Digital transformation is a mandatory requirement for all enterprises in today’s consumer-driven economy. Once you accept this fact and evangelize it within your company, you need to start thinking about how to take steps towards becoming digital. The first step would be to expose your core functionality to a wider audience in a controlled and secure manner. The next step would be to have your value-added functionality ready to be seamlessly exposed. To do this you need to have a strong integration and API management strategy that goes hand in hand with each other. This workshop in Colombo - Focused on aspects of integration and API management in the context of digital transformation Discussed how to create a successful integration and API strategy for digital transformation Explored how WSO2 can help enforce your strategy

1. Setting the Foundation for Digital
Transformation
Through API Management and
Integration
Nuwan Dias
@nuwandias
Director - WSO2

2. Agenda
● What is Digital Transformation
● Why and How APIs play a key role in Digital Transformation
● API Management Overview
● API Management in Practise
● Discussion Forum and Future Plans
2

3. Digital
Transformation is all
about creating a
“Digital Experience”
for your customers

4. It’s not just about
becoming
“Paperless”

5. It Is The Age Of The Consumer
5
Source: Forrester Research

6. It’s about building a “Connected Experience”

7. U B E R
7
Add Diagram

8. Connected Experience - APIs Complementing Each
Other
8

9. A Digital Platform
9
People Apps
APIs and
Integration Services and
Data

10. OPEN TECHNOLOGY FOR AGILE DIGITAL BUSINESS
10
Platform enable your
digital business with
microservices and micro
integrations
Manage identity,
security, and privacy
across your digital
business
Make mobile and IoT
devices integral to your
digital business
Create real-time,
intelligent, actionable
business insights and data
products
Build internal and external
developer ecosystems
with an API marketplace

11. APIs hold the key to Digital Transformation
11
Build internal and external
developer ecosystems
with an API marketplace

12. 12
Present Day Enterprise Architecture
Analytics
Continuous-*
Security &
Access Management
API / Service discovery
Dev toolsDevops tools
Service router
API Gateway
Core
Microservices
Data
Container(s)
Delivery channels Digital Products
Messaging Channels Integration
MicroservicesExisting Services

13. 13
APIs are found in Every Layer

14. 14
The modern API
● RESTful & JSON savvy - being lightweight, REST style conformant
● Well documented - Methods, operations, responses, error codes etc
● Manageable (life-cycle, version)
● Discoverable - Searchable, testable
● Measurable
● Secured - Multiple security protocol support, transformable

15. WSO2 API Manager
Design, create, publish and manage APIs to
unlock the true value of your digital assets

16. 16
● Currently at version 2.1.0 with over 6 years of engineering improvements
across 15 stable releases
● Geo distributed and clustered deployments
○ In production at StubHub / Verizon / Motorola / BYU / BNY
● Same code base at WSO2 API Cloud running with four 9s uptime
● One major and 3 minor releases per year
● Automated deployment with puppet
● Containerized with Docker
Battle hardened

17. 17
WSO2 API Manager
● Available as a single
downloadable package
● Available as a cloud / SaaS
solution
● Flexible deployment choices
● High performance gateway
● API governance, marketplace
solution

18. 18
Cloud First or Start On-Prem
● Multi-tenanted, shared
everything
● WSO2 Hosted and managed
● Pay as you go
● Multi-region availability
● VPN tunnel to private DC
● Guaranteed uptime
● Limited options in customizing
● Hybrid Cloud
● Privately hosted
● WSO2 managed
● Upgrades, patches installation
● Guaranteed uptime
● Full flexibility in customization
● Better control
● Self hosted
● Self managed
● Full flexibility
● Dev-ops learning curve
● Self managed upgrades
http://wso2.com/api-management/cloud/
https://docs.wso2.com/display/ManagedCl
oud/WSO2+Managed+Cloud+Documenta
tion

19. 19
Componentized

20. Creating an API
Designing or Publicizing an API
20

21. 21
● Start with an existing endpoint/contract or design and prototype a new API
● Exposing SOAP services (convert to REST or as a passthrough)
● Exposing streaming APIs (Websocket endpoints)
Creating APIs

