SlideShare ist ein Scribd-Unternehmen logo

5 pillars of API Management

J
James Farley-Sutton

CA Technologies 5 pillars of API Management

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
5 Pillars of API Management with CA Technologies
Introduction: Managing the new open enterprise Realizing the Opportunities of the API Economy Across industry sectors, the boundaries of the traditional enterprise are blurring, as organizations open up their on-premise data and application functionality to partner organizations, the Web, mobile apps, smart devices and the cloud. APIs (application programming interfaces) form the foundation of this new open enterprise, allowing enterprises to reuse their existing information assets across organizational boundaries. Meeting the Challenges of Secure, Manageable API Publishing APIs empower enterprises to quickly repurpose IT systems, add value to existing offerings and open new revenue streams. It should come as no surprise, though, that exposing on-premise systems via APIs also creates a range of new security and management challenges. The term “API Management” refers to a set of processes and technologies that have emerged in recent years to help enterprises meet these challenges. API Management solutions aim to make it simple for even the most security-conscious organizations to open their information assets for use by partner organizations, third-party developers, mobile apps and cloud services, without impacting data security or the performance of backend systems. Full-featured API Management solutions also provide functionality for managing the developers who build applications that leverage enterprise APIs. 02
Overview: 5 Pillars of API Management Expose Enterprise Data & Functionality in API-Friendly Formats Convert complex on-premise application services into developer-friendly RESTful APIs. Protect Information Assets Exposed via APIs to Prevent Misuse Ensure that enterprise systems are protected against message-level attack and hijack. Authorize Secure, Seamless Access for Valid Identities Deploy strong access control, identity federation and social login functionality. Optimize System Performance & Manage the API Lifecycle Maintain the availability of backend systems for APIs, applications and end users. Engage, Onboard, Educate & Manage Developers Give developers the resources they need to create applications that deliver real value. 03
Expose Enterprise Data & Functionality in API-Friendly Formats Convert complex on-premise application services into developer-friendly RESTful APIs WHAT WHY HOW Enterprise data and applications typically comprise a complex web of standards, protocols, programming languages and file formats. The first stage of API Management is presenting these diverse information assets in a format that developers can understand and leverage. Commonly, this means publishing application programming interfaces that employ the REST protocol (“RESTful APIs”). On-premise systems commonly rely on application services delivered in proprietary formats too verbose to work efficiently via the Web or mobile apps. Application services associated with the common SOA (service oriented architecture) style generally employ the SOAP protocol, whereas Web/mobile devs rely on REST. If APIs are not delivered in a format that internal and third- party developers can easily leverage, they will not facilitate the creation of any truly valuable new applications. The most effective API Management solutions include functionality for presenting legacy enterprise services as RESTful APIs. Typically, this will involve using a SOA or API Gateway to automatically convert data from the SOAP-based services into RESTful APIs. To be truly effective, the Gateway should make it possible to efficiently compose RESTful APIs from “mash-ups” of multiple existing application services. 04 Learn More: API Tech Talk: Simplifying REST Adaptation.
Protect Information Assets Exposed via APIs to Prevent Misuse Ensure that enterprise systems are protected against message-level attack and hijack WHAT WHY HOW Opening up enterprise information assets for use in new applications exposes them to many of the same security threats that plague the Web (e.g. viruses, DoS attacks). Additionally, APIs create a range of new and unique security challenges that go beyond what enterprises are used to dealing with on the Web. Perhaps the most essential function of API Management is the creation of a security layer to ensure that hackers are unable to access, misuse or attack exposed systems. APIs are windows to applications and data, potentially providing hackers with a view into the inner workings of enterprise systems and a route to accessing those systems. This creates the increased possibility that hackers will be able to steal confidential data, hijack public-facing interfaces for nefarious purposes or crash critical systems. Conventional online security solutions designed for the Web do not cover all the potential threats created by API publishing, so specific API security must be implemented. Arguably the key function of the type of API Gateway mentioned above is to inspect and filter all API traffic to identify then neutralize common or emerging threats. To be effective, the Gateway should be designed and certified to tackle message-level, API-specific threats such as SQL Injection, Denial of Service attacks and viruses. The Gateway’s security functionality and threat profiles should also be easily updateable, to tackle new types of threats as they emerge. 05 Learn More: White Paper: Protecting Your APIs Against Attack & Hijack.
Authorize Secure, Seamless Access for Valid Identities Deploy strong access control, identity federation and social login functionality WHAT WHY HOW Any enterprise that wants to fully secure its APIs against attack must give developers a framework for controlling how users access enterprise assets via these APIs. This framework should balance backend security with end user experience by leveraging key identity and access management (IAM) standards such as OAuth. For the best balance, the framework should be able to use existing IAM infrastructure and allow end users to gain access via enterprise single sign-on (SSO) or social logins. Access control is the cornerstone of API security – the key is to prevent unauthorized users from gaining inappropriate levels of access to enterprise assets. OAuth is especially useful as it allows publishers to flexibly implement appropriate levels of security and federate identities from existing IAM systems and social accounts. Leveraging existing IAM infrastructure also cuts costs, reduces setup time and maximizes long-term manageability by preventing the creation of identity silos. An API Gateway should feature out-of-the-box functionality for building an API-centric access control infrastructure using key standards and existing resources. The Gateway should be able to integrate seamlessly with leading IAM systems like CA SSO, Oracle Access Manager, Microsoft Active Directory and IBM Tivoli. It should also include configurable templates for implementing access control, SSO and social login in typical use cases, based on OAuth and other key standards. 06 Learn More: EBook: 5 OAuth Essentials for API Access Control.
