iag api management architect presentation
TRANSCRIPT
© 2015 IBM Corporation
The API Economy and IBM API Management Overview
Alan Glickenhouse
@ARGlick
API Management Business Strategist
IBM
© 2015 IBM Corporation
Agenda
•API Economy
•What is IBM API Management?
•Governance
•Architecture
•Getting Started with a Successful API Initiative
•API Economy
•What is IBM API Management?
•Governance
•Architecture
•Getting Started with a Successful API Initiative
© 2015 IBM Corporation
Adoption of cloud, analytics, mobile & social computing is forcing organizations to open IT assets to new business channels
…and challenging them to rethink the way they have traditionally approached security &
control
Between 2005 and 2020, the
amount of data in the world will
grow 300X, from 130 to
40,000 exabytes.
Between 2005 and 2020, the
amount of data in the world will
grow 300X, from 130 to
40,000 exabytes.
81% of adults use personally
owned mobile
devices for conducting business
81% of adults use personally
owned mobile
devices for conducting business
70% of employees
are engaged in social activities
both internally
and externally
70% of employees
are engaged in social activities
both internally
and externally
73% of organizations discovered cloud usage outside of IT or security
policies
73% of organizations discovered cloud usage outside of IT or security
policies
© 2015 IBM Corporation
Websites
Connected Appliances
Partners Websites/Sensors
Internet TVs
Smartphones
Tablets
Game Consoles
Connected Cars
Millions 1993 - 2000
“…in 1993 and 1994 we were deeming the web as the next place for FedEx to be.” -Thomas Wicinski, VP Digital Marketing FedEx
The way we reach customers is evolving
APIs
Trillions 2013+
© 2015 IBM Corporation
What is a Business API? A Business API is a public persona for an enterprise; exposing defined
assets, data or services for public consumption A Business API is simple for app developers to use, access and understand A Business API can be easily invoked
What Value Does a Business API Provide? Extends an enterprise and opens new markets by allowing external app
developers to easily leverage, publicize and/or aggregate a company’s assets for broad-based consumption
What “assets, data or services” are exposed via a Business API?: Product catalogs Store listings Order status Inventory Social interaction
Business API = Web API = Productized Service
App DeveloperApp Developer
© 2015 IBM Corporation
Does this sound familiar?
A repeatable business task –
e.g., check customer credit; open new account
A Service
A way of thinking about your business through linked services and the
outcomes that they bring
Service Orientation
Service Oriented Architecture (SOA)
An business-centric architectural approach based on service oriented
principles7
Most characteristics
of a good service are
“hidden” in this definition
© 2015 IBM Corporation
APIs are not a new name for SOA Services
There are many similarities – but one very important difference:
The objective they are intended to achieve
APIs SOA
“How can I increase the pace of
innovation?”
“How can I increase the agility and effectiveness of
delivery?”
Reuse → Speed to deliverSharing → ExpediencyEncapsulate → Less to learn
Reuse → Effort to deliverSharing → EffectivenessEncapsulate → Less to change
© 2015 IBM Corporation
Public API Examples – Insurance
Agencyport Turnstyle
provides for extraction of data from ACORD-compliant forms used in the insurance industry for serialization as XML. It aims to integrate form data and form-based processes into efficient XML-based workflows to transfer data to point-of-sale, customer relationship management (CRM), and other backoffice systems. This process is intended to replace manual rekeying and sequestration of data in emailed ACORD forms, PDF files, and other inaccessible formats.
Progressive SuperCREWS
provides information comparing the rates of other major insurance companies to its own. The SuperCREWS API provides programmatic access to this information in a string or in ticker format. Users can input criteria such as age, gender, marital status, state of residence, and type of car and then receive their unique insurance rate comparison information.
Insured Rating
enables users to develop a rate plan reflecting risk levels posed by prospective customers. Quote requests can then be made via the Insured Rating API which return coverage and premium information. The data generated helps to manage insurance product offerings and provide accurate rate quotes matched to determinants of risk.
