API management

API management

API worshop in Tampere

Ca885e6fec0c28dd2effcd58e506778b?s=128

Jarkko Moilanen, PhD

March 05, 2020
Tweet

Transcript

  1. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS API management Jarkko

    Moilanen (PhD, 3D printing ecosystem) Chief Development Officer, Platform of Trust Author of API Economy 101 Business Lead of API management solution (2017) Founder of APIOps (2015) ”Doctor of Developer eXperience” 2nd PhD in process (Data Economy and DX) @Twitter_name Experiences from the field Ewww! In Twitter: @Jarkko_Moilanen
  2. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name From open

    source to APIs Linus Torvalds Roy Fielding 1990 – open source 2000 – Open APIs
  3. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name We have

    just couple of private APIs and 1 public API… Once you start going API first, the amount and variety of APIs grows fast! Why?
  4. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name Modern architectures

    are filled with APIs According to Benzell et al API adoption increases firms' market value by 10.3% Architectural flexibility Expected by the markets Easier use (and replacement) of external services as part of the solution
  5. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name You need

    to manage sh*t load of APIs You need to manage all of them
  6. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name FOCUS NORMALLY:

    Technical API management - is the easy and boring part. FOCUS SHOULD BE: API Governance - is tricky and interesting! The tool to use is more often given dispite of what you say. Corpate rules…
  7. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS Technical API management

    @Twitter_name
  8. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name Plenty of

    options to choose from Full Life Cycle API management • Product Management oriented All pretty good – looks shiny. None can deliver excellent solution as is Result: top companies build a puzzle (mix of commercial, open source and in-house)
  9. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name • API

    Discovery (Catalog, Search and Provisioning) • API Security (SSL, PKI, threat protection, schema validation, encryption, signatures, etc) • API Identity (AuthN & AuthZ, API key, OAuth, SAML, LDAP, proprietary IAM, multifactor, token translation & management) • API Orchestration (adaptation of multiple services, workflow operations, branching policies, etc.) • Uniform interface/proxy to multiple backend messaging protocols (JMS, RMI etc) • Developer and App OnBoarding (Client ID/App Key generation, Interactive API console) • Community Management (Blogs, Forums, Social features etc) • API Lifecycle governance (Versioning) • Traffic Mediation (SOAP to REST mediation, data format transformation, legacy application integration) • Traffic Shaping( Rate limitation, Caching etc) • Analytics & Traffic Monitoring • API metering, Billing and Monetization • Data Protection(Data encryption, Data masking etc for PCI/PII compliance) • Mobile Optimization (Pagination, Compression, JSON etc) • Deployment Flexibility (on-premise, cloud, managed service, SaaS, hybrid) • Operational Integration (System Monitoring, Clustering, Scalability, Migration) • Mobile Integration (support for push notifications, geolocation, streaming protocols) • Cloud Integration (SSO to SaaS providers, IaaS integration, SaaS data connectors, hybrid cloud support) Typical API management – bloated with features
  10. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name • API

    Discovery (Catalog, Search and Provisioning) • API Security (SSL, PKI, threat protection, schema validation, encryption, signatures, etc) • API Identity (AuthN & AuthZ, API key, OAuth, SAML, LDAP, proprietary IAM, multifactor, token translation & management) • API Orchestration (adaptation of multiple services, workflow operations, branching policies, etc.) • Uniform interface/proxy to multiple backend messaging protocols (JMS, RMI etc) • Developer and App OnBoarding (Client ID/App Key generation, Interactive API console) • Community Management (Blogs, Forums, Social features etc) • API Lifecycle governance (Versioning) • Traffic Mediation (SOAP to REST mediation, data format transformation, legacy application integration) • Traffic Shaping( Rate limitation, Caching etc) • Analytics & Traffic Monitoring • API metering, Billing and Monetization • Data Protection(Data encryption, Data masking etc for PCI/PII compliance) • Mobile Optimization (Pagination, Compression, JSON etc) • Deployment Flexibility (on-premise, cloud, managed service, SaaS, hybrid) • Operational Integration (System Monitoring, Clustering, Scalability, Migration) • Mobile Integration (support for push notifications, geolocation, streaming protocols) • Cloud Integration (SSO to SaaS providers, IaaS integration, SaaS data connectors, hybrid cloud support) Typical API management – bloated with features Technical jargon!
  11. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name Typical API

    management – bloated with features Don’t be fooled! What are the most important things you must be able to do? Customer/business-centric thinking Product thinking
  12. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name • 80%

    of the bugs in software come from 20% of the features. • 80% of the complexity in a given application comes from 20% of the code base. • Only 20% of a given feature set in an application is important to 80% of the users. • A given engineering team spends 80% of its time on 20% of the application. You DONT want your API to be involved in the 20% code base You DONT want your API to be involved in the 20% of the features You WANT to enable that 20% of the features You WANT to decrease the time needed with your API Pareto is your friend in finetuning DX and product
  13. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name • Which

    API endpoints are mostly used? • What to optimize and focus on + why + find patterns • ”80% of the value comes from 20% of the features.” • You have limited resources – be wise – data driven decisions • What are the common 400s? • Why are users using it wrong? • ”80% of the bugs come from 20% of the code.” • It might not be bug, it is most likely a usability issue (DX) • Is the documentation outdated? Wrong? Missing? • Is some requirement parameter missing? • Which API calls have long time response time? • Why? API management analytics and Pareto
  14. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS API Governance @Twitter_name

  15. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name API management

    is just a SMALL piece of the puzzle • Feedback management • API Design management • Specification(s) to use • API architectures (REST, GraphQL, realtime) • Mockups for validation • API docs generation • Code libraries • QA / testing • Implementation • Deployment • Marketing This is why providing Full API Life Cycle as a single tool is hard
  16. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name API management

    is just a SMALL piece of the puzzle • Feedback management • API Design management • Specification(s) to use • API architectures (REST, GraphQL, realtime) • Mockups for validation • API docs generation • Code libraries • QA / testing • Implementation • Deployment • Marketing This is why providing Full API Life Cycle as a single tool is hard Product thinking!
  17. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name • API

    design management – use Design Guide – this is the bible! • Practices (naming, error handling, auth…) • Steering the API family (you will be ”mother of a dozen”) • Must provide value, enforce it! • Versioning – deprecation – migration support – product life cycle thinking! • Customer focus • Create guides (in developer portal) • Supports customer paths: New user -> guides -> API documentation • Business models & pricing • Not solved with one tool! It’s a puzzle and about processes Some notes on API Governance
  18. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name ”If each

    subsystem, regarded separately, is made to operate with maximum efficiency, the system as a whole will not operate with utmost efficiency.” General Systems Theory (Lars Skyttner) Take away
  19. PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name 100daysdx.com dxdoctor.net

    Apitalous101.fi www.osaango.academy buildfordevelopers.com