iag api management architect presentation

© 2015 IBM Corporation

The API Economy and IBM API Management Overview

Alan Glickenhouse

[email protected]

@ARGlick

API Management Business Strategist

IBM


Agenda

•API Economy

•What is IBM API Management?

•Governance

•Architecture

•Getting Started with a Successful API Initiative

•API Economy

•What is IBM API Management?

•Governance

•Architecture

•Getting Started with a Successful API Initiative

© 2015 IBM Corporation3

Why APIs? Why Now?


Adoption of cloud, analytics, mobile & social computing is forcing organizations to open IT assets to new business channels

…and challenging them to rethink the way they have traditionally approached security &

control

Between 2005 and 2020, the

amount of data in the world will

grow 300X, from 130 to

40,000 exabytes.

Between 2005 and 2020, the

amount of data in the world will

grow 300X, from 130 to

40,000 exabytes.

81% of adults use personally

owned mobile

devices for conducting business

81% of adults use personally

owned mobile

devices for conducting business

70% of employees

are engaged in social activities

both internally

and externally

70% of employees

are engaged in social activities

both internally

and externally

73% of organizations discovered cloud usage outside of IT or security

policies

73% of organizations discovered cloud usage outside of IT or security

policies


Websites

Connected Appliances

Partners Websites/Sensors

Internet TVs

Smartphones

Tablets

Game Consoles

Connected Cars

Millions 1993 - 2000

“…in 1993 and 1994 we were deeming the web as the next place for FedEx to be.” -Thomas Wicinski, VP Digital Marketing FedEx

The way we reach customers is evolving

APIs

Trillions 2013+


What is a Business API? A Business API is a public persona for an enterprise; exposing defined

assets, data or services for public consumption A Business API is simple for app developers to use, access and understand A Business API can be easily invoked

What Value Does a Business API Provide? Extends an enterprise and opens new markets by allowing external app

developers to easily leverage, publicize and/or aggregate a company’s assets for broad-based consumption

What “assets, data or services” are exposed via a Business API?: Product catalogs Store listings Order status Inventory Social interaction

Business API = Web API = Productized Service

App DeveloperApp Developer


Does this sound familiar?

A repeatable business task –

e.g., check customer credit; open new account

A Service

A way of thinking about your business through linked services and the

outcomes that they bring

Service Orientation

Service Oriented Architecture (SOA)

An business-centric architectural approach based on service oriented

principles7

Most characteristics

of a good service are

“hidden” in this definition


Business Design is an end-to-end Endeavor


APIs are not a new name for SOA Services

There are many similarities – but one very important difference:

The objective they are intended to achieve

APIs SOA

“How can I increase the pace of

innovation?”

“How can I increase the agility and effectiveness of

delivery?”

Reuse → Speed to deliverSharing → ExpediencyEncapsulate → Less to learn

Reuse → Effort to deliverSharing → EffectivenessEncapsulate → Less to change


Public API Examples – Insurance

Agencyport Turnstyle

provides for extraction of data from ACORD-compliant forms used in the insurance industry for serialization as XML. It aims to integrate form data and form-based processes into efficient XML-based workflows to transfer data to point-of-sale, customer relationship management (CRM), and other backoffice systems. This process is intended to replace manual rekeying and sequestration of data in emailed ACORD forms, PDF files, and other inaccessible formats.

Progressive SuperCREWS

provides information comparing the rates of other major insurance companies to its own. The SuperCREWS API provides programmatic access to this information in a string or in ticker format. Users can input criteria such as age, gender, marital status, state of residence, and type of car and then receive their unique insurance rate comparison information.

Insured Rating

enables users to develop a rate plan reflecting risk levels posed by prospective customers. Quote requests can then be made via the Insured Rating API which return coverage and premium information. The data generated helps to manage insurance product offerings and provide accurate rate quotes matched to determinants of risk.

NAIC Registry

allows automated filing of standard reporting documentation required of insurance providers for compliance with state regulations. The provider is a cooperative agency maintained by state governments to encourage consistent regulatory and business practices for insurance companies.


API Economy Supply Chain


Public, Open-To-All APIs

Protected, Open-To-

Partner APIs

Private, Internal APIs

Typical Audiences


Drives Adoptions of APIs Typically low valued

assets Drive brand loyalty Enter new channels

For Free

Facebook Login API provides free authentication for any Web / mobile app

Example:

Developer Pays

Business Asset must be of high value to the Developer

For example, marketing analytics, news,

Capabilities such as credit checks

Amazon EC2 Web Services – APIs charge per usage to launch and manage virtual servers.

