Welcome!

Microservices Expo Authors: Elizabeth White, Carmen Gonzalez, Pat Romanski, Yeshim Deniz, Liz McMillan

Blog Feed Post

API Management as a Platform

Why should you think of API management as a platform? Because it’s becoming one of the most prodigious and important aspects of how Enterprises of all sizes participate in the digital economy.Keeping in line with the standard platform technology definition, an API management platform  supports the deployment of Enterprise APIs without the introduction and expense of a new process or technology. A platform allows the management of APIs as a first class citizen for the Enterprise.

API Management as a Platform

In J.K. Rowling’s novel “Harry Potter”, choosing the right platform makes all the difference.

To date, many of the discussions around API management from vendors and analysts alike have been very technology or implementation focused. This is understandable as APIs tend to appeal to a technical audience. The details are great but sometimes it is worthwhile to step back and look at general capabilities.

If we take the wider view, what sort of capabilities or functional modules should an API Management platform have?

Gartner’s Eric Knipp released new research last week that begins to define API management as a complete platform. The research is entitled Run and Evolve a Great Web API with API Management CapabilitiesNot everyone will have a Gartner subscription, but I think this research will be one of the most important for Enterprises looking to deploy API management due to the breadth of material it covers.

In this research note, Eric is one of the first analysts to describe a comprehensive set of capabilities for API Management.

API Management Platform Capabilities

He breaks the topic into four categories which he calls (i) enable developers, (ii) manage the API life cycle, (iii) communicate securely, reliably, and flexibly, and (iv) measure improve business value.

Enabling developers includes all aspects of managing API metadata, the API catalog, community management, and also includes interesting capabilities such as developer API customization which is an advanced concept that really puts the developer in control of the API. Here the developer can morph the interface to their liking, allowing the consumer to effectively participate in the interface design. It really puts the developer at the center of how data is accessed. Also, this category expands the discussion to include the notion of SDKs and sample code that developers can directly incorporate, moving one step beyond just providing interfaces definitions.

Managing the API Life cycle includes how APIs are published, how versioning is handled as well as changes and issue tracking. For example, an API management platform needs to have CRM capabilities and ticket tracking, truly treating the developers as customers.

Communicate Securely, Reliably, and Flexibly includes all aspects of surfacing APIs from legacy systems, scaling traffic, handling authentication, SLAs, building service orchestrations, and providing threat defense and data privacy. This is the largest category  in terms of the sheer number of capabilities and approximates the “runtime”or “traffic’ portions of moving data in and out of interfaces.

Measure and Improve Business Value includes all the capabilities needed to relate APIs to the business as well as measuring uptime, activity, user auditing, contracts and terms of service, and SLA monitoring. This generic set of capabilities answers the questions: Is my API providing value? Is it up and running? How are business relationships maintained?

One of the merits of this article is that it does a great job of outlining precise requirements without diving into  specific implementation choices. As with most things that involve software and technology, implementations can have different physical instantiations but still support a consistent set of common capabilities. Talking in capabilities allows decision makers to stay out of technology “rat holes” that can color  and bias business decisions.

Long Live APIs

This research note advances the discussion around API management by widening its scope and purpose, moving it from a technology discussion to a capability and platform discussion. Early in the article Eric widens the definition of APIs.

He explicitly covers messaging APIs, SOAP APIs and custom APIs in addition to RESTful APIs. I think this move is absolutely correct. Not only does it more closely approach the original definition of the term, but it matches well with the idea of subsuming the older SOA terminology to militate under a new banner of APIs, similar to a previously article I wrote on the subject, Long Live API Management.

We are only killing the name, not the act of service enablement. Eric’s article seems to represent APIs as big concept, including the full suite of programmatic access whether realized as REST, JSON, XMLSOAP, XML-RPC, Messsage-Oriented-Middleware (MOM), FTP and file protocols, as well as (correctly) broadening the definition to include software development kits and sample code. One can even go as far as to say any programmatic interface is an API – and voila,  APIs are regaining their original definition as a true application programming interface. The lesson here is to ditch the jargon and apply what works for the Enterprise.

Eric also makes some statements around APIs  a universal tunnel to the Enterprise and correctly describes them as follows: “As a programmatic channel into your enterprise, it is critical that you identify and address any attacks or misuse of your API”.

This critical point highlights the importance of APIs moving forward, if businesses like Expedia are doing 80% of their revenue through APIs,  it’s APIs that are the front door to your Enterprise, and by implication, apps that send and receive data over this channel, – not necessarily the website.

Attackers always look for the weakest link, and APIs are largely wide-open at this point. Many of the existing 30,000+ APIs in the wild have been optimized for rapid adoption and bolstering a developer ecosystem, not for protecting Enterprise assets.

This is why APIs need rock-solid, bulletproof API management for increased protection.

