The Science of APIs in a Mobile World:Security, Control and Quality
1. The Science of APIs
in a Mobile World
– Security, Control,
and Quality
2. Introductions
Laura Heritage
Director of API Strategy
SOA Software
In this role, she works with customer to establish
API Business strategies and implement API and
SOA Platforms. Previously Ms. Heritage served as
a Product Line Manager at IBM and was
responsible for establishing IBM’s API
Management business.
Follow Laura on twitter at @heritagelaura
3. Introductions
John Musser
CEO API Science
Founder of ProgrammableWeb
John is an industry expert on APIs, quoted in the
Wall Street Journal, New York Times, Forbes, and
Wired, and speaking at conferences including
SXSW, Dreamforce, and Web 2.0. He also
consults on API strategy and trends with clients
including Google, Microsoft, and Salesforce
Follow John on twitter at @johnmusser
John Put Picture here
5. APIs Power the Digital World for Both Strategic
and Operational Objectives
OUTSIDEINSIDE
Mobile
Innovation
Partners
Internal
6. The Enterprise Ecosystems Is Not Contained
You need to tap
into an extended
eco-system of
developers
It can’t be if you are
are to succeed as a
digital enterprise
7. A mobile app accessing your data has been compromised!
How do you securely share APIs with an open developer community?
Can you selectively revoke access for compromised Apps?
8. Realizing End-to-End Security
Managing the
User Experience
Securing the
App - PII, PHI
Enabling Easy Developer Access
Securing the Channel
Securing the Backend
10. The API Gateway Protects Your Enterprise
Gateway
Security
Authentication
Protection
IAM Integration
Encryption
Mediation
Quality of Service
Paging/Caching
Orchestration
Scripting
12. Analytics for your Enterprise
Business Analytics
• Track product,
customer and
monetization trends
• Identify new
opportunities.
Operational Analytics
• Ensure operation
excellence of your
infrastructure
• Analyze errors and
response codes
API Analytics
• Identity top APIs by
usage, monetization,
app type etc.
• Analyze API Licensing,
monetization and fine-
tune developer
onboarding
17. End-to-End Insight Improves Quality
• Enables true consumer experience from various
location around the world
• Visibility into simulated multi-step developer actions
such as CRUD sequences.
• Visibility to pinpoint and resolve problems before they
are an issue
Integrated into SOA Software’s Dashboard
19. Why Monitor Your APIs? Things Can Go Wrong…
SSL errors
HTTP errors
Invalid JSON or XML
Authentication errors
Content issues
Data integrity errorsNetwork connectivity errors
Slow call response time
Server availability
Latency spikes
23. 3rd Party APIs My APIsMy Web Server
My
Mobile
Apps
My Web
Site
3rd Party
Apps
24. 3rd Party APIs My APIsMy Web Server
My
Mobile
Apps
My Web
Site
3rd Party
Apps
Monitors Monitors
Monitors
25. Past Future
Web transactions API transactions
Web login testing OAuth testing
String validation XML & JSON validation
Monitor our site Monitor our API + 3rd party APIs
Isolated to our company Shared use of APIs
Internal silos DevOps
RUM: Real User Monitoring RDM: Real Developer Monitoring
How monitoring is changing
26. Four Fundamentals of API Monitoring
• Availability monitoring: is your API down?
• Performance monitoring: is your API slow?
• Content monitoring: is your API returning what it should?
• Transaction monitoring: does the complex stuff work?
27. Find Issues Before Your Customers Do
GET http://api.yourcompany.com/product/142
28. Find Issues Before Your Customers Do
GET http://api.yourcompany.com/product/142
33. API Science: Advanced API monitoring
Uptime monitoring
Performance monitoring
Data quality checks
Global monitoring locations
User-defined validation rules
Real-time alerts
Secure SSL access
Clean, intuitive UI
Monitor grouping and filtering
Scriptable rules engine
Advanced multi-step monitoring
Fully scriptable API transactions
Multi-user team and enterprise accounts
Secure, role-based access control
Read-only permissions available
Full featured API
Customizable status pages
User-defined alert limit thresholds
3rd party integrations including PagerDuty
Customizable reports
34. API Management + API Monitoring
• Get end-to-end visibility, analytics and monitoring
• Combines API consumer + API provider analytics
• See a global picture of how your API is performing
• Find problems before your API consumers do
37. API Resources and API University
• Resource Center
– http://resource.soa.com/
• Follow us on:
www.facebook.com/soasoftware
www.linkedin.com/company/soasoftware
@soasoftwareinc
38. Authenticate
Get record
Add record
Update record
Delete record
• Any number of steps
• Run JavaScript before/after steps
• Modify queries on the fly
• Verify return values
Multi-step testing