SlideShare ist ein Scribd-Unternehmen logo

Open APIs Design

Isabelle Mauny
Isabelle Mauny

Presentation from OpenSource Expo - Why APIs ? - Impl recommendations - Analytics

SoftwareTechnologieBusiness
1 von 23
Downloaden Sie, um offline zu lesen
Sub$tle  text Last Updated: June 2014 VP,  Product  Management   Isabelle  Mauny APIs   Design  and  Development Thursday, June 26, 14
2 About  the  speaker... ๏ French  na)ve ๏ Living  in  Spain ๏ Works  mostly  with  Sri  Lanka ๏ 18  years  of  IBM,  4  years  in  startups ๏ Managing  the  overall  WSO2  porDolio ๏ Linux  command  line  user Thursday, June 26, 14
Many  APIs  ! 3 Thursday, June 26, 14
4 Thursday, June 26, 14
Why  APIs  ? 5 Mobile  Apps  Development Marke)ng  channel Find  new  customers Drive  Innova)on Drive  Internal  Projects Integra)on  with  Partners Sales  Channel New  Product Thursday, June 26, 14
Ok,  I  am  convinced...   Now  what  ?   6 Thursday, June 26, 14
7 ๏ Service  deals  with  implementa)on ๏ API  deals  with  subscrip)on  (consumer) ๏ Two  very  dis)nct  life  cycles  ! ๏ You  don’t  need  the  service  to  create  the  API... Services  and  APIs Thursday, June 26, 14
8 Building  a  Managed  API ๏ Crea)ng  APIs  (interface,  docs,  samples,etc.) ๏ Adver)sing  APIs ๏ Making  APIs  subscribe-­‐able  by  consumers ๏ Associa)ng  SLAs ๏ Securing  APIs ๏ Mone)za)on  and  Analy)cs Thursday, June 26, 14
Magic  API  triangle 9 RESTful JSON OAuth Thursday, June 26, 14
SOAP  vs.  REST 10 Thursday, June 26, 14
11 Thursday, June 26, 14
12 Thursday, June 26, 14
JSON  vs.  XML 13 Thursday, June 26, 14
OAuth2 ๏ Standard  used  by  most  API  billionaires  (  TwiWer,  Facebook,  Google  for  example) ๏ Covers  authoriza)on  to  access  selected  informa)on/data  (scopes) ๏ Authen)ca)on  is  covered  using  OpenID  Connect  protocol ๏ Mul)ple  grant  types:  Authoriza)on  code  (below),  client_creden)als,  password,   SAML  ,  Kerberos) 14 Thursday, June 26, 14
15 Need  for  API  Versioning ๏ Need  to  support  API  evolu)on ๏ While  Maintaining ๏ Backward  compa)bility  -­‐>  Func)onality ๏ Rates/ThroWling  agreements ๏ Different  versioning  mechanisms Thursday, June 26, 14
16 API  Versioning  Strategies ๏ Version  as  a  query  parameter ๏ NeUlix  -­‐  hWp://api.neDlix.com/catalog/)tles/series/70023522?v=1.5 ๏ Google  Data  API  -­‐  “GData-­‐Version:  X.0″₺  or  “v=X.0″₺ ๏ Version  as  part  of  URI ๏ Salesforce  -­‐  hWps://na1.salesforce.com/services/data/v20.0/sobjects/Account/ ๏ TwiYer  -­‐  hWps://api.twiWer.com/1.1/statuses/men)ons_)meline.json ๏ Version  as  a  date  in  URI ๏ Twilio  -­‐  /2010-­‐04-­‐01/Accounts/{AccountSid}/Calls ๏ hWp://www.twilio.com/docs/api/rest/making-­‐calls ๏ Version  as  a   ๏ Custom  HTTP  Header ๏ Accept  Header Thursday, June 26, 14
17 You  can’t  manage   what  you  can’t  measure. Thursday, June 26, 14
18 Why  AnalyZcs  and  API  Management  are  important  together? ๏ Build  confidence  in  the  API  model ๏ Understand  your  customer   ๏ Help  manage  services  and  versions ๏ e.g.  understand  when  deprecated  services  can  be  re)red ๏ Plan  beWer ๏ Monitor  the  growth  of  aggregated  API  traffic ๏ Monitor  the  growth  of  specific  apps ๏ Make  sure  you  capture  all  events  right  from  beginning  of   project. Thursday, June 26, 14
Monitoring 19 Thursday, June 26, 14
Deployment 20 API Management Layer Services Layer Applications Cloud Services Mediation Layer Services Composition Services Orchestration Thursday, June 26, 14
Who  is  WSO2  ?   ๏ Open  Source  Middleware  PlaDorm   Provider ๏ All  products  are  released  under  Apache   2.0  License ๏ No  community  vs.  Enterprise  edi)ons ๏ Provides  Integra)on,  API  Management   and  Mobile  management  products ๏ 350+  people  in  Sri  Lanka,  USA  and   Europe 21 Thursday, June 26, 14
References ๏ OAuth   ๏ hWp://blog.facilelogin.com/ 2013/02/why-­‐oauth-­‐it-­‐self-­‐is-­‐not-­‐ authen)ca)on.html ๏ hWp://openid.net/specs/openid-­‐ connect-­‐basic-­‐1_0.html ๏ WSO2  API  Manager ๏ wso2.com/products/api-­‐manager/ 22 Thursday, June 26, 14
Contact  us  ! Thursday, June 26, 14

