Introducing API Management as a co-existing solution Nuwan Bandara - Associate Director / Solutions Architect Nadeesha Gamage - Associate Technical Lead

Agenda ❏ Complexities in modern IT landscape. ❏ Do organizations need API Management? ❏ What does it mean by “API Management as a co-existing solution”? ❏ API Design approaches. ❏ Benefits of using API Management ❏ Analytics ❏ Traceability ❏ QoS ❏ Challenges

Complexities in modern IT landscape ❏ Systems communicate through multiple standards, protocols and message formats. ❏ Legacy Applications, SaaS Applications and Microservices. ❏ Organizations look to reduce time to market. ❏ Improve service reusability. ❏ Increase service exposure outside organizational boundaries. http://technologyandarchitecture.blogspot.com/

Do organizations need API Management? ❏ Do you want to expose your services as APIs? ❏ Do you want to centrally manage these APIs? ❏ How do you secure/limit API usage? ❏ How will APIs be discovered? ❏ How do you know the usage of your APIs? ❏ How do you make changes to the APIs without impacting its current users?

API Management would provide ❏ A single point to access services. ❏ Secure, authenticate and authorize API access. ❏ Enforce SLA on exposed APIs. ❏ Advertise APIs and improve reusability. ❏ Manage lifecycle and versioning of APIs. ❏ Monitor and Monetize APIs.

API Management as a co-existing solution! ❏ API Management itself is not a new paradigm. ❏ It is not an afterthought any more. ❏ API Management to complement existing services. ❏ API Management completes the enterprise IT landscape. ❏ API Design a key factor in defining the scope of APIs.

How important is API Design? ❏ API Design would determine how a service is exposed to its consumers. ❏ API Design determines the adaptability of a service. ❏ Two main approaches ❏ API 1st design. ❏ Making existing services API ready.

Approach 1: API 1st Design ❏ API Centric design approach, design backend services based on the requirements of API consumers. ❏ Strong linkage between services, APIs and service consumer expectations. ❏ Better adaptability and reusability of API. ❏ Can be done when designing new services or re-architecting existing services.

API Management as a 1st class citizen ❏ In-line with the API 1st design paradigm. ❏ Create planned APIs rather than ad-hoc APIs. ❏ Design API security up-front inline with the general organization practices. ❏ API Management considered as a core-component rather than an auxiliary capability.

Approach 2: Making existing services API ready ❏ APIs are designed based on service requirements. ❏ Greater role played by a service integration layer to orchestrate and aggregate services. ❏ More applicable for rigid organizations that cannot re-design their existing services.

Which approach is better? ❏ Depends on which approach is most applicable. ❏ Use API 1st design whenever possible. ❏ If services are rigid, build the API Management around existing services. ❏ Objective is to achieve an API centric organization.

Comprehensive / end to end analytics ❏ APIs are the front face of the business transaction ❏ The intelligence that can be gathered at the API layer is vast compared to any downstream system monitoring ❏ Analytics and monitoring at the API layer provide best of both worlds - business intel and technical intel

Traceability & troubleshoot ❏ Operational analytics - ❏ What is your TPS ? ❏ Are you correctly provisioned ? ❏ Tracing and correlating a business transaction ❏ Correlating through a service compositions ❏ APIs as operational tools ❏ Platform APIs

Quality of services - Throttling ❏ API Management as a traffic controller to the backend ❏ Safeguarding the backend business systems at high throughput ❏ Safely recovering the transactions ❏ Warning clients ❏ Warning platform teams ❏ Traffic shaping and priority based routing http://sanjeewamalalgoda.blogspot.com/2016/05/new-api-manager-t hrottling.html

Quality of services - Security ❏ As the front controller for security ❏ Creating a trusted sub-system with the backend systems ❏ Security protocol transformation and bridging ❏ Entitlements and granular rules

Quality of services - Reliability ❏ No lost transaction policies ❏ Queuing instead of throttling out ❏ Auto scaling / auto provisioning

Quality of services - Transactions ❏ Compensation for RESTful distributed systems ❏ Try / Confirm / Cancel like implementations https://www.infoq.com/presentations/Transactions-HTTP-REST

Self service / Intuitiveness ❏ API Consumer Portal as a catalogue of enterprise services ❏ Easier to search and reuse ❏ Standard way to subscribe and consumer ❏ Minimum supervision and self service ❏ Less rules enabling a shared ecosystem

Challenges ❏ Complexity ? ❏ Performance ? ❏ Moving pieces

Thank You ! Questions ?

Contact us !