This document summarizes an API trends and use cases presentation given by Wout Geldhof from Axway and Emmanuel Dupouy from SmartWave. It discusses how APIs have become ubiquitous due to digital transformation needs. Typical integration use cases presented include API gateways for security, service brokers for cloud integration, API governance for developer onboarding, and token mediation for authentication. Case studies demonstrate API solutions for digitalizing customer relationships, securing government access, and migrating services from an ESB to an API gateway. Challenges discussed include ensuring API management is suitable for any integration case and requiring new competencies to manage APIs.
7. |
From browser to ubiquity
February 2018API Workshop & Tech Lab 10
Smartphone
Tablet
Web Application
Internet TV
Social Media
Strategic
Partner
Integration
Connected
car
Innovation
Connected
house
API
API
API
API
8. |
Main project drivers
February 2018API Workshop & Tech Lab
Cloud Integration
B2B Integration Modernization internal services
Omni channel Integration
11
9. |
• A software intermediary that allows two
applications to talk to each other
• Treated more like products than code :
designed for consumption for specific
audiences, documented, versioned
• Adhere to standards (typically HTTP and REST),
that are developer-friendly, easily accessible
and understood broadly
• Stronger discipline for security and
governance, as well as monitored and
managed for performance and scale
What is an API / waiter?
February 2018API Workshop & Tech Lab 12
10. |
Systems of Record
Systems of
Engagement
CRM
ERP
Data
Warehouse
Channels, Apps,
and Devices
What’s needed?
Multispeed IT for efficiency, innovation, and agility
Full Lifecyle API
Management
February 2018API Workshop & Tech Lab 13
11. |
What’s needed?
Support for the digital business value chain
Enterprise Systems
Integration Team
Services
API Team
DeveloperApp APIUser
February 2018API Workshop & Tech Lab 14
14. |
Gateway
February 2018API Workshop & Tech Lab
• Link external apps to internal apps, with security, using SOA and APIs
Solution
Challenges
Identity Management
Authentication
Authorization
Audit
API Gateway
Services
Applications
Data
Backend Services
Messaging
Partners
17
15. |
Service Broker
February 2018API Workshop & Tech Lab
• An “outbound Gateway”
• Connects to services, partners, and the Cloud
Solution
Challenges
Applies
Security
Services
Applications
Data
Backend Services
Messaging
API Gateway
Cloud and on
premise
Partners
Com Agency
18
16. |
CHALLENGES
• Expose API for Partner
from Palexpo ERP
• Securely share price list
with cash register for each
show
• Different partner types: on
premises and cloud
application
• Integration of cloud based
HR system
SOLUTION
• ESB to create service from
ERP Database and other
cloud solutions
• API Management to
secure service access
• One layer of virtualization
for all services
RESULTS
• Foundation for the future
based on standards : HTTP
RestFull, JSON
• Homogeneous governance
service strategy
• Solution simple to manage
and administrate
• Easy to add new services
in the platform
Digitalize relationship with customers
February 2018API Workshop & Tech Lab 19
17. |
On premise
Apps
External Apps
App A
Architecture
February 2018API Workshop & Tech Lab 20
API Gateway
Databases
Enterprise
Service Bus
Cloud
Apps
External Apps
DMZ INTERNAL
On premise
Apps
PALEXPO
Internet
Data access
services
API Manager IDP
Firewall
Database
INTERNET
19. |
Solution
Challenge
API Governance
February 2018API Workshop & Tech Lab
• Expose existing applications as APIs, securely.
