Post on 12-Apr-2017
Apigee Overview05/05/2015
Apigee Edge: Overview
How many API calls do you make in a single day?
4
APIs Power Our Daily Lives
Music Streaming
Television Programming
Online Shopping
Navigation
Banking
Stock Quotes
Telecom ServicesMobile PhoneProvisioning
Photo Printing
Social Networking
Video ConferencingWeb Meetings
Online Gaming
Customer Support
Payments
In-Store Kiosks
Wifi Services
Prescriptions
Photo Sharing
Fitness Tracking
Events Ticketing
Grocery Shopping
Auctions
News
Books & Magazines
5
Each era delivers new innovation-based benefits
1960’s, 70’s 1970’s, 80’s 1990’s 2010’s
Web, SOAClient Server IoT, APIsMainframe
6
Device expectations
Greater user
choice
7
Two Speed IT rationalizes two IT realities
Intelligent API Platform Insights
Consumer Apps
Employee AppsPartner AppsSystems of Engagement
Pace of change
App Server
ESB / Integration / MOM
BI
CRM ERP Database Data Warehouse Data
Lake
Systems of Record
Digital Value ChainExposureConsumption
8
9
Edge across the value chain
analytics servicesAPI services
developer services
ExposureConsumption
Apigee Edge: Focus on the Complete API Lifecycle
10
Threat Protection
Test
Monetize
Scale Traffic
Maintain Availability
Update / Iterate
Publish APIs
Analyze
Develop
Deploy
Model
Access Control
Data Access
Real Time Monitoring
Document
Use
Run
BuildApigee Edge
Swagger
Node.js
Design
PackageIntegration
Configuration
Coding
TransformationQuota
Monitoring
Versions
Logging
Alerts
Debugging
Auditing
Load TestingStaging
DDoS
IdentityRoles
Portal
Developers
App Registration
Rate Plans
Documentation
Mobile Data
Activity Metrics
Push Notification
Zero Downtime
Low Latency
Geo-Distribution
Traffic Spikes
API Services
Edge API Services
12
BackendAppsAPI
Management
BaaSSecurity API Programmabilit
y
API Services
The best of Internet and enterprise technologies with rock-solid reliability, Internet scalability, and enterprise-grade flexibility
Manage APIs through Configuration & Programming
>30 out of the box policies
Policies can be attached at different points and levels
Delivering where developers are
Manage interactions with API consumers and optimize performance
Secure APIs and protect back-end systems from attack
Transform, translate and reformat data for easy consumption
Extend with programming when you need it
13
The power of policiesManage interactions with API consumers and optimize performance
Secure APIs and protect back-end systems from attack
Transform, translate and reformat data for easy consumption
Extend with programming when you need it
14
15
Programming flexibility to adapt
The “processing pipeline” is powerful and flexible
16
App Backend
API Services
• Enforce security• Validate request• Transform parameters and
payload• Translate between developer-
friendly APIs and back-end systems
• Build orchestration and optimization via node.js
16
API Proxies and Flows
http://apigee.com/docs/gateway-services/content/flow-configurations
17
Policies get attached to flows
18
19
End-to-end API Trace with replay simplifies debugging
20
Governance – Hierarchy of Resources
EnvironmentEnvironment
Management Server
Organization
Environment
• Users, Developers, Roles• API products• Applications and API keys• Analytics• Granular RBAC for Governance and development life cycle
• Resources (cache, …)• Client endpoint configurations• Target endpoints configurations
• Centralized control• Each API team (based on
their role) can login to Management server and perform variety of tasks:
• Create APIs• Create API Products
with different access levels
• Collect and use the Analytics for their KPIs and SLAs
• Manage local governance
• Manage the development life cycle
Developer Services
Apigee Instance
Demo: API Services – Creating an API Proxy
1. Look up weather using city name - http://weather.yahooapis.com/forecastrss?q=hong kong
2. XML to JSON3. Response Caching4. Trace – debug API calls5. Throttle API Traffic using Spike Arrest policy
What shall we build?
22
23
StartFinish
Shopper gets online store ad in email
Browses at shoe rack on the website
Adds it to his wish list on the website
Later he’s close to one of
their stores
Gets a push notification
that the shoe rack is in
stock
And if he places his
order now, he gets a
discount
He places the order. Chooses
in store pickup.
Picks up the item in store
bypassing checkout.
He receives a survey about
the item.He fills out the survey. His feedback is
posted.
A digital use case
Build Powerful, Modern Applications!
{API S
ervi
ces
A/B testing
Errors & Crashes
API Performance
Device Analytics
Custom Events
Session Analytics
Datastore
Location queries
Configuration Management
Push Notifications
Connections/Social
User Management
Partner Services
BaaS
API
MRP CRM
ERP HR
24
25
Scalable Persistence
26
Full-text Indexing
27
Graph Data Persistence: Entities & Connections
28
API Driven Data Access with Query
29
Users, Roles & Security made easy!
30
Location Queries
Demo: API BaaS – Location Query
32
Push Notifications
33
Flexible Notification Targets
34
Application Performance Management
35
Remote Application & SDK Configuration
36
Beta & A/B Testing
Demo: API BaaS - Building Social Mobile Apps
Developer Services
Edge Developer Services
39
API TeamDeveloperDeveloper
PortalModeling &
ManagementSmartDocs & API Sandbox
Monetization
Developer Services
BackendAPI
Management
BaaSSecurity API Programmabilit
y
API Services
Apps
Enable a great developer experience that accelerates API adoption, simplifies learning, and increases business value
API TeamApp Developer
Business User
Goals and Challenges
• How to create a developer portal that is useful and informative ?
