API Strategies in the Enterprise

Ross Mason @rossmason

Strategies for

APIs in the

Enterprise

About me

• Created the Mule project• Founded MuleSoft• API eye for the SOAP guy• Thingologist (thingology.org)

@rossmason

Why would an enterprise company buy ProgrammableWeb.com?

@rossmason

Web APIs are the

Playbook for the

enterprise

@rossmason

…or 13,000 ideas

to steal adapt

@rossmason

RESTful APIs

@rossmason

Open APIs are the tip of the iceberg

13,000

@rossmason

Open APIs are the tip of the iceberg

13,000

1,000,000sof APIsin the

enterprise

@rossmason

Enterprise APIs = API delivery at scale

- 3Cs: Clean, Clear, Consistent- Across teams, across orgs- Rapid creation, iteration, lifecycle

management

@rossmason

Enterprise SOA

- 3Cs: Clean, Clear, Consistent- Across teams, across orgs- Rapid creation, iteration, lifecycle

management

@rossmason

APIs in the Enterprise

Your APIs

Developer

Customers

Partners

AffiliatesMobile

Internal projects

Your Assets

@rossmason

What we see in the Enterprise

Your APIs

Developer

Customers

Partners

AffiliatesMobile

Internal projects

Your Assets

@rossmason

API types and business opportunities

Source: Forrester, Establish your API design, June 2013

@rossmason

APX: Between Form and Function

Application Programming eXperience

@rossmason

• Design for them• Iterate quickly• Model cleanly and consistently • Engage

Delight your API consumers

@rossmason

• Orchestrating service provider…

• …or core single-purpose service?

• Back end…

• …or front end?

• Straight-through proxy…

• …or new façade?

What is your value add?consumer devs

@rossmason

Think APX!

Don't expose dirty laundry

products

ordersinvoices

Craft it for your users: what will they love?

• This is a long-lived interface, • ladies and gentlemen

@rossmason

my focus today• SOAP and WSDL over HTTP• REST: HTTP taken seriously

• e.g. GET /users a page/data representing users• Mix & match:

• Google protocol buffers over HTTP• <something> over websockets

•API facades:• the RESTmullet (REST in front, SOAP in back)• mobile REST/GPB/MQTT on top of SOA

Forms of APIs

@rossmason

The 3Cs in Action(Clean, Clear, Consistent)

@rossmason

• Nouns: resources• Carefully consider your domain objects• Query params are refinements on resources• /users• /users?zip=94301&subscribed=true• /users/me• /users/5638• /users/5638/books• /users/5638/books/20467• /books• /books/20467

Practical REST, be Clear

@rossmason

• Verbs: methods

Practical REST, be Clear and Consistent

GET retrieve (idempotent!)

POST create in container

PUT update – replace (usually)

PATCH update – partial

DELETE remove

HEAD GET w/o body (headers)

OPTIONS metadata, e.g. methods

Status codes• Standardized• Use them!

• Don't return 200unless it's really OK

• No surprises please

Headers• Standardized• Use them!

@rossmason

•We like RAML: RESTful API Modeling Language

• Clean, clear, powerful• 100% natural & organic• Open, vendor-neutral• Practical• Pattern-based design

is built in

How to describe your specific API?

@rossmason

Clean, align to a logical model: users & groups

@rossmason

Clean, align to a logical model: eCommerce

@rossmason

collections and members

Consistent patterns: resource types

"special" id's

one-off resources

read-only resources

@rossmason

Consistent patterns: method traits

@rossmason

Be Clear: body schemas

or just use good ol' form data:

XML schema

JSON schema

examples@rossmason

Be Clear: security schemesusername/password; cleartext or use digest

end user allows app to access their data

better to put token in header, not query

the OAuth multi-step dance

@rossmason

Enterprise APIs

- 3Cs: Clean, Clear, Consistent (APX)- Across teams, across orgs (RAML.org)- Rapid creation, iteration, lifecycle

management (APIhub.com)

@rossmason

Good APIs aren't trivial

But with the proper approach…

…they can be your home-court advantage"First one home wins?"

"Deal"

"#$*%!"

@rossmason

Thank you

Twitter: @rossmasonCompany: http://mulesoft.com

API Strategies in the Enterprise

Technology

Transcript of API Strategies in the Enterprise

The OWASP Enterprise Security API

Enterprise Security API (ESAPI) 2.0 Crypto Changes

Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)

Creating an API Centric Enterprise

Architecture for the API-enterprise

SafeGuard Enterprise Management API

Establishing Your Organization's Enterprise Security API

Tech Talk: CA Live API Creator: Modern Integration Strategies—API Integration, Webhooks

Enterprise WAN Strategies Today

Implementing Enterprise API Management in Oracle Cloud

The Enterprise Knowledge Platform API€¦ · EKP 5.6: The Enterprise Knowledge Platform API April 2009 1 Overview The Enterprise Knowledge Platform exposes its data via an Application

Building an Enterprise API Strategy

API Management - Practical Enterprise Implementation Experience

OWASP Enterprise Security API

Enterprise API New Features and Roadmap

Enterprise Security API DOC

Building an Enterprise API Strategy - IBM Redbooks2 Building an Enterprise API Strategy Realizing an enterprise API strategy with IBM z/OS Connect Enterprise Edition Business strategy

Api architectures for the modern enterprise

API Design and Enterprise Mobile Apps

Creating an API Centric Enterprise - QConSP...Creating an API Centric Enterprise Solutions Engineer Lakmal Kodithuwakku 2 3 • API Management Vision • Solution Architecture •