API management

PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS
API management
Jarkko Moilanen (PhD, 3D printing ecosystem)
Chief Development Officer, Platform of Trust
Author of API Economy 101
Business Lead of API management solution (2017)
Founder of APIOps (2015)
”Doctor of Developer eXperience”
2nd PhD in process (Data Economy and DX)
@Twitter_name
Experiences from the field
Ewww!
In Twitter:
@Jarkko_Moilanen

View Slide

PLATFORMOFTRUST.NET | @PLATFORMOFTRUST | #DATALIIKKUU | #DATAFLOWS @Twitter_name
From open source to APIs
Linus Torvalds Roy Fielding
1990 – open source 2000 – Open APIs

View Slide

We have just couple of private APIs and 1
public API…
Once you start going API first, the amount
and variety of APIs grows fast!
Why?

View Slide

Modern architectures are filled with APIs
According to Benzell et
al API adoption
increases firms' market
value by 10.3%
Architectural flexibility
Expected by the
markets
Easier use (and
replacement) of
external services as
part of the solution

View Slide

You need to manage sh*t load of APIs
You need to manage all of them

View Slide

FOCUS NORMALLY:
Technical API management
- is the easy and boring part.
FOCUS SHOULD BE:
API Governance
- is tricky and interesting!
The tool to use is more often given dispite of
what you say. Corpate rules…

View Slide

Technical API management
@Twitter_name

View Slide

Plenty of options to choose
from
Full Life Cycle API management
• Product Management oriented
All pretty good – looks shiny.
None can deliver excellent
solution as is
Result: top companies build a
puzzle (mix of commercial, open
source and in-house)

View Slide

• API Discovery (Catalog, Search and
Provisioning)
• API Security (SSL, PKI, threat protection,
schema validation, encryption, signatures,
etc)
• API Identity (AuthN & AuthZ, API key, OAuth,
SAML, LDAP, proprietary IAM, multifactor,
token translation & management)
• API Orchestration (adaptation of multiple
services, workflow operations, branching
policies, etc.)
• Uniform interface/proxy to multiple backend
messaging protocols (JMS, RMI etc)
• Developer and App OnBoarding (Client
ID/App Key generation, Interactive API
console)
• Community Management (Blogs, Forums,
Social features etc)
• API Lifecycle governance (Versioning)
• Traffic Mediation (SOAP to REST mediation,
data format transformation, legacy application
integration)
• Traffic Shaping( Rate limitation, Caching etc)
• Analytics & Traffic Monitoring
• API metering, Billing and Monetization
• Data Protection(Data encryption, Data masking
etc for PCI/PII compliance)
• Mobile Optimization (Pagination, Compression,
JSON etc)
• Deployment Flexibility (on-premise, cloud,
managed service, SaaS, hybrid)
• Operational Integration (System Monitoring,
Clustering, Scalability, Migration)
• Mobile Integration (support for push
notifications, geolocation, streaming protocols)
• Cloud Integration (SSO to SaaS providers, IaaS
integration, SaaS data connectors, hybrid cloud
support)
Typical API management – bloated with features

View Slide

• API Discovery (Catalog, Search and
Provisioning)
• API Security (SSL, PKI, threat protection,
schema validation, encryption, signatures,
etc)
• API Identity (AuthN & AuthZ, API key, OAuth,
SAML, LDAP, proprietary IAM, multifactor,
token translation & management)
• API Orchestration (adaptation of multiple
services, workflow operations, branching
policies, etc.)
• Uniform interface/proxy to multiple backend
messaging protocols (JMS, RMI etc)
• Developer and App OnBoarding (Client
ID/App Key generation, Interactive API
console)
• Community Management (Blogs, Forums,
Social features etc)
• API Lifecycle governance (Versioning)
• Traffic Mediation (SOAP to REST mediation,
data format transformation, legacy application
integration)
• Traffic Shaping( Rate limitation, Caching etc)
• Analytics & Traffic Monitoring
• API metering, Billing and Monetization
• Data Protection(Data encryption, Data masking
etc for PCI/PII compliance)
• Mobile Optimization (Pagination, Compression,
JSON etc)
• Deployment Flexibility (on-premise, cloud,
managed service, SaaS, hybrid)
• Operational Integration (System Monitoring,
Clustering, Scalability, Migration)
• Mobile Integration (support for push
notifications, geolocation, streaming protocols)
• Cloud Integration (SSO to SaaS providers, IaaS
integration, SaaS data connectors, hybrid cloud
support)
Technical jargon!

View Slide

Don’t be fooled!
What are the most important things you
must be able to do?
Customer/business-centric thinking
Product thinking

View Slide

• 80% of the bugs in software come from 20% of
the features.
• 80% of the complexity in a given application
comes from 20% of the code base.
• Only 20% of a given feature set in an application
is important to 80% of the users.
• A given engineering team spends 80% of its time
on 20% of the application.
You DONT want your
API to be involved in
the 20% code base
You DONT want your API
to be involved in the 20%
of the features
You WANT to enable
that 20% of the
features
You WANT to
decrease the time
needed with your API
Pareto is your friend in finetuning DX and product

View Slide

• Which API endpoints are mostly used?
• What to optimize and focus on + why + find patterns
• ”80% of the value comes from 20% of the features.”
• You have limited resources – be wise – data driven
decisions
• What are the common 400s?
• Why are users using it wrong?
• ”80% of the bugs come from 20% of the code.”
• It might not be bug, it is most likely a usability issue
(DX)
• Is the documentation outdated? Wrong? Missing?
• Is some requirement parameter missing?
• Which API calls have long time response time?
• Why?
API management analytics and Pareto

View Slide

API Governance
@Twitter_name

View Slide

API management is just a SMALL piece of the puzzle
• Feedback management
• API Design management
• Specification(s) to use
• API architectures (REST,
GraphQL, realtime)
• Mockups for validation
• API docs generation
• Code libraries
• QA / testing
• Implementation
• Deployment
• Marketing This is why providing Full API Life Cycle as a single tool is hard

View Slide

API management is just a SMALL piece of the puzzle
• Feedback management
• API Design management
• Specification(s) to use
• API architectures (REST,
GraphQL, realtime)
• Mockups for validation
• API docs generation
• Code libraries
• QA / testing
• Implementation
• Deployment
• Marketing This is why providing Full API Life Cycle as a single tool is hard
Product thinking!

View Slide

• API design management – use Design Guide – this is the bible!
• Practices (naming, error handling, auth…)
• Steering the API family (you will be ”mother of a dozen”)
• Must provide value, enforce it!
• Versioning – deprecation – migration support – product life cycle
thinking!
• Customer focus
• Create guides (in developer portal)
• Supports customer paths: New user -> guides -> API documentation
• Business models & pricing
• Not solved with one tool! It’s a puzzle and about processes
Some notes on API Governance

View Slide

”If each subsystem, regarded separately, is made to
operate with maximum efficiency, the system as a whole
will not operate with utmost efficiency.”
General Systems Theory (Lars Skyttner)
Take away

View Slide

100daysdx.com
dxdoctor.net
Apitalous101.fi
www.osaango.academy
buildfordevelopers.com

View Slide

API management

API management

Jarkko Moilanen, PhD

More Decks by Jarkko Moilanen, PhD

Other Decks in Technology

Featured

Transcript