1 / 55

CON8696 - Unlocking the Value of Your Enterprise IT Assets Through APIs

CON8696 - Unlocking the Value of Your Enterprise IT Assets Through APIs. Tim E. Hall Vice President, Product Management Oracle Fusion Middleware. Program Agenda. Overview of API Management Trends and Challenges, Yesterday, Today, and Tomorrow Choosing your Delivery Model & Terms of Service

bardia
Download Presentation

CON8696 - Unlocking the Value of Your Enterprise IT Assets Through APIs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CON8696 - Unlocking the Value of Your Enterprise IT Assets Through APIs Tim E. HallVice President, Product Management Oracle Fusion Middleware

  2. Program Agenda • Overview of API Management • Trends and Challenges, Yesterday, Today, and Tomorrow • Choosing your Delivery Model & Terms of Service • People, Process, & Tools • Learning from the Past • Unlocking the Value • Components of API Management • How to extend your investment to address API Management

  3. New Requirements Business User Empowerment Mobile Computing Cloud Computing

  4. Current Trends: Organizations Are Rapidly Leveraging REST-based APIs • Streamlined Operations and Maintenance • Empower the Mobile Workforce • Improved Employee Productivity • Enable Better Customer Service • Enable Better Responsiveness • Capture New Revenue Opportunities Business Drivers for “API” Exposure Security and Lifecycle Management are the primary barriers to adoption

  5. What is an Service?API!? What is a Service? Terminology, style, and reach Policies Artifacts Metadata Artifacts Metadata Policies

  6. What to Offer? API or Mobile App? API: Open Consumption Mobile App: Closed Consumption Offering?

  7. What to Offer? API or Mobile App? • Offering Services • Mobile App? • API? • Hybrid? • How much of the user-experience do you want to control? • How do you provide access for Developers? • Do you monetize your API? API: Open Consumption Mobile App: Closed Consumption Offering?

  8. Choosing Your Delivery Model & Terms of Service

  9. Terms of Service Formal Agreement is Required • Defines the Responsibilities • of the API Provider such as: • Uptime & Availability • Response Time • Support • Limitation of Liability • Defines the Responsibilities of the API Developer such as: • Security & Testing • Use Limits • Financial Obligations ($)

  10. Monetization of APIs Should I charge for my API? • Free • Provide unfettered access to content because it drives business • Deliver a capability and monetize the transaction itself Capability Content Free API • Fee-based • Content itself has value – you can’t give it away • Premium capability or revenue “sharing” Fee-Based Content Capability

  11. Example: Content Monetizing APIs • Fee-Based • Digital Media • Financial Data • Other High Value Data • Free • Location Information • Product Catalog

  12. Example: Capability Monetizing APIs • Free • Simple offerings • Indirect monetization (Ads) • B2B Supply Chains • Fee-Based • Premium offering • Proprietary Network Services • Payment Gateways

  13. People, Process, & Tools

  14. Capabilities & Tools What is API Management? • Breakdown the various aspects of the solution; requirements • Determine which parts you have • Determine which parts you need Lifecycle Management API Management Security

  15. Capabilities & Tools What is API Management? • Breakdown the various aspects of the solution; requirements • Determine which parts you have • Determine which parts you need Design Time Runtime Lifecycle Management API Management Identity Mgmt Security Mgmt &Monitoring Audit

  16. Capabilities & Tools Definition What is API Management? Creation • Breakdown the various aspects of the solution; requirements • Determine which parts you have • Determine which parts you need Content Mgmt Design Time Container Runtime Lifecycle Management Orchestration Community Mgmt API Management Virtualization Identity Mgmt Security Gateway Mgmt &Monitoring AuthN Audit AuthZ Problem Isolation Provisioning Key/Token Mgmt Analytics

  17. Capabilities & Tools Definition What is API Management? Creation • Breakdown the various aspects of the solution; requirements • Determine which parts you have • Determine which parts you need Content Mgmt Design Time Container Runtime Lifecycle Management Orchestration Community Mgmt API Management Virtualization Identity Mgmt Security Gateway Mgmt &Monitoring AuthN Audit AuthZ Problem Isolation Provisioning Key/Token Mgmt Analytics Capacity Billing

  18. Comparing API Management & SOA Governance Terminology & Perspectives • API Management • Catalog of available APIs • Automation to support consumption by developer • Developer specific usage reporting • SOA Governance • Catalog of available assets, services, artifacts • Automation to support creation process • Transaction-level drill-down and issue triage External Internal Lifecycle Security Monitoring Platform • Limited “infliction” of technology on consumers • Organization dictates technology options & alternatives