Empfohlen

APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation42Crunch
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
Guidelines to protect your APIs from threats
Guidelines to protect your APIs from threatsGuidelines to protect your APIs from threats
Guidelines to protect your APIs from threatsIsabelle Mauny
 
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019Miguel Angel Falcón Muñoz
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 

Empfohlen

APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation42Crunch
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
Guidelines to protect your APIs from threats
Guidelines to protect your APIs from threatsGuidelines to protect your APIs from threats
Guidelines to protect your APIs from threatsIsabelle Mauny
 
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019Miguel Angel Falcón Muñoz
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
The Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API WorldThe Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API World42Crunch
 
Five Principles to API Security
Five Principles to API SecurityFive Principles to API Security
Five Principles to API SecurityIsabelle Mauny
 
API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.Isabelle Mauny
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days42Crunch
 
APIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementAPIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementIsabelle Mauny
 
REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines42Crunch
 
The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs42Crunch
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs42Crunch
 
Are You Properly Using JWTs?
Are You Properly Using JWTs?Are You Properly Using JWTs?
Are You Properly Using JWTs?42Crunch
 
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
Checkmarx meetup API Security - API Security in depth - Inon ShkedyCheckmarx meetup API Security - API Security in depth - Inon Shkedy
Checkmarx meetup API Security - API Security in depth - Inon ShkedyAdar Weidman
 
WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it! WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it!42Crunch
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
APIDays Paris Security Workshop
APIDays Paris Security WorkshopAPIDays Paris Security Workshop
APIDays Paris Security Workshop42Crunch
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Applying API Security at Scale
Applying API Security at ScaleApplying API Security at Scale
Applying API Security at ScaleNordic APIs
 
API Security in a Microservices World
API Security in a Microservices WorldAPI Security in a Microservices World
API Security in a Microservices World42Crunch
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at RuntimeInjecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at RuntimeAjin Abraham
 
Best Practices for API Management
Best Practices for API Management Best Practices for API Management
Best Practices for API Management WSO2
 
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...apidays
 

Weitere ähnliche Inhalte

Was ist angesagt?

WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
The Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API WorldThe Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API World42Crunch
 
Five Principles to API Security
Five Principles to API SecurityFive Principles to API Security
Five Principles to API SecurityIsabelle Mauny
 
API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.Isabelle Mauny
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days42Crunch
 
APIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementAPIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementIsabelle Mauny
 
REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines42Crunch
 
The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs42Crunch
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs42Crunch
 
Are You Properly Using JWTs?
Are You Properly Using JWTs?Are You Properly Using JWTs?
Are You Properly Using JWTs?42Crunch
 
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
Checkmarx meetup API Security - API Security in depth - Inon ShkedyCheckmarx meetup API Security - API Security in depth - Inon Shkedy
Checkmarx meetup API Security - API Security in depth - Inon ShkedyAdar Weidman
 
WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it! WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it!42Crunch
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
APIDays Paris Security Workshop
APIDays Paris Security WorkshopAPIDays Paris Security Workshop
APIDays Paris Security Workshop42Crunch
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Applying API Security at Scale
Applying API Security at ScaleApplying API Security at Scale
Applying API Security at ScaleNordic APIs
 
API Security in a Microservices World
API Security in a Microservices WorldAPI Security in a Microservices World
API Security in a Microservices World42Crunch
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at RuntimeInjecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at RuntimeAjin Abraham
 

Was ist angesagt? (20)

WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
The Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API WorldThe Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API World
 
Five Principles to API Security
Five Principles to API SecurityFive Principles to API Security
Five Principles to API Security
 
API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.API Security Guidelines: Beyond SSL and OAuth.
API Security Guidelines: Beyond SSL and OAuth.
 
OWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps DaysOWASP API Security Top 10 - Austin DevSecOps Days
OWASP API Security Top 10 - Austin DevSecOps Days
 
APIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementAPIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API Management
 
REST API Security by Design with Azure Pipelines
REST API Security by Design with Azure PipelinesREST API Security by Design with Azure Pipelines
REST API Security by Design with Azure Pipelines
 
The Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIsThe Dev, Sec and Ops of API Security - NordicAPIs
The Dev, Sec and Ops of API Security - NordicAPIs
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
 
Top API Security Issues Found During POCs
Top API Security Issues Found During POCsTop API Security Issues Found During POCs
Top API Security Issues Found During POCs
 
Are You Properly Using JWTs?
Are You Properly Using JWTs?Are You Properly Using JWTs?
Are You Properly Using JWTs?
 
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
Checkmarx meetup API Security - API Security in depth - Inon ShkedyCheckmarx meetup API Security - API Security in depth - Inon Shkedy
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
 
WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it! WEBINAR: Positive Security for APIs: What it is and why you need it!
WEBINAR: Positive Security for APIs: What it is and why you need it!
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security Testing
 
APIDays Paris Security Workshop
APIDays Paris Security WorkshopAPIDays Paris Security Workshop
APIDays Paris Security Workshop
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Applying API Security at Scale
Applying API Security at ScaleApplying API Security at Scale
Applying API Security at Scale
 
API Security in a Microservices World
API Security in a Microservices WorldAPI Security in a Microservices World
API Security in a Microservices World
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at RuntimeInjecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at Runtime
 

Ähnlich wie Open APIs Design

Best Practices for API Management
Best Practices for API Management Best Practices for API Management
Best Practices for API Management WSO2
 
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...apidays
 
Building an API Factory: Turn your APIs into Products
Building an API Factory: Turn your APIs into ProductsBuilding an API Factory: Turn your APIs into Products
Building an API Factory: Turn your APIs into ProductsNuwan Dias
 
[Workshop] Managing the API lifecycle with Open Source Technologies
[Workshop] Managing the API lifecycle with Open Source Technologies[Workshop] Managing the API lifecycle with Open Source Technologies
[Workshop] Managing the API lifecycle with Open Source TechnologiesWSO2
 
Inflectra 2017 Zürich User Summit
Inflectra 2017 Zürich User SummitInflectra 2017 Zürich User Summit
Inflectra 2017 Zürich User SummitAdam Sandman
 
Fisker Automotive 2015 UX1880 ASUG SAPPHIRE
Fisker Automotive 2015 UX1880 ASUG SAPPHIREFisker Automotive 2015 UX1880 ASUG SAPPHIRE
Fisker Automotive 2015 UX1880 ASUG SAPPHIREPeter Spielvogel
 
