I Love APIs Europe 2015: Technical Sessions

Welcome

GET » DIGITAL READY

Defining Digital Leading Digital Executing Digital�

Defining Digital

Digital business creates value by delivering a �connected digital experience �

to customers, partners and employees

The Web Didn’t Change Your Core Business��The Value Chain Has Stayed The Same

Raw materials Supplier R&D Marketing Sales Retailer Customer

Source: Forrester

Digital Transforms Your Fundamental Business

Nature of Market

Retail!

Music!

Cars!

CPG!

Books!

Food!

Cleaning!Services!

Consulting!

Mining!

Weightless

Intermediate

Nature of Product

2000s

2030s

Heavy

B2CB2B2CB2B2020s

Source: Gartner - CEOs and CIOs Must Assume That Every Industry Will Be Digitally Remastered, 2014, Raskino

The Paths To Digital

Digital �Business

Digitize �Operations

Digitize �Processes

Digitize �Business Models

Digitize Channels

Digitize Marketing

Revenue

External Focus

Internal Focus Margin

Source: Accenture - Growth Strategies for a Digital World, 2014, McDonald, McManus

Growth Strategies for a Digital World,Accenture - March 2014

Three Eras of Enterprise IT

Focus

Capabilities

Engagement

Outputs and Outcomes

IT Craftsmanship

Technology

Programming; "system management

Isolated; disengaged "internally and externally

Sporadic automation and innovation; frequent issues

Process

IT management; "service management

Treat colleagues as "customers; unengaged "with external customers

Services and solutions; efficiency and effectiveness

IT Industrialization

Business models

Digital "leadership

Treat colleagues as "partners; engaged "

with external customers

Digital business innovation; new types of value

Digitalization

We are here

IT Service Leadership for the Digital BusinessPublished: 10 July 2014Analyst(s): Suzanne Adnams, Debra Curtis

Leading Digital

Survey of executives in �200 large companies across �

30 industries

Three Keys to Digital Transformation.Apigee Institute Report

Digital Leaders Lead From The Top

CTO 26% CEO 30%

CIO 22%

CDO 7%

CMO 8% Other C-Level 3%

Other IT 2% Other Marketing 2% Other 2%

Traits Of The Highly Successful Digital Leader

Has experience managing across

departments.Can simplify complexity.

Will adapt quickly and flexibly to the market, internal needs, and

performance results.

Where Must The Leader Lead You?

Technology Changes

From

Governance Curation

Waterfall Agile

Virtualization Abstraction

To

IT Ops DevOps

Business Changes

From

Central Planning Edge Innovation

Control Context

Precise Execution Speed and Iteration

To

Prevention Encouragement

Executing Digital

Enterprises Need a New Stack

CRM

Days

Years

Consumer Layer

ERP Database

ESB / Integration

System of Engagement![API First Platform Approach]

Consumers Employees Partners

Data Warehouse Data LakeSystem of Record

Consumption Layer

API First

Monolithic Web App

Web Apps

App Server

Backend Services

API-adapted Web AppsConsumption focused

Web Apps

App Server

Backend Services

Other Apps

API

API-adapted SOAExposure focused

Web Apps

App Server

InternalServices

Other Apps

API

ESB

API-First Enterprise

Web Apps

App Servers BackendServicesESB

Mobile Apps

API Tier

All Apps

Security AnalyticsPersistence Orchestration

Other Apps

What Comes Next?

API Mass Customization

App “B”


App “A”

API Tier

App “C”

API “B”API “A” API “C”

Delivering an “Intelligent” Connected Experience

ability to" predict behavior

Intelligent connected

experiences

data

interactions

contextual time-based "journey analytics deep insights

Defining Digital

Leading Digital

Executing Digital�

Business Models

CxO Leadership

IntelligentConnected Experiences

Business = DigitalDigital = Intelligent Connected Experiences

Intelligent Connected Experiences = API First

Thank you

Keynote PanelistsKevin Gallagher, CIOChannel 4

Jack Ramsay, Director, Global Technology DeliveryAccenture

Paul Clark, Controller, Online, Pay & Interactive TechnologyITV

Alberto Prado, VP, Digital Innovation, Consumer LifestylePhilips

Morning Break��

General Hall / Main Concourse�(Sessions resume at 11:00)

API-First ArchitectureEd Anuff, Apigee !Bernhard Walter, Apigee !

@edanuffEd Anuff

Bernhard Walter

What do we mean by APIs?

The A in API is for Apps

Rich Clients(Visual Basic, Delphi, etc.)

