ibm api management v4.0 product details
TRANSCRIPT
© 2015 IBM Corporation
IBM API Management
Product introduction
Nov 9 2015
© IBM Corporation 20152
Outline
Why APIs
Why manage APIs
Customer case study
What is IBM API Management
API portal
API Manager console
Under the hood
Cloud options
From a Single to Multi, now Omni channel
Branch / Store
Toll-Free / Tele
eBusiness / Web
Connected Appliances
Partners Websites/Sensors
Internet TVs
Smartphones
Tablets
Game Consoles
Connected Cars
APIs
Trillions 2013+
Digital API
Digital Economy is powered through APIs
API Economy Value Chain
Valuable Business
assets
Exposed as APIs
Consumed by App
Developers
To develop innovative
Apps
Delightful experience to
customers
What was Is now
Transforming industries and user experiences
Crossing industries and
transforming customer experience
Common API use cases1. Provide omni-channel access to business information for accelerating internal app
development
2. Collaborate with business partners faster, in an open but secure & managed way, while providing a complete self-service experience
3. Power Mobile apps with enterprise business logic to innovate and provide high value to customers – digital transformation focus
4. Power IoT apps with enterprise information to drive innovation – digital transformation focus
5. Centrally manage the consumption of business logic, across the enterprise, for both Systems of Record & Systems of Engagement
6. Publish APIs publicly to drive innovation, tap into broad developer ecosystem and promote brand
7. Extend brand reach from Systems of Record to bridge to Systems of Engagement
8. Provide secure composite services in the Cloud
9. Provide managed access to 3rd party Cloud services to app dev teams to achieve centralized governance and cost optimization
10. Enable new business channels by monetizing enterprise data
8
Why manage APIs?
Digital Transformation = Multi-Speed IT
Speed &
Agility
Integration &
Scale
Core Enterprise
Digital
EcosystemFa
st S
pe
edStead
y Spee
d
© 2013 IBM Corporation10
An enterprise architecture for multi-speed transformation
Deploy and Integrate Anywhere
Enterprise Apps
CloudOn Premises
Process Interaction
App Access
Systems of Record Systems of Insight
Cloud Services
Eve
nts
AP
IsS
ecu
rity
Data Data
IoT
Runtimes
API Mgmt
Event
Hub
Gate
way
Digital Apps
SecurityMonitoring & Analytics
Info
Partner
Enterprise Integration and Messaging
Systems of Engagement
© 2013 IBM Corporation11
Challenges with 2 speed IT
Deploy and Integrate Anywhere
Enterprise Apps
CloudOn Premises
Systems of Record Systems of Insight Systems of Engagement
Digital Apps
How to manage the consumption of APIs across the enterprise?How to provide self-service for internal & external developers?How to enforce security at runtime?How to throttle and provide controlled access?How to introduce change with new versions?How do I know who is using my service and how much?
API externalization
Multi-tenancy
Rate limiting
Runtime policy enforcement
API deployment
OAuth security management
Data transformation/redaction
Backend service discovery
Version management
Analytics support
Role-based access control
Environment management
Monitoring and notification
API exploration
Self-service sign up
Interactive API testing
App key provisioning
API usage analytics
Rate limit notification
Multiple dev communities
Real API Success = API externalization + realization
API realization
101010
010101
Secure and Integrate across
open ecosystems
Build a strategy & plan
MonetizeBuild & manage
world-class apps
Deliver exceptional
digital experiences
Scale expertise
Getting started in the API economy
/apimanagement
Create Manage Enforce
API Discovery & AssemblyAPI Policy ManagementLifecycle Mgmt & GovernanceSelf-service App Developer PortalAPI Monitoring & AnalyticsSocial CollaborationSubscription ManagementCommunity Management
Develop & Compose API in Node.jsConnect API to data sourcesGenerate API consumer SDKBuild, deploy, scale Node appsMonitor & debug Node apps
API Policy EnforcementSecurity & ControlConnectivity & ScaleTraffic control & mediationWorkload optimizationMonitoring/Analytics Collection
A Comprehensive API FoundationAPI Economy Starter Pack to jumpstart your entry into the API Economy
5 stages of maturity
Across several dimensions Business approach
Management
Architecture
Information & content
Process & methods
Infrastructure
Learning Using an Unstructured Approach
Discovering & Experimenting to Gain Market Understanding
Implementing Targeted Market Solutions
Expanding to Full Digital Market Solutions
Innovating with Predictive Transformation
TechnologyBusiness
And several factors for each dimension Business drivers, perspective, industry integration,
monetization Organization, audience, communication,
measurements Style, application architecture, configurability,
variability Scope, exposure, content management, Taxonomy Lifecycle, API Identification, dependency
management, Devops QoS, deployment, security, availability,
performance, scalability
with 2 perspectives
New IBM API Economy Journey MapCharting the evolution of Digital Transformation
Meet our experts.Learn the ins & outs of API business strategy & architecture from experts in YOUR industry.