APIs and Data Protection

Eric also mentions encryption under the data privacy category and talks about both transport level security and message level security. To expand the discussion here we can also add things like JSON message level security, format preserving encryption and even the “ancient” WS-Security/XML Security protection mechanisms here. I was also excited to see the inclusion of data masking. Eric describes this as two-way, which I think is the correct approach though my terminology would be different as we use the term tokenization here, but the concept is the same. The distinctions we use in our product line include redaction (for one-way removal of sensitive information) and tokenization, to indicate a reversible mechanism for replacing plaintext with a surrogate.

I can’t reproduce Eric’s entire article here, but it’s definitely worth a read and matches what we are hearing from Enterprises today – it’s about understanding and supporting the breadth of capabilities.

If you’d like more information on Intel’s API Management products, please visit our website.

The post API Management as a Platform appeared first on Application Security.

Read the original blog entry...

More Stories By Application Security

This blog references our expert posts on application and web services security.

@MicroservicesExpo Stories
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes ho...
Gartner is now treating algorithms like they are some kind of innovative addition to the modern digital discussion. Presumably the brilliant minds there have some novel insight into algorithms and, yes, the Algorithm Economy that CIOs should sit up and take notice of. Not only are algorithms nothing new, but much of what Gartner is saying about them is obvious. The bigger picture here is that software continues to improve, and enterprises are becoming increasingly software-driven, in part bec...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound...
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data...
NHK, Japan Broadcasting, will feature the upcoming @ThingsExpo Silicon Valley in a special 'Internet of Things' and smart technology documentary that will be filmed on the expo floor between November 3 to 5, 2015, in Santa Clara. NHK is the sole public TV network in Japan equivalent to the BBC in the UK and the largest in Asia with many award-winning science and technology programs. Japanese TV is producing a documentary about IoT and Smart technology and will be covering @ThingsExpo Silicon Val...
SYS-CON Events announced today that Men & Mice, the leading global provider of DNS, DHCP and IP address management overlay solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. The Men & Mice Suite overlay solution is already known for its powerful application in heterogeneous operating environments, enabling enterprises to scale without fuss. Building on a solid range of diverse platform support,...
Internet of @ThingsExpo, taking place June 7-9, 2016 at Javits Center, New York City and Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 18th International @CloudExpo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed...
@DevOpsSummit taking place June 7-9, 2016 at Javits Center, New York City, and Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 18th International @CloudExpo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
Cloud Expo, Inc. has announced today that Andi Mann returns to 'DevOps at Cloud Expo 2016' as Conference Chair The @DevOpsSummit at Cloud Expo will take place on June 7-9, 2016, at the Javits Center in New York City, New York. "DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited to help the g...
Korean Broadcasting System (KBS) will feature the upcoming 18th Cloud Expo | @ThingsExpo in a New York news documentary about the "New IT for the Future." The documentary will cover how big companies are transmitting or adopting the new IT for the future and will be filmed on the expo floor between June 7-June 9, 2016, at the Javits Center in New York City, New York. KBS has long been a leader in the development of the broadcasting culture of Korea. As the key public service broadcaster of Korea...
SYS-CON Events announced today that Addteq will exhibit at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Addteq is one of the top 10 Platinum Atlassian Experts who specialize in DevOps, custom and continuous integration, automation, plugin development, and consulting for midsize and global firms. Addteq firmly believes that automation is essential for successful software releases. Addteq centers its products a...
In the rush to compete in the digital age, a successful digital transformation is essential, but many organizations are setting themselves up for failure. There’s a common misconception that the process is just about technology, but it’s not. It’s about your business. It shouldn’t be treated as an isolated IT project; it should be driven by business needs with the committed involvement of a range of stakeholders.
SYS-CON Events announced today that FalconStor Software® Inc., a 15-year innovator of software-defined storage solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. FalconStor Software®, Inc. (NASDAQ: FALC) is a leading software-defined storage company offering a converged, hardware-agnostic, software-defined storage and data services platform. Its flagship solution FreeStor®, utilizes a horizonta...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York and Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty ...
SYS-CON Events announced today that Column Technologies will exhibit at SYS-CON's @DevOpsSummit at Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Established in 1998, Column Technologies is a global technology solutions provider with over 400 employees, headquartered in the United States with offices in Canada, India, and the United Kingdom. Column Technologies provides “Best of Breed” technology solutions that automate the key DevOps principal...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that IBM Cloud Data Services has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. IBM Cloud Data Services offers a portfolio of integrated, best-of-breed cloud data services for developers focused on mobile computing and analytics use cases.
SYS-CON Events announced today that Anexia will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Anexia offers high-quality customized managed hosting solutions for SaaS and IaaS companies. The company was founded in 2006 in Klagenfurt, Austria. Today, it has additional offices in Vienna, Graz, Munich, Cologne and New York City to serve numerous international customers.
SYS-CON Events announced today that Stratoscale, the software company developing the next generation data center operating system, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Stratoscale is revolutionizing the data center with a zero-to-cloud-in-minutes solution. With Stratoscale’s hardware-agnostic, Software Defined Data Center (SDDC) solution to store everything, run anything and scale everywhere...