Thin Clients (Web Applications)

Rich Clients (Mobile Apps)

HTTP

Browser

App

InternalExternal

Modern Server-side App

• Often runs in an App Server• Monolithic presentation and business logic• Hosted in an environment�

(often a virtualized container)

•  Increasingly lightweight

Backend API

App

Apps Need Resources

• Databases and storage•  Email services• Sometimes integration-based,�

but increasingly API-based

12-Factor Apps

MIT License

Adam Wiggins http://12factor.net/

IV. Backing ServicesTreat backing services as attached resources

Cloud Business Services

• Database-as-a-Service• Storage-as-a-Service•  Email-as-a-Service• MQ-as-a-Service

•  All are already in widespread use…

Internal Resources

• Many new resource services already are API-based

• Developers prefer to use APIs even with the added work of learning APIs versus ESB approaches

API

Front end

Backend API

App

InternalExternal

SDK API

Mobile API Architecture

CC-BY-SA

Device-Side App

Logic

Server-Side Application Logic &

Infrastructure

Clients

•  Mobile clients talking to server-side apps via an API» APP-SPECIFIC, OFTEN NOT REUSABLE» NOT INTEGRATION, NOT SOA

•  HTML5/JS and single page apps

API

Front end

Backend API

App API API AppApp

InternalExternal

App-to-App

•  API-centric: app developers expose their own APIs and learns others’ APIs

•  Integration: normalized data interchange•  Agility trade-off

API

Front end

Backend API

App API API AppApp

InternalExternal

API

Front end

Backend API

App

Partner App

3rd Party App

InternalExternal

App-to-External-App (API Ecosystems)

•  API design matters• New security concerns• Different metrics

Internal

API

Front end

Backend API

API API AppAppService Service Service

Service Service Service

Service Service Service

APIs

APIs

Micro service architecture

External

Micro-Services

• Components are services, not in-process objects

•  Allows polyglot programming•  Easier to scale component services individually

Evolving towards�API First

Monolithic Web App

Web Apps

App Server

Backend Services

API-adapted Web AppsConsumption focused

Web Apps

App Server

Backend Services

Other Apps

API

API-adapted SOAExposure focused

Web Apps

App Server

InternalServices

Other Apps

API

ESB

API-First Enterprise

Web Apps


Mobile Apps

API Tier

All Apps

Security AnalyticsPersistence Orchestration

Other Apps

What comes next?

API Mass Customization

App “B”


App “A”

API Tier

App “C”

API “B”API “A” API “C”

API Tier AnalyticsAll Channels

API Tier

All Backends

All Interactions

Analytics

CorrelationsCohortsConversionsSegmentationA/B & Multivariate

API Tier with Analytics

•  API adaptations needed for apps•  Enable developers for business•  Security for app-to-API•  App and behavior analytics

•  APIs architected for abstraction•  Enable developers for API use•  Security for API-to-backend•  API Analytics

APIAPI

App Consumption API Exposure

App Server Services App

Analytics

Summary

• What to ask when people say “we need APIs”• How to get to an API-centric Architecture• Where to go once you’ve become API-centric

Thank you

Insights: From Prediction to ActionAnant Jhingran, Apigee !Andrew Braithwaite, Laterooms !

66

Summary•  APIs and Other Channels contain extremely useful information about customer behavior.

•  Tapping into the sequence of events + profiles leads to better predictions

•  Understanding the journey leads to better optimization of the channel.

•  When the channel is APIs, one can learn and act in that channel.

•  Apigee Insights is our product for all of you to understand and predict customer journeys

•  Laterooms is using Apigee Insights to understand and adapt its APIs.

67

Customer View: A journey

68

Affecting Apps

69

Inform & Transact Learn & Adapt

Currently Journeys and Analytics happen in silos

70

Email Analytics

Mobile Analytics

Web Analytics

POS Analytics

Social Analytics

Call Center Analytics

Some happen through APIs

71

Email Analytics

Mobile Analytics

Web Analytics

POS Analytics

Social Analytics


Our Core IP

72

Email Analytics

Mobile Analytics

Web Analytics

POS Analytics

Social Analytics


GRASP Graph and Sequence Processing

time-sequenced graph analytics on Hadoop

Understand and optimize the customer journey

73

GRASP Graph and Sequence Processing

Customer Journey Analytics Customer Journey

time-sequenced graph analytics on Hadoop

And “act” back into the appropriate channel

74

Direct Mail

Email

Web

Mobile

Service

Predictive ModelsTargeting, Recommendations, Churn, Other Advanced

Context In Store 20% off

Free Shipping

Online 10% off

Sunny 0.72 0.52 0.33

Showers 0.56 0.81 0.55

Snow 0.20 0.33 0.67

What is more important – the who or the what?

Most Prediction Algorithms convert journey into profile attributes. That sucksAND

Tools for exploring journey patterns are very poor. That sucks

PROFILE =Male25 YearsTravels 20 miles/every day

JOURNEY =Received Mail, thenLooked at a Product, thenTweeted about it, thenBought it

GRASP enables predictive and descriptive analytics

76

1 A

Y

X

C D

B

2

GRASP

3

Predict likely outcome

Example:For User 3 who has completed Activity D, the likely outcome is either X or Y

Describe known facts

Example:For User 1 who has completed activity X, the intermediate activities are B and A

Descriptive (“roll back”), aka Explore Predictive (“roll forward”), aka Model

Users

Activity

A Scalable Data Structure with a Query Language that allows questions to be asked

Customer Data

Insights Architecture Overview

ModelingSDK

Hadoop

Modeling Workbench

R

Data �Scientist

queriesGraph Query�

Manager

Business User

Segments �Manager

GRASPA

Y

X

C D

B

ScoresPropensity Upgrade 10% Off Churn

User 1 0.72 0.68 0.33

User 2 0.56 0.23 0.55

User 3 0.32 0.45 0.67

User 4 0.20 0.32 0.18

User 5 0.44 0.69 0.22

API BaaS

API

Business User

API

End User Tools

Exact Target Web & Mobile

Customer Datastore Interface

Other

GQL allows you to query profiles + events

78

( $x _ * $y ) >> filter $x . hitType == " VisitOrderPage "

And Optimizes for execution on GRASP where possible

Visualize the journey followed by a specific class of consumers by tracing channel interactions and other events either forward or backward in time

The results of GQL can also be visualized

79

Using GRASP modeling algorithms in R Studio, create a model that would compute the propensity of a consumer to purchase a specific product category.

