This document provides a summary of an API trends and case studies presentation with the following key points:
1) It introduces API concepts and trends such as API economy, digital transformation drivers, and the role of APIs in integrating systems of record and engagement.
2) It presents four case studies on how different organizations used API management strategies to address challenges like partner integration, legacy system modernization, secure access to sensitive data, and subsidiaries integration.
3) The case studies demonstrate how API management provided benefits like simplified integration, improved security, reduced development costs, and better control over information systems.
8. | 8
API Economy – API-Consumer view
Composition for a single Service / Experience
CRM
M2M Backend
Internal
Location
Customers
Opportunities
Contracts
StatusMaintenance
Partner
Google Maps
Twillo
POI
…
Call
…
10. |
From browser to ubiquity
April 2018API Trends & Cases Studies 10
Smartphone
Tablet
Web Application
Internet TV
Social Media
Strategic
Partner
Integration
Connected
car
Innovation
Connected
house
API
API
API
API
11. |
Main project drivers
April 2018API Trends & Cases Studies
Cloud Integration
B2B Integration Modernization internal services
Omni channel Integration
11
12. |
• A software intermediary that allows two
applications to talk to each other
• Treated more like products than code:
designed for consumption for specific
audiences, documented, versioned
• Adhere to standards (typically HTTP and REST),
that are developer-friendly, easily accessible
and understood broadly
• Stronger discipline for security and
governance, as well as monitored and
managed for performance and scale
What is an API / waiter?
April 2018API Trends & Cases Studies 12
13. |
Systems of Record
Systems of
Engagement
CRM
ERP
Data
Warehouse
Channels, Apps,
and Devices
What’s needed?
Multispeed IT for efficiency, innovation, and agility
Full Lifecyle API
Management
April 2018API Trends & Cases Studies 13
16. |
Gateway
April 2018API Trends & Cases Studies
• Link external apps to internal apps, with security, using SOA and APIs
Solution
Challenges
Identity Management
Authentication
Authorization
Audit
API Gateway
Services
Applications
Data
Backend Services
Messaging
Partners
17
17. |
Service Broker
April 2018API Trends & Cases Studies
• An “outbound Gateway”
• Connects to services, partners, and the Cloud
Solution
Challenges
Applies
Security
Services
Applications
Data
Backend Services
Messaging
API Gateway
Cloud and on
premise
Partners
Com Agency
18
18. |
• Convention center managing
100+ shows per year
• Information system composed
of on premises and cloud
applications
• Limited IT budget and team (7)
• Share volatile information with
partners: price list, exhibitor
list
Context
• Automate information sharing:
remove manual actions
• Complex information access:
located in an ERP not designed
to expose data
• Many integration cases: cash
register, web site, mobile
• Sensitive information: Need to
limit access
Challenges
Case study 1: digitalize partners’ relationship
April 2018API Trends & Cases Studies 19
19. |
On premise
Apps
Web Site
App A
Case study 1: solution architecture
April 2018API Trends & Cases Studies 20
API Gateway
ERP
Database
Enterprise
Service Bus
Cloud
Apps
Cash Register
DMZ INTERNAL
On premise
Apps
Internet
Data access
services
API Manager IDP
Firewall
INTERNET
ERP
Mobile
20. |
• Simplified and accelerated partner data exchange: 7 API to
automate information sharing
• Improved data quality: no risk of human error by full
automation
• Low investment: less than 20 days
• Easy integration: no change in the existing applications
• Foundation for the future: Easy to add new services in the
platform and support current and future integrations
• Fresh data and internal systems protected: cache and
throttling functions to secure application exposition
Results
Case study 1: API Management for everyone
April 2018API Trends & Cases Studies 21
22. |
Solution
Challenge
API Governance
April 2018API Trends & Cases Studies
• Expose existing applications as APIs, securely.
• Onboard developers who want to use your APIs
API Gateway
Retailers
Communication employeesProducts designers
23
23. |
• MSC Mediterranean Shipping
Company
• Large, complex and distributed
information system
• Database architecture oriented
• Heterogeneous IT landscape
(due to acquisitions)
• Inter-office messaging via EDI
(300-700 messages/sec)
Context
• Distributed development
team: difficult to manage (120
people, 3 countries)
• Phased migration: to ensure
the continuous running of
legacy processes during
transition
• No global vision of services
• Multiple user authentication /
authorisation solutions
Challenges
Case study 2: Custom ERP overhaul
April 2018API Trends & Cases Studies 24
24. |
External Apps
Case study 2: solution architecture
April 2018API Trends & Cases Studies 25
API Gateway
API Manager
Subsidiary
Web
Application
DMZ HEADQUARTERInternet
Firewall
INTERNET
IDP
On premise
Apps
Back-end
Services
SUBSIDIARY
Cloud
Application
API Gateway
API Manager
API Portal
25. |
• Reduce application development time: Standardisation
promotes faster, more effective team communication
• Improved security: Alignment to standards and best
practices
• Simplified data access: Homogeneous APIs present data to
applications in a unified way
• API consumer comfort: API hides implementation specifics
to application developers
• Smooth application migration path: API consumers adopt
new API versions at their own pace
• Improved application quality: Audit functionality indicates
which legacy API versions are still in use
Results
Case study 2: One governance to rule them all !