Optimize System Performance & Manage the API Lifecycle Maintain the availability of backend systems for APIs, applications and end users WHAT WHY HOW API traffic must be dealt with efficiently to ensure applications built against APIs work consistently and the performance of backend systems is not compromised. Data from backend systems must be delivered in lightweight formats, optimized for usage patterns and filtered appropriately. For long-term application viability, it is also necessary to carefully manage the lifecycle of APIs as they move through development, testing and production. The introduction of Web and mobile apps that leverage backend systems can lead to sudden growth in IT traffic that can result in crashes and consequent unavailability. It is vital to optimize the flow of API traffic, to ensure a satisfying and consistent user experience for developers, users of API- dependent apps and internal users alike. Managing the API lifecycle, meanwhile, is crucial to ensuring existing applications do not break when APIs, clients and operating systems are updated. An API Gateway used to compose and secure APIs is also ideally placed to control the flow of API traffic and manage the API lifecycle, to ensure availability and performance. For performance management, the Gateway should have functionality for easy-to-scale routing, service mediation, message caching, call aggregation and traffic compression. For lifecycle management, it should have features for dependency resolution and re-mapping plus automatic versioning, including roll-back to any previous version. 07
Engage, Onboard, Educate & Manage Developers Give developers the resources they need to create applications that deliver real value WHAT WHY HOW Much of the true value of an organization’s APIs comes from the developers who build Web and mobile applications or new enterprise systems against these APIs. It is essential to target developers with the tools and materials they need in order to discover, learn about, try out and build apps against the organization’s APIs. These developers may be internal employees, partners, contractors or independent “long-tail” devs. Each group will require a particular set of resources targeted at its needs. Developers are the lifeblood of any API publishing strategy. API publishers need devs to create apps that employees, partners and customers can actually use and benefit from. To get developers creating truly valuable applications, the publisher must be able to attract talented developers and provide them with the tools needed to leverage the APIs. The more engaging and interactive the tools provided by the API publisher to enable and educate developers, the more useful the applications these developers deliver will be. For internal and external developers alike, the most effective way to engage and educate developers is through a branded, interactive online portal. This portal should make it simple for developers to register for APIs and access interactive documentation, sample apps, code examples, testing tools and discussion forums. Effective API Management solutions include functionality that makes it simple to build a full-featured developer portal, pre-integrated into the API Gateway. 08
With Web, mobile and cloud technologies becoming increasingly essential to how the world does business, the API is emerging a key enabler for smart enterprises. To realize the value of APIs and avoid the pitfalls of exposing enterprise systems, it is vital to deploy technology that enables and simplifies key API Management processes related to service composition, security, performance optimization, lifecycle management and developer engagement. The CA API Management Suite provides all the components required for effective, enterprise-level API Management, including a range of API Gateways designed to simplify all key API security and management processes. The CA Management Suite also includes an API Portal for developer engagement and management and an OAuth Toolkit for ensuring secure, standards-based access management for enterprise APIs. Additionally, the CA Management Suite offers: • A choice of on-premise, cloud or hybrid deployments • Military-grade data and application security • Analytics on API usage • Operations management that can span distributed datacenters and clouds • Application adaptation and interface management with advanced SOA connectivity Conclusion: Deploying a Complete Solution for API Management 09
Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document “as is” without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringe- ment. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. The information and results illustrated here are based upon the speaker’s experiences with the referenced software product in a variety of environments, which may include production and nonproduction environments. Past performance of the software products in such environments is not necessarily indicative of the future performance of such software products in identical, similar or different environments. CS200-123757 CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. About CA Management The API economy is exploding, mobile devices are proliferating across the workplace and large organizations are moving critical IT infrastructure to the cloud. This is creating the need for technology able to securely connect with external developers, mobile apps and cloud services. CA Technologies is at the cutting edge of this red-hot market. CA Technologies’ industry-leading Gateway products make it simple for enterprises to share data with customers, mobile apps and cloud services. Delivered as hardware networking appliances, virtual appliances or as software, our products are helping large organizations open up to the Web, mobile networks and the cloud, without jeopardizing security or performance. In February 2013, the CA API Gateway was recognized as a Leader in the API Management space by top analyst firm Forrester Research, in its The Forrester Wave: API Management Platforms report.1 CA API Management is a key component of the solutions that CA Technologies provides for enterprises that need to secure and manage complex IT environments to support agile business processes. Learn more at ca.com/api. 1 Forrester Research, Inc., The Forrester Wave: API Management Platforms, Q1 2013, February 5, 2013