Prediction Models can be built on Profiles + Events

80

And Business Users can look at segments

81

82

IBC: proactive customer service with predictive analytics

“Apigee has helped us move from simply answering customers’ calls to proactively reaching out to our members before they have issues.”

Somesh Nigam, SVP and Chief Informatics Officer, Independence Blue Cross

•  $1.2B Medicare Advantage business

•  50+% Reduction in complaints to Medicare

•  Transformed from reactive to proactive customer service

•  Identified root causes for dissatisfaction

Put insights into action

83

•  Enable developers to build new adaptive apps and APIs

•  Enable business users and analysts to interact with predictive insights

•  Integrate predictive insights into existing apps and systems

Predictive

Insights

Business Value

85

Modeling Tools

Access to Raw Data

The key is “APIs” between the two parties

86

Developer Data Scientist

Allowing each party to iterate independently

Each has different worries

87


88

/recommendation

•  Popular Items /popularscores

•  Rule-Based

•  Profiles à Items (Manual)

•  Behaviors à Items (Manual)

•  Profiles à Items (Scores) /profilescores

•  Users à Items (Scores) /userscores

89

/userscores

•  Profile-based models

•  Ensemble-based Models

•  Multi-Channel Data

•  Event-Based Models

•  Model Maintenance/profilescores

Scientists and Developers

90

Direct Mail

Email

Web

Mobile

Service

Predictive ModelsTargeting, Recommendations, Churn, Other Advanced

Context In Store 20% off

Free Shipping

Online 10% off

Sunny 0.72 0.52 0.33

Showers 0.56 0.81 0.55

Snow 0.20 0.33 0.67


One Experience

Access expertise of world-class team of data scientists trained to derive actionable insights from Hadoop, API / real-time, and unstructured data

Benefit from experience gained from many successful enterprise deployments for market leaders

Complement internal efforts

Data Science Services

91

~100person-years of wasted

time

Streamline error / retry logic to increase

partner effectiveness

Develop category and device specific content to improve

engagement

Web Mobile

Brow

sing

Time Cat A

Cat B 2X

web vs. mobileconversion

Target abandoned users with email reminders to improve

checkout rate

Accelerate the development, delivery, and impact of predictive apps and APIs

Client Engagement Examples and Recommendations

92

Andrew Braithwaite

TLRG - A global leader in online accommodation

•  Through our brands – LateRooms.com, and MalaPronta.com – our vision is to give customers a hotel booking experience that provides more choice, better service and genuine innovation.

•  LateRooms.com is the UK’s leading online accommodation site offering fantastic deals in over 65,000 properties worldwide, ranging from bed and breakfasts to five star luxury hotels.

•  Founded in 2004, MalaPronta.com is one of Brazil’s leading domestic accommodation online travel agents, offering customers fantastic deals in more than 2,500 properties in destinations across Brazil.

93

TLRG - APIs•  Mobile

–  APIs power our mobile apps across multiple brands and devices.•  Acquisition

–  Hotels, Hotel Groups and Channel Managers can use our APIs make their stock available on our websites.

•  Distribution–  We have an extensive affiliate network. Our APIs allow affiliates to market our stock on their platforms.

•  Hotel Partners–  Our APIs give us a secure method of sharing booking information with our hotel partners.

94

Summary•  APIs and Other Channels contain extremely useful information about customer behavior.

•  Tapping into the sequence of events + profiles leads to better predictions

•  Understanding the journey leads to better optimization of the channel.

•  When the channel is APIs, one can learn and act in that channel.

•  Apigee Insights is our product for all of you to understand and predict customer journeys

•  Laterooms is using Apigee Insights to understand and adapt its APIs.

98

Thank you

LUNCH��


Understanding Apigee Products & Roadmap� Anant Jhingran, Apigee� Oliver Ogg, M&S

Apigee Enables Companies to Become Digital Businesses

102

Everything = Interconnected Interactions = Data

Modern software is built and operated differently

Developers = Growth

Why

AP

I Firs

t Guided by Our Core Architecture Principles

103

Private Cloud Equals Apigee Cloud Mission-Critical Operations

Isolation and Efficiency Optimized Infrastructure

State at Scale High Performance

Measure and Monitor Everything Continuous Improvement

Secure All Points of Engagement Trusted Interactions

Code & Configuration Developer Productivity

Use, Contribute, and Drive Open Source

How

The Intelligent API Platform

User

Apps

Developer

Analytics Services

Ops �Metrics

App Performance

Developer Metrics

Business �Metrics

Developer Services

Developer Portal

API �Console

Modeling & Management Monetization

API Services

API Management BaaSSecurity API �

Programmability

P A I API Team

Backend

Apigee Edge

P A I Adaptive Interactions

Segmentation & Profiling

RESTful APIs

Real Time Scores

Predictive Customer Journey Analytics

Customer Journey Analytics

Predictive �Modeling

Unstructured Data Processor

API Services

Time-sequenced Graph Database Data LoadersData Management

User

Apps

Developer

API Team

Data Scientist

Hadoop

Apigee Insights

Design

Share

Deploy

Code < >

Apigee 127

What

API First

105

API Tier All�

Backends

All Channels

Build Your Apps Using APIs We Built Our Own Product on APIs

Analytics Reports

Developer Portal UI

Monetization UI Management

UI

User Mgmt. AuthN / AuthZ

Monetization

Console

App Mgmt. Caching

Traffic Mgmt.

