Building intelligent APIs to power your mobile economy

11 © 2014 IBM Corporation

Building intelligent APIs to power your

mobile economyAndy Thurai, IBM (@AndyThurai)

Jason Harmon, PayPal (@jharmn)

1


House Keeping

•Please type your questions in the Q&A section.

•We will try to answer them at the end of the session.

•You can also tweet your comments and questions with hashtag.

Hashtag for this webinar: #IBMApiPower

• IBM API Management - @ibmapimgt

• IBM Mobile - @ibmmobile

• Paypal - @PayPal


Intelligent APIs power the

Mobile Enterprise

Andy Thurai

Program Dir – API, IoT, Connected Cloud

IBM

@AndyThurai

www.thurai.net/blog

developer.ibm.com/api

Blog


Don’t forget to socialize

#IBMApiPower


21st Century


Web Access

Management

Web

ServersLoad Balancer

ADC

InternetSecurity & Integration

GatewayWeb Application

Firewall

B2B Gateway

Enterprise

Applications

and

Databases

Enterprise

Application

Servers


New “Distributed” Enterprise


Smart Scales:Track health in

outpatients

Connected car:Tracks location, status

of car parts

Mobile:Mobile payments

Heating and Air

Conditioning:Maximum efficiency using

weather predictions and

remote control

Building Security:Facial recognition,

remote notification

Smart Deliveries:Track parcel

Monitor and open

garage door remotely on

arrival

Smart Meter:Track and

control usage

Vending Machine:Stock reporting,

temperature, shelf life

HealthCare:Monitor patients

at home

Container Tracking:End to end tracking,

prevent tampering

Connected Enterprise


Shifting Agendas

SaaS

Hybrid cloud Real-time big data analytics

Social Engagement

Mobile & Internet of Things

APIAPI API

APIAPIAPI


50Bn Connected Devices

by 2020

4Q 2013, Dept store drives

32% of sales online

1.8Bn New Smartphones

in 2013

Tablets outnumbered PC

sales in 4Q 2013

The world is changing


The data from these sensors and mobile devices sounds

powerful…..how do I connect, manage, and use it to change the way I interact with

my customers or expand my business models?

Show me the money


What???

SOR – System of Record

SOI – System of Interaction

SOE – System of Engagement


Issue #1 – Restrictive Systems


Private Cloud

Processes

Databases

Analytics

MainframeServices

SOA

We spent 30+ years perfecting back-end systems


Mobile

Internet of Things

Mobile

Public Cloud

Social Web

Partners

Systems Of Engagement

Mobile devices

Websites

Customers

Private Cloud

Processes

Databases

Analytics

MainframeServices

SOA

Partners

But when we need something it was end to end


Restricted Systems

Too hard, Inflexible, Not adoptive

Well ...what is the problem then?

Too expensive, Way too slow


Issue #2 – SOE changed

1818 © 2014 IBM Corporation18 © 2014 IBM Corporation

Few years ago mobility was a luxury

1919 © 2014 IBM Corporation19 © 2014 IBM Corporation

Now it is a necessity


Digital Age is powered by Mobility


What is Mobile?

API


Websites

Connected Appliances

Partners Websites/Sensors

Internet TVs

Smartphones

Tablets

Game Consoles

Connected Cars

Millions 1993 -2000

SOE needs have changed

Trillions

2013+


Issue #3 – API Liability


Is API/IoT/Mobility an Asset or a Liability?

Is your API an asset or a liability?

VentureBeat, Oct 2014


SnapChat

What are your “undocumented” APIs up to?Linkedin Pulse, Oct 2014

“That’s why we haven’t provided a public API to developers and why we

prohibit access to the private API we use to provide our service..”

“We’re going to take our time to get it right. Until then, that means any

application that isn’t ours but claims to offer Snapchat services violates

our Terms of Use and can’t be trusted.”


Issue #4 – App Infestation


Multiple siloed mobile executions

Finance SalesSupportMarketing

IT


Internet of Things

Mobile

Public Cloud

Social Web

Partners

Private Cloud

Back-officeProcesses

Analytics

Services Databases

CRM

Siloed Mobile apps are not engaging


Un-controlled Application proliferation

User Experience

Enterprise Grade

Security

Consistency

Liability

Scalability

PAYPAL PLATFORM APIS AT THE EDGE

Dec 2014

Jason HarmonHead of API Design, PayPal

@[email protected]