  19. What is the core issue? People! API Management and SOA Governance share the same goal Developer Community Management Communication Engagement Doc. Support On-boarding Blogs Terms of Service Error Handling Version Mgmt Access Mgmt Pricing Events Examples Forums Social Media

  20. Process: Adoption Patterns & Stakeholders For Initial Projects Portfolio ERP, Legacy App Portfolios Service/API Ownership DRIVEN BY PROJECTS Project Execution Operations Lifecycle Management Enforce Service Levels Enforce Policies Artifacts Blueprints & Patterns Architecture

  21. Process: Adoption Patterns & Stakeholders For SOA Governance & API Management (Broader Adoption) Portfolio People Service/API Portfolios Roles & Responsibilities ERP, Legacy App Portfolios Organizational Owner Service/API Ownership DRIVEN BY INITIATIVES Project Execution Operations Lifecycle Management Enforce Service Levels Shared Artifacts Enforce Policies Architectural Standards Enforce Platform Decisions Shared Foundation APIs Blueprints & Patterns Technology Architecture

  22. Process: Adoption Patterns & Stakeholders For SOA Governance & API Management (Increased Maturity) Financial Portfolio People Service Funding Model Projects Portfolios Service Usage Fees EA Group End to End Platform Funding Service/API Portfolios Roles & Responsibilities ERP, Legacy App Portfolios Organizational Owner Service/API Ownership Capacity Planning DRIVEN BY EXECUTIVES Project Execution Operations Lifecycle Management Enforce Service Levels Shared Artifacts Enforce Policies Strategic Platform Reference Architectures Data Ownership Architectural Standards Enforce Platform Decisions Data Standards Shared Foundation Srvcs Blueprints & Patterns Technology Data Quality Architecture Information/Content

  23. The Enterprise Architect’s Challenge Coordinate lifecycle setup across the infrastructure Restrict, throttle and manage Web services and REST APIs Coordinate on-boarding of developers Extend common Access and Authorization policies to all systems Connect mobile devices to existing enterprise systems Communicate, communicate, communicate…

  24. Learning from the Past

  25. Does this sound familiar? Early Adoption of APIs eerily similar to Web services Lack of documentation Exposure of underlying data model Current API Adoption Challenges Inconsistency of rules & behavior Security complexity

  26. Why invest in a catalog? We only have one API! Expand Over Time Start Simple Developer Community Management

  27. Unlocking the Value of Your Enterprise IT Assets

  28. Quick Review SOA Governance and Lifecycle Management Creation Efficiency, Reuse & Consolidation Definition Business/IT Alignment Architects Designers BusinessOwners Developers & Integrators Artifacts Metadata Policies Monitoring & Management Production Assurance for SLAs Security Systematic Enforcement of Policy Security Engineers IT Operations Release Management Consumer Provisioning

  29. API Management Reference Architecture SOAP/RESTand LegacyWeb Services Protocols HTTP, SOAP, REST, XML JMSFTP Developers REST Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt JWTOAM, SMBasic Auth, X.509 API Clients • What we have today in Oracle Fusion Middleware 11g • Support for RESTful services in Service Bus • Mediate security and other protocol differences between mobile client and target services (e.g. expose SOAP web service via RESTful interface) • Result caching of (read-mostly) target service invocations • Throttling of traffic to target services • Lifecycle Management and coordination across various infrastructure teams through Enterprise Repository • Consumption reports available through EM Cloud Control

  30. API Management Reference Architecture Automated Harvesting of SOA Composites, Services, etc. created Design-time Activities of Provider 1 SOAP/RESTand LegacyWeb Services Enterprise Repository Protocols HTTP, SOAP, REST, XML JMSFTP Developers SOAP/RESTand LegacyWeb Services Protocols HTTP, SOAP, REST, XML JMSFTP Developers Service Bus REST Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt JWTOAM, SMBasic Auth, X.509 Architect requests creation of REST-based proxy API Clients 3 Automated Harvesting of REST-based proxy 2 4 Architect adds terms of service, along with any additional documentation and metadata for REST-based API. API now ready for consumption!

