Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Web APIs

Introduction to Web APIs

Exposing information through web APIs is quickly accelerating, with APIs being exposed by enterprises and governments, and being the de facto standard for startups. This deck provides answers to the following questions: What is a web API? Why is there so much buzz about it? What makes it different from classic SOA services? What technology and skills are needed to start exposing Web APIs? What's the difference between internal and external exposure of web APIs?This presentation will have a technical focus, while providing business context, including examples that illustrate business models and industry use of web APIs.

IBM API Management

May 10, 2013
Tweet

More Decks by IBM API Management

Other Decks in Technology

Transcript

  1. © 2013 IBM Corporation Introduction to Web APIs Rachel Reinitz,

    IBM Distinguished Engineer, ISSW Dinesh Shetty, Senior Certified IT Specialist, ISSW 2678
  2. 2 2 © 2013 IBM Corporation Please Note IBM’s statements

    regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
  3. 3 3 © 2013 IBM Corporation Agenda •API Economy –

    Understanding the space •Top APIs today •Industry Examples of Web APIs •Terminologies, Roles & Relationships •Fundamental Concepts - REST, XML & JSON •API Styles •Web API Use Cases – Internal & External •API Security •Caching
  4. 4 4 © 2013 IBM Corporation Exploding and Interconnected Digital

    Universe 33% of all new business software spending will be Software as a Service 1 billion workers will be remote or mobile 1 trillion connected objects (cars, appliances, cameras) 1B Mobile Internet users 30% growth of 3G devices Embracing New Technologies, Adopting New Business Models Mobility Cloud / Virtualization Social Business Bring Your Own IT Large existing IT infrastructures with a globalized workforce, 3rd party services, and a growing customer base 30 billion RFID tags (products, passports, buildings, animals) Cloud, mobile analytics, and social are fueling the hyper- growth of API-centric, business as-a-service economies
  5. 5 5 © 2013 IBM Corporation Example players in the

    new services economy Business functions delivered as API-centric services, enable businesses to co-create customer value with speed and scale “As-a-service” is disrupting the traditional business models and the technology consumption paradigm The evolution of SOA into technologies like REST allows for the externalization of core services through consumable APIs Trend established in web-centric companies, and enterprises are beginning new solution creation patterns – it changes the interaction patterns and processes across businesses and leverage analytics, mobile, social and cloud to differentiate Agile, scalable, and consumable business as-a-service, APIs is shifting the application development market as Cloud similarly shifted delivery of IT Transform the business model along sales, contracts, engagement, processes, development, and delivery towards a new scalable model $1.5B revenue of 10K+ affiliates Expecting $10B mobile transactions in 2012 40% total units sold by outside sellers 40% new business comes from non- CRM offerings API only company reaches 150,000 developers and 1.5M calls a day
  6. 6 6 © 2013 IBM Corporation API-centric model is at

    the core of mature born-on- the-web companies like Amazon, Google, and facebook Registrations in Programmable Web have more than doubled this year. At that pace we could see more than 100,000 APIs registered by 2016. By 2014, Gartner predicts that 75% of Fortune 1000 companies will expose some form of APIs +80B API Invocations per day APIs registered across a multitude of business areas 0 50000 100000 150000 200000 250000 300000 2004 2006 2008 2010 2012 2014 2016 2018 2020 Projected +300k APIs by 2020 We are here! All Fortune 1000 companies will have APIs by 2015 APIs as a strategic business tool for value co-creation and front-office digitization is growing in Fortune 1000 companies
  7. 7 7 © 2013 IBM Corporation Apps, APIs and API

    Mgmt… Business Owner IT Developer Consumers New business opportunities • New markets • Increase customers • Enhance branding • Competitive advantage Extend development team •Increase innovation •Increase scale Partner/supplier alignment Benefits Benefits Challenges Challenges Business strategy Infrastructure • Security • Creation • Scalability Operational control • Publish • Analyze • Monitor
  8. 8 8 © 2013 IBM Corporation Public, Open- To-All APIs

    Protected, Open- To-Partner APIs Private, Internal APIs • APIs are open to any developer who wants to sign up • Apps are more targeted towards end consumers • The business driver is to engage customers through external developers • APIs are open to select business partners • Apps could be targeted at end consumers or business users • The business driver is usually different, based on the data and type of business of the enterprise • APIs are exposed only to existing developers within the enterprise • Apps are usually targeted at employees of the enterprise • The business driver is more around productivity of employees Customers will require a combination of three API types
  9. 9 9 © 2013 IBM Corporation Consumers are Internal and

    External developers Consumers are Internal (and maybe partner) developers Embracing of open community/social business is critical Promote reuse within a company and sometimes with partners REST, leverage HTTP for Internet scale SOAP & protocol independent headers Easy of use based on simplicity and readability Interoperability and tooling consumption based on WSDL Fine grained, small amounts of data Coarse grained Relaxed consistency Option for transactionality & reliability True ‘black box’ separation between Web API and consuming app; simple contract More extensive contract between service provider and consumer… in enterprise implementations Web APIs are Different from SOA Services
  10. 11 11 © 2013 IBM Corporation Top APIs today.. and

    growing 8000 APIs and counting *Source: programmableweb.com Top APIs today Right now!
  11. 12 12 © 2013 IBM Corporation Philips hue API: Wireless