NAIC Registry
allows automated filing of standard reporting documentation required of insurance providers for compliance with state regulations. The provider is a cooperative agency maintained by state governments to encourage consistent regulatory and business practices for insurance companies.
© 2015 IBM Corporation
Public, Open-To-All APIs
Protected, Open-To-
Partner APIs
Private, Internal APIs
Typical Audiences
© 2015 IBM Corporation
Drives Adoptions of APIs Typically low valued
assets Drive brand loyalty Enter new channels
For Free
Facebook Login API provides free authentication for any Web / mobile app
Example:
Developer Pays
Business Asset must be of high value to the Developer
For example, marketing analytics, news,
Capabilities such as credit checks
Amazon EC2 Web Services – APIs charge per usage to launch and manage virtual servers.
Example:
Developer Gets Paid
Provides incentive for developer to leverage web API
Ad placements
Percentage of revenue sold product or services
Google AdSense APIs pay developers who include advertising content into apps
Example:
Indirect
Use of API achieves some goal that drives business model.
E.g. Increase awareness of specific content, or offerings
eBay Trading APIs offer developers access to trading services extending the reach of listings and transactions
Example:
The Business of APIs
© 2015 IBM Corporation
48 hours, 25 developers, over 400,000 API calls
Impressive 13 pieces of Intellectual Property for ASDA
Winning Ideas
- “George Go!” - search application using multiple descriptors
- “Clothing Shaker” - create your outfit by shaking your device
- “Virtual Fitting Room” - use of Xbox Kinect and APIs
IBM API Management on Cloud provided Developer Portal & secure access to APIs
https://www.youtube.com/watch?v=biTvnghl5x8
Looking to transform the Digital Banking landscape:
- Innovative mobile solutions & IoT/ Wearables
40,000 API calls from more than 100 different groups
Prototype APIs allowing Developers to interact with fake accounts
- Account Details (APR/Interest Rate, Available Credit, Payment Due Date, etc)
- Customer Information (Name, Addresses, Phone Numbers, Email Addresses)
- Payment Details (Scheduled payments, payment history, etc)
IBM API Management on Cloud provided Developer Portal & secure access to APIs
https://citimobilechallenge.ciondemand.com/citimobilechallenge/pub/#/apis
New approach to Innovation: Hackathons, Developer Challenges
© 2015 IBM Corporation
Who is the Audience? If you are not clear on the audience you have no clue what makes a good API In 2014 More than 80% of API use cases were internal APIs are the currency of Cloud and Mobile – often good places to start
What do they want? Exposing “what you have” as an API isn’t particularly useful Good APIs are simple to understand and use There is an art to a “delightful API experience” Many APIs may not last very long, that is an opportunity not a problem
Under what terms and conditions are you willing to share? Un-managed APIs quickly lead to chaos Business Ts&Cs are important (Plans) Its not a one-way street, give and take Make sharing easy
Three Questions Lead to Good APIs
https://developer.ibm.com/apimanagement/2015/05/07/how-to-get-to-two-speed-it/
© 2015 IBM Corporation
How can the API Economy help you?
•Mobile (internal dev) – •What data/transactions would your own mobile apps need?
•Is there data that is generic (e.g. business locations, rates, etc.)?
•Is there data that is specific to existing customers that should be accessible via your app?
•Partnering – •Is partner on boarding a long difficult process? Would self registration of partners be of value (e.g. more partners, wider geographic coverage)?
•What data/transactions do you share between yourself and your partners?
•Public Composite Apps – •What apps might others write that could use your data/transactions?
•If there were a comparison app for you vs. your competitors would you want to be listed as an option?
•What other industry sales might also use your products (e.g. car purchase needs bank loan)?
•Think Mash-ups – what other APIs might make sense with yours? Mapping? Social?
© 2015 IBM Corporation
How can the API Economy help you?