Building APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureBuilding APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureApigee | Google Cloud
 
Pivotal + Apigee Workshop (June 4th, 2019)
Pivotal + Apigee Workshop (June 4th, 2019)Pivotal + Apigee Workshop (June 4th, 2019)
Pivotal + Apigee Workshop (June 4th, 2019)Alexandre Roman
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0WSO2
 
Melbourne Virtual MuleSoft Meetup June 2022
Melbourne Virtual MuleSoft Meetup June 2022Melbourne Virtual MuleSoft Meetup June 2022
Melbourne Virtual MuleSoft Meetup June 2022Daniel Soffner
 
DevOps for SAP CPI presentation
DevOps for SAP CPI presentationDevOps for SAP CPI presentation
DevOps for SAP CPI presentationDaniel Graversen
 
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...WSO2
 
Continuous API Strategies for Integrated Platforms
Continuous API Strategies for Integrated Platforms Continuous API Strategies for Integrated Platforms
Continuous API Strategies for Integrated PlatformsBill Doerrfeld
 
DOES16 London - Gebrian uit de Bulten & Vincent van Kooten - The Road to Enab...
DOES16 London - Gebrian uit de Bulten & Vincent van Kooten - The Road to Enab...DOES16 London - Gebrian uit de Bulten & Vincent van Kooten - The Road to Enab...
DOES16 London - Gebrian uit de Bulten & Vincent van Kooten - The Road to Enab...Gene Kim
 
Six Steps to Build Successful APIs
Six Steps to Build Successful APIsSix Steps to Build Successful APIs
Six Steps to Build Successful APIsWSO2
 
Six Steps To Build A Successful API
Six Steps To Build A Successful APISix Steps To Build A Successful API
Six Steps To Build A Successful APIChris Haddad
 
Z sap boe-2016-techws-04_vs_fiori-app-with-eclipseluna-accessing-zsap-system
Z sap boe-2016-techws-04_vs_fiori-app-with-eclipseluna-accessing-zsap-systemZ sap boe-2016-techws-04_vs_fiori-app-with-eclipseluna-accessing-zsap-system
Z sap boe-2016-techws-04_vs_fiori-app-with-eclipseluna-accessing-zsap-systemNagendra Babu
 
Combining WSO2 API Manager with WSO2 BAM for billing in the energy industry
Combining WSO2 API Manager with WSO2 BAM for billing in the energy industryCombining WSO2 API Manager with WSO2 BAM for billing in the energy industry
Combining WSO2 API Manager with WSO2 BAM for billing in the energy industryWSO2
 
Generating Insights from WSO2 API Manager Statistics
Generating Insights from WSO2 API Manager StatisticsGenerating Insights from WSO2 API Manager Statistics
Generating Insights from WSO2 API Manager StatisticsWSO2
 
API Webinar November 18th 2014
API Webinar November 18th 2014API Webinar November 18th 2014
API Webinar November 18th 2014Yenlo
 

Ähnlich wie Open APIs Design (20)

Best Practices for API Management
Best Practices for API Management Best Practices for API Management
Best Practices for API Management
 
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
apidays LIVE Paris 2021 - APIGEE, different ways for integrating with CI/CD p...
 
Building an API Factory: Turn your APIs into Products
Building an API Factory: Turn your APIs into ProductsBuilding an API Factory: Turn your APIs into Products
Building an API Factory: Turn your APIs into Products
 
[Workshop] Managing the API lifecycle with Open Source Technologies
[Workshop] Managing the API lifecycle with Open Source Technologies[Workshop] Managing the API lifecycle with Open Source Technologies
[Workshop] Managing the API lifecycle with Open Source Technologies
 
Inflectra 2017 Zürich User Summit
Inflectra 2017 Zürich User SummitInflectra 2017 Zürich User Summit
Inflectra 2017 Zürich User Summit
 
Fisker Automotive 2015 UX1880 ASUG SAPPHIRE
Fisker Automotive 2015 UX1880 ASUG SAPPHIREFisker Automotive 2015 UX1880 ASUG SAPPHIRE
Fisker Automotive 2015 UX1880 ASUG SAPPHIRE
 
