introduction to web ap is
DESCRIPTION
Exposing information through web APIs is quickly accelerating, with APIs being exposed by enterprises and governments, and being the de facto standard for startups. This deck provides answers to the following questions: What is a web API? Why is there so much buzz about it? What makes it different from classic SOA services? What technology and skills are needed to start exposing Web APIs? What's the difference between internal and external exposure of web APIs?This presentation will have a technical focus, while providing business context, including examples that illustrate business models and industry use of web APIs.TRANSCRIPT
© 2013 IBM Corporation
Introduction to Web APIsRachel Reinitz, IBM Distinguished Engineer, ISSW
Dinesh Shetty, Senior Certified IT Specialist, ISSW
2678
22 © 2013 IBM Corporation
Please Note
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general
product direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated
into any contract. The development, release, and timing of any future features or
functionality described for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM
benchmarks in a controlled environment. The actual throughput or performance
that any user will experience will vary depending upon many factors, including
considerations such as the amount of multiprogramming in the user’s job stream,
the I/O configuration, the storage configuration, and the workload processed.
Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
33 © 2013 IBM Corporation
Agenda
•API Economy – Understanding the space
•Top APIs today
•Industry Examples of Web APIs
•Terminologies, Roles & Relationships
•Fundamental Concepts - REST, XML & JSON
•API Styles
•Web API Use Cases – Internal & External
•API Security
•Caching
44 © 2013 IBM Corporation
Exploding and InterconnectedDigital Universe
33% of all new business software
spending will be Software as a Service
1 billion
workers will be
remote or
mobile
1 trillion connected
objects (cars,
appliances,
cameras)
� 1B Mobile Internet users
� 30% growth of 3G devices
Embracing New Technologies, Adopting New Business Models
Mobility
Cloud / Virtualization
Social Business
Bring Your
Own IT
Large existing IT
infrastructures with a
globalized workforce,
3rd party services,
and a growing
customer base
30 billion RFID tags
(products,
passports,
buildings,
animals)
Cloud, mobile analytics, and social are fueling the hyper-growth of API-centric, business as-a-service economies
55 © 2013 IBM Corporation
Example players in the new services economy
Business functions delivered as API-centric services, enable businesses to co-create customer value with speed and scale
“As-a-service” is disrupting the traditional business models and the technology consumption paradigm
The evolution of SOA into technologies like REST allows for
the externalization of core services through consumable APIs
Trend established in web-centric companies, and enterprises
are beginning new solution creation patterns – it changes the
interaction patterns and processes across businesses and
leverage analytics, mobile, social and cloud to differentiate
Agile, scalable, and consumable business as-a-service, APIs
is shifting the application development market as Cloud
similarly shifted delivery of IT
Transform the business model along sales, contracts,
engagement, processes, development, and delivery towards a
new scalable model
$1.5B revenue of 10K+ affiliates
Expecting $10B mobile transactions in 2012
40% total units sold by outside sellers
40% new business comes from non-CRM offerings
API only company reaches 150,000developers and1.5M calls a day
66 © 2013 IBM Corporation
�API-centric model is at the
core of mature born-on-
the-web companies like
Amazon, Google, and
�Registrations in
Programmable Web have
more than doubled this
year. At that pace we could
see more than 100,000
APIs registered by 2016.
�By 2014, Gartner predicts
that 75% of Fortune 1000
companies will expose
some form of APIs
+80B API Invocations per day APIs registered across amultitude of business areas
0
50000
100000
150000
200000
250000
300000
2004 2006 2008 2010 2012 2014 2016 2018 2020
Projected +300k APIs by 2020
We are here!
