4. APIs are a path to new business opportunities
and growth is accelerating dramatically
By 2014, 75% of the
Fortune 1000 will offer
public Web APIs.
By 2016, 50% of B2B
collaboration will take
place through Web APIs.
Sources: Gartner, Predicts 2012: Application Development, 4Q, 2011; Gartner, Govern Your Services and Manage Your APIs with
Application Services Governance, 4Q 2012; Gartner, Open for Business: Learn to Profit by Open Data, 1Q 2012
Web APIs are the
new, fast-growing
business channel
Businesses
are Evolving
stores (800) ###s web sites
5. Web APIs are Emerging Across All Industries
Energy and
Utilities
Government Healthcare Transportation Retail
Banking Insurance Telco Chemical and
Petroleum
Electronics
6. Banking
Types of APIs Comments
APIs are available in a
sandbox environment
Some hold contest to see to
who can develop the best
app a modest reward
Some charge for use of
apps
Customer API
Account API
Transaction API
Branch Locations
Drivers
Banks are having challenges in the marketing
ability to create, test and evolve new services
and adapt better to the needs of the users in
the changing of their uses.
Need to deliver multiple focus apps on many
different devices.
Examples of Apps
Financial Overview
Financial Timelines
Mapping Financial
Relationships
Added Valued Services such
as loyalty, couponing and
target marketing
7. Insurance
Types of APIs Comments
Policy API
APIs are available in a
sandbox environment
Some hold contest to see to
who can develop the best
app a modest reward
Some charge for use of apps
Customer API
Account API
Drivers
Business trend to leverage partnerships and
decentralize the business value chain
Pressing need to become more agile
Business flexibility to try new things to drive revenue
Increase need to improve effectiveness of working
with external partners in delivery of business solutions
8. Retail
Types of APIs Comments
Products APIs are typically
open
Some APIs require further
approvals to use
Products API
Store Locator API
Deals of the Day API
Reviews API
Top Sellars API
Categories API
Drivers
Shifts in buying patterns customers
Need to be where customers are purchasing
– mobile devices
Capitalize on every small channel that is
created.
Examples of Apps
Milo.com – searches for best
prices
Gazaro – deal finder
GetGlue – social network for
movie tv shows
eBay Gifts Nearby -
9. The Market Pressure
The explosion of devices and channels
• How do you support delivery of your services and products
on all of these devices?
Applications are smaller, more focused, and come and go very fast
• How do you keep up with the rate of change?
Competitive pressure forcing the need for faster innovation
• How do you foster innovation to beat out competition?
Partnerships need to be established quicker and connected quicker
• How do you create new partnership fast which our outside
of your normal interactions?
Brand loyalty is always under attack
• How do you get and maintain brand loyalty?
10. Business API = Web API = Productized Service
What is a Business API?
A Business API is a public persona for an enterprise; exposing defined
assets, data or services for public consumption
A Business API is simple for app developers to use, access and understand
A Business API can be easily invoked
What Value Does a Business API Provide?
Extends an enterprise and opens new markets by allowing external app
developers to easily leverage, publicize and/or aggregate a company’s
assets for broad-based consumption
What “assets, data or services”
are exposed via a Business API?:
Product catalogs
Store listings
Order status
Inventory
Social interaction
App Developer
24. Are APIs just a new name for SOA?
There are many similarities – but one very important difference:
The objective most have been focusing on achieving with them
“How can I increase the
pace of innovation?”
“How can I increase the agility
and effectiveness of delivery?”
APIs SOA
Reuse → Speed to deliver
Sharing → Expediency
Encapsulate → Less to learn
Reuse → Effort to deliver
Sharing → Effectiveness
Encapsulate → Less to change
25. Each style sprung from the systems they were most
focused on…
APIs SOA
To control the creation and
operational behavior of
Systems of Record services,
use WSRR
To foster innovation through
the consumption of API’s
across Systems of
Engagement, use API Mgmt
Services
•Focus on the provider
•Stable interface to
systems of record
APIs
•Focus on the consumer
•Easy to learn, easy to use
•Simplified access to
gateway capabilities
Private
Cloud
Back-office
Processes
Analytics
Services Databases
CRM
Internet
of Things
Mobile
Public
Cloud
Social Web
Partners
Gateway Integration
26. Two similar worlds converging
SOA Governance API Management
Service
Management
API Management
Mainly about Services Mainly about APIs
Govern services through the
lifecycle
Expose APIs to the Web, manage
them to prevent chaos in usage
Began with Web Services Began with REST
100’s of services Smaller number of APIs
Typically internal, behind firewall External and Internal
Driven by Enterprise Architects Driven by Business, Marketing,
Mobile teams, Innovation teams
Governs with a Stick Governs with a Carrot
Established market presence Newer in market
Contracts enforced with ESBs and
Gateways
Security and Entitlements
controlled by Gateway
“The overlap between
SOA governance
technology and API
management is
significant.”
