Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introducing API Management as a co-existing solution

Introducing API Management as a co-existing solution

API management isn’t a new concept today with almost all IT initiatives in organizations taking an API-first approach. Often, platform security is considered at the API level. APIs have become the front face of organizations in provisioning their digital services in a secure and controlled fashion therefore looking at the API strategy as a facade or an overlay for the current technology landscape isn’t right. You have to look at it as a coexisting idea or need of the organizational IT landscape.


Nuwan Bandara

November 15, 2016

More Decks by Nuwan Bandara

Other Decks in Technology


  1. Introducing API Management as a co-existing solution Nuwan Bandara -

    Associate Director / Solutions Architect Nadeesha Gamage - Associate Technical Lead
  2. Agenda ❏ Complexities in modern IT landscape. ❏ Do organizations

    need API Management? ❏ What does it mean by “API Management as a co-existing solution”? ❏ API Design approaches. ❏ Benefits of using API Management ❏ Analytics ❏ Traceability ❏ QoS ❏ Challenges
  3. Complexities in modern IT landscape ❏ Systems communicate through multiple

    standards, protocols and message formats. ❏ Legacy Applications, SaaS Applications and Microservices. ❏ Organizations look to reduce time to market. ❏ Improve service reusability. ❏ Increase service exposure outside organizational boundaries. http://technologyandarchitecture.blogspot.com/
  4. Do organizations need API Management? ❏ Do you want to

    expose your services as APIs? ❏ Do you want to centrally manage these APIs? ❏ How do you secure/limit API usage? ❏ How will APIs be discovered? ❏ How do you know the usage of your APIs? ❏ How do you make changes to the APIs without impacting its current users?
  5. API Management would provide ❏ A single point to access

    services. ❏ Secure, authenticate and authorize API access. ❏ Enforce SLA on exposed APIs. ❏ Advertise APIs and improve reusability. ❏ Manage lifecycle and versioning of APIs. ❏ Monitor and Monetize APIs.
  6. API Management as a co-existing solution! ❏ API Management itself

    is not a new paradigm. ❏ It is not an afterthought any more. ❏ API Management to complement existing services. ❏ API Management completes the enterprise IT landscape. ❏ API Design a key factor in defining the scope of APIs.
  7. How important is API Design? ❏ API Design would determine

    how a service is exposed to its consumers. ❏ API Design determines the adaptability of a service. ❏ Two main approaches ❏ API 1st design. ❏ Making existing services API ready.
  8. Approach 1: API 1st Design ❏ API Centric design approach,

    design backend services based on the requirements of API consumers. ❏ Strong linkage between services, APIs and service consumer expectations. ❏ Better adaptability and reusability of API. ❏ Can be done when designing new services or re-architecting existing services.
  9. API Management as a 1st class citizen ❏ In-line with

    the API 1st design paradigm. ❏ Create planned APIs rather than ad-hoc APIs. ❏ Design API security up-front inline with the general organization practices. ❏ API Management considered as a core-component rather than an auxiliary capability.
  10. Approach 2: Making existing services API ready ❏ APIs are

    designed based on service requirements. ❏ Greater role played by a service integration layer to orchestrate and aggregate services. ❏ More applicable for rigid organizations that cannot re-design their existing services.
  11. Which approach is better? ❏ Depends on which approach is

    most applicable. ❏ Use API 1st design whenever possible. ❏ If services are rigid, build the API Management around existing services. ❏ Objective is to achieve an API centric organization.
  12. Comprehensive / end to end analytics ❏ APIs are the

    front face of the business transaction ❏ The intelligence that can be gathered at the API layer is vast compared to any downstream system monitoring ❏ Analytics and monitoring at the API layer provide best of both worlds - business intel and technical intel
  13. Traceability & troubleshoot ❏ Operational analytics - ❏ What is

    your TPS ? ❏ Are you correctly provisioned ? ❏ Tracing and correlating a business transaction ❏ Correlating through a service compositions ❏ APIs as operational tools ❏ Platform APIs
  14. Quality of services - Throttling ❏ API Management as a

    traffic controller to the backend ❏ Safeguarding the backend business systems at high throughput ❏ Safely recovering the transactions ❏ Warning clients ❏ Warning platform teams ❏ Traffic shaping and priority based routing http://sanjeewamalalgoda.blogspot.com/2016/05/new-api-manager-t hrottling.html
  15. Quality of services - Security ❏ As the front controller

    for security ❏ Creating a trusted sub-system with the backend systems ❏ Security protocol transformation and bridging ❏ Entitlements and granular rules
  16. Quality of services - Reliability ❏ No lost transaction policies

    ❏ Queuing instead of throttling out ❏ Auto scaling / auto provisioning
  17. Quality of services - Transactions ❏ Compensation for RESTful distributed

    systems ❏ Try / Confirm / Cancel like implementations https://www.infoq.com/presentations/Transactions-HTTP-REST
  18. Self service / Intuitiveness ❏ API Consumer Portal as a

    catalogue of enterprise services ❏ Easier to search and reuse ❏ Standard way to subscribe and consumer ❏ Minimum supervision and self service ❏ Less rules enabling a shared ecosystem
  19. Challenges ❏ Complexity ? ❏ Performance ? ❏ Moving pieces

  20. Thank You ! Questions ?

  21. Contact us !