All Fortune 1000 companies will have APIs by 2015
APIs as a strategic business tool for value co-creation and front-office digitization is growing in Fortune 1000 companies
77 © 2013 IBM Corporation
Apps, APIs and API Mgmt…
Business Owner IT
Developer
Consumers
New business opportunities
• New markets
• Increase customers
• Enhance branding
• Competitive advantage
Extend development team
•Increase innovation
•Increase scale
Partner/supplier
alignment
BenefitsBenefits
ChallengesChallenges
Business strategy
Infrastructure
• Security
• Creation
• Scalability
Operational control
• Publish
• Analyze
• Monitor
88 © 2013 IBM Corporation
Public, Open-To-All APIs
Protected, Open-
To-Partner APIsPrivate, Internal
APIs
• APIs are open to any
developer who wants to
sign up
• Apps are more targeted
towards end consumers
• The business driver is to
engage customers through
external developers
• APIs are open to select
business partners
• Apps could be targeted at
end consumers or business
users
• The business driver is
usually different, based on
the data and type of
business of the enterprise
• APIs are exposed only to
existing developers within
the enterprise
• Apps are usually targeted
at employees of the
enterprise
• The business driver is more
around productivity of
employees
Customers will require a combination of three API types
99 © 2013 IBM Corporation
Consumers are Internal and External
developers
Consumers are Internal (and maybe partner)
developers
Embracing of open community/social
business is critical
Promote reuse within a company and
sometimes with partners
REST, leverage HTTP for Internet scale SOAP & protocol independent headers
Easy of use based on simplicity and
readability
Interoperability and tooling consumption
based on WSDL
Fine grained, small amounts of data Coarse grained
Relaxed consistency Option for transactionality & reliability
True ‘black box’ separation between Web
API and consuming app; simple contract
More extensive contract between service
provider and consumer… in enterprise
implementations
Web APIs are Different from SOA Services
1010 © 2013 IBM Corporation
Top APIs today
Industry Examples of Web API
10
1111 © 2013 IBM Corporation
Top APIs today.. and growing
8000 APIs and counting
*Source: programmableweb.com
Top APIs today
Right now!
1212 © 2013 IBM Corporation
Philips hue API: Wireless Lighting
• Provides wireless control of domestic lighting systems along with mobile apps
• Opened an official developer program
• Recognizes roadblock for bigger developers - lack of commitment and proper docs
Source:http://techcrunch.com/2013/03/10/philips-hue-lighting-sdk-ios/
“Now what we want to do as Philips is we actually want to help and grow and encourage
this community, and give them tools and proper documentation. Also, we want to give
them commitment that this is the API and we’re going to support it and it won’t change
overnight.” – George Yianni, Hue System Architect
1313 © 2013 IBM Corporation
PayPal API: Payments API
• Launched X.commerce in 2011 for eBay integration
• Demand for features and simplicity from developers
• Newly launched REST APIs
• Organized a developer lounge and competition
“PayPal is making it easier for developers to accept payments from more than 123 million
active accounts across 190 markets and in 25 currencies around the world, and we’d love
to hear from you” - Company blog post @ http://blog.ebay.com
1414 © 2013 IBM Corporation
Singapore Expose Transportation Data through Web APIs and has many apps developed free by developers
Article talking about program - http://dailycrowdsource.com/20-resources/projects/573-singapore-moves-towards-a-collaborative-government
Transportation APIs example
1515 © 2013 IBM Corporation
•Terminologies, Roles & Relationships
•Fundamental concepts
• REST
• XML
• JSON
15
1616 © 2013 IBM Corporation
Terminologies: Web APIs, Mashups & Apps
Web APIA defined set of HTTP request
messages along with a definition of the structure of response
messages, typically expressed in JSON or XML
MashupA web page or application, that
uses Web APIs to combine data, presentation or functionality from
two or more sources to create new services.