“It is about tracking and
monitoring the artifacts
in an SOA or an API
project, enforcing and
ensuring compliance
with the policies
associated with the
artifacts and measuring
the outcomes related to
their use.”
- August 2013, Gartner’s Application
Services Governance report
Application Services Governance
28. API Management Introduction and General
Concepts
- Terminologies
- Roles & Responsibilities
- Architectural Use Cases
- Types of APIs
- API Styles
29. Terminologies: Web APIs, Mashups, Apps
Web API
• A defined set of HTTP request messages along with a definition of the
structure of response messages, typically expressed in JSON or XML
Web App
• A web application or web app is any application software that runs in a
web browser or is created in a browser-supported programming
language (such as the combination of JavaScript, HTML and CSS) and
relies on a common web browser to render the application
Mashup
• A web page, or web application, that uses Web APIs to combine data,
presentation or functionality from two or more sources to create new
services.
30. Terminologies: Web APIs, Mashups, Apps
API Key
• A code passed in by computer programs calling an API
• Identifies the calling program, its developer, or its user to
the Web site.
• Used to track and control how the API is being used, for
example to prevent malicious use or abuse of the API (as
defined perhaps by terms of service).
OAuth
• OAuth is an open standard for authorization
• OAuth provides client applications a 'secure delegated
access' to server resources on behalf of a resource owner
31. Roles & Relationships in the API economy
App Developer Business User IT Person
• Develops cool new
applications against new
public or private APIs
• Understands one or more
web programming languages
• Spends his free time
developing Apps too
• Wants to reach new markets
through new channels
• Understands the business
and value of assets being
exposed
• Needs to experiment with
different programs and
campaigns to drive adoption
• Product Manages the
initiative
• Exposing public APIs might
be new to the IT Person
• Worried about security and
scalability of infrastructure
• Short on time to do new
projects
32. Companies Need to Become an Engaging
Enterprise
Apps
Customer
Business User
Enterprise
IT
App Developer
• Business Users want to
engage Customers in new
markets
• They need to Externalize the
Enterprise
• They need to get Apps in front
of these Customers
• Apps need APIs that
Externalize the Enterprise
• App Developers use APIs
• App Developers are now
External to the Enterprise
• IT Guys need to secure, scale
and support the externalized
Enterprise
• Business Users and IT Guys
needs Insights so they can
respond to business needs
The Platform
Enterprises wants to tap into
innovation from a large
community of developers, not
just developers they employ
33. Customers will require a combination of three API types
Public, Open-To-
All APIs
Protected, Open-
To-Partner APIs
Private, Internal
APIs
• APIs are open to any
developer who wants to
sign up
• Apps are more targeted
towards end consumers
• The business driver is to
engage customers through
external developers
• APIs are open to select
business partners
• Apps could be targeted at
end consumers or business
users
• The business driver is
usually different, based on
the data and type of
business of the enterprise
• APIs are exposed only to
existing developers within
the enterprise
• Apps are usually targeted
at employees of the
enterprise
• The business driver is more
around productivity of
employees
34. For Free
Drives Adoptions of APIs
Typically low valued
assets
Drive brand loyalty
Enter new channels
Example:
Facebook Login API
provides free
authentication for any
Web / mobile app
Developer Pays
Business Asset must be of
high value to the Developer
For example, marketing
analytics, news,
Capabilities such as credit
checks
Example:
Amazon EC2 Web
Services – APIs charge
per usage to launch and
manage virtual servers.
Developer Gets Paid
Provides incentive for
developer to leverage web
API
Ad placements
Percentage of revenue
sold product or services
Example:
Google AdSense APIs
pay developers who
include advertising
content into apps
Indirect
Use of API achieves some
goal that drives business
model.