•Social / Big Data – •How do your systems interact with social media? Can you spot trends in social media and raise alerts or take action? •Can you gain insight on your brand and your competition via social media?•Can you do real time analytics combining current customer status/behavior and history?
•Device integration/wearables –•How are you positioned to integrate the next UI technology (after Mobile/Tablets)?•Does your company deal with devices (e.g. cars, appliances, sensors/meters)? What scenarios can apply to the device (e.g. needs repair/supplies, needs to send status info, interaction between device and xxx)?
•Valuable Data – •What data do you collect on your clients? •Can your data identify market segments that would be of interest to a non-related industry? (e.g. expensive cars are purchased in this neighborhood, lots of child related purchases occurring in this neighborhood).
© 2015 IBM Corporation
Sample API Scenarios for IAG•IAG Internal Mobile App development – general information about offerings – life, car, home, travel, business, etc. based on audience (individual, business, adviser). Find an adviser/location, insurance calculators, tools. FAQs, Document access. Tailored information such as view/update profile, contact your agent, policy terms. Make payments, renew policy, file a claim, claim status. Goal oriented planning and advice, Mapping status to goals.
•Partner integration – Partner on boarding, Providing APIs would allow partners to offer your insurance options to their customers (White labeling insurance offerings through partners). Business onboarding to set up insurance plans for employees – make set up part of the employee on boarding process. Supplier interfaces for acquiring insured replacement items.
•Public API – Offerings available API for use by a comparative app. Some of the general information APIs from the internal mobile (above). The Business next door - Financial education businesses, Healthcare, Banking, Auto sales, real estate, travel.
•Social – Various interest groups for finance, travel, etc. Twitter feeds that reference your company combined with your own analytics can help determine if actions need to be taken to rectify customer satisfaction issues. References to consumer or business needs might allow you to act to offer insurance solutions. Provide news, promote local activities.
•Device – Plan ahead for wearables. Health monitoring, auto driver monitoring.
•Data / Analytics – Target prospects to cross-sell products, offer data access for a fee to other industries.
https://developer.ibm.com/apimanagement/2014/09/12/apis-for-the-insurance-industry/
© 2015 IBM Corporation
API externalization
Multi-tenancy
Rate limiting
Runtime policy enforcement
API deployment
OAuth security management
Data transformation/redaction
Backend service discovery
Version management
Analytics support
Role-based access control
Environment management
Monitoring and notification
API exploration
Self-service sign up
Interactive API testing
App key provisioning
API usage analytics
Rate limit notification
Multiple dev communities
Real API Success = API externalization + realization
API realization
© 2015 IBM Corporation
Securely expose your business to an internal/external developer ecosystem
Provide self-service API portals to internal/external app developers
Expose business services securely as APIs to select developer communities & analyze API usage
Manage & monitor the entire API platform
On-premiseprivate
Off-premiseSaaS
Off-premisededicated
Hybrid
IBM API Management
© 2015 IBM Corporation
Compose a new API, Import APIs, or Discover APIs, specify security & API behavior, version APIs
Create a Plan, add API resources, choose rate limits, stage it in a runtime environment, test API resource, version Plans
Invite developer organizations to use your APIs & communicate with them
Publish your Plan to select developer organizations & portals; manage subscribability
Analyze API usage
Managing APIs is simple
© 2015 IBM Corporation
IBM API ManagementFully on-premise, multi-tenant solution,
for API providers
IBM DataPowerAPI Gateway for security, control, integration &
optimized access to a full range of Mobile, Web, API, SOA, B2B & Cloud workloads
Over a decade of innovation, 10,000+ units sold, 2000+ customer installations worldwide
A single, comprehensive solution to design, secure, control, publish, monitor & manage APIs
© 2015 IBM Corporation
Runtime view
IIB or other ESBWAS or other app server
Applications/Services in Java, NET, Cobol, etc
z/OS, IMS, CICS, DB2
Mobile
Third party APIs
Web
Business Partnerapplication
IoT
API Management
© 2015 IBM Corporation
Easily manage your APIs, in your private environmentdesign, secure, control, publish, monitor & manage
