iot and api management - a match made in heaven
TRANSCRIPT
IoT & API Management-A Match Made in Heaven
Sumedha RubasingheDirector – API Architecture
@sumedha_rubaApril 26, 2015
**
Things, Devices, IoT
Source: http://www.control4.com/blog/2014/03/the-internet-of-things-and-the-connected-home
**
IoT Platform Challenges
Device Registration & Management
Integration
Security - Data
ScalabilityEvent Management
App/Firmware Management
Security – Device Access
**
IoT Device
● Piece of hardware● Built for a purpose● Capable of a limited functionality● Control interface● Input/output● Consumes power● Constrained Environment
Characteristics
Summary
● Functional Capabilities (Actuators)● Administration Capabilities (Management)● Monitoring Capabilities (Sensor Data)
**
Modeling Device as an API
● eg : HTTP API (not limited to)○ Lock
■ GET http://{ip}/{locationid}/sensors/door1lock/staus■ POST http://{ip}/{locationid}/sensors/door1lock/lock
○ Temperature Sensor■ GET http://{ip}/{locationid}/sensors/temperature1
○ Motor■ POST http://{ip}/{locationid}/actuators/motor1/rotate/{turns}/{direction}
■ GET http://{ip}/{locationid}/actuators/motor1/status
**
Advantages - Devices as APIs
● APIs - Standard Integration Pattern○ Heterogenous devices■ protocols, access control mechanisms, data formats
● App Developers - Already familiar programming paradigm
● Seamless Integration with existing systems● Ability to re-user known patterns for securing,
hardening APIs● API Economy
**
Devices Need More Capabilities..
● Throttling● Caching● Request Routing● Buffering● Stats collection & monitoring (Passive Analysis)● Alerting (Real time Analysis)● Decision Making (Predictive Analysis)
**
Sounds familiar?
● Throttling● Caching● Request Routing● Buffering● Stats collection & monitoring (Passive Analysis)● Alerting (Real time Analysis)● Decision Making (Predictive Analysis)
Similar requirements in API Management world
**
Mapping Oauth(2) -> IoT Device Access
● Device capabilities -> resources● OAuth (2.0) tokens -> authorize access ● Tokens -> expire, grant/revoke access
**
IoT Device Eco System + API WorldCreating a new Device API (versioning)Registering a new Device Type (OAuth2 application -> consumer key)
Device Owner Registering a Device (obtaining access token)Device Publishing Sensor DataApp Accessing Device (Controls)Device Polling for Pending Actions
Writing Apps for Device APIsVirtualization (for testing)
Controlling and Monitoring Devices