Example:

Developer Gets Paid

Provides incentive for developer to leverage web API

Ad placements

Percentage of revenue sold product or services

Google AdSense APIs pay developers who include advertising content into apps

Example:

Indirect

Use of API achieves some goal that drives business model.

E.g. Increase awareness of specific content, or offerings

eBay Trading APIs offer developers access to trading services extending the reach of listings and transactions

Example:

The Business of APIs


48 hours, 25 developers, over 400,000 API calls

Impressive 13 pieces of Intellectual Property for ASDA

Winning Ideas

- “George Go!” - search application using multiple descriptors

- “Clothing Shaker” - create your outfit by shaking your device

- “Virtual Fitting Room” - use of Xbox Kinect and APIs

IBM API Management on Cloud provided Developer Portal & secure access to APIs

https://www.youtube.com/watch?v=biTvnghl5x8

Looking to transform the Digital Banking landscape:

- Innovative mobile solutions & IoT/ Wearables

40,000 API calls from more than 100 different groups

Prototype APIs allowing Developers to interact with fake accounts

- Account Details (APR/Interest Rate, Available Credit, Payment Due Date, etc)

- Customer Information (Name, Addresses, Phone Numbers, Email Addresses)

- Payment Details (Scheduled payments, payment history, etc)

IBM API Management on Cloud provided Developer Portal & secure access to APIs

https://citimobilechallenge.ciondemand.com/citimobilechallenge/pub/#/apis

New approach to Innovation: Hackathons, Developer Challenges


Who is the Audience? If you are not clear on the audience you have no clue what makes a good API In 2014 More than 80% of API use cases were internal APIs are the currency of Cloud and Mobile – often good places to start

What do they want? Exposing “what you have” as an API isn’t particularly useful Good APIs are simple to understand and use There is an art to a “delightful API experience” Many APIs may not last very long, that is an opportunity not a problem

Under what terms and conditions are you willing to share? Un-managed APIs quickly lead to chaos Business Ts&Cs are important (Plans) Its not a one-way street, give and take Make sharing easy

Three Questions Lead to Good APIs

https://developer.ibm.com/apimanagement/2015/05/07/how-to-get-to-two-speed-it/


How can the API Economy help you?

•Mobile (internal dev) – •What data/transactions would your own mobile apps need?

•Is there data that is generic (e.g. business locations, rates, etc.)?

•Is there data that is specific to existing customers that should be accessible via your app?

•Partnering – •Is partner on boarding a long difficult process? Would self registration of partners be of value (e.g. more partners, wider geographic coverage)?

•What data/transactions do you share between yourself and your partners?

•Public Composite Apps – •What apps might others write that could use your data/transactions?

•If there were a comparison app for you vs. your competitors would you want to be listed as an option?

•What other industry sales might also use your products (e.g. car purchase needs bank loan)?

•Think Mash-ups – what other APIs might make sense with yours? Mapping? Social?


How can the API Economy help you?

•Social / Big Data – •How do your systems interact with social media? Can you spot trends in social media and raise alerts or take action? •Can you gain insight on your brand and your competition via social media?•Can you do real time analytics combining current customer status/behavior and history?

•Device integration/wearables –•How are you positioned to integrate the next UI technology (after Mobile/Tablets)?•Does your company deal with devices (e.g. cars, appliances, sensors/meters)? What scenarios can apply to the device (e.g. needs repair/supplies, needs to send status info, interaction between device and xxx)?

•Valuable Data – •What data do you collect on your clients? •Can your data identify market segments that would be of interest to a non-related industry? (e.g. expensive cars are purchased in this neighborhood, lots of child related purchases occurring in this neighborhood).


Sample API Scenarios for IAG•IAG Internal Mobile App development – general information about offerings – life, car, home, travel, business, etc. based on audience (individual, business, adviser). Find an adviser/location, insurance calculators, tools. FAQs, Document access. Tailored information such as view/update profile, contact your agent, policy terms. Make payments, renew policy, file a claim, claim status. Goal oriented planning and advice, Mapping status to goals.

•Partner integration – Partner on boarding, Providing APIs would allow partners to offer your insurance options to their customers (White labeling insurance offerings through partners). Business onboarding to set up insurance plans for employees – make set up part of the employee on boarding process. Supplier interfaces for acquiring insured replacement items.