Explore API documentation
Provision application keys
Self-service experience
Developer Portal API Manager Management Console
Define and manage APIs
Explore API usage with analytics
Manage API user communities
Provision system resources
Monitor runtime health
Scale the environment
API Gateway (IBM DataPower)
Enforce runtime policies to control API traffic
© 2015 IBM Corporation27
API Management solution
Product APIs allow customers to interact with the API Management solution, and extend/customize
Product APIs Management layer Gateway layer
The management layer embodies the capability for organizations to define, manage, expose and control APIs
Provides API Manager, Developer Portal and Management Console
API configurations are deployed to the gateway, which provides the enforcement point for runtime policies to control API traffic
Gateway is DataPower physical or virtual
© 2015 IBM Corporation© 2015 IBM Corporation
On premise
On CloudDedicated
3 | On premiseBehind your firewall for most sensitive workloads & complete control
API Manager Cloud Management Console*Developer Portals
API Management – The way you want it
2 | On CloudMaximize on cloud economics and agility. Offered as SaaS on SoftLayer and also available through Bluemix
1 | DedicatedWith Bluemix Dedicated API Management, everything is dedicated and connected to you — agility of public cloud, yet feels like home
© 2015 IBM Corporation
API Developer • How do I assemble APIs?• How do I manage security?• Will the infrastructure scale?• How do I measure performance?
App Developer
•Where do I access APIs?•How do I understand the APIs?•How do I measure success?
API Product Manager
• How can I rapidly release & update my APIs?• How do I publicize my API?• How do I measure success?
Operations Lead
•How do I manage all the API Environments that are being requested?•How can I scale each environment?•How can I easily find and fix issues?
API Success Requires Addressing Needs of Multiple Stakeholders
© 2015 IBM Corporation
Developerorganization
s(consume
APIsdevelop
Apps)
API Provider organizationsUsers
Cloud
system
admin
Clusters of servers
User registry(identity provider)
email server configuratio
n
Anatomy of API Management
IBM /apimanagement 15
Developer portal
API Manager
CloudManageme
ntConsole
© 2015 IBM Corporation
Organization Structure
Executive Steering Committee
Core API Team
Business Domain Owners
API Product Manager (Business)
Integration / API Developer (Technical)
Operations
Integration Architects
ServiceOwners
Internal App Developers
Executive commitment FundingResource commitmentsMeasurements/Reports
Need a strong Core Team and Business leader to own the success of the API initiative
© 2015 IBM Corporation
“Just Enough” Governance
For APIs, focus is on speed and time to market. A light weight Governance model is required.
Governance model will vary based on the control of the API consumer audience with increased governance the less the API consumer is controlled.
Always required:•Communication•Measurements
Internal:•Lighter concern on API identification, versioning, security (use internal)•Monetization = Chargeback•Entitlement enforcement usually soft
Partner:•API identification, •Versioning plan, •Security, •Privacy•Monetization – maybe?•Entitlement enforcement soft or hard
Public:•API identification, •Versioning plan, •Security, •Privacy•Legal•Monetization•Entitlement enforcement more often hard
© 2015 IBM Corporation33
The “API Factory” Approach
Standardized API development process in a production factory process
While the APIs vary considerably in terms of their functionality, all APIs follow a similar lifecycle of proposal, architecture review, business owner review, followed by packaging for test, and then deployment to production, deprecated due to re-versioning, and then retired
Because the API creation process is repetitive, we can use a production engineering approach to automating API development
In effect, we are building an API Factory: much of the purpose of API Lifecycle Management is to define how that factory can operate most effectively
© 2015 IBM Corporation34
IBM APIM - API Lifecycle Management
Start
Retired Proposed
API Designer proposes API
Defined
Architect Review (Data & Lead)
Constructed
Business Owner Review
Certified
Updates Suggested
API Packaged, Versioned
Staged
Published
Deprecated
Retirement Decision
Re-Versioned
Test
Rework Required
Deployment to Production
Old Service State
New Service State
Action or Activity
Design Time
Run time
INDEX
Owner Rejects
© 2015 IBM Corporation
Technical Governance
For APIs, focus is on speed and time to market. A light weight Governance model is required for the technical Governance as well.