Empfohlen

CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerRajat Vijayvargiya
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management SolutionCA API Management
 
CA API Gateway
CA API GatewayCA API Gateway
CA API GatewayJames Farley-Sutton
 
Trends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonTrends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonCA API Management
 
5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer Apps5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer AppsCA API Management
 
Lessons Learned From Four Years of API Management Implementation Success at Unum
Lessons Learned From Four Years of API Management Implementation Success at UnumLessons Learned From Four Years of API Management Implementation Success at Unum
Lessons Learned From Four Years of API Management Implementation Success at UnumCA Technologies
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointCA API Management
 

Empfohlen

CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerRajat Vijayvargiya
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management SolutionCA API Management
 
CA API Gateway
CA API GatewayCA API Gateway
CA API GatewayJames Farley-Sutton
 
Trends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonTrends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonCA API Management
 
5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer Apps5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer AppsCA API Management
 
Lessons Learned From Four Years of API Management Implementation Success at Unum
Lessons Learned From Four Years of API Management Implementation Success at UnumLessons Learned From Four Years of API Management Implementation Success at Unum
Lessons Learned From Four Years of API Management Implementation Success at UnumCA Technologies
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointCA API Management
 
Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud ofCisco DevNet
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
Single Sign-On for Mobile
Single Sign-On for MobileSingle Sign-On for Mobile
Single Sign-On for MobileCA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Why APIs are not SOA++
Why APIs are not SOA++Why APIs are not SOA++
Why APIs are not SOA++Apigee | Google Cloud
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API ManagementApigee | Google Cloud
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...CA API Management
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014CA API Management
 
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2
 
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...CA Technologies
 
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays
 
Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022Ravi Tamada
 
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...apidays
 
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...CA Technologies
 
API First: Creating ecosystems instead of products
API First: Creating ecosystems instead of productsAPI First: Creating ecosystems instead of products
API First: Creating ecosystems instead of productsSteven Hoober
 

Weitere ähnliche Inhalte

Was ist angesagt?

Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud ofCisco DevNet
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...CA API Management
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014CA API Management
 
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2
 
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...CA Technologies
 
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays
 
Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022Ravi Tamada
 
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...apidays
 

Was ist angesagt? (20)

Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud of
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management Seminar
 
Single Sign-On for Mobile
Single Sign-On for MobileSingle Sign-On for Mobile
Single Sign-On for Mobile
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Why APIs are not SOA++
Why APIs are not SOA++Why APIs are not SOA++
Why APIs are not SOA++
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API Management
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
 
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case StudyWSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
WSO2Con ASIA 2016: Service Governance Meets API Governance: A Case Study
 
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
Pre-Con Ed: CA API Gateway: Developing Custom Policies to Secure Your Enterpr...
 
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
 
Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022Vizag Virtual Meetup #7: Trending API Topics for 2022
Vizag Virtual Meetup #7: Trending API Topics for 2022
 
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
APIdays London 2019 - Value in the API Economy: Insights from the world’s lar...
 

Andere mochten auch

Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...CA Technologies
 
API First: Creating ecosystems instead of products
API First: Creating ecosystems instead of productsAPI First: Creating ecosystems instead of products
API First: Creating ecosystems instead of productsSteven Hoober
 
API Driven Applications - An ecosystem architecture
API Driven Applications - An ecosystem architectureAPI Driven Applications - An ecosystem architecture
API Driven Applications - An ecosystem architectureWSO2
 
Case Study: General Motors Drives Innovation With APIs to Perfect the Connect...
Case Study: General Motors Drives Innovation With APIs to Perfect the Connect...Case Study: General Motors Drives Innovation With APIs to Perfect the Connect...
Case Study: General Motors Drives Innovation With APIs to Perfect the Connect...CA Technologies
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APIAkana
 
The API Lifecycle, from pre-production testing to post-production monitoring
The API Lifecycle, from pre-production testing to post-production monitoringThe API Lifecycle, from pre-production testing to post-production monitoring
The API Lifecycle, from pre-production testing to post-production monitoringPaul Bruce
 

Andere mochten auch (7)

Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
Pre-Con Education: Changing End Points Getting You Down While Trying to Creat...
 
API First: Creating ecosystems instead of products
API First: Creating ecosystems instead of productsAPI First: Creating ecosystems instead of products
API First: Creating ecosystems instead of products
 
API Driven Applications - An ecosystem architecture
API Driven Applications - An ecosystem architectureAPI Driven Applications - An ecosystem architecture
API Driven Applications - An ecosystem architecture
 
Case Study: General Motors Drives Innovation With APIs to Perfect the Connect...
Case Study: General Motors Drives Innovation With APIs to Perfect the Connect...Case Study: General Motors Drives Innovation With APIs to Perfect the Connect...
Case Study: General Motors Drives Innovation With APIs to Perfect the Connect...
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle API
 
CA API Developer Portal
CA API Developer PortalCA API Developer Portal
CA API Developer Portal
 
The API Lifecycle, from pre-production testing to post-production monitoring
The API Lifecycle, from pre-production testing to post-production monitoringThe API Lifecycle, from pre-production testing to post-production monitoring
The API Lifecycle, from pre-production testing to post-production monitoring
 

Ähnlich wie 5 pillars of API Management

5 Pillars of API Management
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API ManagementRich Graham
 
Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practiceSanjay Roy
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfFahmiDzikrullah
 
API: Extracting Value
API: Extracting ValueAPI: Extracting Value
API: Extracting ValueTrustRobin
 
Microservices&ap imanagement
Microservices&ap imanagementMicroservices&ap imanagement
Microservices&ap imanagementpramodkumards
 
Role of API Gateways in API Management.pdf
Role of API Gateways in API Management.pdfRole of API Gateways in API Management.pdf
Role of API Gateways in API Management.pdfBahaa Al Zubaidi
 
Meetup 2022 - API Gateway landscape.pdf
Meetup 2022 - API Gateway landscape.pdfMeetup 2022 - API Gateway landscape.pdf
Meetup 2022 - API Gateway landscape.pdfRed Hat
 
Securely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewaySecurely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewayZuaib
 
API Best Practices
API Best PracticesAPI Best Practices
API Best PracticesSai Koppala
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0sflynn073
 
