La Poste BSCC API Management : a data source to enhance observability, security and quality of IS API DAYS December 4, Paris Jean-Marc DAGORNE APIM Platform Manager, Parcel Mail Services Branch, Technical Department, La Poste Thomas GUYARD APIM Platform integrator, Sogeti Consultant

La Poste Group Identity • Our purpose : To be the first European platform for links and exchanges, human and digital, green and civic, at the service of our customers in their projects and of the society as a whole in its changes. • A company with 100% public capital with public missions • 232 700 postal workers • 34 Billion revenue in 2023 • 17 000 outlets nationwide • A multi-business model, structured in four branches • Services-Mail-Parcels (BSCC) • Geopost • La Banque Postale • Consumers and Digital. A committed group with a growing international ambition Apidays 2024 Paris - La Poste BSCC 2

La Poste BSCC Information System « WANT TO BE » Apidays 2024 Paris - La Poste BSCC 3

Sale and partners channel for retail and online business Preparaing channel with industrial sorting and flashing Main channel with internal and corporate APIs API-led Integration Architecture • A project started 6 years ago to open the IS and remove the siloes • A governance and integration teams to adress the lifecycle of APIs • API teams are decentralized • 4 channels to adress and separate differents business processes Apidays 2024 Paris - La Poste BSCC 4 Delivery channel for postman mobile usage

La Poste BSCC IS APIsation : KPI • A resilient, scalable, reactive, microservice and API First architecture with : • 600 APIs / 600 Applications / 2500 Subscribtions • Web app, mobile device, server connection patterns for Internal and external services • Identity Federation with internal IDPs • 2 tenants (BSCC and Corporate) • 40 Millions requests a day • 1 Billion requests a month • A peak each morning (up to 1500 TPS) due to 65000 postmen delivery activity especially during Chrismas period • QoS 24/7 99,99 % : mandatory for a centralized asset Apidays 2024 Paris - La Poste BSCC 5

LA POSTE API products for our partners • Address Qualification with AI • CRM, Notification (SMS, email) • Online paiement and billing • Track and Trace of objects and missions • Custom taxes computing • Postage for C2C/B2C/B2B • Territory knowledge • Postman missions command and reporting • Hybrid letter production • Kafka connector Apidays 2024 Paris - La Poste BSCC 6

LA POSTE BSCC APIM Platform solution • Deployment on a PAAS Openshift in 2 Data Centers (Actif/Actif) • Custom Store and Integration center interface • Observability with ELK/Kibana/Grafana (Log, Analytics, system) • Version WSO2 2.6 moved to V4 early in 2024 Apidays 2024 Paris - La Poste BSCC 7 GW API CP GW CP GW CP Main Channel Sale Channel Preparation Channel Database API API CP GW API Delivery Channel WSO2 Dev Portal WSO2 Publisher Store/La Station Intégration Center ELK Kibana/Grafana

Differents usages but unified information Different levels of partitioning • Authentication patterns • Channels • Api owners But 1 unified data source = a Global vision and a Wealth of information What to do with so much data ? • Security ? • Performance ? • Sobriety ? • Analytics ? Apidays 2024 Paris - La Poste BSCC 8

Short term data Real-time Data Log depth = 2 weeks Data Precise Error Code HTTP Return Code Resource request Goals : Plateform Health Status Abnormal behaviour Incident diagnostic Autopsy Apidays 2024 Paris - La Poste BSCC 9

Long term data Long-term data Archives Plateform History ( Goals : Product lifecycle/health Reporting (and Monetization) Analytics Data with limited details Daily scaling Success / Throttle / Error Resource pattern Apidays 2024 Paris - La Poste BSCC 10

What can we detect ? What we do with the data ? Examples : API growth → anticipating more resources (and throttle policies) Bad behaviour → support projects to optimise them (retries, useless request, …) Retired APIs and Consumers → erase access to avoid security breaches Consumers with wrong channel → protect others consumers  Performance (better response time, better succes rate)  Sobriety (controlling resources, eliminating the unnecessary)  Security (limit the surface area, regulating use) Apidays 2024 Paris - La Poste BSCC 11

Jean-Marc DAGORNE APIM Platform Manager, Parcel Mail Services Branch, Technical Department, La Poste jean-marc.dagorne@laposte.fr +33(0)6 79 65 98 12 Thanks for your attention