•API Standards / Best Practices – REST and SOAP are most common. Usually REST/JSON is used for lower bandwidth devices and to reduce the amount of data transmitted. Set up naming standards! There is no “official” REST standard.•Granularity / Simplicity – see next slide•Lifecycle – few stages should be required •Security – App security handled via App keys and secrets. Users of the App may be identified using OAuth to shield their private login information from the App itself.•Deployment / Publishing – early environments are usually handled synchronously. However, Production is usually isolated and requires a disconnected deployment approach (usually scripted).•Versioning – most critical for public APIs. Plan for change. Try to make APIs backward compatible so you can move consumers automatically to the new level. Often will have multiple versions in production at the same time, but need to plan for consumer movement to new versions. •Scale – API entitlement levels are used to plan for capacity, the gateway enforces these entitlements. Scaling should be simple using additional instances added to a cluster. •Integration – simple integrations to back end services directly or to an ESB to do more complex integration. Generic results can be returned to the gateway and customized to the required API response to reduce the amount of data transmitted.
© 2015 IBM Corporation
Simplicity and Granularity
Design for ease of consumption by an App developer
•APIs are fine grained (not like SOA Services)
•They do one thing
•Easy to understand parameters – aim for self documenting. Supply samples to call the API and the returned data.
•Don’t do anything unusual
•Make it easy to try
Behind the API systems may be complex•Don’t show the complexity
•One API call may access 3 backend systems, extract lots of data, throw 90% of it away and reply back with the 10% that answers the API request. Don’t have 3 APIs and make the consumer do the work.
By having fine grained simple APIs, it may be possible to keep the API consistent even when back end systems change.
© 2015 IBM Corporation
Topology – Gateway Cluster in DMZ
38
FIREWALL
DMZ
Trusted
INTERNALSERVICES
FIREWALL
LOAD BALANCER(OPTIONAL)
MANAGEMENTCLUSTER
GATEWAYCLUSTER
IDP : END USER AUTHENTICATION
https
https:2443
https:9443
https:5550
APPLICATIONS(API CONSUMERS)
SMTP SERVERIDP FORPORTAL USERS
REVERSE PROXYOR DATAPOWER WAF
LOAD BALANCER
APP DEVELOPERS
https
https
© 2015 IBM Corporation
Topology – Gateway Cluster in Trusted Zone
39
FIREWALL
DMZ
Trusted
INTERNALSERVICES
FIREWALL
LOAD BALANCEROR
DATAPOWER
MANAGEMENTCLUSTER
GATEWAYCLUSTER
IDP : END USER AUTHENTICATION
https
APPLICATIONS(API CONSUMERS)
SMTP SERVERIDP FORPORTAL USERS
REVERSE PROXYOR DATAPOWER WAF
LOAD BALANCER
APP DEVELOPERS
https
httpshttps
INTERNALAPP DEVELOPERS
INTERNALAPPLICATIONS
© 2015 IBM Corporation
Topology – Multiple Gateway Clusters
40
FIREWALL
DMZ
Trusted
INTERNALSERVICES
FIREWALL
LOAD BALANCER(OPTIONAL)
MANAGEMENTCLUSTER
GATEWAYCLUSTER
INTERNAL APIS
IDP : END USER AUTHENTICATION
https
APPLICATIONS(API CONSUMERS)
INTERNALAPPLICATIONS
GATEWAYCLUSTER
EXTERNAL APIS
GATEWAYCLUSTER
DEV & TESTINGDEVELOPERS
TESTERS
24439443
5550
https
© 2015 IBM Corporation
A successful API initiative requires end-to-end focus
APIs
Apps
Social Feedback and Communities
Marketplace
Self-Service Portal: Registration • Documentation • Sandbox
Security, Metering and Control
API Design and Integration
Analytics and Monetization
API Lifecycle Management
Composition
Infrastructure Services
DevOps and App Management
Mobile Services
Internal Developers