Your place or ours? Choose between Bluemix Garage locations, your premises, or IBM locations.
Group or Private.Learn from others while you learn with them, or learn in private. Your choice.
Quickstart workshops to learn technical and business considerations around API’s
Strategic consulting and digital transformation engagements
New Quick Startup Workshops and Digital Transformation Services
No matter where you are on the maturity curve, we can help you accelerate your API strategy.
Strategy expertiseGuiding our client’s every step on their journey in
the API economy with a proven maturity model
Industry and open community leadershipProviding open platforms to build, manage,
secure and integrate APIs
Technology & Services To ExecuteThe most comprehensive portfolio of products,
services and tools to help our clients achieve all
the benefits of the API economy
Cognitive computing capabilitiesAccelerating the API and app development
process
Partner with IBM to master the API economy
18
Customer case study
APIs are changing all Businesses
© 2015 IBM Corporation20
Business Challenge Difficult for internal partners and developers to discover &
access key financial services Lacked a standard ecosystem to manage internal partners
including global credit card companies and merchants No visibility on Service consumption or ability to chargeback
for LoB use of Services
Example Apps
Solution IBM API Management & Gateway
Leading Global Commercial Bank provides easy & secure access to key financial services
Business Value Offers 3rd party merchants secure standards-based access to
key business services as APIs, with a self-service experience Provides a private ecosystem for partners and a central
repository with usage analytics API platform and hackathons help drive innovation for Mobile
application development
$
IBM © 2015
Citibank & Retailers
• Use bank rewards points to redeem at retailers
• New business model formed through 3rd party
alliances leveraging APIs
• Driving increased customer value
Hackathons, Developer Challenges
• 48 hours, 25 developers, over 400,000 API calls
• Impressive 13 pieces of Intellectual Property for ASDA
• Winning Ideas
• “George Go!” - search application using multiple descriptors
• “Clothing Shaker” - create your outfit by shaking your device
• “Virtual Fitting Room” - use of Xbox Kinectand APIs
• IBM API Management on Cloud provided Developer Portal & secure access to APIs
• Looking to transform the Digital Banking landscape:
• Innovative mobile solutions & IoT/ Wearables
• 40,000 API calls from more than 100 different groups
• Prototype APIs allowing Developers to interact with fake accounts
• Account Details (APR/Interest Rate, Available Credit, Payment Due Date, etc)
• Customer Information (Name, Addresses, Phone Numbers, Email Addresses)
• Payment Details (Scheduled payments, payment history, etc)
• IBM API Management on Cloud provided Developer Portal & secure access to APIs
23
IBM’s API Management solution
Provide self-service API portals to internal/external app developers
Manage & enforce consumption of business services
Manage & monitor the entire API platform
on cloud
IBM API Management
Bluemix BluemixDedicated
on premise Bluemix Local
IBM API Management
Manage and Enforce
the consumption of
any service
anywhere
• Define, design, import APIs• Discover existing services• Apply security,
transformation, rate limit policies
• Manage APIs, Plans, versions, users, subscribers
• Share & socialize APIs on integrated developer portals
• Analyze runtime usage to gain visibility & insight
• Enforce subscription and API access at design time
• Enforce security and control policies at runtime
• Any http-based service
• Internal or External• Enterprise-owned &
3rd party
• On-premise• On-cloud / SaaS• On-cloud / Dedicated SaaS
API Developer• How do I assemble APIs?
• How do I manage security?
• Will the infrastructure scale?
• How do I measure
performance?
App Developer•Where do I access APIs?
•How do I understand the
APIs?
•How do I measure
success?
API Product Manager• How can I rapidly release & update my
APIs?
• How do I publicize my API?
• How do I measure success?
Operations Lead•How do I manage all the API
Environments that are being
requested?
•How can I scale each
environment?
•How can I easily find and fix
issues?
