API was sonst? - Startseite | webcast.idg.de · salesforce.com Erste Version der Web API für die...
Transcript of API was sonst? - Startseite | webcast.idg.de · salesforce.com Erste Version der Web API für die...
1
API – was sonst?Worauf Sie beim API-Managementwirklich achten sollten
in Zusammenarbeit mit:Moderation: Detlef KorusFreier Journalist für COMPUTERWOCHE
2
Peter BrabecAPI Economy, Mobile & DataPower Business Unit Leader
IBM Europe
3
Björn BöttcherSenior Analyst –Data Practice Lead
Crisp Research
Industriekonzerne auf dem Weg ins digitale Geschäft
Vermessung der API-Economy
Quelle: Programmable Web, https://www.programmableweb.com/news/programmableweb-api-directory-eclipses-17000-api-economy-continues-surge/research/2017/03/13
2002amazon.com
Meilensteine in der Entwicklung der API Economy
2000Roy FieldingArchitectural Styles and the Design of Network-based Software Architectures
2000salesforce.comErste Version der Web API für die Automatisierung von Sales Workflows
2004flickr
2006Twitter / Facebook
2007Google
2008Twilio
2009Foursquare
2010Instagram
2010SwaggerErste Version von Wordnik
2014Swagger 2.0
2015OpenAPIInitiative gegründet und erste Spezifikation
2017OpenAPI 3.0Version 3.0.0-RC0 für Implementierer erreicht
20XYAutonomous APIGroßflächiger Einsatz von autonomen APIs
Typen von APIs
→ Use Case und Geschäftsmodell abhängig
→ Nicht jedes Unternehmen muss jeden Typ offerieren
→ Geschäftsmodelle und Ökosystem müssen passen
→ Kontrolle und Management muss unabhängig vom Typ implementiert werden
→ Bei öffentlichen APIs sind Limitierungen sehr wichtig (z.B. 10.000 Requests pro Tag und 5 Requests pro Sekunde)
Who is the Audience?▪ If you are not clear on the audience you have no clue what makes a good API▪ Early on more than 80% of API use cases are internal▪ APIs are the currency of Cloud and Mobile – often good places to start
What do they want?▪ Exposing “what you have” as an API isn’t particularly useful▪ Good APIs are simple to understand and use▪ There is an art to a “delightful API experience”▪ Many APIs may not last very long, that is an opportunity not a problem
Under what terms and conditions are you willing to share?▪ Un-managed APIs quickly lead to chaos▪ Business Ts&Cs are important (Plans)▪ Its not a one-way street, give and take▪ Make sharing easy
Three Questions Lead to Good APIs
https://developer.ibm.com/apimanagement/2015/05/07/how-to-get-to-two-speed-it/
API Economy: From the Consumer’s Perspective
In P
ers
on
Web
Site
APIs - Enabling the New Channel
Mo
bile
Ap
ps
Reach
Pa
rtn
eri
ng
B2
B
3rd
Pa
rty
Ap
ps
So
cia
l
Netw
ork
s
IoT
/
Devic
es
Extended Reach
Business APIs
Opportunity
Potential Customers
Business Offerings
Transactions, Data, Content, …
API Interaktionen
Probleme:
● Versionierung
● Skalierung
● Discovery
● Synchronizität
CreateMaschine stellt Interface bereit
DocumentMensch schreibt die Dokumentation
DiscoverMensch trifft andere
Menschen / forcht / sucht / ...UnderstandMensch liest Dokumentation und interpretiert diese
BuildMaschine wird beigebracht, das
Interface zu nutzen
CreateMaschine stellt Interface bereit & registriert es
DiscoverAPI Discovery Service
Autonomous APIs
Building Blocks:
● Wortschatz
● Registry
● Verständnis zur Laufzeit
● API Discovery Service
● Programmierung für den Wortschatz nicht für die DatenstrukturBuild
Maschine wird trainiert das Vokabular & den Discovery Service zu nutzen
APIs Value Chain: ChallengesN
ot H
ere
APIs – Strategische Aufgabe für CDOs, CTOs und CIOs
API StrategyAPI Design & Architecture
API Development
API Management
API Security
IBM API Connect: Components
15
{ }
{ }
NoSQL
{ }
{ }
NoSQL
API
Composition
Core
Business
Operations
Empowering
Digital teams
Systems of
Engagement
Business logic
Mobile PartnersSaaS
Offerings
API
Economy IoT XaaS
On-Premise
Clo
ud
aff
inity
“Low level” connectivity
EventsData
Synchronisation
Hyb
rid
Inte
gra
tio
n
API & Event Gateway
API & Event Gateway
API
CompositionEvents
Data
Sync.
