Upgrade to Pro — share decks privately, control downloads, hide ads and more …

API management

API management

API worshop in Tampere

Jarkko Moilanen, PhD

March 05, 2020
Tweet

More Decks by Jarkko Moilanen, PhD

Other Decks in Technology

Transcript

  1. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS
    API management
    Jarkko Moilanen (PhD, 3D printing ecosystem)
    Chief Development Officer, Platform of Trust
    Author of API Economy 101
    Business Lead of API management solution (2017)
    Founder of APIOps (2015)
    ”Doctor of Developer eXperience”
    2nd PhD in process (Data Economy and DX)
    @Twitter_name
    Experiences from the field
    Ewww!
    In Twitter:
    @Jarkko_Moilanen

    View Slide

  2. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    From open source to APIs
    Linus Torvalds Roy Fielding
    1990 – open source 2000 – Open APIs

    View Slide

  3. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    We have just couple of private APIs and 1
    public API…
    Once you start going API first, the amount
    and variety of APIs grows fast!
    Why?

    View Slide

  4. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    Modern architectures are filled with APIs
    According to Benzell et
    al API adoption
    increases firms' market
    value by 10.3%
    Architectural flexibility
    Expected by the
    markets
    Easier use (and
    replacement) of
    external services as
    part of the solution

    View Slide

  5. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    You need to manage sh*t load of APIs
    You need to manage all of them

    View Slide

  6. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    FOCUS NORMALLY:
    Technical API management
    - is the easy and boring part.
    FOCUS SHOULD BE:
    API Governance
    - is tricky and interesting!
    The tool to use is more often given dispite of
    what you say. Corpate rules…

    View Slide

  7. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS
    Technical API management
    @Twitter_name

    View Slide

  8. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    Plenty of options to choose
    from
    Full Life Cycle API management
    • Product Management oriented
    All pretty good – looks shiny.
    None can deliver excellent
    solution as is
    Result: top companies build a
    puzzle (mix of commercial, open
    source and in-house)

    View Slide

  9. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    • API Discovery (Catalog, Search and
    Provisioning)
    • API Security (SSL, PKI, threat protection,
    schema validation, encryption, signatures,
    etc)
    • API Identity (AuthN & AuthZ, API key, OAuth,
    SAML, LDAP, proprietary IAM, multifactor,
    token translation & management)
    • API Orchestration (adaptation of multiple
    services, workflow operations, branching
    policies, etc.)
    • Uniform interface/proxy to multiple backend
    messaging protocols (JMS, RMI etc)
    • Developer and App OnBoarding (Client
    ID/App Key generation, Interactive API
    console)
    • Community Management (Blogs, Forums,
    Social features etc)
    • API Lifecycle governance (Versioning)
    • Traffic Mediation (SOAP to REST mediation,
    data format transformation, legacy application
    integration)
    • Traffic Shaping( Rate limitation, Caching etc)
    • Analytics & Traffic Monitoring
    • API metering, Billing and Monetization
    • Data Protection(Data encryption, Data masking
    etc for PCI/PII compliance)
    • Mobile Optimization (Pagination, Compression,
    JSON etc)
    • Deployment Flexibility (on-premise, cloud,
    managed service, SaaS, hybrid)
    • Operational Integration (System Monitoring,
    Clustering, Scalability, Migration)
    • Mobile Integration (support for push
    notifications, geolocation, streaming protocols)
    • Cloud Integration (SSO to SaaS providers, IaaS
    integration, SaaS data connectors, hybrid cloud
    support)
    Typical API management – bloated with features

