3. Adoption of cloud, analytics, mobile & social computing is forcing
organizations to open IT assets to new business channels
…and challenging them to rethink the way
they have traditionally approached security & control
Between 2005
and 2020, the
amount of data
in the world will
grow 300X, from
130 to 40,000
exabytes.
81% of adults
use personally
owned mobile
devices for
conducting
business
70% of
employees are
engaged in
social activities
both internally
and externally
73% of
organizations
discovered
cloud usage
outside of IT or
security
policies
9. 8
The app revolution
Apps are everywhere
The quantity and usefulness of
web and mobile apps has led to
an “app revolution” among
consumers and businesses alike.
Experience matters
Customers and employees now
expect a delightful and
seamless experience across all
interactions with a business.
Cloud makes it possible
Apps today can be stitched
together quickly with pre-built
assets. Cloud makes the API
economy possible.
Fundamentally changing the way we interact with technology.
And App development is
about Speed and Choice
14. Common API use cases
• Provide omni-channel access to business information for accelerating
internal app development
• Collaborate with business partners faster, in an open but secure &
managed way, while providing a complete self-service experience
• Power Mobile apps with enterprise data to innovate and provide high
value to customers
• Publish APIs publicly to drive innovation, tap into broad developer
ecosystem and promote brand
• Extend brand reach from Systems of Record to bridge to Systems of
Engagement
• Provide secure composite services in the Cloud
• Provide 3rd party Cloud services to app dev teams to achieve
centralized governance and cost optimization
• Enable new business channels by monetizing enterprise data
15. Public API initiative
Drive visibility and
innovation
Private API use
Drive scale
requirements
16. Public Partner Private
•APIs are open to any
developer who wants
to sign up
•Apps are more
targeted towards end
consumers
•The business driver is
fostering external
innovation, and quickly
enter new customer
facing ecosystems
•APIs are open to select
business partners
•Apps could be
targeted at end
consumers or business
users
•The business driver is
often linked to the
ability to automate
processes, exchange
data, and accelerate
partner on-boarding
•APIs are exposed only
to existing developers
within the enterprise
•Apps are usually
targeted at employees
of the enterprise
•The business driver
can be channel
consistency,
productivity through
re-use, and internal
innovation
APIs for whom?
17. • Drives Adoptions of
APIs
• Typically low valued
assets
• Drive brand loyalty
• Enter new channels
For Free
Facebook Login API
provides free
authentication for any
Web / mobile app
Example:
Developer Pays
Business Asset must be of
high value to the Developer
For example, marketing
analytics, news,
Capabilities such as credit
checks
Amazon EC2 Web Services
– APIs charge per usage to
launch and manage virtual
servers.
Example:
Developer Gets Paid
Provides incentive for
developer to leverage web
API
Ad placements
Percentage of revenue sold
product or services
Google AdSense APIs
pay developers who
include advertising
content into apps
Example:
Indirect
Use of API achieves some
goal that drives business
model.
E.g. Increase awareness of
specific content, or offerings
eBay Trading APIs offer
developers access to
trading services extending
the reach of listings and
transactions
Example:
The Business of APIs – Who pays?