Analytics

API Mgmt. Persistence Logging

Metrics CollectionAP

Is

APIs

APIs

Automated Deployment

Custom BI Dashboard Data Import

Code & Configuration

106

Configuration Driven Proxy Definition Code Driven Proxy Definition

Complexity

Effort ConfigurationCode

Connections, Resources, Security,�Quotas, Policies (30+ OOTB)

Developer�Productivity

107

“Reduced time to first app

from 4 weeks to 6 hours”

- Apigee Customer

Security at All Points of Engagement

108

Backend

P A I

API TeamAPIsDevelopersAppsUsers

Mutual TLSIP Access Control

RBACAD / LDAP

Audit

QuotasSpike Arrest

Threat ProtectionIntrusion Detection

Bot DetectionDDoS

Access�Block

RevokeSSORBAC

API keyOAuth2

Mutual TLS

OAuth2MFA

Federated LoginIP Access Control

Measure and Monitor Everything

109

What You See

What We See

State at Scale

110

Traffic Analytics BaaS

clients targets

Scale without Compromising on LatencyTechnologies

Data TypesUser Data Device IDs Traffic Metrics Oauth Tokens Cache, Data

RequirementsLocation Queries Dimensional & Structured Analysis Fast Lookup & Eventual Consistency

Isolation And Efficiency

111

Region

Pod Pod

API Processing

Data

Management

Region

Pod Pod

UI, API Definitions, Users, Roles, System Configurations

Traffic IsolationIndependent Scaling

Simpler Administration

Low Latency

Another Media Company•  Apigee Cloud

•  100+ APIs•  700+ Apps•  1,200+ avg. TPS•  9+ TB analytics data

112

8x growth within 6 months No change in latency

Jan-13 Jan-14

API Traffic

Latency

Jun 2014 Dec 2014

400 Million

3.1 Billion

20 ms 20 ms

Private Cloud Equals Apigee Cloud

113

Apigee Cloud

Multi-Datacenter Deployment

Leading TelcoPrivate Cloud

1+ Billion calls / month

7 Regions, 19 Availability zones3000+ servers

~1/2 Billion transactions / day>99.9% API availability

~20 ms average latency

Private Cloud Equals Apigee Cloud

114

Monitoring Alerting

Diagnostics

Zero-Downtime�Updates

Multi-Region�Traffic Routing

Cross�Datacenter�

Failover

Apigee

Better�Product

Your Cloud

Operations Innovations

Retail Customers on Apigee Cloud

Nov 2014

Nov 20134x

Quickly scaled capacity�by 2x within 2 hours

Maintain 99.99%�service availability

�Zero impact to �

any other customer

Black Friday Holiday Traffic

Operations�Efficiency

116

“To do something similar

would have taken us many months”

- Retailer

AP

I Firs

t From Project to Platform

117

On-Premises Equals Cloud

Isolation and Efficiency

State at Scale


Secure All Points of Engagement


Project

Platform

The features and timing listed on the attached roadmap are at the sole discretion of Apigee, and should not be interpreted as a commitment to deliver.

Moreover, no promise or commitment is made as to whether the features will be included in future versions of our products, nor should it be assumed that any feature will be made available to customers currently on a support/maintenance contract if/when generally available.

Example Things We’re Working on What

Apigee Edge Apigee Insights

Apigee 127

WebSockets Better Private Cloud Deployment Proxy Inheritance and Chaining Full Swagger Support SmartDocs New Analytics Reports New Revenue Reports BaaS Performance …

Self-Service Algorithmic Expansion GQL Flexible Scoring Models Swagger Integration Bird’s Eye View of Journeys …

Self-Service Algorithmic Expansion GQL Flexible Scoring Models Swagger Integration Bird’s Eye View of Journeys …

Project Programme

Success?

Inspired by Simon Sinek’s TED talk

Our Approach

How

What

Why

AP

I Firs

t

Isolation and Efficiency

State at Scale


Secure All Points of Engagement


Project

Platform

Value to you

Roadmap

Thank you

API Design Dos and Don’ts�for your digital journeyOzan Seymen – Architect @Apigee !Nicola Cardace – Architect @Apigee !Ole Dallerup – VP of Engineering @Trustpilot !!