Partner Developers
External Developers
Channels: Smartphones • Tablets • Desktops • Cars • TVs • Others
Services: Data • Processes • Applications
Cloud
© 2015 IBM Corporation
Leverage a robust API Gateway to launch your API platform• An API Management platform needs a robust, secure and scalable API Gateway for runtime
enforcement• IBM API Management has optimized integration with IBM DataPower gateway appliances• Single pane of glass to manage APIs, Plans, Users, Clusters to provide a unified operational view• DataPower is the industry leading security & integration gateway for a range of workloads, with over
2200 customers and 10,000 units deployed worldwide
Flexible deployment options• IBM API Management is available as on-premise, hosted, and SaaS
Thought Leadership & Active developer community• Free access to experts to help with API strategy• Discussion forums, blog posts, events at developer.ibm.com/api• 1M+ participants on IBM developerWorks
Access to a worldwide marketplace• IBM Bluemix and IBM Cloud marketplace represent a unique broad developer audience, building
apps
Choose the API Mgmt vendor strategically• IBM is investing heavily in API Mgmt, Mobile, Cloud, Analytics, IoT & Big Data
45
Why IBM?
© 2015 IBM Corporation
Key Points to Remember
46
1.IBM DataPower has NOT partnered with any API Mgmt vendor –There is NO product-level integration
2.IBM provides immediate feature availability–Take advantage of DataPower new features as soon as it is GA’ed by IBM instead of waiting months/years for others to add to their product e.g. WebSockets support added mid-2014 in DataPower v7.0
3.IBM APIM/DataPower natively integrates with WAS, WXS, MobileFirst & Bluemix4.IBM APIM generates efficient configurations/policies for DataPower to execute/enforce
–Beware of others creating inefficient policies for DataPower. This may result in more DataPower needed5.IBM APIM has self-contained virtual appliance packaging
–Beware of others requiring a DB plus addressing DB replication for analytics data6.IBM’s APIM solution deployment topology is simple – mgmt & gateway
–Beware of others requiring various components sitting on separate servers, plus load balancers & another DB for HA
7.API Management is strategic to IBM–IBM is investing heavily in API Mgmt, Mobile, Cloud, Integration, Analytics, IoT & Big Data–We plan to provide a unified platform for Mobile App Mgmt & API Mgmt using a single gateway
8.With IBM, customers gain access to a worldwide marketplace–IBM Bluemix & IBM Cloud marketplace represent a unique broad developer audience, building apps
9.IBM provides Thought Leadership & Active developer community with 1M+ participants –Free access to experts to help with API strategy–Discussion forums, blog posts, events at developer.ibm.com/apimanagement
© 2015 IBM Corporation
Getting Started
1. Executive and Business Backing• APIs are a product to be delivered, not a technology for IT to improve efficiency
• Lack of executive or business buy-in will result in a technology implementation with no/little impact on the business.
• Leadership absolutely must participate and back the initiative.
2. Establish a strategy and goals• Understand why you are executing an API strategy
• Set Goals for the initiative with time frames and reporting metrics
3. Commitment to Roles, Responsibilities, and Resources• There will need to be resources dedicated to the API initiative.
• Enable enough key resources to make governance effective.
4. Get the Message Out• Involve some folks skilled in formal communication and education
campaigns.