    Lighting • Provides wireless control of domestic lighting systems along with mobile apps • Opened an official developer program • Recognizes roadblock for bigger developers - lack of commitment and proper docs Source:http://techcrunch.com/2013/03/10/philips-hue-lighting-sdk-ios/ “Now what we want to do as Philips is we actually want to help and grow and encourage this community, and give them tools and proper documentation. Also, we want to give them commitment that this is the API and we’re going to support it and it won’t change overnight.” – George Yianni, Hue System Architect
  12. 13 13 © 2013 IBM Corporation PayPal API: Payments API

    • Launched X.commerce in 2011 for eBay integration • Demand for features and simplicity from developers • Newly launched REST APIs • Organized a developer lounge and competition “PayPal is making it easier for developers to accept payments from more than 123 million active accounts across 190 markets and in 25 currencies around the world, and we’d love to hear from you” - Company blog post @ http://blog.ebay.com
  13. 14 14 © 2013 IBM Corporation Singapore Expose Transportation Data

    through Web APIs and has many apps developed free by developers Article talking about program - http://dailycrowdsource.com/20-resources/projects/573-singapore- moves-towards-a-collaborative-government Transportation APIs example
  14. 15 15 © 2013 IBM Corporation •Terminologies, Roles & Relationships

    •Fundamental concepts • REST • XML • JSON 15
  15. 16 16 © 2013 IBM Corporation Terminologies: Web APIs, Mashups

    & Apps Web API A defined set of HTTP request messages along with a definition of the structure of response messages, typically expressed in JSON or XML Mashup A web page or application, that uses Web APIs to combine data, presentation or functionality from two or more sources to create new services. Web App An application accessed by users over the Internet or an intranet. The term may also mean a software application coded in a browser- supported programming language (such as JavaScript and markup language like HTML) Mobile App An application designed to run on smart phones, tablets and other mobile devices. Usually available through application distribution platforms, operated by the owner of the mobile OS. e.g. Apple App Store, Google Play, Windows Phone Store
  16. 17 17 © 2013 IBM Corporation Roles and Relationships App

    Developer Business User IT Person • Develops cool new applications against new public or private APIs • Understands one or more web programming languages • Spends his free time developing Apps too • Wants to reach new markets through new channels • Understands the business and value of assets being exposed • Needs to experiment with different programs and campaigns to drive adoption • Product Manages the initiative • Exposing public APIs might be new to the IT Person • Worried about security and scalability of infrastructure • Short on time to do new projects
  17. 18 18 © 2013 IBM Corporation REST 22 • Architectural

    style; Popular choice for building web applications • Verb = HTTP Action (GET, POST, PUT, DELETE) • Noun = the URI of the Service (the document) • Adjective = MIME type of the resulting document
  18. 19 19 © 2013 IBM Corporation XML • There are

    more XML APIs registered on programmableweb than JSON • But JSON as a choice and JSON only APIs are increasing quickly • XML continues to be leading choice of format for APIs • But payloads are kept simple • Developers rely on examples rather than XML schemas Example: popular telephony service from Twilio <TwilioResponse> <SMSMessage> <Sid>SM1f0e8ae6ade43cb3c0ce4525424e404f</Sid> <DateCreated>Fri, 13 Aug 2010 01:16:24 +0000</DateCreated> <From>+15104564545</From> <Body>A Test Message</Body> <Uri> /2010-04- 01/Accounts/AC228b97a5fe4138be081eaff3c44180f3/SMS/Messages/SM1f0e8ae6ade 43cb3c0ce4525424e404f </Uri> </SMSMessage> </TwilioResponse>
  19. 20 20 © 2013 IBM Corporation JSON (Java Script Object

    Notation) • Lightweight data-interchange format; • Based on a subset of the JavaScript Programming Language • Easy for humans to read and write. • Easy for machines to parse and generate • JavaScript has and is increasing in popularity for browser and beyond browser client applications Twilio example (cut down but you get the idea): {"sid": "SM1f0e8ae6ade43cb3c0ce4525424e404f“, "date_created": "Fri, 13 Aug 2010 01:16:24 +0000", "to": "+15305431221", "from": "+15104564545", "body": "A Test Message", "uri": "\/2010-04- 01\/Accounts\/AC228ba7a5fe4238be081ea6f3c44186f3\/SMS\/Messages\/SM1f0e8ae6ad e43cb3c0ce4525424e404f.json" }
  20. 21 21 © 2013 IBM Corporation •API Styles •Web API

    Use Cases • Internal • External 21
  21. 22 22 © 2013 IBM Corporation Proxies & Assemblies –

    Types of web APIs Order Service org/proxy1_order org/proxy2_customer Customer Service Invoke Service A HTTP/JSON Invoke Service B HTTP/JSON HTTP/JSON HTTP/JSON Client App Client Layer API Management Layer On Premise/Cloud Resource Eg. order/get/1234 Eg. customer/1099 Proxy Style Assembly Style
  22. 23 23 © 2013 IBM Corporation Typical Architecture – SaaS-based