18. API externalization
Multi-tenancy
Rate limiting
Runtime policy enforcement
API deployment
OAuth security management
Data transformation/redaction
Backend service discovery
Version management
Analytics support
Role-based access control
Environment management
Monitoring and notification
API exploration
Self-service sign up
Interactive API testing
App key provisioning
API usage analytics
Rate limit notification
Multiple dev communities
Real API Success = API externalization + realization
API realization
20. Securely expose your business to an internal/external developer ecosystem
Provide self-service API
portals to internal/external
app developers
Expose business services
securely as APIs to select
developer communities &
analyze API usage
Manage & monitor the
entire API platform
On-premise
private
Off-premise
SaaS
Off-premise
dedicated
Hybrid
IBM API Management
21. Where does API Management fit?
On-premise
private
Off-premise
SaaS
Off-premise
dedicated
23. Enabling businesses to join the API Economy
IBM API Management - on-cloud & on-premise
Engage with app developers through portals
• API exploration
• Self-service sign up
• Interactive API testing
• App & Key management
• API usage analytics
• Rate limit notification
• Multiple dev communities
• Build custom portal with blogs,
forums
• Define & Secure REST & SOAP APIs, Publish to multiple
developer portals & users, Analyze API usage &
performance
• A resilient integrated API runtime gateway infrastructure
with IBM DataPower Gateway for enforcement of
runtime policies to secure & control API traffic
• Seamlessly move APIs & Plans from public to private
cloud or on-prem for complete flexibility
Define, publish & manage APIs
• OAuth security management
• Backend service discovery
• API lifecycle management
• API subscription management
• Data transformation/redaction
• Rate limiting at Plan/Resource level
• API user & Plan management
• API deployment to Gateway
• API security enforcement
• API Analytics to gain business
insight
• Custom roles & role-based access
control
Manage API environment
• Administer & scale system
resources
• Monitor runtime health
• Multi-tenancy
REST APIs to extend/customize
• Developer Portal
• User onboarding
• Integration with API testing
tools (SoapUI NG Pro,
Ready! API)
• Integration with Content
Management System
(Drupal)
24. API Developer
• How do I assemble APIs?
• How do I manage security?
• Will the infrastructure scale?
• How do I measure
performance?
App Developer
• Where do I access
APIs?
• How do I understand the
APIs?
• How do I measure
success?
API Product Manager
• How can I rapidly release & update my
APIs?
• How do I publicize my API?
• How do I measure success?
Operations Lead*
• How do I manage all the
API Environments that are
being requested?
• How can I scale each
environment?
• How can I easily find and
fix issues?
API Success Requires Addressing Needs of
Multiple Stakeholders
* Not applicable to SaaS
25. Intuitively and iteratively define
APIs and associated policies
Rapidly assemble APIs via
configuration, not coding
Minimize risk with industry leading
security & scalability
Define
API
Developer
Assemble
Meter
SecureDeploy,
Test & Debug
Monitor
Scale
Version
24
API Developer: Create, Secure & Version APIs
Simple interface accelerates iterative API development & deployment
26. API Developer:
Assemble New APIs Through Configuration
Assemble a new API
by combining multiple
REST or SOAP
services into a
composite API
Provide examples of
the request and
response messages,
headers and
parameters
Drag and connect
linking the request and
response messages
Transform the
message elements
with a click
27. API Providers & Consumers:
Test API readiness with Ready! API plugin
Export:
Define new APIs in
Ready! API product by
uploading Swagger,
WADL, RAML, WSDL,
etc., and then test the
API.
Commit to a full
range of tests –
functional, load,
security
When ready, click a
button to
Export API to insert
the tested API into
API Manager UI
Import:
Use Ready! API
testing platform to
Import SOAP &
REST API definitions
directly from IBM API
Mgmt Dev portal for
unit/functional testing,
load testing, service
virtualization & more
Select any API from
Dev Portal
Auto-generate test
suite
Validate functionality
and resiliency
Virtualize for
application testing &
API Consumers API Providers
29. API Provider: “Productize” APIs using Plans
Introduce API Trial
Use
Free, limited plans
can be made available
alongside premium
plans
For example, a free
plan could be
unrestricted, and a
premium plan
restricted
Include multiple APIs
and Resources per
Plan
Version your Plans
Apply Rate Limit by
Plan or Resource
Reject calls when limit
reached
30. API Provider: Publish your APIs to multiple
developer portals
Multiple Developer Portals
API Manager
API Provider
App Developers
In group 1
App
Developers in
group 2
Securely share APIs/Plans with various
select developer communities
Fine grained plan deployment
Non-disruptive Publish: Replace a
currently published version of a Plan
without any disruption in API availability
31. API Provider: Gain Business Insights
• Pinpoint key
market
fluctuations and
find
correlations
related to your
business
• Analytics for
both API provider
and application
developer:
• Analyze
performance of
APIs
• Enables
chargeback or
billing for API
consumption
32. App Developer: Register application
Register new
application
Request
security keys
with enhanced
privacy
Deferred