•Public API – Offerings available API for use by a comparative app. Some of the general information APIs from the internal mobile (above). The Business next door - Financial education businesses, Healthcare, Banking, Auto sales, real estate, travel.

•Social – Various interest groups for finance, travel, etc. Twitter feeds that reference your company combined with your own analytics can help determine if actions need to be taken to rectify customer satisfaction issues. References to consumer or business needs might allow you to act to offer insurance solutions. Provide news, promote local activities.

•Device – Plan ahead for wearables. Health monitoring, auto driver monitoring.

•Data / Analytics – Target prospects to cross-sell products, offer data access for a fee to other industries.

https://developer.ibm.com/apimanagement/2014/09/12/apis-for-the-insurance-industry/


API externalization

Multi-tenancy

Rate limiting

Runtime policy enforcement

API deployment

OAuth security management

Data transformation/redaction

Backend service discovery

Version management

Analytics support

Role-based access control

Environment management

Monitoring and notification

API exploration

Self-service sign up

Interactive API testing

App key provisioning

API usage analytics

Rate limit notification

Multiple dev communities

Real API Success = API externalization + realization

API realization


Securely expose your business to an internal/external developer ecosystem

Provide self-service API portals to internal/external app developers

Expose business services securely as APIs to select developer communities & analyze API usage

Manage & monitor the entire API platform

On-premiseprivate

Off-premiseSaaS

Off-premisededicated

Hybrid

IBM API Management


Compose a new API, Import APIs, or Discover APIs, specify security & API behavior, version APIs

Create a Plan, add API resources, choose rate limits, stage it in a runtime environment, test API resource, version Plans

Invite developer organizations to use your APIs & communicate with them

Publish your Plan to select developer organizations & portals; manage subscribability

Analyze API usage

Managing APIs is simple


IBM API ManagementFully on-premise, multi-tenant solution,

for API providers

IBM DataPowerAPI Gateway for security, control, integration &

optimized access to a full range of Mobile, Web, API, SOA, B2B & Cloud workloads

Over a decade of innovation, 10,000+ units sold, 2000+ customer installations worldwide

A single, comprehensive solution to design, secure, control, publish, monitor & manage APIs


Runtime view

IIB or other ESBWAS or other app server

Applications/Services in Java, NET, Cobol, etc

z/OS, IMS, CICS, DB2

Mobile

Third party APIs

Web

Business Partnerapplication

IoT

API Management


Easily manage your APIs, in your private environmentdesign, secure, control, publish, monitor & manage

Explore API documentation

Provision application keys

Self-service experience

Developer Portal API Manager Management Console

Define and manage APIs

Explore API usage with analytics

Manage API user communities

Provision system resources

Monitor runtime health

Scale the environment

API Gateway (IBM DataPower)

Enforce runtime policies to control API traffic


API Management solution

Product APIs allow customers to interact with the API Management solution, and extend/customize

Product APIs Management layer Gateway layer

The management layer embodies the capability for organizations to define, manage, expose and control APIs

Provides API Manager, Developer Portal and Management Console

API configurations are deployed to the gateway, which provides the enforcement point for runtime policies to control API traffic

Gateway is DataPower physical or virtual

© 2015 IBM Corporation© 2015 IBM Corporation

On premise

On CloudDedicated

3 | On premiseBehind your firewall for most sensitive workloads & complete control

API Manager Cloud Management Console*Developer Portals

API Management – The way you want it

2 | On CloudMaximize on cloud economics and agility. Offered as SaaS on SoftLayer and also available through Bluemix

1 | DedicatedWith Bluemix Dedicated API Management, everything is dedicated and connected to you — agility of public cloud, yet feels like home


API Developer • How do I assemble APIs?• How do I manage security?• Will the infrastructure scale?• How do I measure performance?

App Developer

•Where do I access APIs?•How do I understand the APIs?•How do I measure success?

API Product Manager

• How can I rapidly release & update my APIs?• How do I publicize my API?• How do I measure success?

Operations Lead

•How do I manage all the API Environments that are being requested?•How can I scale each environment?•How can I easily find and fix issues?

