API Economy, Realizing the Business Value of APIs
- 2. API Economy
• Treat your APIS as one of your value added products
• Added value service for your customers
• Monetization of new services through business models
• Flexibility for future transitions
• Additional revenue streams
• What are businesses core assets?
• Customer data
• Processes
• Functionality
• Content
• Future Business Opportunities
• Leverage core assets + External Services
2
Business
Value
Added
value
services
Core Assets
Core Assets
+ External
Services
- 3. How To Monetize an API?
• Analytics expose metrics
• Access Control
• API call to exposed analytics and reporting services
• Every component of APIM is exposed as a REST API
3
- 5. Monetization: Subscription
• Subscription Packages
• Premium Services
• Different SLAs
5
Free
• Minimum
SLA
• Entry
Level
• Freemium
Tier 1
• Unlimited
SLA
• Paid
• Unlimited
• Premium
Tier 2
• Medium
SLA
• Paid
• Basic
- 6. Monetization: Marketplace
• Drive growth in services through vendor products
• API Services to increase vendor visibility
• Subscriptions
• Commissions
6
Marketplace
Vendor Vendor Vendor You
- 9. Manual
• Build your own
• Multiple methods
• API Key
• Oauth2
• Basic
• Be a security expert
• Ensure update schedule
• Manually manage edits
Managed
• Choose method
• API Key | Oauth2 | Basic
• Publish your API
• Global configuration settings
• Easily updated
• Managed software
• Regular update schedule
Access Control
- 10. Manual
• Build a manual approach
• Stick with it
• Manually update connected
consumers of changes
• Create a notification system
for URI changes
Managed
• Specify the version number
in publish workflow
• Choose Lifecycle
• Draft
• Published
• Deprecated
• Retired
• Notifications happen
automatically
Versioning & Lifecycle
- 11. Manual
• Potentially leverage an
analytics API
• Build your own
• Complex
• High effort level
Managed
• Auto-generated
• Customized Views/Reports
• Drag and drop
• Detailed statistics
• Drill-down click through
Analytics
- 12. Manual
• Manually Implement
documentation framework
• Swagger
• RAML
Managed
• Integrated Swagger
• Subscribers can view
formatted details of APIs
• Lifecycle of API
• Version/Description
• Security Level
• Resources
Documentation
- 13. Manual
• Create a cache layer
• How to cache?
• Where to store cache?
• What to cache?
Managed
• Click the box and specify
timeouts
• Cache response (GET)
• Method level caching
Caching
- 14. Manual
• Build test platform for user
roles
• Creating API
• Consuming API
Managed
• Available Interface for testing
based on role
• Publisher testing at creation
• Subscriber testing via portal
• View
• Inputs & Request details
• Returned JSON/XML
details
• Status codes
Testing
- 15. Manual
• Build a new site for
developers to view APIs
• Complex project
• Resourcing
• High effort level
Managed
• Roles based portal available
• Publisher Role
• Create APIs
• Manage subscribers
• Metrics Dashboard
• Subscriber Role
• Explore APIs
• Register Applications
• Subscribe to API
Portals
- 16. API Management Platform 2016
6
Throughput: single node – More than a
billion requests per day!
Negligible latency for thousands of
concurrent users < 30ms
Throughput: 1.8x per additional node
Users: 2x more per additional node
Latency: continues to be < 30ms
Simplified API workflows
Intuitive user interface
Easy analytics interface
Speedy SimpleScalable
- 17. Request Flow of an API Manager7
</>
APIGateway
API
Portal
REST
REST
REST
SOAP
Partner
IoT
People
Adobe ColdFusion
Intranet App Server
Cloud Network
- 19. Future Updates and Plans
• Update release target mid-November 2016
• Primary Focus on Threat Protection
• Track a range of vulnerabilities
• Maximum request size associated with an API
• Restrict access to the API based on a range of IP address
• Validation of XML/JSON data based on the number of nested levels of data
• configurable by the publisher
• DOS, can have many nested levels to break API
• specify the schema of what is acceptable
• Prevention of XSS by encoding the input to an API
• Protection against CSRF
• Ability to enforce HTTPS for the API request to the gateway
• 2 way SSL (between API Manager and End point)
9
- 20. Future Updates and Plans
• Basic and Oauth added to Test Workflow
• Multiple test end points: support for Oauth
• Error response in JSON/XML format rather than HTML
• Unbundled Installer
• User Management:
• SAML Integration for Portals
• role-driven
• Multitenancy – Sandboxed Partners
• different portals and different administrators
• organization level concept with own policies
• JSON to XML and XML to JSON choice
0
- 21. Proof of Concept Opportunity
1
21
API
Manager
POC
Direct
Engineering
Resources
No License
Required
Hot Fix
Support
Step by
Step
Guidance
Contact:
elishia@adobe.com
- 22. More API Focused Sessions
• Powering Adobe PhoneGap Applications with ColdFusion APIs
• Monday 2:45-3:45pm
• Build your own secure and real-time Dashboard for mobile and web
• Monday 4-5pm
• Customer Showcase: Bringing the API manager into your existing stack
• Monday 4-5pm
• Deep Dive into new API Manager : Hands on Approach (BYOL – VM install prerequisite)
• Tuesday10:15 -12:30 (Walkthrough)
• Security and Access Control for APIs using ColdFusion API Manager
• Tuesday4 -5pm
2