retrieval of
client secret
33. App Developer: Analyze App Performance, Get notified
Monitor most
active
applications and
APIs
Rate limit
developer
notifications
34. IT Admin: Manage Overall Environment*
At-a-glance
server
utilization
metrics
Management &
Gateway
Server
utilization -
CPU, Memory,
Disk
Usage over
time available
by drilling down
* Not applicable to SaaS
35. Easily manage your APIs, in your private environment
design, secure, control, publish, monitor & manage
Explore API documentation
Provision application keys
Self-service experience
Developer Portal API Manager Management Console
Define and manage APIs
Explore API usage with analytics
Manage API user communities
Provision system resources
Monitor runtime health
Scale the environment
API Gateway
(IBM DataPower)
Enforce runtime policies to control API traffic
37. Developer
organizations
(consume APIs
develop Apps)
API Provider
organizations
Users
Cloud
system
admin
Clusters
of
servers
User registry
(identity provider)
email server
configuration
Anatomy of API Management
IBM /apimanagement 15
Developer
portal
API Manager
Cloud
Management
Console
39. IBM Interconnect 201538
Securely expose business services to
internal & external developer communities
• Easily assemble business APIs into a single
catalog & publish to custom social portals
• Manage APIs using IBM API Management in
Bluemix & share APIs with Bluemix developers
• Accelerate API creation, deployment &
invocation with Swagger 2.0 support
• Extract API usage & analytics data via API
• Leverage API Management Service delivered in
Softlayer with built-in failover, redundancy &
dynamic scaling
• Move APIs & Plans from public cloud to
private/on-premise for complete flexibility
IBM API Management v4
On-premise SaaS Bluemix
GA: Mar 20, 2015
40. IBM Interconnect 201539
39
IBM API Management v4
Lifecycle & Governance
• Swagger based API creation: Allows APIs to be imported from Swagger, deployed, and
invoked without any manual configuration steps to the API
• Co-Publish: Co-publish and supersede plans as well as manage plan subscription migrations
• Promotion Approval: Environment based configuration for approving plan lifecycle changes
• Plan Auto-creation & Wildcarding: Auto create plan when API is created with a reference
to all resources that are added to the API
• Enforced: Option to just publish APIs and not gateway enforce them
• Policy for SOAP: Ability to add/modify policies for SOAP Services
• Discover: Manage REST & SOAP services from System z and custom registries
Security
• Mutual Authentication: Out of the box support for custom certificates for backend
endpoints, LDAP, and SMTP servers
Assembly
• Error Handling: Ability to map errors returned from a Service call into a Response
Developer Portal (Drupal)
• Multi-factor authentication: Enabled in the Drupal based developer portal
• Search: Out of the box support for search and developer management
• Categorization: Flexible Plan/API multi-level classification
• CAPTCHA : Support to prevent automated programs from accessing the portal to enroll users
• Password Lockout
GA: Mar 20, 2015
42. IBM API Management on Bluemix
Enterprise API Management for all of your Bluemix APIs
Value: Secure, Control, Publish, Analyze and Manage your APIs. Discover APIs from
on premise sources.
2
Key Capabilities:
• Manage your APIs– Manage your Bluemix
APIs to allow secure, governed and monitored
usage
• API Discovery– Discover APIs from on prem
sources such as System Z and IBM Integration
Bus and publish them into Bluemix
• Socialize- Invite partners to consume and
interact via the Developer Portal and publish
into their Bluemix orgs
What’s new?
• A Bluemix service that seamlessly launches an
API Management experience to extend your
API reach
IBM Hybrid Integration Services
43. IBM API Management Service (SaaS)
Embrace the API Economy in the Cloud
• Design & Secure APIs, Publish to developer
portals, Analyze API usage & performance
• A resilient and highly available API runtime
infrastructure with built-in failover, redundancy &
dynamic scaling on IBM SoftLayer
• Seamlessly move APIs & Plans from public to
private cloud or on-prem for complete flexibility
• 30-day full feature trial, self-service pay with credit
card
• Grow as you need: Pricing based on API calls &
developer accounts with optional logging of API
payload
• Identical capabilities of on-premise
• Manage your APIs in Bluemix
• Share APIs with Bluemix developers
ibm.biz/apimsaas
Global Network
London
FrankfurtTokyo
Singapore
San Jose
Houston
45. Business Challenge
Business Challenge
External business partners retrieve flight information by scraping the
company’s website
Unauthorized access to full flight information , with no usage analytics
Delays in updating website – difficult for authorized partner to test
changes
Business Value
Enable secure exposure of APIs to External Business Partners, saving
the implementation cost of building a developer support
infrastructure with access management
Easily and securely connect company Website to new APIs
Enable secure Mobile app integration with Enterprise APIs
Large Airline in North America provides authorized access to
flight services
46. Business Challenge
Difficult for internal partners and developers to discover &
access key financial services
Lacked a standard ecosystem to manage internal partners
including global credit card companies and merchants
No visibility on Service consumption or ability to