API Success Requires Addressing Needs of
Multiple Stakeholders
API Management platform
API Portal
API Administration
API Gateway
For app developers (API subscribers)
For API owners, developers, business users (API providers)
Runtime enforcement
Will
Cloud Manager
Carol
Multi-Tenant Manager
Steve
Organization Owner
API Product Manager
Shavon
API Developer
Jason
Lifecycle Manager
Marsha
Community Manager
Andre
Application Developer
AnalyticsGateway
The personas
Easily manage your APIs, in your private environmentdesign, secure, control, publish, monitor & manage
Explore API documentation
Provision application keys
Self-service social experience
Developer Portal API Manager Management Console
Define and manage APIs
Explore API usage with analytics
Manage API user communities
Provision system resources
Monitor runtime health
Scale the environment
API Gateway
Enforce runtime policies to control API traffic
Welcome to the API Portal
Compose a new API, Import APIs, or Discover APIs, specify security & API behavior, version APIs
Create a Plan, add API resources, choose rate limits, stage it in a runtime environment, test API resource, version Plans
Invite developer organizations to use your APIs & communicate with them
Publish your Plan to select developer organizations & portals; manage subscribability
Analyze API usage
Managing APIs with IBM API Management
31
API Portal for API consumers
Default built-in advanced developer portal,
based on a built-in content management system
Getting started guidance
API subscribers can browse a catalog
of available APIs, and find APIs within a hierarchical taxonomy
View API detail, test API & post comment
Application analytics on portal to view data
on Success Rate, Data Usage and Latency over a time frame
App registration and
subscription detail
Discussion forum, per API,
to encourage collaboration
Administration console to
customize the portal
40
API Manager console for API providers
• Intuitively define REST or SOAP APIs by importing Swagger 2.0 or WSDL files
• Or discover from System z or service registry (WSRR)
• Or rapidly assemble APIs via configuration, not coding
• Search for, add custom tags to, and mark favorite APIs for easier discovery
Define
API Developer
Assemble
Meter
SecureDeploy, Test & Debug
Monitor
Scale
Version
41
API Developer: Define APIsSimple interface accelerates iterative API development & deployment
Edit REST API details – enforcement options, lifecycle state, API security, tags, extensions, properties, documentation & schemas
Manage gateway enforcement option; Allow embedded scripts in web page to call API across domain boundaries with CORS (cross-origin resource sharing) support
Define API design lifecycle phases – identified/specified/realized
45
Define security scheme and apply scheme to one or more API operation, for fine grained access control
API Developer: Assemble New APIs Through Configuration
Assemble a new API by combining multiple REST or SOAP services into a composite API
Provide examples of the request and response messages, headers and parameters
Drag and connect linking the request and response messages
Transform the message elements with a click
API Developer: Test the API and Debug
Interactive test of an API resource in just one click
Provide parameters and receive response
Allows quick, iterative develop / deploy / test cycles
Debug responses from every step
API Providers & Consumers: Test API readiness with round-trip support for REST & SOAP APIs
Export:
Define new APIs in Ready! API product by uploading Swagger, WADL, RAML, WSDL, etc., and then test the API.
Commit to a full range of tests – functional, load, security
When ready, click a button to Export API to insert the tested API into API Manager UI
Import:
Use Ready! API testing platform to Import SOAP & REST API definitions directly from IBM API Mgmt Dev portal for unit/functional testing, load testing, service virtualization & more
Select any API from Dev Portal
Auto-generate test suite
Validate functionality and resiliency
Virtualize for application testing
&
API Consumers API Providers
Define a Plan and choose subscription approval
Add API operations to Plan
Set rate limits at operation level or at plan level
API Provider can publish APIs to multiple developer portals
Multiple Developer Portals
API Manager
API Provider
App DevelopersIn group 1
App Developers in
group 2Securely share Plans of API resources with select developer communities
Welcome to the API Portal
API Provider: Gain Business Insights
• Pinpoint key market fluctuations and find correlations related to your business
• Analytics for both API provider and application developer:
• Analyze performance of APIs
• Enables chargeback or billing for API consumption
Analyze response times/call volumes/call activity across date
range, developer organizations, Plans, APIs, operations,
environments
Actions for managing
API and plan lifecycle – from published to deprecated or
retired
56
Feature delivery
Fast & Furious: Delivering APIM product features at a rapid pace