• Do some API evangelist work
• The core team’s role(s) must be understood and propagated
• Collect and Publish Metrics
© 2015 IBM Corporation
API developercommunity site
on APIs, API economy, API Mgmt
IncludesAPI community forumAPI eventsBest practices blogVideos
developer.ibm.com/api
API Management Resources
Product Page• ibm.com/apimanagement
API developer community• developer.ibm.com/api
Twitter• @ibmapimgt
YouTube Channel• youtube.com/ibmapimanagement
Slideshare• slideshare.net/ibmapimgmt
Speaker Deck• speakerdeck.com/ibmapimgmt
49
Intuitively and iteratively define APIs and associated policies
Rapidly assemble APIs via configuration, not coding
Minimize risk with industry leading security & scalability
Define
API Developer
Assemble
Meter
SecureDeploy, Test & Debug
Monitor
Scale
Version
51
API Developer: Create, Secure & Version APIsSimple interface accelerates iterative API development & deployment
API Developer: Assemble New APIs Through Configuration
Assemble a new API by combining multiple REST or SOAP services into a composite API
Provide examples of the request and response messages, headers and parameters
Drag and connect linking the request and response messages
Transform the message elements with a click
API Providers & Consumers: Test API readiness with Ready! API plugin
Export:
Define new APIs in Ready! API product by uploading Swagger, WADL, RAML, WSDL, etc., and then test the API.
Commit to a full range of tests – functional, load, security
When ready, click a button to Export API to insert the tested API into API Manager UI
Import:
Use Ready! API testing platform to Import SOAP & REST API definitions directly from IBM API Mgmt Dev portal for unit/functional testing, load testing, service virtualization & more
Select any API from Dev Portal
Auto-generate test suite
Validate functionality and resiliency
Virtualize for application testing
&
API Consumers API Providers
API Provider: “Productize” APIs using Plans
Introduce API Trial Use
Free, limited plans can be made available alongside premium plans
For example, a free plan could be unrestricted, and a premium plan restricted
Include multiple APIs and Resources per Plan
Version your Plans
Apply Rate Limit by Plan or Resource
Reject calls when limit reached
API Provider: Publish your APIs to multiple developer portals
Multiple Developer Portals
API Manager
API Provider
App DevelopersIn group 1
App Developers in group 2
Securely share APIs/Plans with various select developer communities
Fine grained plan deployment
Non-disruptive Publish: Replace a currently published version of a Plan without any disruption in API availability
API Provider: Gain Business Insights
• Pinpoint key market fluctuations and find correlations related to your business
• Analytics for both API provider and application developer:
• Analyze performance of APIs
• Enables chargeback or billing for API consumption
App Developer: Register application
Register new application
Request security keys with enhanced privacy
Deferred retrieval of client secret
App Developer: Analyze App Performance, Get notified
Monitor most active applications and APIs
Rate limit developer notifications
IT Admin: Manage Overall Environment*
At-a-glance server utilization metrics
Management & Gateway Server utilization - CPU, Memory, Disk
Usage over time available by drilling down
* Not applicable to SaaS
Enabling businesses to join the API EconomyIBM API Management - on-cloud & on-premise
Engage with app developers through portals
• API exploration• Self-service sign up• Interactive API testing• App & Key management• API usage analytics • Rate limit notification• Multiple dev communities• Build custom portal with blogs,
forums
• Define & Secure REST & SOAP APIs, Publish to multiple developer portals & users, Analyze API usage & performance
• A resilient integrated API runtime gateway infrastructure with IBM DataPower Gateway for enforcement of runtime policies to secure & control API traffic
• Seamlessly move APIs & Plans from public to private cloud or on-prem for complete flexibility
Define, publish & manage APIs• OAuth security management• Backend service discovery• API lifecycle management• API subscription management• Data transformation/redaction• Rate limiting at Plan/Resource
level• API user & Plan management• API deployment to Gateway• API security enforcement• API Analytics to gain business
insight• Custom roles & role-based
access control
Manage API environment• Administer & scale
system resources• Monitor runtime health• Multi-tenancy
REST APIs to extend/customize
• Developer Portal • User onboarding• Integration with API
testing tools (SoapUI NG Pro, Ready! API)
• Integration with Content Management System (Drupal)