Building APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureBuilding APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft Azure
 
Pivotal + Apigee Workshop (June 4th, 2019)
Pivotal + Apigee Workshop (June 4th, 2019)Pivotal + Apigee Workshop (June 4th, 2019)
Pivotal + Apigee Workshop (June 4th, 2019)
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
 
Melbourne Virtual MuleSoft Meetup June 2022
Melbourne Virtual MuleSoft Meetup June 2022Melbourne Virtual MuleSoft Meetup June 2022
Melbourne Virtual MuleSoft Meetup June 2022
 
DevOps for SAP CPI presentation
DevOps for SAP CPI presentationDevOps for SAP CPI presentation
DevOps for SAP CPI presentation
 
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...
Runtime Governance with WSO2 Governance Registry integrated with WSO2 BAM and...
 
Continuous API Strategies for Integrated Platforms
Continuous API Strategies for Integrated Platforms Continuous API Strategies for Integrated Platforms
Continuous API Strategies for Integrated Platforms
 
DOES16 London - Gebrian uit de Bulten & Vincent van Kooten - The Road to Enab...
DOES16 London - Gebrian uit de Bulten & Vincent van Kooten - The Road to Enab...DOES16 London - Gebrian uit de Bulten & Vincent van Kooten - The Road to Enab...
DOES16 London - Gebrian uit de Bulten & Vincent van Kooten - The Road to Enab...
 
Six Steps to Build Successful APIs
Six Steps to Build Successful APIsSix Steps to Build Successful APIs
Six Steps to Build Successful APIs
 
Six Steps To Build A Successful API
Six Steps To Build A Successful APISix Steps To Build A Successful API
Six Steps To Build A Successful API
 
Z sap boe-2016-techws-04_vs_fiori-app-with-eclipseluna-accessing-zsap-system
Z sap boe-2016-techws-04_vs_fiori-app-with-eclipseluna-accessing-zsap-systemZ sap boe-2016-techws-04_vs_fiori-app-with-eclipseluna-accessing-zsap-system
Z sap boe-2016-techws-04_vs_fiori-app-with-eclipseluna-accessing-zsap-system
 
Combining WSO2 API Manager with WSO2 BAM for billing in the energy industry
Combining WSO2 API Manager with WSO2 BAM for billing in the energy industryCombining WSO2 API Manager with WSO2 BAM for billing in the energy industry
Combining WSO2 API Manager with WSO2 BAM for billing in the energy industry
 
Generating Insights from WSO2 API Manager Statistics
Generating Insights from WSO2 API Manager StatisticsGenerating Insights from WSO2 API Manager Statistics
Generating Insights from WSO2 API Manager Statistics
 
API Webinar November 18th 2014
API Webinar November 18th 2014API Webinar November 18th 2014
API Webinar November 18th 2014
 

Kürzlich hochgeladen

Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profileakrivarotava
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfRTS corp
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonApplitools
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Anthony Dahanne
 

Kürzlich hochgeladen (20)

Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profile
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024
 