Web AppAn application accessed by users
over the Internet or an intranet. The
term may also mean a software
application coded in a browser-
supported programming language (such as JavaScript and markup
language like HTML)
Mobile AppAn application designed to run on
smart phones, tablets and other mobile devices. Usually available
through application distribution
platforms, operated by the owner of
the mobile OS. e.g. Apple App Store,
Google Play, Windows Phone Store
1717 © 2013 IBM Corporation
Roles and Relationships
App Developer Business User IT Person
• Develops cool new applications against new public or private APIs
• Understands one or more web programming languages
• Spends his free time developing Apps too
• Wants to reach new markets through new channels
• Understands the business and value of assets being exposed
• Needs to experiment with different programs and campaigns to drive adoption
• Product Manages the initiative
• Exposing public APIs might be new to the IT Person
• Worried about security and scalability of infrastructure
• Short on time to do new projects
1818 © 2013 IBM Corporation
REST
22
• Architectural style; Popular choice for building web applications
• Verb = HTTP Action (GET, POST, PUT, DELETE)
• Noun = the URI of the Service (the document)
• Adjective = MIME type of the resulting document
1919 © 2013 IBM Corporation
XML
• There are more XML APIs registered on programmableweb than JSON
• But JSON as a choice and JSON only APIs are increasing quickly
• XML continues to be leading choice of format for APIs
• But payloads are kept simple
• Developers rely on examples rather than XML schemas
Example: popular telephony service from Twilio
<TwilioResponse>
<SMSMessage>
<Sid>SM1f0e8ae6ade43cb3c0ce4525424e404f</Sid>
<DateCreated>Fri, 13 Aug 2010 01:16:24 +0000</DateCreated>
<From>+15104564545</From>
<Body>A Test Message</Body>
<Uri>
/2010-04-
01/Accounts/AC228b97a5fe4138be081eaff3c44180f3/SMS/Messages/SM1f0e8ae6ade
43cb3c0ce4525424e404f
</Uri>
</SMSMessage>
</TwilioResponse>
2020 © 2013 IBM Corporation
JSON (Java Script Object Notation)
• Lightweight data-interchange format;
• Based on a subset of the JavaScript Programming Language
• Easy for humans to read and write.
• Easy for machines to parse and generate
• JavaScript has and is increasing in popularity for browser and beyond browser client applications
Twilio example (cut down but you get the idea):
{"sid": "SM1f0e8ae6ade43cb3c0ce4525424e404f“,
"date_created": "Fri, 13 Aug 2010 01:16:24 +0000",
"to": "+15305431221",
"from": "+15104564545",
"body": "A Test Message",
"uri": "\/2010-04-
01\/Accounts\/AC228ba7a5fe4238be081ea6f3c44186f3\/SMS\/Messages\/SM1f0e8ae6ad
e43cb3c0ce4525424e404f.json"
}
2121 © 2013 IBM Corporation
•API Styles
•Web API Use Cases
• Internal
• External
21
2222 © 2013 IBM Corporation
Proxies & Assemblies – Types of web APIs
Order Serviceorg/proxy1_order
org/proxy2_customerCustomer Service
Invoke Service A
HTTP/JSON
Invoke Service B
HTTP/JSON
HTTP/JSON
HTTP/JSON
Client
App
Client LayerAPI Management Layer On Premise/Cloud Resource
Eg. order/get/1234
Eg. customer/1099
Proxy Style
Assembly Style
2323 © 2013 IBM Corporation
Typical Architecture – SaaS-based API solution
DMZ
Intranet
Internet,
Cloud
Consumers
2424 © 2013 IBM Corporation
Typical Architecture – On-premise API solution
Internet,
Cloud
DMZ
Security Gateway
Rich Internet Applications
Dojo.baseDojo.dojox/
Dojox.mobile
Dojo.dataNavigation
Controllers
Templating
(django)
Other UI Tech
Authentication
AuthorizationOptimizationEcryption/Decryption
Routing/
Transformation
Enterprise Connectivity & Integration
On-premise APIs
AssembliesProxies
External App
Developers
IT Operations
Business User
Enterprise Information Systems
Enterprise
DataBaseCore Application
Backend
Enterprise ESB
Protocol
TransformationAdapters REST Services SOAP Services
HTP/XML HTTP/SOAP
HTTP/JSON
Other
EIS
HTTP/JSON/XML
Mobile Applications
Dojo
XQuery
Internal
Mobile
Apps
(Internal)
RIA
Internal App
Developers
Intranet
2525 © 2013 IBM Corporation
•API Security
•Caching
25
2626 © 2013 IBM Corporation
Security mechanisms for Web APIs
OAuth•Enables users to allow web
applications to access other web applications on the user’s behalf
Basic Auth•Passes Username and password with the
request
•Defined by the HTTP specification•Uses HTTP Header “Authorization”
•Uses encoding, no encryption
API Keys•Not based on any standard
•Service Provider decides implementation•Keys act like signatures
2727 © 2013 IBM Corporation
Security Mechanisms - OAuth
“The OAuth 2.0 authorization framework enables a third-party application to
obtain limited access to an HTTP service, either on behalf of a resource
owner by orchestrating an approval interaction between the resource owner
and the HTTP service, or by allowing the third-party application to obtain
access on its own behalf”
FourSquare
