the science of apis in a mobile world:security, control and quality
TRANSCRIPT
![Page 1: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/1.jpg)
The Science of APIs in a Mobile World – Security, Control, and Quality
![Page 2: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/2.jpg)
Introductions
Laura HeritageDirector of API StrategySOA Software
In this role, she works with customer to establish API Business strategies and implement API and SOA Platforms. Previously Ms. Heritage served as a Product Line Manager at IBM and was responsible for establishing IBM’s API Management business.
Follow Laura on twitter at @heritagelaura
![Page 3: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/3.jpg)
Introductions
John MusserCEO API Science
Founder of ProgrammableWeb
John is an industry expert on APIs, quoted in the Wall Street Journal, New York Times, Forbes, and Wired, and speaking at conferences including SXSW, Dreamforce, and Web 2.0. He also consults on API strategy and trends with clients including Google, Microsoft, and Salesforce
Follow John on twitter at @johnmusser
John Put Picture here
![Page 4: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/4.jpg)
50 billion connected devices by 2020
![Page 5: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/5.jpg)
APIs Power the Digital World for Both Strategic and Operational Objectives
OUTSIDEINSIDE
Mobile
Innovation
Partners
Internal
![Page 6: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/6.jpg)
The Enterprise Ecosystems Is Not Contained
You need to tap into an extended eco-system of developers
It can’t be if you are are to succeed as a digital enterprise
![Page 7: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/7.jpg)
A mobile app accessing your data has been compromised!
How do you securely share APIs with an open developer community? Can you selectively revoke access for compromised Apps?
![Page 8: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/8.jpg)
Realizing End-to-End Security
Managing the User Experience
Securing the App - PII, PHI
Enabling Easy Developer Access
Securing the Channel
Securing the Backend
![Page 9: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/9.jpg)
API Security
1 Authentication & Authorization
2 App Key Validation/Licensing
3 Message Security
4 Threat Protection
5 Content Filtering
6 Rate Limiting
Developers
![Page 10: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/10.jpg)
The API Gateway Protects Your Enterprise
Gateway
Security
Authentication
Protection
IAM Integration
Encryption
Mediation
Quality of
Service
Paging/Caching
Orchestration
Scripting
![Page 11: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/11.jpg)
Analytics
✓ Ensure 99.99% uptime
✓ Proactive Operations
✓ Identify bottleneck
✓ Prevent security breaches
![Page 12: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/12.jpg)
Analytics for your Enterprise
Business Analytics
• Track product, customer and monetization trends
• Identify new opportunities.
Operational Analytics
• Ensure operation excellence of your infrastructure
• Analyze errors and response codes
API Analytics
• Identity top APIs by usage, monetization, app type etc.
• Analyze API Licensing, monetization and fine-tune developer onboarding
![Page 13: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/13.jpg)
The SOA Software Digital Business Platform
![Page 14: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/14.jpg)
Monitoring, Auditing and AlertingReal time monitoring Inspect the request and response
Usage Quotas Average response time per App
![Page 15: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/15.jpg)
SLA Monitoring, Alerting and Enforcement
Driven By Policies
![Page 16: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/16.jpg)
Realizing End-to-End Quality
API Monitoring
+ API Management
![Page 17: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/17.jpg)
End-to-End Insight Improves Quality
• Enables true consumer experience from various location around the world
• Visibility into simulated multi-step developer actions such as CRUD sequences.
• Visibility to pinpoint and resolve problems before they are an issue
Integrated into SOA Software’s Dashboard
![Page 18: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/18.jpg)
External Monitoring
✓ Measure performance
✓ Monitor availability
✓ Proactive alerting
✓ Identify and track trends
![Page 19: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/19.jpg)
Why Monitor Your APIs? Things Can Go Wrong…
SSL errors
HTTP errors
Invalid JSON or XML
Authentication errors
Content issues
Data integrity errors
Network connectivity errors
Slow call response time
Server availability
Latency spikes
![Page 20: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/20.jpg)
My Web Server
My Web Site
![Page 21: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/21.jpg)
My Web Server
My Web Site
Monitor
![Page 22: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/22.jpg)
My Web Server
My Web Site
Monitors
![Page 23: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/23.jpg)
3rd Party APIs My APIsMy Web Server
My Mobile Apps
My Web Site
3rd Party Apps
![Page 24: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/24.jpg)
3rd Party APIs My APIsMy Web Server
My Mobile Apps
My Web Site
3rd Party Apps
Monitors MonitorsMonitors
![Page 25: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/25.jpg)
Past Future
Web transactions API transactions
Web login testing OAuth testing
String validation XML & JSON validation
Monitor our site Monitor our API + 3rd party APIs
Isolated to our company Shared use of APIs
Internal silos DevOps
RUM: Real User Monitoring RDM: Real Developer Monitoring
How monitoring is changing
![Page 26: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/26.jpg)
Four Fundamentals of API Monitoring
• Availability monitoring: is your API down?
• Performance monitoring: is your API slow?
• Content monitoring: is your API returning what it should?
• Transaction monitoring: does the complex stuff work?
![Page 27: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/27.jpg)
Find Issues Before Your Customers Do
GET http://api.yourcompany.com/product/142
![Page 28: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/28.jpg)
Find Issues Before Your Customers Do
GET http://api.yourcompany.com/product/142
![Page 29: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/29.jpg)
Find Issues Before Your Customers Do
![Page 30: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/30.jpg)
Find Issues Before Your Customers Do
Your apis
![Page 31: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/31.jpg)
Find Issues Before Your Customers Do
![Page 32: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/32.jpg)
Find Issues Before Your Customers Do
The apis
you rely on
![Page 33: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/33.jpg)
API Science: Advanced API monitoring
Uptime monitoring
Performance monitoring
Data quality checks
Global monitoring locations
User-defined validation rules
Real-time alerts
Secure SSL access
Clean, intuitive UI
Monitor grouping and filtering
Scriptable rules engine
Advanced multi-step monitoring
Fully scriptable API transactions
Multi-user team and enterprise accounts
Secure, role-based access control
Read-only permissions available
Full featured API
Customizable status pages
User-defined alert limit thresholds
3rd party integrations including
PagerDuty
Customizable reports
![Page 34: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/34.jpg)
API Management + API Monitoring
• Get end-to-end visibility, analytics and monitoring
• Combines API consumer + API provider analytics
• See a global picture of how your API is performing
• Find problems before your API consumers do
![Page 35: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/35.jpg)
Demo
![Page 36: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/36.jpg)
Questions
![Page 37: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/37.jpg)
API Resources and API University
• Resource Center– http://resource.soa.com/
• Follow us on:
www.facebook.com/soasoftware
www.linkedin.com/company/soasoftware
@soasoftwareinc
![Page 38: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/38.jpg)
Authenticate
Get record
Add record
Update record
Delete record
• Any number of steps• Run JavaScript before/after steps• Modify queries on the fly• Verify return values
Multi-step testing
![Page 39: The Science of APIs in a Mobile World:Security, Control and Quality](https://reader030.vdocuments.mx/reader030/viewer/2022032502/55ba2676bb61eb1d1c8b459b/html5/thumbnails/39.jpg)
Realizing End-to-End Quality
API Monitoring
+ API Management