22. 22
● API Design - Over the wizard & with swagger
Creating APIs

23. 23
● Point to a production backend or prototype at the gateway
Managed or prototyped

24. 24
Introducing the Developer Portal

25. 25
● Encapsulate the client application
● Associates OAuth2 keys
● Support different integration
patterns for application security
through OAuth grant types
● Pre-generated access tokens for
testing
Client Application

26. 26
Use Case: Digital Transformation
Initiative in the Hospitality
Industry

27. 27
● Hotel LaVilla wants to provide a
personalized user experience to its guests
through digital means to enhance user
satisfaction.
Business Objective

28. 28
The hotel wants to get rid of manual check-in
check-out processes which currently involve
human interaction and consumes a
considerable amount of time.

29. 29
• Create mobile app to handle check-in and
check-out
• Allow mobile app to control
– Door locking and unlocking
– Switch on and switch off lights
– Control window curtains
– Room service
– Reservation of hotel cars, spa, private dining
etc
Technical Requirements

30. Integration
30
Interface
Integration

31. 31
The hotel wants to provide a personalized user
experience to its guests by welcoming them by
their name and by setting up an environment
that reflects their personal choices on
entertainment, meals, travel, etc.

32. 32
● Expose selected APIs to external third party
app developers only.
● Ensure protected API’s resources are
accessible by allowed users only.
Technical Requirements

33. 33
Fine Grained Access Control

34. 34
The hotel wants to enhance its reach by
encouraging partner web sites such as
TripAdvisor, Booking.com, etc to advertise the
hotel and allow bookings through them.

35. 35
● Prevent guests’ credentials being entered at
third party apps/websites.
● Rate Limiting for the Reservations API by
partner.
Technical Requirements

36. Security: Access Delegation
● Secure Trusted Clients
● Secure Untrusted Clients
● Unsecure Clients
● System to System Auth/z
36
People Apps

37. 37
● Resource Owner Password Credentials
● Client Credentials
● Authorization Code
● Implicit Grant
OAuth2.0 Grant Types

38. 38
● The resource owner password credentials
grant type is suitable in cases where the
resource owner has a trust relationship with
the client (e.g., a service’s own mobile client)
and in situations where client can obtain the
resource owner credentials.
Resource Owner Password Credentials

39. 39
● This grant is suitable for machine-to-
machine authentication or for a client
making requests to an API that does not
require the user’s permission. This grant
should be allowed for use only by trusted
clients.
Client Credentials

40. 40
● The authorization code grant type is
optimized for confidential clients.
● This grant type is suitable when the
resource owner is a user and the client is a
website.
Authorization Code

41. 41
Authorization Code

42. 42
● The implicit grant type is optimized for
public clients known to operate a particular
redirection URI.
● It is mainly used for clients that are not
capable of keeping the client’s own
credentials secret; for example a 'JavaScript
only' application
Implicit Grant

43. 43
Implicit Grant

44. 44
● Ex: Enable Facebook login for your
Application
Federated Identity

45. Passthrough Security Context
45
Security
Rate
Limiting
Integration
Analytics
Gateway
Apps Services and
Data
Access Token Signed JWT

46. Security: Summary
● Authentication
● Single Sign On
● Federation
● Authorization
46
Authenticate via Facebook to Airbnb APIs

47. 47
Rate Limiting: Front End
● Monetization
● Burst Control
● Fair Usage Policy
● Geographical Distribution
● Distribution by Device Type
People Apps Gateway

48. 48
Rate Limiting: Back-End
● Prevent Total Service
Outage at Peaks
● Back-End Server
Maintenance Gateway
Services
and Data

49. 49
The hotel wants to look at current business
operational insights and identify the areas
need to improve as well as new business
enhancement opportunities.

50. 50
● Identify top users of the Reservations API for
giving them special offers.
● Identify new business patterns based on
API usage.
● Drill down into operational issues on APIs
● Detect abnormalities/frauds on taking
appropriate actions.
Technical Requirements

51. Analytics: Statistical Analysis
51

52. Analytics: Operational
● API Latency Distribution
● Alerting on Abnormalities
● API Health
52

53. 53
API Development Lifecycle

54. THANK YOU
wso2.com