API Management
API ManagementAPI Management
API ManagementProlifics
 
API Gateway_ A Quick Overview (1).pdf
API Gateway_ A Quick Overview (1).pdfAPI Gateway_ A Quick Overview (1).pdf
API Gateway_ A Quick Overview (1).pdfJamesToddSmith1
 
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...Techwave Consulting
 
What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?IQ Online Training
 
Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28floridawusergroup
 
IBM API management Philip Little
IBM API management Philip LittleIBM API management Philip Little
IBM API management Philip LittleValeri Illescas
 

Ähnlich wie 5 pillars of API Management (20)

5 Pillars of API Management
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
 
5 Pillars of API Management
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
 
Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practice
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdf
 
API: Extracting Value
API: Extracting ValueAPI: Extracting Value
API: Extracting Value
 
Microservices&ap imanagement
Microservices&ap imanagementMicroservices&ap imanagement
Microservices&ap imanagement
 
API Connect from IBM
API Connect from IBMAPI Connect from IBM
API Connect from IBM
 
Role of API Gateways in API Management.pdf
Role of API Gateways in API Management.pdfRole of API Gateways in API Management.pdf
Role of API Gateways in API Management.pdf
 
TEC-Roundtable-API
TEC-Roundtable-APITEC-Roundtable-API
TEC-Roundtable-API
 
Meetup 2022 - API Gateway landscape.pdf
Meetup 2022 - API Gateway landscape.pdfMeetup 2022 - API Gateway landscape.pdf
Meetup 2022 - API Gateway landscape.pdf
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterprise
 
Securely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewaySecurely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gateway
 
API Best Practices
API Best PracticesAPI Best Practices
API Best Practices
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
 
API Management
API ManagementAPI Management
API Management
 
API Gateway_ A Quick Overview (1).pdf
API Gateway_ A Quick Overview (1).pdfAPI Gateway_ A Quick Overview (1).pdf
API Gateway_ A Quick Overview (1).pdf
 
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...
 
What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?
 
Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28
 
IBM API management Philip Little
IBM API management Philip LittleIBM API management Philip Little
IBM API management Philip Little
 

