The Science of APIs in a Mobile World – Security, Control, and Quality

Introductions

Laura HeritageDirector of API StrategySOA Software

In this role, she works with customer to establish API Business strategies and implement API and SOA Platforms. Previously Ms. Heritage served as a Product Line Manager at IBM and was responsible for establishing IBM’s API Management business.

Follow Laura on twitter at @heritagelaura

Introductions

John MusserCEO API Science

Founder of ProgrammableWeb

John is an industry expert on APIs, quoted in the Wall Street Journal, New York Times, Forbes, and Wired, and speaking at conferences including SXSW, Dreamforce, and Web 2.0. He also consults on API strategy and trends with clients including Google, Microsoft, and Salesforce

Follow John on twitter at @johnmusser

John Put Picture here

50 billion connected devices by 2020

APIs Power the Digital World for Both Strategic and Operational Objectives

OUTSIDEINSIDE

Mobile

Innovation

Partners

Internal

The Enterprise Ecosystems Is Not Contained

You need to tap into an extended eco-system of developers

It can’t be if you are are to succeed as a digital enterprise

A mobile app accessing your data has been compromised!

How do you securely share APIs with an open developer community? Can you selectively revoke access for compromised Apps?

Realizing End-to-End Security

Managing the User Experience

Securing the App - PII, PHI

Enabling Easy Developer Access

Securing the Channel

Securing the Backend

API Security

1 Authentication & Authorization

2 App Key Validation/Licensing

3 Message Security

4 Threat Protection

5 Content Filtering

6 Rate Limiting

Developers

The API Gateway Protects Your Enterprise

Gateway

Security

Authentication

Protection

IAM Integration

Encryption

Mediation

Quality of

Service

Paging/Caching

Orchestration

Scripting

Analytics

✓ Ensure 99.99% uptime

✓ Proactive Operations

✓ Identify bottleneck

✓ Prevent security breaches

Analytics for your Enterprise

Business Analytics

• Track product, customer and monetization trends

• Identify new opportunities.

Operational Analytics

• Ensure operation excellence of your infrastructure

• Analyze errors and response codes

API Analytics

• Identity top APIs by usage, monetization, app type etc.

• Analyze API Licensing, monetization and fine-tune developer onboarding

The SOA Software Digital Business Platform

Monitoring, Auditing and AlertingReal time monitoring Inspect the request and response

Usage Quotas Average response time per App

SLA Monitoring, Alerting and Enforcement

Driven By Policies

Realizing End-to-End Quality

API Monitoring

+ API Management

End-to-End Insight Improves Quality

• Enables true consumer experience from various location around the world

• Visibility into simulated multi-step developer actions such as CRUD sequences.

• Visibility to pinpoint and resolve problems before they are an issue

Integrated into SOA Software’s Dashboard

External Monitoring

✓ Measure performance

✓ Monitor availability

✓ Proactive alerting

✓ Identify and track trends

Why Monitor Your APIs? Things Can Go Wrong…

SSL errors

HTTP errors

Invalid JSON or XML

Authentication errors

Content issues

Data integrity errors

Network connectivity errors

Slow call response time

Server availability

Latency spikes

My Web Server

My Web Site

My Web Server

My Web Site

Monitor

My Web Server

My Web Site

Monitors

3rd Party APIs My APIsMy Web Server

My Mobile Apps

My Web Site

3rd Party Apps

3rd Party APIs My APIsMy Web Server

My Mobile Apps

My Web Site

3rd Party Apps

Monitors MonitorsMonitors

Past Future

Web transactions API transactions

Web login testing OAuth testing

String validation XML & JSON validation

Monitor our site Monitor our API + 3rd party APIs

Isolated to our company Shared use of APIs

Internal silos DevOps

RUM: Real User Monitoring RDM: Real Developer Monitoring

How monitoring is changing

Four Fundamentals of API Monitoring

• Availability monitoring: is your API down?

• Performance monitoring: is your API slow?

• Content monitoring: is your API returning what it should?

• Transaction monitoring: does the complex stuff work?

Find Issues Before Your Customers Do

GET http://api.yourcompany.com/product/142


Your apis


The apis

you rely on

API Science: Advanced API monitoring

Uptime monitoring

Performance monitoring

Data quality checks

Global monitoring locations

User-defined validation rules

Real-time alerts

Secure SSL access

Clean, intuitive UI

Monitor grouping and filtering

Scriptable rules engine

Advanced multi-step monitoring

Fully scriptable API transactions

Multi-user team and enterprise accounts

Secure, role-based access control

Read-only permissions available

Full featured API

Customizable status pages

User-defined alert limit thresholds

3rd party integrations including

PagerDuty

Customizable reports

API Management + API Monitoring

• Get end-to-end visibility, analytics and monitoring

• Combines API consumer + API provider analytics

• See a global picture of how your API is performing

• Find problems before your API consumers do

Questions

API Resources and API University

• Resource Center– http://resource.soa.com/

• Follow us on:

www.facebook.com/soasoftware

www.linkedin.com/company/soasoftware

@soasoftwareinc

http://resource.soa.com/

Authenticate

Get record

Add record

Update record

Delete record

• Any number of steps• Run JavaScript before/after steps• Modify queries on the fly• Verify return values

Multi-step testing

Realizing End-to-End Quality

API Monitoring

+ API Management

The Science of APIs in a Mobile World – Security, Control, and Quality

Software

Transcript of The Science of APIs in a Mobile World – Security, Control, and Quality