•SOAP & REST support•Manage various dev communities•Simplified deployment & packaging•Service discovery from WSRR & z/OS CICS/IMS•Xen & PureApp support•Multiple Gateway cluster support•Interactive API test on portal•Developer rate limits notifications•REST APIs to customize portal, user mgmt•Service discovery from custom registries•SaaS launch•Free 30-day SaaS trial & buy with credit card•Monthly billing•Application suspension•Support for 3rd party AuthN providers•Encryption of exported Plans•Topology flexibility with mgmt & data traffic separation•Multi-gateway cluster support on single gateway•API usage statistics at a glance•CMS based social portal•Swagger 2.0 support•Scripted deploy•Non-disruptive publish•Custom roles•API cloning•SSL Mutual AuthN•Assembly debug•Multi-site support
… 20143.0
•Bluemix service•Share APIs with select Bluemix developer orgs•Co-publish & migrate subscription•Promotion approval•Option to enforce•Analytics API•CMS portal search & categories
20154.0 4.0.1 May
•Policy mgmt & import•API phases•Analyticson Dev Portal•Disable API testing on Portal•Search on portal improved•LDAP for IT Admin•User name case-sensitive option
4.0.2 Jul
•PATCH & HEAD method support•Multiple security keys per app•Duplicate API URL path support•High-availability for CMS portal•BluemixDedicated support
•OAuthredirection •User-defined policy enhancements •Configurable role-based front page •Private discussion forums•Flood control•Profanity filtering•Social media integration• Enhanced auditing and logging
4.0.3 Nov3.0.2 3.0.33.0.1 3.0.4
58
IBM API Management v4.0
Lifecycle & Governance• Swagger based API creation: Allows APIs to be imported from Swagger, deployed, and invoked
without any manual configuration steps to the API• Co-Publish: Co-publish and supersede plans as well as manage plan subscription migrations• Promotion Approval: Environment based configuration for approving plan lifecycle changes• Enforced: Option to just publish APIs and not gateway enforce them• Policy for SOAP: Ability to add/modify policies for SOAP Services• Discover: Manage REST & SOAP services from System z and custom registries
Assembly• Error handling: Ability to map SOAP faults returned from a Web Service Invoke call into a
ResponseAnalytics
• Analytics API: Ability to extract analytics data with a REST API to integrate with billing, monetization or business analytics systems
Security• Mutual Authentication: Out of the box support for custom certificates for backend endpoints,
LDAP, and SMTP serversAdvanced Developer Portal
• Multi-factor authentication: Enabled in the developer portal• Search: Out of the box support for search and developer management• Categorization: Flexible Plan/API multi-level classification• CAPTCHA : Support to prevent automated programs from accessing the portal to enroll users• Password Lockout
* GA: March 27, 2015
IBM API Management v4.0.1API Provider Productivity
• Support for the PATCH and HEAD methods: Additional HTTP method types for an API resource, in addition to the GET, PUT, POST, and DELETE methods
• Swagger 2.0 compliance: Add additional info to describe an API (contact or license details), add tags to APIs & resources for ease of grouping/search by application developers on Developer Portal.
• Update a REST API from a Swagger definition file: Update the configuration of revision of REST API by uploading a Swagger definition file
• Duplicate API URL path support: API & operation URL path does not have to be unique, with unique client ID from subscribing app
Security• Secure API access: SSL Mutual Authentication for front-side connectivity to secure the
connection between an API client and the API Management gateway that manages the API. Developer Portal
• Multiple security keys per application: Add additional client ID/client secret pairs to an application on Developer Portal
Availability• Advanced Developer Portal clustering: Create a cluster of Advanced Developer
Portal appliances for high availabilityAdministration
• System user role in Cloud Management Console: New System user role can access all system APIs and can log into the Cloud Management Console, but cannot access the API Manager or Developer Portal
* GA May 21, 2015
IBM API Management v4.0.2
API Provider Productivity Enhancements to Swagger 2.0 compliance: Add external doc info; Deprecate API; Specify
protocol schemes (http, https, ws, wss) & security schemes Support for OPTIONS method: In addition to GET, PUT, POST, DELETE, PATCH and HEAD
methods, specify the OPTIONS method type when defining API operation CORS support: Cross-origin resource sharing (CORS) support to allow embedded scripts in a web
page to call an API across domain boundaries Policy: Import policy, manage custom policy, basic policy lifecycle mgmt, policy authoring docs,
apply policy to proxy response OAuth revocation enhancements: Revoke all OAuth tokens, or tokens for a particular user, that
were issued before a specific date API implementation phases & Enhanced gateway enforcement support:
Identified (concept only), Specified (designed), Realized (implemented & enforceable)
Developer portal Analytics for API consumer – success rate, latency, data usage Manage security questions; Disable API testing option; Design-time tags Search across Swagger description to include operation names, description and schema
IT Administration LDAP/Authentication URL support for Cloud Mgmt Console (CMC) Topology Admin role to do all CMC tasks except manage CMC users Case sensitivity option for user names during authentication
* GA July 22, 2015
