The Science of APIs in a Mobile World – Security, Control, and Quality
Post on 19-Jun-2015
812 Views
Preview:
DESCRIPTION
Transcript
The Science of APIs in a Mobile World – Security, Control, and Quality
Introductions
Laura HeritageDirector of API StrategySOA Software
In this role, she works with customer to establish API Business strategies and implement API and SOA Platforms. Previously Ms. Heritage served as a Product Line Manager at IBM and was responsible for establishing IBM’s API Management business.
Follow Laura on twitter at @heritagelaura
Introductions
John MusserCEO API Science
Founder of ProgrammableWeb
John is an industry expert on APIs, quoted in the Wall Street Journal, New York Times, Forbes, and Wired, and speaking at conferences including SXSW, Dreamforce, and Web 2.0. He also consults on API strategy and trends with clients including Google, Microsoft, and Salesforce
Follow John on twitter at @johnmusser
John Put Picture here
50 billion connected devices by 2020
APIs Power the Digital World for Both Strategic and Operational Objectives
OUTSIDEINSIDE
Mobile
Innovation
Partners
Internal
The Enterprise Ecosystems Is Not Contained
You need to tap into an extended eco-system of developers
It can’t be if you are are to succeed as a digital enterprise
A mobile app accessing your data has been compromised!
How do you securely share APIs with an open developer community? Can you selectively revoke access for compromised Apps?
Realizing End-to-End Security
Managing the User Experience
Securing the App - PII, PHI
Enabling Easy Developer Access
Securing the Channel
Securing the Backend
API Security
1 Authentication & Authorization
2 App Key Validation/Licensing
3 Message Security
4 Threat Protection
5 Content Filtering
6 Rate Limiting
Developers
The API Gateway Protects Your Enterprise
Gateway
Security
Authentication
Protection
IAM Integration
Encryption
Mediation
Quality of
Service
Paging/Caching
Orchestration
Scripting
Analytics
✓ Ensure 99.99% uptime
✓ Proactive Operations
✓ Identify bottleneck
✓ Prevent security breaches
Analytics for your Enterprise
Business Analytics
• Track product, customer and monetization trends
• Identify new opportunities.
Operational Analytics
• Ensure operation excellence of your infrastructure
• Analyze errors and response codes
API Analytics
• Identity top APIs by usage, monetization, app type etc.
• Analyze API Licensing, monetization and fine-tune developer onboarding
The SOA Software Digital Business Platform
Monitoring, Auditing and AlertingReal time monitoring Inspect the request and response
Usage Quotas Average response time per App
SLA Monitoring, Alerting and Enforcement
Driven By Policies
Realizing End-to-End Quality
API Monitoring
+ API Management
End-to-End Insight Improves Quality
• Enables true consumer experience from various location around the world
• Visibility into simulated multi-step developer actions such as CRUD sequences.
• Visibility to pinpoint and resolve problems before they are an issue
Integrated into SOA Software’s Dashboard
External Monitoring
✓ Measure performance
✓ Monitor availability
✓ Proactive alerting
✓ Identify and track trends
Why Monitor Your APIs? Things Can Go Wrong…
SSL errors
HTTP errors
Invalid JSON or XML
Authentication errors
Content issues
Data integrity errors
Network connectivity errors
Slow call response time
Server availability
Latency spikes
My Web Server
My Web Site
My Web Server
My Web Site
Monitor
My Web Server
My Web Site
Monitors
3rd Party APIs My APIsMy Web Server
My Mobile Apps
My Web Site
3rd Party Apps
3rd Party APIs My APIsMy Web Server
My Mobile Apps
My Web Site
3rd Party Apps
Monitors MonitorsMonitors
Past Future
Web transactions API transactions
Web login testing OAuth testing
String validation XML & JSON validation
Monitor our site Monitor our API + 3rd party APIs
Isolated to our company Shared use of APIs
Internal silos DevOps
RUM: Real User Monitoring RDM: Real Developer Monitoring
How monitoring is changing
Four Fundamentals of API Monitoring
• Availability monitoring: is your API down?
• Performance monitoring: is your API slow?
• Content monitoring: is your API returning what it should?
• Transaction monitoring: does the complex stuff work?
Find Issues Before Your Customers Do
GET http://api.yourcompany.com/product/142
Find Issues Before Your Customers Do
GET http://api.yourcompany.com/product/142
Find Issues Before Your Customers Do
Find Issues Before Your Customers Do
Your apis
Find Issues Before Your Customers Do
Find Issues Before Your Customers Do
The apis
you rely on
API Science: Advanced API monitoring
Uptime monitoring
Performance monitoring
Data quality checks
Global monitoring locations
User-defined validation rules
Real-time alerts
Secure SSL access
Clean, intuitive UI
Monitor grouping and filtering
Scriptable rules engine
Advanced multi-step monitoring
Fully scriptable API transactions
Multi-user team and enterprise accounts
Secure, role-based access control
Read-only permissions available
Full featured API
Customizable status pages
User-defined alert limit thresholds
3rd party integrations including
PagerDuty
Customizable reports
API Management + API Monitoring
• Get end-to-end visibility, analytics and monitoring
• Combines API consumer + API provider analytics
• See a global picture of how your API is performing
• Find problems before your API consumers do
Demo
Questions
API Resources and API University
• Resource Center– http://resource.soa.com/
• Follow us on:
www.facebook.com/soasoftware
www.linkedin.com/company/soasoftware
@soasoftwareinc
Authenticate
Get record
Add record
Update record
Delete record
• Any number of steps• Run JavaScript before/after steps• Modify queries on the fly• Verify return values
Multi-step testing
Realizing End-to-End Quality
API Monitoring
+ API Management
top related