    View Slide

  10. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    • API Discovery (Catalog, Search and
    Provisioning)
    • API Security (SSL, PKI, threat protection,
    schema validation, encryption, signatures,
    etc)
    • API Identity (AuthN & AuthZ, API key, OAuth,
    SAML, LDAP, proprietary IAM, multifactor,
    token translation & management)
    • API Orchestration (adaptation of multiple
    services, workflow operations, branching
    policies, etc.)
    • Uniform interface/proxy to multiple backend
    messaging protocols (JMS, RMI etc)
    • Developer and App OnBoarding (Client
    ID/App Key generation, Interactive API
    console)
    • Community Management (Blogs, Forums,
    Social features etc)
    • API Lifecycle governance (Versioning)
    • Traffic Mediation (SOAP to REST mediation,
    data format transformation, legacy application
    integration)
    • Traffic Shaping( Rate limitation, Caching etc)
    • Analytics & Traffic Monitoring
    • API metering, Billing and Monetization
    • Data Protection(Data encryption, Data masking
    etc for PCI/PII compliance)
    • Mobile Optimization (Pagination, Compression,
    JSON etc)
    • Deployment Flexibility (on-premise, cloud,
    managed service, SaaS, hybrid)
    • Operational Integration (System Monitoring,
    Clustering, Scalability, Migration)
    • Mobile Integration (support for push
    notifications, geolocation, streaming protocols)
    • Cloud Integration (SSO to SaaS providers, IaaS
    integration, SaaS data connectors, hybrid cloud
    support)
    Typical API management – bloated with features
    Technical jargon!

    View Slide

  11. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    Typical API management – bloated with features
    Don’t be fooled!
    What are the most important things you
    must be able to do?
    Customer/business-centric thinking
    Product thinking

    View Slide

  12. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    • 80% of the bugs in software come from 20% of
    the features.
    • 80% of the complexity in a given application
    comes from 20% of the code base.
    • Only 20% of a given feature set in an application
    is important to 80% of the users.
    • A given engineering team spends 80% of its time
    on 20% of the application.
    You DONT want your
    API to be involved in
    the 20% code base
    You DONT want your API
    to be involved in the 20%
    of the features
    You WANT to enable
    that 20% of the
    features
    You WANT to
    decrease the time
    needed with your API
    Pareto is your friend in finetuning DX and product

    View Slide

  13. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    • Which API endpoints are mostly used?
    • What to optimize and focus on + why + find patterns
    • ”80% of the value comes from 20% of the features.”
    • You have limited resources – be wise – data driven
    decisions
    • What are the common 400s?
    • Why are users using it wrong?
    • ”80% of the bugs come from 20% of the code.”
    • It might not be bug, it is most likely a usability issue
    (DX)
    • Is the documentation outdated? Wrong? Missing?
    • Is some requirement parameter missing?
    • Which API calls have long time response time?
    • Why?
    API management analytics and Pareto

    View Slide

  14. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS
    API Governance
    @Twitter_name

    View Slide

  15. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    API management is just a SMALL piece of the puzzle
    • Feedback management
    • API Design management
    • Specification(s) to use
    • API architectures (REST,
    GraphQL, realtime)
    • Mockups for validation
    • API docs generation
    • Code libraries
    • QA / testing
    • Implementation
    • Deployment
    • Marketing This is why providing Full API Life Cycle as a single tool is hard

    View Slide

  16. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    API management is just a SMALL piece of the puzzle
    • Feedback management
    • API Design management
    • Specification(s) to use
    • API architectures (REST,
    GraphQL, realtime)
    • Mockups for validation
    • API docs generation
    • Code libraries
    • QA / testing
    • Implementation
    • Deployment
    • Marketing This is why providing Full API Life Cycle as a single tool is hard
    Product thinking!

    View Slide

  17. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    • API design management – use Design Guide – this is the bible!
    • Practices (naming, error handling, auth…)
    • Steering the API family (you will be ”mother of a dozen”)
    • Must provide value, enforce it!
    • Versioning – deprecation – migration support – product life cycle
    thinking!
    • Customer focus
    • Create guides (in developer portal)
    • Supports customer paths: New user -> guides -> API documentation
    • Business models & pricing
    • Not solved with one tool! It’s a puzzle and about processes
    Some notes on API Governance

    View Slide

  18. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    ”If each subsystem, regarded separately, is made to
    operate with maximum efficiency, the system as a whole
    will not operate with utmost efficiency.”
    General Systems Theory (Lars Skyttner)
    Take away

    View Slide

  19. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
    100daysdx.com
    dxdoctor.net
    Apitalous101.fi
    www.osaango.academy
    buildfordevelopers.com

    View Slide