Topics

•  Developer Experience•  API Design Best Practices•  API Façade Pattern•  Non-functional aspects

132

Developer Experience

Developer Experience•  Application developers are the consumer of your APIs•  Success of your API is measured by how quickly developers can get up to speed with it and

start innovating

134

API Value Chain

Design for Usability�User Experience = Developer Experience

135

Developer Experience•  Increasing adoption

–  Pursuit of growth in API usage–  Pursuit of code reduction and reuse in application development

136

Help and support your developers�in their journey

137

Developer Experience•  Produce usable APIs that are consistent

and standards compliant•  Recognize developer touch-points

138

Developer’s Journey

139

Discovery Learning Interaction Support

Developer’s Journey - Discovery

140


141

Developer’s Journey - Discovery•  For internal or partners

–  direct and targeted communication–  internal registry

•  For public APIs–  advertise and link from main website to developer microsite–  email marketing–  conferences–  hackathon events–  social media

142

Communicate the value you are proposing

143

Developer’s Journey - Learning

144

Developer’s Journey - Interaction•  Hand in hand with learning•  Developers writing code to test a scenario – validating their understanding and assumptions

•  Provide client libraries, SDKs•  Provide API console

145

Developer’s Journey - Interaction

146

https://dev.twitter.com/rest/tools/console


147

http://apigee.com/docs/apigee-api-platform-console


148

http://developers.google.com/apis-explorer


149

http://open-platform.theguardian.com/explore/

Developer’s Journey - Support•  Continuous support to developers and their applications•  Adequate support channels

150

Developer’s Journey - Support•  Expose analytics that shows:

–  Level of activity and usage for the application–  Performance of the requests application is making–  Usage patterns of my application

151

Developer’s Journey - Support•  Expose API performance statistics•  Export API availability status

152

Design consistent and standards compliant APIs

153

HTTP MethodsMethod Safe Idempotent Cacheable Semantics

OPTIONS ✔ ✔ ✖ Options or requirements for a resource or capabilities of the server

HEAD ✔ ✔ ✔ Retrieve metadata information without contentGET ✔ ✔ ✔ Retrieve resource representation

POST ✖ ✖ ✖ Create new resourcePUT ✖ ✔ ✖ Replace resource

DELETE ✖ ✔ ✖ Delete resourcePATCH ✖ ✖ ✖ Partial modification to resource

154

Safe: intended only for information retrieval and should not change the state of the server. In other words, they should not have side effects.Idempotent: multiple identical requests should have the same effect as a single request - in terms of resource state on the server.

HTTP Methods

155

Dropbox:“We could have somehow contorted /delta to mesh better with the HTTP worldview, but there are other things to consider when designing an API, like performance, simplicity, and developer ergonomics”

HTTP Methods

156

http://www.programmableweb.com/news/dropbox-sparks-controversy-api-design-decision/analysis/2015/03/03

Response Codes•  For every single API request, there are 3 possible outcomes:

–  Everything worked = success–  Application did something wrong = client error–  API did something wrong – server error

•  Map these to:–  2xx – Success–  4xx – client errors–  5xx – server errors

157

Response Codes•  201 – Created•  304 – Not Modified•  404 – Not Found•  401 – Unauthorized•  403 - Forbidden

158

Response Codes

159

HTTP/1.1 200 OK { "type": "OauthException", "message": "Some of the aliases you requested do not exist: foo.bar" }

None of this please…

Fail in Style•  Be helpful!•  Code for machines, message for people•  Link to documentation

160

HTTP/1.1 400 Bad Request Content-‐Type: application/json {

“code”: “400.02.006”, “message”: “verbose, plain-‐text language error description for humans”, “documentation”: “http://developers.foo.com/documentation/errors/invalid-‐subscriber-‐id”

}

About Trustpilot

●  Always build APIs first●  REST API●  Build atomic and generic APIs●  We use the same APIs as our clients

Design & Decisions

API Façade Pattern

The “API Façade” Pattern

USE THE FAÇADE PATTERN WHEN YOU WANT TO PROVIDE

A SIMPLE INTERFACE TO A COMPLEX SUBSYSTEM

SUBSYSTEMS OFTEN GET MORE COMPLEX AS THEY EVOLVE

Design Patterns – Elements of Reusable Object-Oriented Software (Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides)

The “API Façade” Pattern •  Virtual layer between the two API interfaces •  Solution for exposing complex internal systems’ functionality in a way useful to developers

The “API Façade” Pattern

1.  Design the ideal API’s 2.  Implement design with stubs 3.  Mediate across with internal systems

Traffic Management

Traffic Management •  Management features added to open API’s •  Technical - Need to regulate traffic flow

–  Inefficient application code –  Malicious use –  DDoS, crawlers and robotic traffic

•  Business - Consumption against quotas –  Upsell, customer daily usage –  Product / Service tiers –  Billing, revenue protection

Traffic Management •  Document your rate limiting and application quota values •  Return quota information in response headers

Response Header Meaning

X-Rate-Limit-Limit Overall quota allowance for this request app, IP, org, etc

X-Rate-Limit-Remaining Remaining quota left for this app, IP, org, etc

X-Rate-Limit-Reset Remaining window before quota resets

Twitter REST API Documentation - https://dev.twitter.com/rest/public/rate-limiting