Kürzlich hochgeladen

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 

Kürzlich hochgeladen (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

5 pillars of API Management

  • 1. 5 Pillars of API Management with CA Technologies
  • 2. Introduction: Managing the new open enterprise Realizing the Opportunities of the API Economy Across industry sectors, the boundaries of the traditional enterprise are blurring, as organizations open up their on-premise data and application functionality to partner organizations, the Web, mobile apps, smart devices and the cloud. APIs (application programming interfaces) form the foundation of this new open enterprise, allowing enterprises to reuse their existing information assets across organizational boundaries. Meeting the Challenges of Secure, Manageable API Publishing APIs empower enterprises to quickly repurpose IT systems, add value to existing offerings and open new revenue streams. It should come as no surprise, though, that exposing on-premise systems via APIs also creates a range of new security and management challenges. The term “API Management” refers to a set of processes and technologies that have emerged in recent years to help enterprises meet these challenges. API Management solutions aim to make it simple for even the most security-conscious organizations to open their information assets for use by partner organizations, third-party developers, mobile apps and cloud services, without impacting data security or the performance of backend systems. Full-featured API Management solutions also provide functionality for managing the developers who build applications that leverage enterprise APIs. 02
  • 3. Overview: 5 Pillars of API Management Expose Enterprise Data & Functionality in API-Friendly Formats Convert complex on-premise application services into developer-friendly RESTful APIs. Protect Information Assets Exposed via APIs to Prevent Misuse Ensure that enterprise systems are protected against message-level attack and hijack. Authorize Secure, Seamless Access for Valid Identities Deploy strong access control, identity federation and social login functionality. Optimize System Performance & Manage the API Lifecycle Maintain the availability of backend systems for APIs, applications and end users. Engage, Onboard, Educate & Manage Developers Give developers the resources they need to create applications that deliver real value. 03
  • 4. Expose Enterprise Data & Functionality in API-Friendly Formats Convert complex on-premise application services into developer-friendly RESTful APIs WHAT WHY HOW Enterprise data and applications typically comprise a complex web of standards, protocols, programming languages and file formats. The first stage of API Management is presenting these diverse information assets in a format that developers can understand and leverage. Commonly, this means publishing application programming interfaces that employ the REST protocol (“RESTful APIs”). On-premise systems commonly rely on application services delivered in proprietary formats too verbose to work efficiently via the Web or mobile apps. Application services associated with the common SOA (service oriented architecture) style generally employ the SOAP protocol, whereas Web/mobile devs rely on REST. If APIs are not delivered in a format that internal and third- party developers can easily leverage, they will not facilitate the creation of any truly valuable new applications. The most effective API Management solutions include functionality for presenting legacy enterprise services as RESTful APIs. Typically, this will involve using a SOA or API Gateway to automatically convert data from the SOAP-based services into RESTful APIs. To be truly effective, the Gateway should make it possible to efficiently compose RESTful APIs from “mash-ups” of multiple existing application services. 04 Learn More: API Tech Talk: Simplifying REST Adaptation.
  • 5. Protect Information Assets Exposed via APIs to Prevent Misuse Ensure that enterprise systems are protected against message-level attack and hijack WHAT WHY HOW Opening up enterprise information assets for use in new applications exposes them to many of the same security threats that plague the Web (e.g. viruses, DoS attacks). Additionally, APIs create a range of new and unique security challenges that go beyond what enterprises are used to dealing with on the Web. Perhaps the most essential function of API Management is the creation of a security layer to ensure that hackers are unable to access, misuse or attack exposed systems. APIs are windows to applications and data, potentially providing hackers with a view into the inner workings of enterprise systems and a route to accessing those systems. This creates the increased possibility that hackers will be able to steal confidential data, hijack public-facing interfaces for nefarious purposes or crash critical systems. Conventional online security solutions designed for the Web do not cover all the potential threats created by API publishing, so specific API security must be implemented. Arguably the key function of the type of API Gateway mentioned above is to inspect and filter all API traffic to identify then neutralize common or emerging threats. To be effective, the Gateway should be designed and certified to tackle message-level, API-specific threats such as SQL Injection, Denial of Service attacks and viruses. The Gateway’s security functionality and threat profiles should also be easily updateable, to tackle new types of threats as they emerge. 05 Learn More: White Paper: Protecting Your APIs Against Attack & Hijack.
  • 6. Authorize Secure, Seamless Access for Valid Identities Deploy strong access control, identity federation and social login functionality WHAT WHY HOW Any enterprise that wants to fully secure its APIs against attack must give developers a framework for controlling how users access enterprise assets via these APIs. This framework should balance backend security with end user experience by leveraging key identity and access management (IAM) standards such as OAuth. For the best balance, the framework should be able to use existing IAM infrastructure and allow end users to gain access via enterprise single sign-on (SSO) or social logins. Access control is the cornerstone of API security – the key is to prevent unauthorized users from gaining inappropriate levels of access to enterprise assets. OAuth is especially useful as it allows publishers to flexibly implement appropriate levels of security and federate identities from existing IAM systems and social accounts. Leveraging existing IAM infrastructure also cuts costs, reduces setup time and maximizes long-term manageability by preventing the creation of identity silos. An API Gateway should feature out-of-the-box functionality for building an API-centric access control infrastructure using key standards and existing resources. The Gateway should be able to integrate seamlessly with leading IAM systems like CA SSO, Oracle Access Manager, Microsoft Active Directory and IBM Tivoli. It should also include configurable templates for implementing access control, SSO and social login in typical use cases, based on OAuth and other key standards. 06 Learn More: EBook: 5 OAuth Essentials for API Access Control.