E.g. Increase awareness
of specific content, or
offerings
Example:
eBay Trading APIs offer
developers access to
trading services
extending the reach of
listings and transactions
API Monetization Models
35. Typical App Developer Requirements
Ease of Use
• Simple Easy Sign up process
• Provide clear documentation, Samples, SDK
Simple Documentation
• Clear pricing & entitlement information
Provide Usage Metrics
• App performance
• Usage Data & Metrics
Free Trial
• “Let me try it first”
• Allow free usage to get customer base
36. API Exposure Considerations
No One Size Fits all Recommendation
• More of a business decision for an organization
• Based on business model
Should we go public?
• You don’t want to expose all assets
• Information Security plays a role
Combination of exposure? Public and
Private
• Consider overheads
• Manage versions, Synchronize changes
37. Explore, Experiment, Expand & Embrace
• APIs can change scope over
time if needed from private to
protected or public and from
protected to public.
• Once an API is made public
though, it is considered a
contract with the consumer
and would need to follow a
formal deprecation process to
be removed.
Private
Partner
Public
38. Essentials for successful API
• Self-Registration
• Easy Sign up
• Comprehensive
Entitlements
• Clear Pricing
• Encourage
participation
• Managed forum
• Feedback mechanism
• Good and Meaningful
• To-the-point
• Simple Code Samples
• Learning from the
popular APIs
• Facebook, Twitter,
Google etc
REST
Best
Practices
API
Reference
Docs
Self Care
API
Forums
39. APIs are the foundation of a Composable Business
Big Data Assets
Big data sources
provide insights that are
shared and monetized
through APIs
Social Users
Social APIs fuel
personalized experiences
for users and new
business models
Cloud Web Apps
Cloud services are
exposed through Web APIs
enabling rapid composition
environments
Mobile Apps
Mobile applications
make calls to back end
services through Web
APIs
API API
Attributes of a Composable
Business
1. Omni-channel
2. Operates with agility
3. Re-invents itself
API API
40. Speed Creation and Consumption
Creation Consumption
Assets & Services Application End
• Assembly
• Transformation
• Rationalization
• Discovery
• Composition
• Deployment
Points
Grow revenue through
new channels
Deliver a differentiated
customer experience
External APIs
Partner APIs
Internal APIs
41. API Styles - Proxies and Assemblies
Proxy Style – For Pass through style APIs
org/proxy1_serviceA Service A
org/proxy2_serviceB Service B
Invoke Service A
HTTP/JSON
Invoke Service B
HTTP/JSON
HTTP/JSON
HTTP/JSON
Client
App
Client Layer API Management
Layer
On Premise/Cloud
Resource
Service A
DataBase B
Assembly Style – For composition and orchestrations in your APIs
Invoke Assembled
Service
HTTP/JSON
HTTP/JSON
/Detail1/get
HTTP/JSON
database/update
Client
App
Client Layer API Management
Layer
On Premise/Cloud
Resource
org/
assembly1_getNupdate
42. Typical Architecture - Internal
Internet
DMZ
Rich Internet Applications
Data
Controllers
Dojo.dijit Dojo.base
Security Gateway
Dojo.dojox/
Dojox.mobile
Dojo.data
Navigation
Controllers
Templating
(django)
Other UI Tech
Authentication
Authorization
Routing/
HTTP/JSON
Transformation
Ecryption/Decryption
Routing/
Transformation
Enterprise Connectivity & Integration
APIs
Proxies Assemblies
Internal Developers
Business User
IT Operations
Enterprise Information Systems
Enterprise
DataBase
Core Application
Backend
Enterprise ESB
Protocol
Transformation
HTP/XML HTTP/SOAP
Adapters REST Services SOAP Services
Other
EIS
HTTP/JSON/XML
Intranet
43. Typical Architecture – External & SaaS Based
Internet,
Cloud
DMZ
Intranet
API Management SaaS Offering
Security Gateway
Authentication
Authorization
Proxies
Ecryption/Decryption REST Interface
Routing/
Transformation
Enterprise Connectivity & Integration
Enterprise Information Systems
Enterprise
DataBase
Core Application
Backend
Enterprise ESB
Protocol
Transformation
Adapters REST Services SOAP Services
SOAP/HTTP
Other
EIS
HTTP/JSON/XML
APIs
Assemblies
Dev Portal
Usage Mertics
API Management
SaaS Offering
Consumers
Business User
IT Operations
Publicize API
Measure Metrics
Define APIs
View Portal
Use APIs
Create Apps
HTTP/JSON/XML
External
App Developers
Consume
Apps