Implement Caching Headers

Caching •  Time-based

–  Last-Modified –  If-Modified-Since

•  Content-based –  ETags

•  Apigee Edge is fully compliant with HTTP/1.1 cache headers

Improve API Performance

Think API Performance during design •  Using gzip compression

–  Convenient way to reduce bandwidth –  Requires some additional CPU on both sides to compress and uncompress

data

Think API Performance during design •  Partial response

–  Specify fields to include in the response –  LinkedIn: /people:(id,first-name,last-name,industry) –  Facebook: /friends?fields=id,name,picture –  Google: ?fields=kind,items(title,characteristics/length)

Think API Performance during design •  PATCH HTTP Method (not idempotent)

•  Only send properties you want to modify •  PUT will replace a resource, while PATCH is to partially modify it.•  POST will create a new resource with a different ID PATCH /customers/1234 Content-‐Type: application/json { “email”: “[email protected]” }

Plan Early for Performance Testing •  Identify KPI’s and SLA’s (throughput, service performance metrics) •  Set the maximum target latency expectations for each use cases •  Build your performance testing arsenal (both silicon and carbon) •  Automate •  Design a repeatable performance test suite •  Incorporate performance measurement in your C.I. and deployment workflow

–  Place adequate alerting when thresholds are breached during C.I. •  Learn from failures

Measure your Capacity Limits

Measure your Capacity Limits •  Measure, infer, extrapolate production capacity limits early •  Cloud Deployment

•  Horizontal and Vertical scalability •  Multi-region, availability zones, elastic load balancing, geo-redundancy

•  On Premises Deployment

–  Horizontal and vertical scalability –  Multi-datacenter, load balancing –  Customers plan and provision capacity

Measure your Capacity Limits

Enforce end-to-end Security

Enforce End-to-End Security - Transport

Consumer A API Gateway API

TargetSSL 2-way SSL

Consumer B

2-way SSL

●  Northbound:○  Use 2-way SSL in B2B scenarios and if you are in control of the client ○  Otherwise use 1-way SSL

●  Southbound:○  Always Use 2-way SSL in Cloud-based and hybrid deployments

●  Perform SSL vulnerability checks https://www.ssllabs.com/ssltest○  Target A or A+ grades

NORTHBOUND SOUTHBOUND

How we are working:●  Building independent services●  Communication between them…

How it benefits us●  Teams own products●  Grow more teams faster

How APIs have changed the way we work

●  The atomic model●  Communication between services

The down side (maybe not the DON’Ts)

●  Clients●  Partner●  Consultants●  Teams with ownership●  Technologies to use

How APIs are changing Trustpilot

Thank you

Afternoon Break��


Two-Speed ITEd Anuff, Apigee !Ian Cooper, Thomson Reuters !

@edanuffEd Anuff

Ian Cooper

What is “2-Speed IT”?

192

Systems of Record

Systems of Engagement

Partner �Apps

Employee �Apps

Consumer �Apps Insights

ESB / Integration

ERP DatabaseCRM Data LakeData Warehouse

Two-Speed IT

What about “Bimodal” IT?

194

Gartner’s Bimodal IT

195

Source: Gartner- Drive Digital Business Using Insights From Symposium's Analyst Keynote

Pace Layering

196

Bimodal IT and Pace Layering

198

Systems OfEngagement

Systems OfDifferentiation

Systems OfRecord

Mode 1

Mode 2

+

-

Cha

nge

-

+

Governance

Source: Gartner

Decentralizing Excellence

199 Source: Forrester - The Digital Business Imperative, 2014, Fenwick, Gill

Impact of Two-Speed IT

200

Do these phrases describe your IT organization? Outside in, Cloud-first, Mobile-centric

Elements of 2-Speed IT drive pace that others can’t match

201 Source: Apigee Institute survey of 800 IT decision makers at companies with over $500M in annual revenue, 8 countries, 25 industries

Yes(12%)

No(88%)

12X more likely to greatly exceed expectations for speed building & delivering apps

7X more likely to fail to meet expectations for speed with apps

Are there only 2 speeds or modes?

202

No, the point is there’s more than 1…

204

205 Source: Simon Wardley

How are APIs relevant to 2-Speed IT?

206

Systems of Record

Systems of Engagement

Partner �Apps

Employee �Apps

Consumer �Apps Insights

ESB / Integration

ERP DatabaseCRM Data LakeData Warehouse

API Gateway Tier

Software-defined Application Services

208 Source: Gartner- Application Architecture For Digital Business, Anne Thomas, Yefim Natis, Ross Altman

Software-defined Application Services

209 Source: Gartner- Application Architecture For Digital Business, Anne Thomas, Yefim Natis, Ross Altman

Two Speed IT at ReutersIan Cooper, Reuters !

Topics

•  About the company

•  Thomson Reuters and Two Speed IT

•  Two use cases

211

About Thomson Reuters

•  Global company best known to the public through Reuters News

•  Reuters News only represents ~2% of revenues

•  Behind this is the world’s leading source of intelligent informaDon for businesses and professionals

•  Ranked #57 in Best Global Brands

212

About Thomson Reuters

•  We serve four core customer groups in global professional markets

•  Finance & Risk, Legal, Tax & AccounDng and IP & Science

•  We pride ourselves in being #1 or #2 in each of these markets

•  Huge breadth and depth of historical informaDon and analyDcs

213

Why Two Speed IT

•  Historically we have been managed as a porQolio business

•  Core business units were treated like separate companies

•  Massive push to become one company, from culture and technology perspecDves

•  Requires the breakdown of data silos across the company

•  Already have lots of APIs built for specific tasks, can they be shared to create value?