Open APIs Design

  • 1. Sub$tle  text Last Updated: June 2014 VP,  Product  Management   Isabelle  Mauny APIs   Design  and  Development Thursday, June 26, 14
  • 2. 2 About  the  speaker... ๏ French  na)ve ๏ Living  in  Spain ๏ Works  mostly  with  Sri  Lanka ๏ 18  years  of  IBM,  4  years  in  startups ๏ Managing  the  overall  WSO2  porDolio ๏ Linux  command  line  user Thursday, June 26, 14
  • 5. Why  APIs  ? 5 Mobile  Apps  Development Marke)ng  channel Find  new  customers Drive  Innova)on Drive  Internal  Projects Integra)on  with  Partners Sales  Channel New  Product Thursday, June 26, 14
  • 6. Ok,  I  am  convinced...   Now  what  ?   6 Thursday, June 26, 14
  • 7. 7 ๏ Service  deals  with  implementa)on ๏ API  deals  with  subscrip)on  (consumer) ๏ Two  very  dis)nct  life  cycles  ! ๏ You  don’t  need  the  service  to  create  the  API... Services  and  APIs Thursday, June 26, 14
  • 8. 8 Building  a  Managed  API ๏ Crea)ng  APIs  (interface,  docs,  samples,etc.) ๏ Adver)sing  APIs ๏ Making  APIs  subscribe-­‐able  by  consumers ๏ Associa)ng  SLAs ๏ Securing  APIs ๏ Mone)za)on  and  Analy)cs Thursday, June 26, 14
  • 14. OAuth2 ๏ Standard  used  by  most  API  billionaires  (  TwiWer,  Facebook,  Google  for  example) ๏ Covers  authoriza)on  to  access  selected  informa)on/data  (scopes) ๏ Authen)ca)on  is  covered  using  OpenID  Connect  protocol ๏ Mul)ple  grant  types:  Authoriza)on  code  (below),  client_creden)als,  password,   SAML  ,  Kerberos) 14 Thursday, June 26, 14
  • 15. 15 Need  for  API  Versioning ๏ Need  to  support  API  evolu)on ๏ While  Maintaining ๏ Backward  compa)bility  -­‐>  Func)onality ๏ Rates/ThroWling  agreements ๏ Different  versioning  mechanisms Thursday, June 26, 14
  • 16. 16 API  Versioning  Strategies ๏ Version  as  a  query  parameter ๏ NeUlix  -­‐  hWp://api.neDlix.com/catalog/)tles/series/70023522?v=1.5 ๏ Google  Data  API  -­‐  “GData-­‐Version:  X.0″₺  or  “v=X.0″₺ ๏ Version  as  part  of  URI ๏ Salesforce  -­‐  hWps://na1.salesforce.com/services/data/v20.0/sobjects/Account/ ๏ TwiYer  -­‐  hWps://api.twiWer.com/1.1/statuses/men)ons_)meline.json ๏ Version  as  a  date  in  URI ๏ Twilio  -­‐  /2010-­‐04-­‐01/Accounts/{AccountSid}/Calls ๏ hWp://www.twilio.com/docs/api/rest/making-­‐calls ๏ Version  as  a   ๏ Custom  HTTP  Header ๏ Accept  Header Thursday, June 26, 14
  • 17. 17 You  can’t  manage   what  you  can’t  measure. Thursday, June 26, 14
  • 18. 18 Why  AnalyZcs  and  API  Management  are  important  together? ๏ Build  confidence  in  the  API  model ๏ Understand  your  customer   ๏ Help  manage  services  and  versions ๏ e.g.  understand  when  deprecated  services  can  be  re)red ๏ Plan  beWer ๏ Monitor  the  growth  of  aggregated  API  traffic ๏ Monitor  the  growth  of  specific  apps ๏ Make  sure  you  capture  all  events  right  from  beginning  of   project. Thursday, June 26, 14
  • 20. Deployment 20 API Management Layer Services Layer Applications Cloud Services Mediation Layer Services Composition Services Orchestration Thursday, June 26, 14
  • 21. Who  is  WSO2  ?   ๏ Open  Source  Middleware  PlaDorm   Provider ๏ All  products  are  released  under  Apache   2.0  License ๏ No  community  vs.  Enterprise  edi)ons ๏ Provides  Integra)on,  API  Management   and  Mobile  management  products ๏ 350+  people  in  Sri  Lanka,  USA  and   Europe 21 Thursday, June 26, 14
  • 22. References ๏ OAuth   ๏ hWp://blog.facilelogin.com/ 2013/02/why-­‐oauth-­‐it-­‐self-­‐is-­‐not-­‐ authen)ca)on.html ๏ hWp://openid.net/specs/openid-­‐ connect-­‐basic-­‐1_0.html ๏ WSO2  API  Manager ๏ wso2.com/products/api-­‐manager/ 22 Thursday, June 26, 14