  • 7. Optimize System Performance & Manage the API Lifecycle Maintain the availability of backend systems for APIs, applications and end users WHAT WHY HOW API traffic must be dealt with efficiently to ensure applications built against APIs work consistently and the performance of backend systems is not compromised. Data from backend systems must be delivered in lightweight formats, optimized for usage patterns and filtered appropriately. For long-term application viability, it is also necessary to carefully manage the lifecycle of APIs as they move through development, testing and production. The introduction of Web and mobile apps that leverage backend systems can lead to sudden growth in IT traffic that can result in crashes and consequent unavailability. It is vital to optimize the flow of API traffic, to ensure a satisfying and consistent user experience for developers, users of API- dependent apps and internal users alike. Managing the API lifecycle, meanwhile, is crucial to ensuring existing applications do not break when APIs, clients and operating systems are updated. An API Gateway used to compose and secure APIs is also ideally placed to control the flow of API traffic and manage the API lifecycle, to ensure availability and performance. For performance management, the Gateway should have functionality for easy-to-scale routing, service mediation, message caching, call aggregation and traffic compression. For lifecycle management, it should have features for dependency resolution and re-mapping plus automatic versioning, including roll-back to any previous version. 07
  • 8. Engage, Onboard, Educate & Manage Developers Give developers the resources they need to create applications that deliver real value WHAT WHY HOW Much of the true value of an organization’s APIs comes from the developers who build Web and mobile applications or new enterprise systems against these APIs. It is essential to target developers with the tools and materials they need in order to discover, learn about, try out and build apps against the organization’s APIs. These developers may be internal employees, partners, contractors or independent “long-tail” devs. Each group will require a particular set of resources targeted at its needs. Developers are the lifeblood of any API publishing strategy. API publishers need devs to create apps that employees, partners and customers can actually use and benefit from. To get developers creating truly valuable applications, the publisher must be able to attract talented developers and provide them with the tools needed to leverage the APIs. The more engaging and interactive the tools provided by the API publisher to enable and educate developers, the more useful the applications these developers deliver will be. For internal and external developers alike, the most effective way to engage and educate developers is through a branded, interactive online portal. This portal should make it simple for developers to register for APIs and access interactive documentation, sample apps, code examples, testing tools and discussion forums. Effective API Management solutions include functionality that makes it simple to build a full-featured developer portal, pre-integrated into the API Gateway. 08
  • 9. With Web, mobile and cloud technologies becoming increasingly essential to how the world does business, the API is emerging a key enabler for smart enterprises. To realize the value of APIs and avoid the pitfalls of exposing enterprise systems, it is vital to deploy technology that enables and simplifies key API Management processes related to service composition, security, performance optimization, lifecycle management and developer engagement. The CA API Management Suite provides all the components required for effective, enterprise-level API Management, including a range of API Gateways designed to simplify all key API security and management processes. The CA Management Suite also includes an API Portal for developer engagement and management and an OAuth Toolkit for ensuring secure, standards-based access management for enterprise APIs. Additionally, the CA Management Suite offers: • A choice of on-premise, cloud or hybrid deployments • Military-grade data and application security • Analytics on API usage • Operations management that can span distributed datacenters and clouds • Application adaptation and interface management with advanced SOA connectivity Conclusion: Deploying a Complete Solution for API Management 09
  • 10. Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document “as is” without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringe- ment. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. The information and results illustrated here are based upon the speaker’s experiences with the referenced software product in a variety of environments, which may include production and nonproduction environments. Past performance of the software products in such environments is not necessarily indicative of the future performance of such software products in identical, similar or different environments. CS200-123757 CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. About CA Management The API economy is exploding, mobile devices are proliferating across the workplace and large organizations are moving critical IT infrastructure to the cloud. This is creating the need for technology able to securely connect with external developers, mobile apps and cloud services. CA Technologies is at the cutting edge of this red-hot market. CA Technologies’ industry-leading Gateway products make it simple for enterprises to share data with customers, mobile apps and cloud services. Delivered as hardware networking appliances, virtual appliances or as software, our products are helping large organizations open up to the Web, mobile networks and the cloud, without jeopardizing security or performance. In February 2013, the CA API Gateway was recognized as a Leader in the API Management space by top analyst firm Forrester Research, in its The Forrester Wave: API Management Platforms report.1 CA API Management is a key component of the solutions that CA Technologies provides for enterprises that need to secure and manage complex IT environments to support agile business processes. Learn more at ca.com/api. 1 Forrester Research, Inc., The Forrester Wave: API Management Platforms, Q1 2013, February 5, 2013