API Success Requires Addressing Needs of Multiple Stakeholders


Developerorganization

s(consume

APIsdevelop

Apps)

API Provider organizationsUsers

Cloud

system

admin

Clusters of servers

User registry(identity provider)

email server configuratio

n

Anatomy of API Management

IBM /apimanagement 15

Developer portal

API Manager

CloudManageme

ntConsole


Organization Structure

Executive Steering Committee

Core API Team

Business Domain Owners

API Product Manager (Business)

Integration / API Developer (Technical)

Operations

Integration Architects

ServiceOwners

Internal App Developers

Executive commitment FundingResource commitmentsMeasurements/Reports

Need a strong Core Team and Business leader to own the success of the API initiative


“Just Enough” Governance

For APIs, focus is on speed and time to market. A light weight Governance model is required.

Governance model will vary based on the control of the API consumer audience with increased governance the less the API consumer is controlled.

Always required:•Communication•Measurements

Internal:•Lighter concern on API identification, versioning, security (use internal)•Monetization = Chargeback•Entitlement enforcement usually soft

Partner:•API identification, •Versioning plan, •Security, •Privacy•Monetization – maybe?•Entitlement enforcement soft or hard

Public:•API identification, •Versioning plan, •Security, •Privacy•Legal•Monetization•Entitlement enforcement more often hard


The “API Factory” Approach

Standardized API development process in a production factory process

While the APIs vary considerably in terms of their functionality, all APIs follow a similar lifecycle of proposal, architecture review, business owner review, followed by packaging for test, and then deployment to production, deprecated due to re-versioning, and then retired

Because the API creation process is repetitive, we can use a production engineering approach to automating API development

In effect, we are building an API Factory: much of the purpose of API Lifecycle Management is to define how that factory can operate most effectively


IBM APIM - API Lifecycle Management

Start

Retired Proposed

API Designer proposes API

Defined

Architect Review (Data & Lead)

Constructed

Business Owner Review

Certified

Updates Suggested

API Packaged, Versioned

Staged

Published

Deprecated

Retirement Decision

Re-Versioned

Test

Rework Required

Deployment to Production

Old Service State

New Service State

Action or Activity

Design Time

Run time

INDEX

Owner Rejects


Technical Governance

For APIs, focus is on speed and time to market. A light weight Governance model is required for the technical Governance as well.

•API Standards / Best Practices – REST and SOAP are most common. Usually REST/JSON is used for lower bandwidth devices and to reduce the amount of data transmitted. Set up naming standards! There is no “official” REST standard.•Granularity / Simplicity – see next slide•Lifecycle – few stages should be required •Security – App security handled via App keys and secrets. Users of the App may be identified using OAuth to shield their private login information from the App itself.•Deployment / Publishing – early environments are usually handled synchronously. However, Production is usually isolated and requires a disconnected deployment approach (usually scripted).•Versioning – most critical for public APIs. Plan for change. Try to make APIs backward compatible so you can move consumers automatically to the new level. Often will have multiple versions in production at the same time, but need to plan for consumer movement to new versions. •Scale – API entitlement levels are used to plan for capacity, the gateway enforces these entitlements. Scaling should be simple using additional instances added to a cluster. •Integration – simple integrations to back end services directly or to an ESB to do more complex integration. Generic results can be returned to the gateway and customized to the required API response to reduce the amount of data transmitted.


Simplicity and Granularity

Design for ease of consumption by an App developer

•APIs are fine grained (not like SOA Services)

•They do one thing

•Easy to understand parameters – aim for self documenting. Supply samples to call the API and the returned data.

•Don’t do anything unusual

•Make it easy to try

Behind the API systems may be complex•Don’t show the complexity

•One API call may access 3 backend systems, extract lots of data, throw 90% of it away and reply back with the 10% that answers the API request. Don’t have 3 APIs and make the consumer do the work.

By having fine grained simple APIs, it may be possible to keep the API consistent even when back end systems change.


Management-Gateway Communications


Topology – Gateway Cluster in DMZ

38

FIREWALL

DMZ

Trusted

INTERNALSERVICES

FIREWALL

LOAD BALANCER(OPTIONAL)

MANAGEMENTCLUSTER

GATEWAYCLUSTER

IDP : END USER AUTHENTICATION

https

https:2443

https:9443

https:5550

APPLICATIONS(API CONSUMERS)

SMTP SERVERIDP FORPORTAL USERS

REVERSE PROXYOR DATAPOWER WAF

LOAD BALANCER

APP DEVELOPERS

https

https


Topology – Gateway Cluster in Trusted Zone

39

FIREWALL

DMZ

Trusted

INTERNALSERVICES

FIREWALL

LOAD BALANCEROR

DATAPOWER

MANAGEMENTCLUSTER

GATEWAYCLUSTER


https


SMTP SERVERIDP FORPORTAL USERS

REVERSE PROXYOR DATAPOWER WAF

LOAD BALANCER

APP DEVELOPERS

https

httpshttps

INTERNALAPP DEVELOPERS

INTERNALAPPLICATIONS


Topology – Multiple Gateway Clusters

40

FIREWALL

DMZ

Trusted

INTERNALSERVICES

FIREWALL

LOAD BALANCER(OPTIONAL)