• Onboard developers who want to use your APIs
API Gateway
Retailers
Communication employeesProducts designers
22
20. |
Challenges
• Auditory requirement
• Insecure API exposure with
sensitive data
• Knowing who’s accessing
API data
• Knowing available API :
target 100+
Solution
• API Gateway to secure
access to API in a single of
enforcement and
homogeneous security
policies
• Developer portal to mange
the usage of development
using API : oauth (client ID
and secret per application)
• Control API usage with
monitoring solution
• API Catalog to list and
document available API and
manage life cycle
Benefit
• Improved security
• Better API governance with
clearly defined roles and
responsibilities : Architect,
API developer, API Manager,
Application developer
• Clear SLA
• Improved resources
allocation based on usage
• Easier API end of life
Swiss administration
February 2018API Workshop & Tech Lab 23
22. |
Token Mediation
February 2018API Workshop & Tech Lab 25
Identities TokensRepositories Authorization
Security Infrastructure
Extensive set of connectors to Security Infrastructure
Service Request
Service/User Credential
Validated Access
Throttled Request
External App
Identity Management
Authentication
Authorization
Audit
Transformed Response Standard Response
API Gateway
• Manage heterogeneous security infrastructure
Solution
Challenges
23. |
Retailer digitalization
February 2018API Workshop & Tech Lab
CHALLENGES
• Share sensible information
with retailers : stocks,
prices, product information
• Open access to internal ERP
• Identify each retailer and
share only the relevant
information
• Heterogeneous systems :
SAP, Dynamic, Custom
SOLUTION
• API Gateway to support
user authentication and
service enablement
• Service virtualisation with
connectors
• Integration with the
enterprise directory
RESULTS
• One single point of
information for retailers
• Worldwide solution
• Fresh information with a
direct access to the ERP
• No changes in existing
systems
• Secured transformation
26
+1
24. |
Architecture
February 2018API Workshop & Tech Lab 27
Active
Directory
Retailer Portal
Single Page
Application
USER BROWSER PRIVATE CLOUD
Retailer Portal
SAML IDP
API Manager Backend
Reverse proxy
+1
Internet
Load Application
Invoke Service
Navigate
Authenticate
HTTPS
SPSAML
Single Page
Application
JWTToken
SessionCookie
25. |
Challenges
• Enable login with
SuisseID to provide
legal assurance of
user identity
• Enable multifactor
authentication
• Provide a centralized
login for all
applications
Solution
• Based on axway API
Gateway
• Defined custom
integration for the
in-house MFA
solution : REST API
• Implementation of
the SuisseID
simplified due to
standard compliance
Benefits
• Legal assurance of
user identity for
medical sensitive
data
• Improved security
• Versatile solution for
future security
requirements
• Central logging and
audit
IMAD
February 2018API Workshop & Tech Lab 29
26. |
User
Referential
Service
External Apps
SuisseID IDP
Architecture
February 2018API Workshop & Tech Lab 30
API Gateway
User
Referential
Cloud
HR Application
Users
DMZ INTERNAL
Internet
Firewall
INTERNET
Firewall
1- HR Access Request
2 - Authentication
3 - User Attribute Evaluation
4 - Authorized Access
28. |
API Modernization / Integration
February 2018API Workshop & Tech Lab 32
Solution
Challenges
• Integrate with heterogeneous back end platforms
• Protocol and message mediation
• Service Modernization
Services
Applications
Data
Backend Services
Messaging
Services
Applications
Data
Backend Services
Messaging
HTTP
REST/SOAP
JSON/XML
FTP
JMS JMS
HTTP
REST/SOAP
JSON/XML
FTP
API Gateway
For Backend Service
29. |
Challenges
• Aging product
• Expensive licenses
• Difficult to reuse fragments
of solution
• 400 services to migrate:
80% of services are simple
data transfers
• Requires another product
for API management
Solution
• Migrate ESB services to API
Gateway
• Both systems are active
during the transition phase
to ease the migration
• Phased migration: services
are migrated and
decommissioned by lot
• 80% of services easily
migrated with a custom
migration tool
• 20% of services needs to be
re-developed in API
Gateway
Benefits
• Agile solution: focus on
configuration instead of
coding
• Cheaper TCO
• Controlled migration:
limited impact on clients as
service contracts are
retained
• Up-to-date market
standards: Integration in
the DevOps factory with
Docker container,
automated testing suite &
log mining solution
From ESB Migration to API Gateway
February 2018API Workshop & Tech Lab 33
+1
30. |
Architecture
February 2018API Workshop & Tech Lab 34
API Gateway
Scheduler
Integration flows
OS
JAVA
Maria DB
Messaging
schema
OS
RUN
Messaging
Framework
API
Manager
OS
Cassandra
JAVA
AdminUI
DockerDocker
32. |
• Is API Management suitable for any integration case?
• Enterprise Service Bus, Web Service and Asynchronous Messaging are not dead
• ESB best for VETO (Virtualization, Enrichment, Transformation, Orchestration)
• Does API Management requires news competencies?
• API require clearly defined competencies and involves many profiles
• Business owner: data management/ quality, SLA
• Security officer: technical & data
• Network engineer: separation of concern with WAF
• Integration specialist: internet standards
• Architects: to align business and IS
• API Manager: service granularity, lifecycle, documentation
Other challenges
February 2018API Workshop & Tech Lab 36