Steve, logged on Foursquare, wants to update his holiday location and also post the same on his Twitter page
Twitter provides an access token for Foursquare allowing access to Steve’s twitter page
Forsquare uses access token provided by twitter to make a post on twitter on Steve’s behalf
Access token (n
o user id/password) re
quired
2828 © 2013 IBM Corporation
Security mechanisms: API Keys
•API Key‒ Code passed by web applications calling an API (UUID or unique string)
‒ Establishes identity of the calling program, its developer, or its user to the
Web site
‒ Used to track and control how the API is being used
� Measure, monitor
� Prevent abuse
•Access Control‒ API Keys and Secrets provide Authentication mechanism – e.g. EveryTrail
API
‒ Implementation is decided by API provider
2929 © 2013 IBM Corporation
Implement Caching
HTTP headers can contain caching directivesHTTP/1.1 200 OK
Date: Fri, 30 Oct 1998 13:19:41 GMT
Server: Apache/1.3.3 (Unix) Cache-Control: max-age=3600, must-revalidate
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Mon, 29 Jun 1998 02:28:12 GMT
ETag: "3e86-410-3596fbbc"Content-Length: 1040
Content-Type: text/html
Caches improve network efficiency, improves scalability, and improves user-perceived performance of your API
3030 © 2013 IBM Corporation
Expanding to APIs – IBM Services has the Expertise to Ensure Your Success
3
0
• What should my API Strategy be?
• How are APIs being used in my industry?• What is needed to expose and manage APIs?
• What security do I need?
• Who are my target developers?
• How do I delivery and measure business value?
• How do I get IBM API Management setup quickly?
• Help me design my APIs?• How do I expose my backends as APIs?
• Help me secure and scale my APIs?
• How do I deliver reports to my management?• How do I integrate with existing infrastructure?
API Centric Architecture Assessment Roadmap
IBM Software Services for API Management
For more information contact us at [email protected]
3131 © 2013 IBM Corporation
• Emerging technology resources including proven, prescribed, and repeatable assets & offerings to accelerate Mobile, Cloud, and Smarter Process adoption.
• Access to worldwide skills, capabilities, and education that only IBM Software Services for WebSphere can bring to your project.
• Practitioners’ insight on project trends, best practices and emerging technologies through personal videos, blogs, articles & more.
• Discover defined and proven offerings to get your project started quickly.
ibm.com/websphere/serviceszone/ibm.com/websphere/serviceszone/
Visit us in the Solution Center:
• Services, Support and Education Zone
• Smarter Process Zone
IBM Software Services Zone for WebSphere
3232 © 2013 IBM Corporation
We love your Feedback!
Don’t forget to submit your Impact session and speaker feedback!
•Your feedback is very important to us – we use it to improve next year’s conference
•Go to the Impact 2013 SmartSite (http://impactsmartsite/com):
‒ Use the session ID number to locate the session
‒ Click the “Take Survey” link
‒ Submit your feedback
3333 © 2013 IBM Corporation
Legal Disclaimer
• © IBM Corporation 2013. All Rights Reserved.• The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained
in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing
contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
• References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by
you will result in any specific sales, revenue growth or other results. • If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete:
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
• If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete:All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer.
• Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server).
Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in yourpresentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.
• If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete:
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.• If you reference Java™ in the text, please mark the first use and include the following; otherwise delete:
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.• If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete:
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.• If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete:
Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States andother countries.
• If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete:
UNIX is a registered trademark of The Open Group in the United States and other countries.• If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete:
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.
• If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta
Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.
3434 © 2013 IBM Corporation
Backup Slides
34
3535 © 2013 IBM Corporation