“Digital” connectivity
SaaS
SoR(s)
Paper: http://ibm.biz/HybridIntRefArch Video: http://ibm.biz/HybridIntRefArchVideo
System
Of
Record
System
Of
Record
System
Of
Record
API Management – Strategische Aufgabe für CDOs, CTOs und CIOs
→ API Strategy:
Abstimmung mit Digitalstrategie / Unternehmensstrategie
Ableitung der Zielsetzung & KPIs
Planung von Ressourcen & Skills
Festlegung von Vorgehensweisen
Methoden, Guidelines und Technologieeinsatz
Konzepte für Community Building und Developer Evangelism
→ API Design & Architecture:
Data Discovery & Understanding
Konzeption der Plattform-Architektur
Definition der API-Struktur
Scoping und Spezifikation des API-Funktionsumfangs
Festlegung API Protocols, Message Formats und Application Level Semantics
API Management – Strategische Aufgabe für CDOs, CTOs und CIOs
→ API Development:
Prototyping, Testing und Implementierung der APIs
Überführung in ein agiles, aber klar definiertes Innovations- und Lifecycle Management
Unterstützung für unterschiedliche Entwicklungssprachen, Frameworks und Tools
→ API Management:
Lifecycle und Release Management
Security Management Data Governance
Policy Management
Documentation
Partner & Ecosystem Management
→ API Security:
Schutz der Daten
Schutz des Datenzugriffs
IBM API Connect: How it matches
Consumer
(Systems of Engagement)
External App
DeveloperInternal App
Developer
Partner App
Developer
Business Partner Apps
Mobile & Web Apps
Enterprise Internal Apps
Internet of Things
SecureAPI Policy Enforcement
Enterprise Security Traffic control & mediation
Workload optimizationMonitoring/Analytics Collection
ManageAPI Discovery
API, Plan, Product, Policy CreationAPI, Plan, Product Version & Lifecycle Management
Self-service App Developer PortalAPI Monitoring & Analytics
Subscription & Community Management
Create & Run (Node / Java)
Develop & Compose MicroservicesConnect Microservices to data sources
Build, deploy, scale MicroservicesMonitor & debug Microservices
Unified Node & Java Runtime Mgmt
z System / Legacy Apps
Cloud Service
Application Server
ESB / Middleware
Data Store
Providers
(Systems of Record)
AP
Icm
an
ag
ed
Mic
rose
rvic
es
Tra
ffic
Deployment Options:
Bluemix Public, Bluemix
Dedicated
Local
On Premise or
Customer Cloud
API Gateway
Secure & Control APIs
Pallette of operations (aka
policies)
Drag and drop policies onto canvas to create an assembly
to process incoming requests
E.g. security, rate limit, mediation, etc.
➢ Purpose-built, secure & scalable gateway to enforce API policies at runtime
➢ Comprehensive set of built-in security, traffic management & mediation policies
➢ Ability to define user-defined policies using JavaScript & XSLT
Monetize and Analyze APIs
• Analyze API runtime usage data to gain visibility and
insight• Powered by open source Elastic stack
• Understand API performance including call volume, error rates & response times
• Create custom dashboards & visualizations
• Analytics for both API provider and API consumer
• Enables chargeback or billing for API consumption
• Easily offload analytics to popular systems like Splunk & others using Syslog,
Kafka, Elasticsearch, HTTP
• Use Plans for Monetization for API Consumers• Integrate Payment platforms like Stripe
• Modern approach & intuitive user experience providing flexibility to define pricing
details
• Subscription pricing support to enable recurring payments, popular in SaaS go-
to-market strategies
• Analytics, customizable reports for detailed insights into revenue, usage of
monetized APIs
Complete Hybrid API Management and Gateway
solution
System of Record
On-premise
Enterprise Network
User
User
APIWeb
Systems of
Engagement
Secure
Gateway
(server)
DataPower Gateways
Secure GW
client
Secure
Gateway
(server)
Cloud Solutions
3rd party APIs
PaaS, SaaS
API Management – Auswahlkriterien
→ Deployment-Möglichkeiten
→ Einfacher Installations- und Konfigurationsprozess
→ Erfüllt die eigenen Anforderungen in Hinblick auf:
Autorisierung
Performance
Sicherheit
On-boarding
Reporting
→ Einfache Upgrade Mechanismen
→ Management Automation
API Economy Webinar: Understanding API
Economy Drivers, Use Cases and Architecture
Peter BrabecAPI Economy & DataPower Leader – IBM Europe
Tel.: +43 664 618 67 06
Mail: [email protected]
Create Run
ManageSecure
Senior Analyst | Data Practice Lead
Mail: [email protected]
Tel.: +49-561-2207-4080
Mobil +49-170-413 419 5
http://crisp-research.com
http://crisp-analytics.com
Twitter:
@Crisp_Research
@DoITDistributed