  31. API Management Reference Architecture Developer: Design-time Activities SOAP/RESTand LegacyWeb Services Enterprise Repository Protocols HTTP, SOAP, REST, XML JMSFTP Developers SOAP/RESTand LegacyWeb Services Protocols HTTP, SOAP, REST, XML JMSFTP Developers Service Bus REST Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt API Portal Optional: Provider reviews & approves request for access JWTOAM, SMBasic Auth, X.509 API Clients 2 Developer browses the catalog and requests access to an API 1 Access Token Returned to Developer 3

  32. API Management Reference Architecture Runtime Activities Developer builds & publishes Mobile App Protocols HTTP, SOAP, REST, XML JMSFTP Usage reports can be accessed & reviewed SOAP/RESTand LegacyWeb Services Protocols HTTP, SOAP, REST, XML JMSFTP Developers 2 User interacts with mobile app 3 1 REST JWTOAM, SMBasic Auth, X.509 API Clients Usage Reports

  33. API Management Reference Architecture Questions at the edge SOAP/RESTand LegacyWeb Services Protocols HTTP, SOAP, REST, XML JMSFTP Developers Protocols HTTP, SOAP, REST, XML JMSFTP Developer Portal REST Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt JWTOAM, SMBasic Auth, X.509 API Clients API Gateway

  34. API Management Reference Architecture Developer Portal Protocols HTTP, SOAP, REST, XML JMSFTP Enterprise Repository Custom API Portal SOAP/RESTand LegacyWeb Services Protocols HTTP, SOAP, REST, XML JMSFTP Developers Service Bus API Gateway REST Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt JWTOAM, SMBasic Auth, X.509 API Clients Custom Portal invokes exposed APIs for: Developer Facing Content, User Registration, Application Registration, custom workflows 1

  35. API Management Reference Architecture Extended Solution with Oracle API Gateway SOAP/RESTand LegacyWeb Services Protocols HTTP, SOAP, REST, XML JMSFTP Developers Protocols HTTP, SOAP, REST, XML JMSFTP Enterprise Repository REST Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt API Portal JWTOAM, SMBasic Auth, X.509 API Clients Service Bus Oracle API Gateway

  36. Oracle API Gateway Key Capabilities • XML/API Threat Protection • Client-based throttling • REST API security (JSON schema validations, OAuth 2.0 Authorization server and client etc.) • API Key Management • Access control for heterogeneous deployment environments (.NET, Microsoft AD, Kerberos to SAML scenarios etc.) • Native and out-of-box integration with Oracle Access Management (OAM 11gR2 / OES 11gR2 etc.) and non-Oracle Access Management solutions (CA, IBM, RSA, Entrust, Microsoft etc.) • Support for Multiple Protocols (FTP/SFTP/JMS etc.)

  37. API Management Reference Architecture Repository API Portal 1 3 SOAP/RESTand LegacyWeb Services Protocols HTTP, SOAP, REST, XML JMSFTP Developers 4 Service Bus REST Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt JWTOAM, SMBasic Auth, X.509 API Clients API Gateway 2 • Oracle Enterprise Repository • Provides: • Back-office API catalog, content prep environment • API-Service dependency analysis • API lifecycle management • Oracle API Gateway • Exposes API’s to the external world, provides: • API Key generation/validation • Access enforcement • Rate Limiting / Client Throttling • Response caching • API virtualization in the DMZ • Security token & protocol mediation • Firewalling, method/parameter whitelisting • API aggregation & mash-up • API usage measurement & reporting • API Portal • External developer portal, sits on top of API repository & API gateway - provides: • “API marketplace” • Self service registration, onboarding • API documentation, forums, blogs, support • API testing tools • API Key delivery • Visualization of runtime usage metrics / monitoring • Bill presentment • Oracle Service Bus • Directly accessed by internal clients, provides: • Access enforcement • Routing, mediation, service throttling, response caching, versioning - abstracts backend services • Rich connectivity • Heavy duty payload transformations • API virtualization, protocol & security translation for internal apps 4 3 2 1

  38. D E M O N S T R A T I O N

  39. Oracle Enterprise Repository The System of Record

  40. Sample API Developer Portal Simplified Access Sample API Developer Portal

  41. Sample API Developer Portal User Registration Sample API Developer Portal

  42. Sample API Portal Integration with OER User Management

  43. Leverage OER for Asset/Artifact Model Simplified Access

  44. Leverage OER as Content Repository for Portal Lifecycle Management

  45. Sample API Developer Portal API Browsing – Content from OER Sample API Developer Portal

  46. Sample API Developer Portal API Browsing

  47. Sample API Developer Portal Testing

  48. Sample API Developer Portal Testing

  49. Sample API Developer Portal Reference Architecture Sample API Developer Portal Custom RESTful Wrapper for OER REX APIs Oracle Service Bus w/ Proxy Services(Test Instances) Oracle Enterprise Repository EJB Legacy Implementation (Test Instances) Custom Code Oracle Fusion Middleware Products Leveraged

More Related