What Is Feeding Your Mobile Apps? How to Deliver and Secure Mobile Enabled APIs Ed King Vice President, Product Marke>ng Vordel
APIs Power Mobile Applications
2
Which Type of API Do You Have?
3
Consumer APIs § Social media, content delivery,
shopping, public service § Do not transmit sensitive data § User has data ownership § No service quality obligations § Commodity, low switching cost
Enterprise APIs § Business or consumer transactions § Transmit sensitive data § Covered by compliance mandates § Contract-binding quality obligations § National security or public safety
implications
§ No/low barrier for access § Differentiate on ease of adoption § Minimal security & audit § Minimal integrations § Business usage statistics
§ Authorized access only § Strong security & audit § Meet compliance requirements § Support existing systems,
processes, & integration § Operational support
All-In-One Consumer API Portal
4 3rd-Party APIs
Developers Applications
Forum & Community
API Configuration
Documentation
Self-Service
Application Registration
API Proxy Lite Transformation
Credentials
API Owners
Own APIs
Business Reporting
§ Simple solution for limited consumer APIs distribution
§ Business ownership without much IT support
§ 24x7 self-service without internal process dependencies
§ Good standard user experience out-of-the-box
Two-Tier Enterprise API Delivery Platform
5
Partner Developer
Portal
Internal Developer
Portal
API Gateway
Partners Applications API Owners
§ Leverage existing systems, processes, & relationships
§ Support multiple portals from a single infrastructure
§ Convert backend interfaces into usable external APIs
§ Meet enterprise security, compliance, & operational requirements
3rd-Party APIs Own APIs
API Aggregation
6
§ Aggregate APIs across multiple sources
§ Virtualize & create branded APIs
§ Simplify adoption of APIs
API Orchestration
7
§ Mash-up APIs to create differentiated services
§ Leverage third-party APIs, i.e. GoogleMaps, Twitter, FedEx Tracking
§ Make use of existing B2B and A2A web services
API Transformation
8
§ Transform enterprise application’s legacy interfaces to REST / JSON / OAuth
§ Leverage decade of Service Oriented Architecture (SOA) investment
§ Keep up with the evolution of mobile & web API technologies
API Security
9
§ Secure communication channel with signing & encryption
§ Protect against API & device vulnerabilities, poor mobile app design
§ Monitor & prevent data leakage
API Authentication & Authorization
10
§ Extend identity management platforms to handle user, application, & device level authentications
§ Enable “Bring-Your-Own-Identity” customers with federation
§ Leverage pre-built integrations with leading identity management platforms & identity provider services
API Traffic Control
11
§ Set quota & meter usage, route traffic & APIs
§ Uphold service quality & offer different service levels
§ Protect against “friendly fire” & “noisy neighbor” problems
API Monitoring & Audit
12
§ Audit end-to-end transactions
§ Provide audit trail for compliance, billing, & service audit
§ Analyze API usage statistics
Business Process Integration
13
§ Integrate with partner on-boarding, billing, & other business processes
§ Integrate with sales & marketing automation, CRM, ERP, commerce, & logistics systems
§ Manage APIs as products & channels
API Gateway Capabilities
14
Traffic Management • Request & response routing • Throttling & metering • Quota management • SLA management • Caching
Security • API key & certificate mgmt. • OAuth & SAML federation • Auth’N, auth’Z, & audit • Content firewalling
Reporting & Monitoring • Transaction logging • Service statistics reporting • SLA monitoring & alerting • Real-time monitoring
External APIs
Service Mediation • External API virtualization • Protocol translation • Data transformation • Data redaction & enrichment
Mash-up Transformed Aggregated Virtualized
Internal APIs,
Services, Interfaces
API Gateway
Linking Applications, Users, Devices
[email protected] www.vordel.com
twitter.com/vordel
Hall F, Booth 5343 Win an iPad!