IBM API Management v4.0.3
API Provider Productivity OAuth redirection – support for authentication through externally hosted pages to authenticate
users during an OAuth 2.0 scheme User-defined policy enhancements – set variables to a specified string value and retrieve these
values in a policy implementation; also determine the payload type (XML or JSONx)
Developer portal Configurable role-based front page – personalized experience for unauthenticated visitors &
users with different roles Private discussion forums – make preexisting forums & also configure other forum access
features to customize forum privacy for different user roles Flood control – configure portal at an IP and user level with maximum number of incorrect login
attempts before being blocked and time for blocked status; maximum number of emails & time limit
Profanity filtering – create list of words that you don't want to be contained in portal user names Social media integration – link to your social media sites from anywhere in the portal, and
customize the appearance & positioning of the links to your sites
IT Administration Enhanced auditing and logging - retrieve audit events from the management node
programmatically, allowing a syslog collector to be configured to accept the messages and write them to an external data store for further processing or archiving, or both
* GA Nov 2, 2015
62
Under the hood
Consumer API Management
Comprehensive API solution from IBMCreate, manage & enforce APIs & Services
EnforceAPI Policy Enforcement
Security & ControlConnectivity & Scale
Monitoring/Analytics Collection
API Gateway
ManageAPI Discovery & Assembly
API Policy ManagementLifecycle Mgmt & Governance
Self-service App Developer PortalMonitoring & Analytics
Social CollaborationSubscription ManagementCommunity Management
CreateDevelop & Compose API
Connect API to data sourcesGenerate API consumer SDK
Build, deploy, scale appsMonitor & debug apps
Cloud Services
Provider
Systems of RecordSystems of Engagement
External App Developer
Internal App Developer
Partner App Developer
Deployment Options
on cloudon premise Bluemix
z/OS CICS, IMS
IBM Integration Bus
StrongLoop
Enterprise systems/data
Cast IronCloud Integration
WAS Liberty
Websphere Application Server
API Management solution, on-premise
Product APIs allow API
Providers to interact with
the API Management
solution, and
extend/customize
REST APIs for Portal, User
mgmt, Analytics,
Deployment & more
Product APIs Management layer Gateway layer
The management layer
enables organizations to
define, manage, expose and
control APIs. Provides API
Manager, Basic Developer
Portal & Management
Console.
(Virtual appliance*)
API configurations are
deployed to the gateway,
which provides the
enforcement point for
runtime policies to control
API traffic
(Virtual appliance* or
physical appliance)
* Requires VMWare ESXi 5.0, vCenter V5.5, Citrix XenServer 6.2, IBM PureApplication System W1500 1.1
Advanced Developer Portal (optional)
Customizable social
developer portal with
a full content mgmt
system to provide a
self-service developer
experience with
blogs, forums & more
(Virtual appliance*)
Runtime view
IIB or other ESBWAS or other app server
Applications/Services in Java, NET, Cobol, etc
z/OS, IMS, CICS, DB2
Mobile
Third party APIs
Web
Business Partnerapplication
IoT
API Management
66
Cloud
Maximum deployment flexibility across on-premise & on-
cloud, dedicated & shared, customer-managed & IBM-
managed
API Management as a service in IBM Cloud Marketplace
Learn. Try. Buy.
ibm.biz/apimsaas
API Management as a service in IBM BluemixShare your APIs with select developer teams in Bluemix
69
IBM API Management on Cloud
• Manage any service - Internal or External, Enterprise-owned & 3rd party• Define, design, import, discover APIs• Apply security, transformation, rate limit policies• Manage APIs, Plans, versions, users, subscribers• Share & socialize APIs on integrated developer portals• Analyze runtime usage to gain visibility & insight
• Enforce the consumption of any service• Enforce subscription and API access at design time• Enforce security and control policies at runtime
• A resilient and highly available API runtime infrastructure with built-in failover, redundancy & dynamic scaling on IBM SoftLayer
Global Network
London
Frankfurt Tokyo
SingaporeSan Jose
Houston
TorontoMontreal
• Seamlessly move APIs & Plans from public to private cloud or on-prem for complete flexibility
• 30-day full feature trial, self-service pay with credit card
• Grow as you need: Pricing based on API calls & developer accounts with optional logging of API payload
• Identical capabilities of on-premise, except for infra admin and direct gateway configuration access
• Manage your APIs in Bluemix
• Share APIs with Bluemix developers
API Management as a dedicated cloud service Dedicated for you. Connected to you. Hosted & managed by IBM.
Dedicated SaaS• Maximize on cloud economics and agility
• Everything is dedicated and connected to you —agility of public cloud, yet feels like on-premise
• Available in a seamless global network of cloud data centers
API Mgmt & Gateway
• Manage & Enforcethe consumption of your APIs
• Define, secure, control & analyzeAPIs
• Share APIs with app developers via an integrated self-service social API portal