chargeback for LoB use of Services
Example Apps
Leading Global Commercial Bank provides easy & secure access to
key financial services
Business Value
Offers 3rd party merchants secure standards-based access
to key business services as APIs, with a self-service
experience
Provides an internal ecosystem for partners and a central
repository with usage analytics
Drives innovation for Mobile application development
$
47. Leading European Auto Manufacturer provides innovative vehicle
connectivity with IBM API Management
Business Challenge
Offer innovative connectivity services to customers,
improve the driver experience, improve safety, and create
new revenue sources
Improve driving conditions with driver profiling, eco-
driving, fleet management, reduce accident risk
Collect data to monetize them for partners
Business Value
“Always connected” low-latency reliable communications
with the car systems/apps and customer mobile apps
Vehicle data APIs published on secure developer portal
Internal & external developers use vehicle data to develop
mobile applications
Drives innovation for Mobile application development
48. IBM MobileFirst
Platform for
iOS
Enterprise
Systems of
Record
Solution specific
components
Public APIs
Apple
IBM API Management
Enterprise Apps
for iOS devices
Mobile Apps for Enterprise Users, powered by APIs
• Design & Secure REST & SOAP APIs
• Publish to multiple developer portals & users
• Enforce security & control API traffic
• Analyze API usage & performance
On-cloud or On-premise
49. The API Provider’s Journey
Internal
developers
Partner developers
Public APIs
3rd party services
Public developers
Hackathons
Innovate, Motivate, Iterate
1
2
3
Freemium plans
Monetize
Chargeback
Pay
Private APIs
Partner APIs
Enterprise data
Application logic
Systems of Record
50. A successful API initiative requires end-to-end focus
APIs
Apps
Social Feedback and Communities
Marketplace
Self-Service Portal: Registration • Documentation • Sandbox
Security, Metering and
Control
API Design and Integration
Analytics and Monetization
API Lifecycle Management
Composition
Infrastructure Services
DevOps and App
Management
Mobile Services
Internal
Developers
Partner
Developers
External
Developers
Channels: Smartphones • Tablets • Desktops • Cars • TVs • Others
Services: Data • Processes • Applications
Cloud
54. Subscription and Support
A comprehensive product upgrade and Technical Support Solution that
helps you take advantage of all the new releases with a 24*7 technical
support.
IBM Software Subscription & Support
Excited about the new features?
Meet our Subscription and Support experts at Essential Services
Zone, Palm Foyer, Level 3, Mandalay Bay to learn how to get
your hands on these features.
56. 2.0
IBM API Management product updates
•Multi-tenant
on-premise
solution to
define,
assemble,
publish,
monitor REST
APIs
•Developer
portal to
easily
consume APIs
•DataPower
as the API
gateway
•SOAP support
•Manage various
dev
communities
•Simplified
deployment &
packaging
•Service
discovery from
WSRR
•Xen & PureApp
support
•Developer
portal
customization
•Multiple
Gateway cluster
support
2013 2014
3.0
•Interactive API
test on portal
•Developer
notifications on
rate limits
•APIs to
customize portal,
user mgmt
•Service
discovery from
custom registries
•Free 30-day SaaS
trial
•Buy SaaS with
credit card
•Monthly billing
•Self-service or
sales-assisted
3.0.2 3.0.3
•Viewer only
app developer
role
•Developer
onboarding by
invitation only
•Enhanced
privacy
•Application
suspension
•Support for
3rd party
authentication
providers
•Encryption of
Plans
Oct Nov
•Topology
flexibility
with mgmt
& data
traffic
separation
•Multi-
gateway
cluster
support on
single
gateway
appliance
•API usage
statistics at
a glance
3.0.1 Sep
•Scripted deploy
•Non-disruptive
publish
•API cloning
•SSL Mutual
Auth for UI
consoles
•Custom Roles
•REST API
discovery
•Assembly
debug
•Multi-site
•Custom portal
w/CMS
-Ready! API plug-in
-Tech preview:
Swagger import
3.0.4
Dec
57. Catalog APIs Management layer Gateway layerContent
Management
System
+
=
Build a Custom API Portal
…
Custom API Portal
API Provider can
-manage community content, blogs, forums
API User can
-view & interact with published APIs on API portal
-manage their apps
-report a problem
-participate in forums
59. Notices and Disclaimers (con’t)
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products in connection with this
publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM
products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to
interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any
IBM patents, copyrights, trademarks or other intellectual property right.
• IBM, the IBM logo, ibm.com, Bluemix, Blueworks Live, CICS, Clearcase, DOORS®, Enterprise Document
Management System™, Global Business Services ®, Global Technology Services ®, Information on Demand,
ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™,
PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®,
pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, SoDA, SPSS, StoredIQ, Tivoli®, Trusteer®,
urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of
International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on
the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
60. Thank You
Your Feedback is
Important!
Access the InterConnect 2015
Conference CONNECT Attendee
Portal to complete your session
surveys from your smartphone,
laptop or conference kiosk.