April 2018API Trends & Cases Studies 26
27. |
Token Mediation
April 2018API Trends & Cases Studies 28
Identities TokensRepositories Authorization
Security Infrastructure
Extensive set of connectors to Security Infrastructure
Service Request
Service/User Credential
Validated Access
Throttled Request
External App
Identity Management
Authentication
Authorization
Audit
Transformed Response Standard Response
API Gateway
• Manage heterogeneous security infrastructure
Solution
Challenges
28. |
• Luxury industry
• 200+ retailers to manage
• Large and complex information
system
• Share sensitive information
with retailers : stocks, prices,
product information
Context
• Identify each retailer: share
only the relevant information
based on its profile
• Existing security solution: need
to keep the existing products
based on SAML
• Give access to internal micro
services : need to support
OAUTH
Challenges
Case study 3: Secure sensible information access
April 2018API Trends & Cases Studies 29
29. |
Case study 3: Solution architecture
April 2018API Trends & Cases Studies 30
Active
Directory
Retailer
Application
USER BROWSER
Retailer Application
Backend
IDP
Micro Services
Reverse proxy
F5
Internet
API gateway
INTERNALDMZ
SAML
OAUTH
Token Mediation
Service provider
30. |
• No change in the existing solutions: reuse of existing IDP
already in place
• Information segregation: end to end authentication
guarantees that each retailer access its own information
• No information leak: best practices and standards
enforcement guarantee highest security level even if
connected application are not designed for it
• Futureproof: support for the future identity standards
• Single point of information for retailers: fresh information
because of direct access to the IS
Results
Case study 3: Agile security!
April 2018API Trends & Cases Studies 31
31. |
API Modernization / Integration
Typical use cases
April 2018API Trends & Cases Studies 32
32. |
API Modernization / Integration
April 2018API Trends & Cases Studies 33
Solution
Challenges
• Integrate with heterogeneous back end platforms
• Protocol and message mediation
• Service Modernization
Services
Applications
Data
Backend Services
Messaging
Services
Applications
Data
Backend Services
Messaging
HTTP
REST/SOAP
JSON/XML
FTP
JMS JMS
HTTP
REST/SOAP
JSON/XML
FTP
API Gateway
For Backend Service
33. |
• Luxury industry
• 20+ subsidiaries
• Large and complex information
system
• Heterogeneous systems: SAP,
Dynamic, Custom
• Share sensitive information
with subsidiaries : stocks, price
list, product information
Context
• Distributed information
system: integrate remote ERPs
• Secure information transfer:
guarantee information will not
be corrupted and not
intercepted
• Manage remote sites:
distribute integration code
Challenges
Case study 4: Integrate subsidiaries information system
April 2018API Trends & Cases Studies 34
34. |
Headquarter
Application
Headquarter
Application
Case study 4: Solution architecture
April 2018API Trends & Cases Studies 35
Headquarter
ERP
Headquarter
Subsidiary A
ERP
Internet
Subsidiary A
Subsidiary A
Application
Headquarter
Application
API gateway
Firewall Firewall
API gateway
Subsidiary N…
ESB
35. |
• No change in the existing solutions : Integration capabilities
of API gateway are enough for light integration cases in the
subsidiaries
• Worldwide solution managed in one place: DevOps
practices to automate integration code distribution
• Simple secured solution: All security matter (encryption,
transport…) located in one place, the API Gateway
• Reduced maintenance and support workload: End-to-end
traceability facilitates problem investigation and resolution
Results
Case study 4: Simple integration, secured transactions
April 2018API Trends & Cases Studies 36
37. |
Better ROI on
existing IS resources
Open enterprise to
the world in a
secure way
Reduce cost to
onboard new
partners and
customers
Innovation on the
user experience by
combining own and
3th party assets
Enabling /
improving work
between different
technical teams
Improved control /
visibility on the
information system
No lock on
deployment model
(Cloud / On
Premises)
API Management benefits
April 2018API Trends & Cases Studies 38