PayPal …

– 148 million active accounts

– 193 markets in 26 currencies

– 2013

– Total Payment Volume was $180 billion

– $27 billion in mobile payments

– Q1 2014

– Total Payment Volume of $52 Billion

– At $6688 TPV / second

– 834 million payments, 9+ million every day

– $1 in every $6 spent on e-commerce

– 25% spent on cross-border trade

THE PAYPAL CONTEXT

In a dynamic environment

– 300+ features per quarter

– We roll 100,000+ lines of code every two weeks

PAYPAL PLATFORM HAS EVOLVEDTO SUPPORT NEW INTEGRATION NEEDS

PayPal API

PayPal Capabilities

2001 Instant Payment Notification

2004 Transaction, Mass Pay API

2005 Direct Payment API, Express Checkout

2007 Payment APIs (NVP)

2009 Adaptive APIs (SOAP/XML, NV, JSON)

2013 Payment APIs (REST)

PAYMENTS: THE WAY THINGS USED TO BE

PAYMENTS: HOW IT WORKS TODAY

PAYMENTS ON THE MOVE

UBER + PAYPAL: EASY

UBER + PAYPAL: REST API

UBER + PAYPAL: MOBILE SDK

WHEN API CLIENTS NEED SMARTSLOCATION AT THE EDGE

Mobile OS provides some location data

Identifying a specific venue is more difficult

Interacting with that venue is really tricky

Bluetooth LE allows interaction with the venue

WHEN API CLIENTS NEED SMARTSLOCATION AT THE EDGE

WHEN REST APIS AREN’T ENOUGHIDENTITY

• OAuth 2 provides framework

• Passwords are weak at best

• API/OAuth provider can only provide so much…

BIOMETRIC IDENTITY

Samsung S5

First implementation of FIDO

Fingerprint scan interacts with mobile client library

FIDO data is passed to Paypal for authentication

REST APIs + additional Oauthgrant type

http://www.embedded.com/design/real-world-

applications/4430305/Implementing-Android-based-fingerprint-authentication-

for-online-payments

https://fidoalliance.org/

http://www.embedded.com/design/real-world-applications/4430305/Implementing-Android-based-fingerprint-authentication-for-online-payments

http://www.embedded.com/design/real-world-applications/4430305/Implementing-Android-based-fingerprint-authentication-for-online-payments

FIDO: A FUTURE WITHOUT PASSWORDS

• Alibaba Holdings (NYSE: BABA)

• ARM Holdings plc (LSE: ARM and NASDAQ: ARMH)

• Bank of America Corporation (NYSE:BAC)

• BlackBerry®; CrucialTec (KRX: 114120)

• Discover Financial Services (NYSE: DFS)

• Google

• IdentityX

• Lenovo

• MasterCard (NYSE: MA)

• Microsoft (Nasdaq "MSFT”)• Nok Nok Labs, Inc.• NXP Semiconductors N.V.

(NASDAQ:NXPI)• Oberthur Technologies OT• PayPal (NASDAQ:EBAY)• Qualcomm, Inc. (Nasdaq: QCOM)• RSA®• Samsung Electronics, Ltd (KOSCOM:

SECL)• Synaptics (NASDAQ: SYNA)• Visa Inc. (NYSE: V)• Yubico

PAYPAL BEACONVOICE RECOGNITION

Plans to integrate voice recognition integrated into the app

WEARABLES: MOBILE EVERYWHERE

IOT: MOBILE INTERACTIONS EVERYWHERE

TESLA: API-ENABLED CAR

[email protected]

@jharmn

mailto:[email protected]


Recommendations!


Fix #1 – Have a flexible interface


Flexible, easy to use system interfaces

Private Cloud

Processes

Databases

Analytics

Mainframe

Services

SOA

API


Effective APIs

Private Cloud

Processes

Analytics

ServicesDatabases

CRM

API

Smartphones

Tablets

Internet TVs

Game Consoles

Connected Cars

Connected Appliances

API


Innovation meets Enterprise

Measurable

Controllable

Managed

Monetized

Scalable

Private Cloud

Processes

Databases

Analytics

Mainframe

Services

SOA

API

Internet of Things

Mobile

Public Cloud

Social Web

Partners

API


Challenges to delivering an engaging Mobile experience

Internet of Things

Mobile

Public Cloud

Social Web

Partners

Private Cloud

Back-office Processes

Analytics

Services Databases

CRM

“THINK APIs”

How to cost-effectively support range of popular device platforms?

How to restless reinvent and

enhance Mobile experience faster?

How to secure the boundary without

disrupting the Mobile experience?

How to integrate Mobile activities into

existing back-end processes and data?

How to deliver the responsiveness that Mobile users expect

at Internet scale?

Backend Integration Scale & LatencyProtect PerimeterPace of InnovationRange of Devices


Fix #2 – Flexible API Provider


Right provider - Mixed model APIs

SaaS

Hosted

On-Prem

Hybrid


•IBM-managed infrastructure•Low entry cost•Pay-per-use•Highly elastic•API Provider has full control to create APIs & Plans, customize developer portals, publish to developer communities

IBM API Management - Full control & deployment flexibility

•Customer-managed infrastructure•API Provider has full control to manage & scale the on-premise infrastructure•Create APIs & Plans, customize developer portals, publish to developer communities

•Best of both worlds•Meet seasonal capacity without CapEx•Move APIs & Plans between public & private clouds•Create APIs & Plans, customize developer portals, publish to developer communities

Off-premiseSaaS

On-premise Private HybridOff-premise Private

•API Provider-managed on IBM-hosted cloud•API Provider has full control to manage & scale the off-premise infrastructure•Create APIs & Plans, customize developer portals, publish to developer communities


API Provider: Publish APIs anywhere

Multiple Developer Portals

API Manager

API Provider

App Developers

In group 1

App

Developers

in group 2

Securely share APIs/Plans with various

select developer communities


Fix #3 – Have a Composable

Enterprise


The Goal: Becoming a Composable Business

•Dynamic, flexible, responsive, agile

•Built on blocks of capability that can be rapidly changed

•Driven by analytics of real-time data

C o m p o s a b lB u s i n e s s

T h e

e

Cloud Mobile Social Big Data

Internetof Things


You bring the idea, we bring everything else.

Let us build something together.

Even iOS apps.


IaaS PaaS

…so are all of your other investmentsLeverage the power of Bluemix without abandoning what you already

use.

Core IT

IBM Bluemix



Questions?

@AndyThurai

www.thurai.net/blog

https://apim.ibmcloud.com/

www.ibm.com/apimanagement

@ibmapimgt

Building intelligent APIs to power your mobile economy

Documents