Le 20 mai 2022, SmartWave et WSO2 se sont associés pour réunir des innovateurs et des experts suisses qui ont réussi à construire et à gérer des API nécessaires pour offrir des expériences numériques.
Les développeurs et les entreprises du monde entier sont mis au défi de créer des API qui leur permettront de proposer des expériences numériques. Dans cette session, Dorian Rougier partage un processus pour construire un écosystème d'API. Il explique comment éviter certaines erreurs et les leçons apprises en cours de route. Il explique également comment SmartWave peut vous apporter de la valeur à mesure que votre plateforme se développe en un écosystème. Les sujets abordés sont les suivants :
L'impératif numérique - Les API sont au cœur de la transformation numérique des entreprises et de la société, mais elles n'ont de valeur que si elles sont sécurisées et fiables.
Architecture axée sur les API - Les API sont essentielles pour fournir de nouveaux services numériques qui peuvent être gérés par votre équipe de manière évolutive.
Nouveaux actifs, nouvelle gestion - Les nouveaux actifs tels que les données s'accompagnent de nouvelles responsabilités en matière de sécurité et de confidentialité qui doivent être comprises par toutes les parties prenantes impliquées dans leurs cas d'utilisation.
6. |
• “Any time, Anywhere, Any device”
are the key problems of
digitalization
• The opening of the information
system is a major issue
Why digital strategy
May 2022
Key points of an API strategy 6
7. |
API are a solution providing “Business Agility”
• APIs are the interface to offer service
• API Management is the process to manage API
• API Strategy is not only put in place an API Management
Are APIs a solution ?
May 2022
Key points of an API strategy 7
9. |
• API : Application Programming Interface : normalized
interface to offer service
• API is not a technology
• API is a product
• API is about creating business value
• APIs should be designed to deliver business outcomes
API
May 2022
Key points of an API strategy 9
10. |
Level 1 “ Internal API ”
API used by the company
Level 2 “ Partner API ”
API used by internal developers&
partner developers
Level 3 “ Open API”
API used by internal developers,partner
developers & external developers
API Levels
May 2022
Key points of an API strategy 10
At level 1 : the success is to involveevery internalapplication touse API
At level 3 : the success depend of the registrationprocess and the quality of its documentation
14. |
New assets, new management
May 2022
Key points of an API strategy 14
15. |
API Publisher
API Administrator
App Developers
Users Policy Developers
Devices
Apps
Register andmanage API lifecycle
Performpartner, policy andprocess
admin
Monitor andreport API use
Create andextendcustompolicies
Integratewithapplications and
infrastructure
APIs
Self-registertoresources
Browse andlearnAPIs
Manage applicationcredentials
Deploy
Connect
May 2022
Key points of an API strategy 15
18. |
Gateway
May 2022
Key points of an API strategy
• Link external apps to internal apps, with security, using SOA and APIs
Solution
Challenges
Identity Management
Authentication
Authorization
Audit
API Management
Services
Applications
Data
Backend Services
Messaging
Internal or
partner
18
19. |
Service Broker
May 2022
Key points of an API strategy
• An “outbound Gateway”
• Connects to services, partners, and the Cloud
Solution
Challenges
Applies
Security
Services
Applications
Data
Backend Services
Messaging
API Management
Cloud and on
premise
Partners
Com Agency
19
20. |
Token Mediation
May 2022
Key points of an API strategy
Identities Tokens
Repositories Authorization
Security Infrastructure
Extensive set of connectors to SecurityInfrastructure
Service Request
Service/User Credential
Validated Access
Throttled Request
External App
Identity Management
Authentication
Authorization
Audit
Transformed Response Standard Response
API Gateway
• Manage heterogeneous security infrastructure
Solution
Challenges
20
21. |
Token Mediation
May 2022
Key points of an API strategy 21
Azure
Access token
Get ADFS
Access token
Validate ADFS
Access token
Azure
Access token
ADFS
Access token Validate ADFS
Access token
ADFS DMZ
Access token Get ADFS
Access token
22. |
Monitor API usage and
performance
May 2022
Key points of an API strategy 22
26. |
• API Management tool is not a golden hammer
• Address minor part of an API Strategy
• Implement all feature of the APIM before use it
• You must iterate on the implementation of the tool
• API Management not manage the versioning
• The version must instead be crafted and developed at the
applicative level
Common mistakes
May 2022
Key points of an API strategy 26
27. |
• Think about your API governance strategy
• Design API with a clear documentation
• Don’t expose all your service, only useful services
• Put in place metrics
Recommendations
May 2022
Key points of an API strategy 27
33. |
Solution
Challenges
API Governance
May 2022
Key points of an API strategy
• Exposeexisting applications as APIs, securely.
