 2015 Axway | Confidential 1 Liberating your Data with

   APIs and how Businesses are succeeding through the API Economy Philipp Schöne #PhSchoene Solution Lead API Management, Axway #APIDays Berlin 2015

2. © 2015 Axway | Confidential 2 Chapter: 1.Digital Business

3. © 2015 Axway | Confidential 3 Digital Business Changes Everything

4. © 2015 Axway | Confidential 5 Digital Business Changes Everything

5. © 2015 Axway | Confidential 6 Digital Business has no

   Border • Digital products are King • Omni-channel experiences require a new approach • Architecting for Mobile isn’t enough

6. © 2015 Axway | Confidential 7 Digital Business has no

   Speed Limit

7. © 2015 Axway | Confidential 8 But it has a

   connection… • Transport: – http(s) • Format: – XML – JSON – … • Style: – SOAP / SOA – REST – …

8. © 2015 Axway | Confidential 10 Chapter: 2. “DaaS Success

   Stories”

9. © 2015 Axway | Confidential 11 D&B Direct – Data

   as a Service (DaaS) • New Channel for integration • API Portal and API Gateway

10. © 2015 Axway | Confidential 12 DaaS Use Cases •

    Lead Form • Supplier Risk Mitigation • Credit/Fraud Risk Evaluation • Master Data Management

11. © 2015 Axway | Confidential 13 End-to-End Business Visibility Importance

    of end-to-end IT and business visibility for APIs

12. © 2015 Axway | Confidential 14 DaaS APIs changeing customer

    interaction Before: After: 5 days 8-16 o‘clock 365 days 24h

13. © 2015 Axway | Confidential 15 DaaS APIs fuelling innovation

14. © 2015 Axway | Confidential 16 Public Services through API

    Backplane

15. © 2015 Axway | Confidential 17 Customers can search –

    Online and via mobile apps – for nearby charging stations to ‘fuel’ their electric vehicle. They can differentiate on type and availability and even monitor the status during charging. All data is fetched and stored dynamically via services exposed via Amazon Web Services Powering Mobile Apps

16. © 2015 Axway | Confidential 19 Chapter: 3. “API First”

17. © 2015 Axway | Confidential 20 API First vs. SOA

    The API is the contract …and the product WSDL is the Contract Backend App is the Product APIs SOA/ESB Courtesy of Kevin Kohut, Accenture ( @Kkohut )

18. © 2015 Axway | Confidential 21 The API First Equation

    The API is the Contract APIs are a product API First! Courtesy of Kevin Kohut, Accenture ( @Kkohut )

19. © 2015 Axway | Confidential 22 API First hiding legacy

    • The API Mullet – APIs in the Front, Business in the Back • Enables “API First”

20. © 2015 Axway | Confidential 23 Chapter: 4. Security

21. © 2015 Axway | Confidential 24 APIs – A soft

    underbelly? Security vulnerabilities related to APIs

22. © 2015 Axway | Confidential 25 API Security 18th Aug

    '13 - (yes, 2013!) Initial contact made with vendor. After a few e-mails back and fourth their reasoning was legacy code and they'll "get right on it". 26th Sep '14 - Follow up e-mail. Issue still not resolved. ETA "before Christmas" 5th Jan '15 - Vulnerability still exists with ample amount of time given to vendor to fix the issue. Bad stories continue…

23. © 2015 Axway | Confidential 26 Call for Action….

24. © 2015 Axway | Confidential 27 Call for an „API

    Firewall“

25. © 2015 Axway | Confidential 28 Security/Threat protection Threat Mitigation

    •API Firewalling •Embedded AV •Thortteling and Quotas •Deny by Default Transport Security •Secure by Default Assistance •SSL / TLS •HSM Integration Fine grained Access Control •IAM Connectors •OAuth (Client+Server) •OpenID Connect Data Integrity •Signature •Encryption •Schema Validation Certification and Compliance •FIPS 140-2 •CC-EAL2 •CSPN •PCI • Central Security Configuration and Control • Visibility at all Levels • Integration with exsisting Security Infrastructure like SIEM • Supports Scenarios with high Compliance Mandates like PCI or HIPPA • Allows Fine grained Access Control based on exisiting IAM

26. © 2015 Axway | Confidential 29 Full API Management in

    Action API Portal Register Connect Developers Production Apps API Gateways Manage Admins Secure Policy Metrics End-Users Use Production Development Connect Secure Development Apps Test Get API Keys, OAuth Client IDs and Client Secrets

27. © 2015 Axway | Confidential 30 keep in touch @PhSchoene

    [email protected] Linkedin.com Xing.com