214

Use Case -‐ RESTificaDon

•  Taking SOAP endpoints and making them RESTful

•  Many APIs built when SOAP was king, providing great informaDon and funcDonality, but not what our internal clients want…

•  QuesDon -‐ how do we modernize these APIs in the least risky way?

•  Answer – we take a two pronged approach

215


• Long vision – invest in these APIs to make them RESTful, following good REST best pracDces a.  Big investment of Dme and resources b.  May not be commercially viable c.  O`en requires a big bang approach (all exisDng funcDonality

required in new API). d.  SomeDmes difficult to sell the business case

216


• PracDcal delivery – perform agile SOAP to REST conversion outside the applicaDon a.  Easier to be iteraDve b.  Prototype API fast and refine the structure c.  Work with select clients to thrash out the API d.  No interrupDon to exisDng client base e.  Feed API design back into the long term API redesign f.  Use success to drive the business case for API redesign

217

Use Case – API FederaDon

•  Combining mulDple target APIs into a coherent whole

•  Numerous APIs that expose a narrow set of resources

•  Hard to integrate as developers need to incorporate many different APIs

•  QuesDon -‐ how do make developers’ lives much easier?

•  Answer – we federate and combine the APIs to hide the complexity

218

Use Case – API FederaDon

•  Bigger process than RESTificaDon

•  May include RESTificaDon on some underlying APIs

•  Usually spend more Dme designing the overall look and feel of the API

•  Must take into account the exisDng APIs’ structures and try to harmonize

•  Create a core for the API and add incrementally add targets

219

Conclusion

•  We would love our APIs to be perfect already

•  But they are not…

•  Using tools that abstract the client experience from the target API allows us to:

a.  Deliver results faster b.  Prove out API designs before commigng to large projects c.  Provide the APIs that thrill our internal clients when they need

them

220

Thank you

Two-Speed IT with ApigeeGreg Brail, Apigee !Matthew Newton, glh. Hotels !

Start with the Customer•  End users want rock-solid apps that work every time

223

Or, Start with your Partners•  Partners want you to make it easy to integrate with you

224

Hyperconnectivity, Either Way•  Either way, they are “hyperconnected”

•  They don’t want: –  Latency –  Unreliability –  Lack of privacy –  Complexity –  VPNs

225

Three Layers for Multi-Speed IT•  Reusable API layer to adapt systems of record •  Agile API layer that can quickly adapt to changing requirements •  Feedback loop that affects both the APIs and the apps

226

Systems of Record

Reusable APIs

Agile API Adaptation Feedback Loop

Apps Partners

Layer I: Reusable APIs

227

Systems of Record

Reusable APIs


Apps Partners

Where do we Start?•  With what you have: •  Systems of record

–  REST APIs –  SOAP web services –  Databases –  Data

228

API Challenges•  Systems of record have lots of integration requirements:

–  Security –  Transformation –  Connectivity

•  They also have restrictions: –  Low performance –  Low availability –  Inadequate security

229

Make Some APIs•  Turn those assets into APIs!

–  Consistent design –  Consistent documentation –  Consistent security –  Traffic management –  Caching

230

Layer II: Agile API Adaptation

231

Systems of Record

Reusable APIs


Apps Partners

Building Agility

232

Now we have an API layer

You can build apps on it

Or you can customize it

Device APIs•  Devices are different •  They may need different APIs

233

Partner APIs•  Different partners have different requirements

–  Different levels of access control –  Different formats –  Different security requirements

•  Can they have different APIs too?

234

Can you have 1000 APIs?•  Of course you can.

235

Agile Data•  Agile apps and APIs require agile data •  Quickly build new data sets •  Scale data access around the world

236

Adding the Feedback Loop

237

Systems of Record

Reusable APIs


Apps Partners

OODA and You

238

•  John Boyd is a fighter pilot from the 1950s and 60s who came up the “OODA Loop” •  Observe. Orient. Decide. Act.

"OODA.Boyd" by Patrick Edwin Moran - Own work. Licensed under CC BY 3.0 via Wikimedia Commons

An Earlier Implementation

239

Controlling the Feedback Loop

240

•  What are the customers and partners doing?

•  Collect all the data while your apps are running

OBSERVE DECIDEORIENT ACT

•  What does it mean? •  Visualize the data.

Correlate it with other signals

•  What are we going to do about it?

•  Tailor app results for specific customers

•  Create new apps and APIs

•  Deploy new API versions

•  Adjust API results

Bringing Feedback to the User

241

Putting it Together

242

Hadoop

In-Memory

Insights (GRASP)

Node.js

Node.js Node.js

Node.js Node.js

Node.js Node.js

API BaaS

(APIs)

Direct Mail

Email

Web

Mobile

Outreach

(Batch Scores)

(Counters / Activities)

(Query)

Historical Events

Realtime Events

(Context)

Backend

(Mashup)

3

4

5

1

2

6

Conclusion•  Successful two-speed IT initiatives come in three parts:

–  A consistent API tier layered on top of existing “systems of record” –  An agile tier that allows those basic APIs to be composed into new ones –  A feedback loop so that changes in the performance of the API affect what the user sees

243

Two-Speed IT In Action at glh.