• Onboard developers who want to use your APIs
• Manage large amount of API
Retailers
33
34. | May 2022
Key points of an API strategy 34
Best Practices
Processes
RACI
KPI
Business
Cases
Drivers
API
Management
Concept
Stakeholder
Map
Stakeholder Map Use Cases KPI Governance
Analysis Design
Best Practices
Governance
37. |
Gateway
May 2022
Key points of an API strategy
• Link external apps to internal apps, with security, using SOA and APIs
Solution
Challenges
Identity Management
Authentication
Authorization
Audit
API Management
Services
Applications
Data
Backend Services
Messaging
Internal or
partner
37
38. |
Service Broker
May 2022
Key points of an API strategy
• An “outbound Gateway”
• Connects to services, partners, and the Cloud
Solution
Challenges
Applies
Security
Services
Applications
Data
Backend Services
Messaging
API Management
Cloud and on
premise
Partners
Com Agency
38
46. |
Mobile & Single Page App Solution
May 2022
Key points of an API strategy
• Mobile apps require access to data which is behind the firewall
• Technologies such as OAuth must be used to authenticate clients
Solution
Challenge
UX Multi-canal REST
Secure
API Gateway
Services
Applications
Data
Backend Services
Messaging
46
50. |
API Publisher
API Administrator
App Developers
Users Policy Developers
Devices
Apps
Register andmanage API lifecycle
Performpartner, policy andprocess
admin
Monitor andreport API use
Create andextendcustompolicies
Integratewithapplications and
infrastructure
APIs
Self-registertoresources
Browse andlearnAPIs
Manage applicationcredentials
Deploy
Connect
May 2022
Key points of an API strategy 50
51. |
Architecture definition
May 2022
Key points of an API strategy
App Interne
App Externe
API
Management
DMZ
API
Management
Interne
Interne
DMZ
Internet / Partner
BAckend App
Access
point
protection
(WAF)
API Portal
DMZ
API Portal
Interne
App Interne
App Externe
API
Management
DMZ
API
Management
Interne
Interne
DMZ
Internet / Partner
BAckend App
Access
point
protection
(WAF)
API Portal
DMZ
API Portal
Interne
51
52. |
• #1 Front security definition
• User / Application / IDP
• #2 Backend Security
• #3 Security enforcement by zone
• #4 Consolidation
Security Definition
May 2022
Key points of an API strategy 52
54. |
• Which product most suitable
• Architecture
• Security : Front (multiple, simple, IDP) / backend (standard, legacy, SaaS)
• Governance : organization / role / user
• Traffic monitoring
• Customization
• Integration in CI / CD
Solution definition
May 2022
Key points of an API strategy 54
55. |
Operation
Foundation Pilot
Change
Management
Project Phase
May 2022
Key points of an API strategy 55
• Installation
• Configuration
• Policies developement
• Analyitcs
• CI/CD
• Adapt governance
• API best practice
• Implement governance
• Support new backend
• Security update
• API linter
• API Community
56. |
Typical New Customer APIM Project
May 2022
Key points of an API strategy 56
STUDY POC BUILD RUN
• Architecture
• Security
• Governance
• Validateaspects
of study
• Platform
• Security policy
• Governance
57. |
Integrate at the
begin of the project
governance aspect
Promote platform
to other projects
since day 1 for
better ROI
Force every new
external API to use
the gateway for
normalized security
API roadmap
definition in the
project
Usage case of the
pilot
Put in place IDP
solution before
APIM
Lesson learn from our clients
May 2022
Key points of an API strategy 57
58. |
How do we deliver value
May 2022
Key points of an API strategy 58
BUILD
CARE
To build your digital transformation projects
To support and maintain your applications
EMPOWER
To strengthen your technical team
60. |
• Convention center managing
100+ shows per year
• Information system composed
of on premises and cloud
applications
• Limited IT budget and team (7)
• Share volatile information with
partners: price list, exhibitor
list
Context
• Automate information sharing:
remove manual actions
• Complex information access:
located in an ERP not designed
to expose data
• Many integration cases: cash
register, web site, mobile
• Sensitive information: Need to
limit access
Challenges
Case study 1: digitalize partners’ relationship
May 2022
Key points of an API strategy 60
61. |
On premise
Apps
Web Site
App A
Case study 1: solution architecture
May 2022
Key points of an API strategy
API Gateway
ERP
Database
Enterprise
Service Bus
Cloud
Apps
Cash Register
DMZ INTERNAL
On premise
Apps
Internet
Data access
services
API Manager IDP
Firewall
INTERNET
ERP
Mobile
61
62. |
• Simplified and acceleratedpartner data exchange: 7 API to
automate information sharing
• Improveddata quality:no risk of human error by full
automation
• Low investment: less than 20 days
• Easy integration:no change in the existing applications
• Foundationfor the future:Easy to add new services in the
platform and support current and future integrations
• Fresh data and internalsystemsprotected: cache and
throttling functions to secure application exposition
Results
Case study 1: API Management for everyone
May 2022
Key points of an API strategy 62
63. |
• Define a v1 of the future roles, responsibilities and processes for your new
API Management Solution.
Roles, responsibilities & processes
Description
May 2022
Key points of an API strategy 64
Align
Stakeholders
• Drivers
• Concepts & Terms
• Goals/Expectations
3
Workshops
• Roles &
Responsibilities
• Processes
• Stakeholder
dynamics
Restitution
• RACI Matrix
• Processes
66. |
• REST Concepts
• API Contract
• Data model and naming conventions
• Responses and monitoring
• API life cycle, versioning
Best Practice Agenda
May 2022
Key points of an API strategy 67
67. |
• Work with the business to
• Define function
• Create data model
• Validate sequence between API
• Create API contract following Best Practice
Design API
May 2022
Key points of an API strategy 68