MANAGEMENTCLUSTER

GATEWAYCLUSTER

INTERNAL APIS


https


INTERNALAPPLICATIONS

GATEWAYCLUSTER

EXTERNAL APIS

GATEWAYCLUSTER

DEV & TESTINGDEVELOPERS

TESTERS

24439443

5550

https


Cluster Topology – Single Management Cluster Topology


Multi-Management Cluster Topology OR Disconnected Cloud Topology


Where does API Management fit?


A successful API initiative requires end-to-end focus

APIs

Apps

Social Feedback and Communities

Marketplace

Self-Service Portal: Registration • Documentation • Sandbox

Security, Metering and Control

API Design and Integration

Analytics and Monetization

API Lifecycle Management

Composition

Infrastructure Services

DevOps and App Management

Mobile Services

Internal Developers

Partner Developers

External Developers

Channels: Smartphones • Tablets • Desktops • Cars • TVs • Others

Services: Data • Processes • Applications

Cloud


Leverage a robust API Gateway to launch your API platform• An API Management platform needs a robust, secure and scalable API Gateway for runtime

enforcement• IBM API Management has optimized integration with IBM DataPower gateway appliances• Single pane of glass to manage APIs, Plans, Users, Clusters to provide a unified operational view• DataPower is the industry leading security & integration gateway for a range of workloads, with over

2200 customers and 10,000 units deployed worldwide

Flexible deployment options• IBM API Management is available as on-premise, hosted, and SaaS

Thought Leadership & Active developer community• Free access to experts to help with API strategy• Discussion forums, blog posts, events at developer.ibm.com/api• 1M+ participants on IBM developerWorks

Access to a worldwide marketplace• IBM Bluemix and IBM Cloud marketplace represent a unique broad developer audience, building

apps

Choose the API Mgmt vendor strategically• IBM is investing heavily in API Mgmt, Mobile, Cloud, Analytics, IoT & Big Data

45

Why IBM?


Key Points to Remember

46

1.IBM DataPower has NOT partnered with any API Mgmt vendor –There is NO product-level integration

2.IBM provides immediate feature availability–Take advantage of DataPower new features as soon as it is GA’ed by IBM instead of waiting months/years for others to add to their product e.g. WebSockets support added mid-2014 in DataPower v7.0

3.IBM APIM/DataPower natively integrates with WAS, WXS, MobileFirst & Bluemix4.IBM APIM generates efficient configurations/policies for DataPower to execute/enforce

–Beware of others creating inefficient policies for DataPower. This may result in more DataPower needed5.IBM APIM has self-contained virtual appliance packaging

–Beware of others requiring a DB plus addressing DB replication for analytics data6.IBM’s APIM solution deployment topology is simple – mgmt & gateway

–Beware of others requiring various components sitting on separate servers, plus load balancers & another DB for HA

7.API Management is strategic to IBM–IBM is investing heavily in API Mgmt, Mobile, Cloud, Integration, Analytics, IoT & Big Data–We plan to provide a unified platform for Mobile App Mgmt & API Mgmt using a single gateway

8.With IBM, customers gain access to a worldwide marketplace–IBM Bluemix & IBM Cloud marketplace represent a unique broad developer audience, building apps

9.IBM provides Thought Leadership & Active developer community with 1M+ participants –Free access to experts to help with API strategy–Discussion forums, blog posts, events at developer.ibm.com/apimanagement


Getting Started

1. Executive and Business Backing• APIs are a product to be delivered, not a technology for IT to improve efficiency

• Lack of executive or business buy-in will result in a technology implementation with no/little impact on the business.

• Leadership absolutely must participate and back the initiative.

2. Establish a strategy and goals• Understand why you are executing an API strategy

• Set Goals for the initiative with time frames and reporting metrics

3. Commitment to Roles, Responsibilities, and Resources• There will need to be resources dedicated to the API initiative.

• Enable enough key resources to make governance effective.

4. Get the Message Out• Involve some folks skilled in formal communication and education

campaigns.