• What steps to take to make it easy for developers to take the APIs for a spin ?
• How to easily publish fresh content for developers and promote events ?
• What tools are available to developers to engage with the API team efficiently ?
Build, enable and engage your developer community
• How to enable new or extend existing revenue streams with APIs ?
• What kind of revenue models can I implement ?
• How can I make it easy for developers to understand the models & consume them
• Is it easy to integrate the data back to my existing financial systems ?
Deploy business models for API Products
Goa
ls
Chal
leng
es
• Is it easy to learn and use the APIs ?
• How to understand better about the app performance on the device?
• Can I view data to easily on my API performance ?
• Can I contribute and engage with other developers easily ?
Build apps easily, analyze data and engage with other
developers
40
Digital Products out of APIs
41
Self-service On-boarding
42
Developer signs up and requests key
Key approval designation
Managekey requests
Add App
Developer ready to go
42
Equip developers better
API ModelingDescribe an API
structure
SmartDocsGenerate interactive
documentation
API-basedIntegrate with any
portal / CMS
Apigee Edge Developer Services
gh-pages
Other CMS
43
Build great developer experiences!44
Easy to UnderstandTraditional Documentation Interactive Documentation
Easy to Try Things OutExplanation of How things work Rapid Experimentation
East to ConsumeTraditional Web Services “REST” API
Analytics Services
Edge Analytics Services
53
API TeamDeveloperDeveloper
PortalModeling &
ManagementAPI Console Monetization
Developer Services
BackendAPI
Management
BaaSSecurity API Programmabilit
y
API Services
Apps
Ops Metrics
App Performance
Developer Metrics
Business Metrics
Analytics ServicesBusiness
User
Visibility across the digital value chain necessary to monitor, measure, and manage success
Relevant, Actionable and ExtensibleDashboards, Tools & Custom Reports
API AnalyticsDeveloper Analytics
App AnalyticsUser Backend
• API Traffic Patterns• API Performance• Geo location• Anomalies• Multiple metrics – traffic,
response times, errors, data exchange, etc.
• Top Developers • Developer
Engagement• Top API Users• Top Products• Top Apps
• App Performance• App Usage• API Performance• Filter by app
version, device, platform, OS, etc.
End-to-end visibility
54
Measuring progress and results
55
Product ManagerHow is API adoption?How can we improve?What is the business impact?
Business ownerWhat is the bottom line impact?How do we invest for best return?
OpsWhat is the response time per request?Do I need to allocate more resources at peak times?
App DeveloperHow are the APIs my app uses performing?How is my app adhering to API terms of use?
Custom example:
Request data used for analysis
Rich, flexible analytics services
56
API Program Proxy Performance
Latency Analysis
Partner Enablement
Business Transactions
Custom Reports
Top Performance
Cache Performance Error
AnalysisTraffic
Composition Geo Map Devices
Dashboards:
Request payload
data
Developer and App
dataCustom metrics
Reports and
Dashboards
Get started with built-in reports57
Custom reports can show a number of different measures and provide details based on a variety of different drilldown criteria
Define custom metrics and dimensions using virtually any attribute that defines traffic
Unmatched Customization & Flexibility
58
Access from anywhere
59
Summary & Closing
Apigee Edge
BackendApps
API Services
API TeamDeveloper
Developer Services
Monitor, manage, and measure successAnalytics Services
BusinessUser
Increase adoption and value of APIs
Build, manage, scale, and secure APIs and Apps
Enables digital business acceleration with a unified and complete platform built from the ground up for the digital economy
API Manageme
ntBaaSSecurity API
Programmability
API Services
Developer Portal
Modeling & Manageme
ntAPI
ConsoleMonetization
Developer Services
Developer Metrics
Ops Metrics
App Performan
ce
Business Metrics
Analytics Services
61
Thank you
Appendix: Security
64
Infrastructure and Compliance
Security Framework for EdgeAuthentication and
Authorization• Client-side security
features such as OAuth• Integration with custom
identity providers• Target-side security
Traffic Management
• Spike Arrest• Threat Protection• IP address based access
control
User Management
• Roles and Permissions• Request audit log• Pluggable authentication
• Cloud or on-premise implementation• Customizable SSL support• PCI / HIPAA / SOC 2• 24 x 7 x 365 Enterprise Support • Fault Isolation
64
65
Apigee Edge API Platform Security Checklist
Identity
User provisioning RBAC management Groups Identity provider
API SecurityAPI to Backend (Exposure) Secure communication (TLS – 1 way or 2 way) Authentication (TLS, OAuth, SAML) API Products with permissions Versioning Integration with Enterprise identity providers Logging and auditing
App to API (Consumption) Secure communication (TLS – 1 way or 2 way) – Mobile Vs
Partner Authentication (OAuth) API key with Product Scope Roles with Developer Keys (permission management) Quota Enforcement Logging policies and auditing
Threat Protection
XML/JSON Poisoning/Injection SQL Injection DDoS/App-DoS Attacks Quota/Spike Arrest IP based access restrictions
Infrastructure Security and Compliance
Cloud or on-premise Cloud-based security (AWS/other) SOC 2, PCI-DSS, HIPAA 24 x 7 x enterprise support
Analytics Run time detection reports (Volume based, Traffic properties)