    API solution DMZ Intranet Internet, Cloud Consumers
  23. 24 24 © 2013 IBM Corporation Typical Architecture – On-premise

    API solution Internet, Cloud DMZ Security Gateway Rich Internet Applications Dojo.base Dojo.dojox/ Dojox.mobile Dojo.data Navigation Controllers Templating (django) Other UI Tech Authentication Authorization Optimization Ecryption/Decryption Routing/ Transformation Enterprise Connectivity & Integration On-premise APIs Assemblies Proxies External App Developers IT Operations Business User Enterprise Information Systems Enterprise DataBase Core Application Backend Enterprise ESB Protocol Transformation Adapters REST Services SOAP Services HTP/XML HTTP/SOAP HTTP/JSON Other EIS HTTP/JSON/XML Mobile Applications Dojo XQuery Internal Mobile Apps (Internal) RIA Internal App Developers Intranet
  24. 26 26 © 2013 IBM Corporation Security mechanisms for Web

    APIs OAuth •Enables users to allow web applications to access other web applications on the user’s behalf Basic Auth •Passes Username and password with the request •Defined by the HTTP specification •Uses HTTP Header “Authorization” •Uses encoding, no encryption API Keys •Not based on any standard •Service Provider decides implementation •Keys act like signatures
  25. 27 27 © 2013 IBM Corporation Security Mechanisms - OAuth

    “The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf” FourSquare Twitter Steve, logged on Foursquare, wants to update his holiday location and also post the same on his Twitter page Twitter provides an access token for Foursquare allowing access to Steve’s twitter page Forsquare uses access token provided by twitter to make a post on twitter on Steve’s behalf Access token (no user id/password) required
  26. 28 28 © 2013 IBM Corporation Security mechanisms: API Keys

    •API Key ‒ Code passed by web applications calling an API (UUID or unique string) ‒ Establishes identity of the calling program, its developer, or its user to the Web site ‒ Used to track and control how the API is being used Measure, monitor Prevent abuse •Access Control ‒ API Keys and Secrets provide Authentication mechanism – e.g. EveryTrail API ‒ Implementation is decided by API provider
  27. 29 29 © 2013 IBM Corporation Implement Caching HTTP headers

    can contain caching directives HTTP/1.1 200 OK Date: Fri, 30 Oct 1998 13:19:41 GMT Server: Apache/1.3.3 (Unix) Cache-Control: max-age=3600, must-revalidate Expires: Fri, 30 Oct 1998 14:19:41 GMT Last-Modified: Mon, 29 Jun 1998 02:28:12 GMT ETag: "3e86-410-3596fbbc" Content-Length: 1040 Content-Type: text/html Caches improve network efficiency, improves scalability, and improves user-perceived performance of your API
  28. 30 30 © 2013 IBM Corporation Expanding to APIs –

    IBM Services has the Expertise to Ensure Your Success 3 0 • What should my API Strategy be? • How are APIs being used in my industry? • What is needed to expose and manage APIs? • What security do I need? • Who are my target developers? • How do I delivery and measure business value? • How do I get IBM API Management setup quickly? • Help me design my APIs? • How do I expose my backends as APIs? • Help me secure and scale my APIs? • How do I deliver reports to my management? • How do I integrate with existing infrastructure? API Centric Architecture Assessment Roadmap IBM Software Services for API Management For more information contact us at [email protected]
  29. 31 31 © 2013 IBM Corporation • Emerging technology resources

    including proven, prescribed, and repeatable assets & offerings to accelerate Mobile, Cloud, and Smarter Process adoption. • Access to worldwide skills, capabilities, and education that only IBM Software Services for WebSphere can bring to your project. • Practitioners’ insight on project trends, best practices and emerging technologies through personal videos, blogs, articles & more. • Discover defined and proven offerings to get your project started quickly. ibm.com/websphere/serviceszone/ ibm.com/websphere/serviceszone/ Visit us in the Solution Center: • Services, Support and Education Zone • Smarter Process Zone IBM Software Services Zone for WebSphere
  30. 32 32 © 2013 IBM Corporation We love your Feedback!

    Don’t forget to submit your Impact session and speaker feedback! •Your feedback is very important to us – we use it to improve next year’s conference •Go to the Impact 2013 SmartSite (http://impactsmartsite/com): ‒ Use the session ID number to locate the session ‒ Click the “Take Survey” link ‒ Submit your feedback
  31. 33 33 © 2013 IBM Corporation Legal Disclaimer • ©

    IBM Corporation 2013. All Rights Reserved. • The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. • References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. • If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete: Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. • If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete: All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. • Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server). Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in your presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. • If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. • If you reference Java™ in the text, please mark the first use and include the following; otherwise delete: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. • If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete: Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. • If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete: Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. • If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete: UNIX is a registered trademark of The Open Group in the United States and other countries. • If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete: Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. • If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.