• Do some API evangelist work

• The core team’s role(s) must be understood and propagated

• Collect and Publish Metrics


API developercommunity site

on APIs, API economy, API Mgmt

IncludesAPI community forumAPI eventsBest practices blogVideos

developer.ibm.com/api

API Management Resources

Product Page• ibm.com/apimanagement

API developer community• developer.ibm.com/api

Twitter• @ibmapimgt

YouTube Channel• youtube.com/ibmapimanagement

Slideshare• slideshare.net/ibmapimgmt

Speaker Deck• speakerdeck.com/ibmapimgmt

49

Backup

50

Intuitively and iteratively define APIs and associated policies

Rapidly assemble APIs via configuration, not coding

Minimize risk with industry leading security & scalability

Define

API Developer

Assemble

Meter

SecureDeploy, Test & Debug

Monitor

Scale

Version

51

API Developer: Create, Secure & Version APIsSimple interface accelerates iterative API development & deployment

API Developer: Assemble New APIs Through Configuration

Assemble a new API by combining multiple REST or SOAP services into a composite API

Provide examples of the request and response messages, headers and parameters

Drag and connect linking the request and response messages

Transform the message elements with a click

API Providers & Consumers: Test API readiness with Ready! API plugin

Export:

Define new APIs in Ready! API product by uploading Swagger, WADL, RAML, WSDL, etc., and then test the API.

Commit to a full range of tests – functional, load, security

When ready, click a button to Export API to insert the tested API into API Manager UI

Import:

Use Ready! API testing platform to Import SOAP & REST API definitions directly from IBM API Mgmt Dev portal for unit/functional testing, load testing, service virtualization & more

Select any API from Dev Portal

Auto-generate test suite

Validate functionality and resiliency

Virtualize for application testing

&

API Consumers API Providers

Custom API Portal using IBM API Mgmt & Drupal CMS

API Provider: “Productize” APIs using Plans

Introduce API Trial Use

Free, limited plans can be made available alongside premium plans

For example, a free plan could be unrestricted, and a premium plan restricted

Include multiple APIs and Resources per Plan

Version your Plans

Apply Rate Limit by Plan or Resource

Reject calls when limit reached

API Provider: Publish your APIs to multiple developer portals

Multiple Developer Portals

API Manager

API Provider

App DevelopersIn group 1

App Developers in group 2

Securely share APIs/Plans with various select developer communities

Fine grained plan deployment

Non-disruptive Publish: Replace a currently published version of a Plan without any disruption in API availability

API Provider: Gain Business Insights

• Pinpoint key market fluctuations and find correlations related to your business

• Analytics for both API provider and application developer:

• Analyze performance of APIs

• Enables chargeback or billing for API consumption

App Developer: Register application

Register new application

Request security keys with enhanced privacy

Deferred retrieval of client secret

App Developer: Analyze App Performance, Get notified

Monitor most active applications and APIs

Rate limit developer notifications

IT Admin: Manage Overall Environment*

At-a-glance server utilization metrics

Management & Gateway Server utilization - CPU, Memory, Disk

Usage over time available by drilling down

* Not applicable to SaaS

Enabling businesses to join the API EconomyIBM API Management - on-cloud & on-premise

Engage with app developers through portals

• API exploration• Self-service sign up• Interactive API testing• App & Key management• API usage analytics • Rate limit notification• Multiple dev communities• Build custom portal with blogs,

forums

• Define & Secure REST & SOAP APIs, Publish to multiple developer portals & users, Analyze API usage & performance

• A resilient integrated API runtime gateway infrastructure with IBM DataPower Gateway for enforcement of runtime policies to secure & control API traffic

• Seamlessly move APIs & Plans from public to private cloud or on-prem for complete flexibility

Define, publish & manage APIs• OAuth security management• Backend service discovery• API lifecycle management• API subscription management• Data transformation/redaction• Rate limiting at Plan/Resource

level• API user & Plan management• API deployment to Gateway• API security enforcement• API Analytics to gain business

insight• Custom roles & role-based

access control

Manage API environment• Administer & scale

system resources• Monitor runtime health• Multi-tenancy

REST APIs to extend/customize

• Developer Portal • User onboarding• Integration with API

testing tools (SoapUI NG Pro, Ready! API)

• Integration with Content Management System (Drupal)

iag api management architect presentation

Internet

ibm corporation apis

web api

ibm corporation websites

ibm corporation3

new business channels

successful api initiative

repeatable business

form data