244

Who are glh. ?

245

2012: glh. Enterprise IT•  Slow and unsteady

•  No automation; little reproducible

•  Customer under-represented

•  Shadow IT on growth path

•  Feedback but no loop

246

2013: Ship Alongside; get moving•  Unfreeze the organisation

•  Value based decisions

•  Support both success and failure

•  Embrace Shadow IT

•  “Let’s make it a competition”

•  Early OODA

247

2014: Innovation delivery startup•  Customer-centric

•  100% new systems, and 80% overall, ‘in the cloud’ and consumed as a service

•  Shadow IT doesn’t exist!

•  Automating for continuous delivery

•  Enjoying the OODA sound

248

2015: Innovation & Business Experiments•  Quickly test hypotheses, cheaply

•  Listen to the what and why

•  Add to what we have so far

•  Reuse what we have so far

•  Adapt what we have so far

•  …………and beware Waterfall!

249

Thank you

Closing Keynote�Great Hall�

Closing Keynote�Jack Ramsay, Accenture

From Digitally Disrupted to Digital Disrupter

Jack Ramsay, Senior Managing Director Digital Business Group

Where did today’s corporate leaders grow up?


Today’s corporate leaders grew up here We were machine operators rather than technology users…..


And if you wanted to also watch the second channel…..


And finally, machines with software behind the buttons where you were a user and not an operator….


Then came the Personal Computer (PC)….. and you then had to learn once again how the machine worked…..

is largely different from the 1960s… the 1970s…



In the 1960s… In the 1970s… In the 1980s… And in the 1990s…

Their personal experience of technology was at best this…


How does she see Technology? How many devices does she own? How many devices does she use? Does she have a digital identity? How many? Who “owns” them?

Technology is not the disrupter – it is her!


And today‘s „Modern Family“?


Did you know?

More people are online …

… than have access to refrigeration.


On Facebook Did you know?

2.7 billion likes are sent

300 million photos are uploaded

There are more visits than on any other site on the net, with 20% of all page views

11% of the world population have an account

618 million users are active per day


Personalized Communication Did you know?

A computer could more accurately predict the subject's personality than •  A work colleague by analyzing just 10 likes •  More than a friend or a roommate with 70 •  A family member with 150 •  A spouse with 300 likes The average person on Facebook has 227 likes.


What do you get your son for his birthday, if you want to be

cool?


On Twitter

Amazing facts about the internet

the top three countries are the United States, Brazil, and Japan

200 million tweets are posted each day, enough to fill 8,163 copies of Leo Tolstoy’s War and Peace

1.6 billion queries are handled per day

1 million accounts are added every day

30% of the users have an annual income greater than $100,000

Over 456 million accounts

+


On Google

Amazing facts about the internet

4.8 billion searches are performed every day and until now overall about 2 trillion searches

more than

100 million Android devices are registered

each query consumes 0.00007 kWh of energy, which is equal to turning on a 60W light bulb for 4,4 seconds

260 million Watts power is required for its servers

45% of its services are currently in beta stage


As we speak, within 60 seconds

Data is increasing faster than ever before!

7,000 pictures uploaded

370,000 Skype voice-calls

700,000 search engine inquiries

700,000 Facebook status updates

170 million e-mails sent

600 videos uploaded 700 new Twitter accounts &

140,000 tweets


Internet census 2012


My Dad says you are spying on us online!

He‘s not your Dad


Technology Trends 2014

Data Supply Chain

Harnessing Hyperscale Business of Applications Architecting Resilience

From Workforce to Crowdsource

Digital Physical Blur

What happens next?


The basis for Industry 4.0 has been laid by technology innovation

Technology Innovation Smart Devices Cyber Physical Systems (4th Industrial Revolution)

Profound changes in the entire industrial ecosystem

Connectivity

Hyperscale Data Centers IT Standards

CPU Performance

Chip Miniaturization

Agile Software

Internet Backbone

+

=

Connected, always-on, intelligent, software & data powered autonomous devices

Nanotechnology

3D Printing Analytics & Algorithms

LTE


The Internet of Things

The Internet of Things


3D printing continues to revolutionize how we work



My son – „Anything we cannot print Daddy?“ Jack – „Yes, nobody will ever be able to print me!“


Automotive – Today


You are 23 times more likely to get in an accident when texting and driving Costs billions in losses and thousands in lives

25% of all accidents in the US involved Cell Phones 1.6 Million accidents a year


Automotive – Next Generation

291 291 291 291 291 291


Healthcare – Last Generation



Healthcare – Next Generation



Agriculture – Last Generation



Agriculture – Today



Agriculture – Next Generation


HD Image

Thermal Image

NDVI* Image

* Normalized Difference Vegetation Index shows stress level of vegetation

Area of potential crop stress


Digital Security – Last Generation



Digital Security – Today



Digital Security – Next Generation



Robots in our time?


Affordable PCs will gain sufficient power to emulate the human brain


Brain scanning is making the transition from science fiction novels to reality


Only legislation will stop them, not Technology!

accenture.com/technologyvision

Thank you

I Love APIs Europe 2015: Technical Sessions

Technology

Transcript of I Love APIs Europe 2015: Technical Sessions