IoT & API Management-A Match Made in Heaven

Sumedha RubasingheDirector – API Architecture

@sumedha_rubaApril 26, 2015

**

Things, Devices, IoT

Source: http://www.control4.com/blog/2014/03/the-internet-of-things-and-the-connected-home

**

M2M, IoT

Source: http://community.arm.com/groups/internet-of-things/blog/2014/06

**

IoT Device Eco System

**

IoT Device Eco System

**

IoT Platform Challenges

Device Registration & Management

Integration

Security - Data

ScalabilityEvent Management

App/Firmware Management

Security – Device Access

*

**

IoT Platform – Reference Blueprint

**

Applying principals of API world into IoT

**

IoT Device

● Piece of hardware● Built for a purpose● Capable of a limited functionality● Control interface● Input/output● Consumes power● Constrained Environment

Characteristics

Summary

● Functional Capabilities (Actuators)● Administration Capabilities (Management)● Monitoring Capabilities (Sensor Data)

**

Modeling Device as an API

● eg : HTTP API (not limited to)○ Lock

■ GET http://{ip}/{locationid}/sensors/door1lock/staus■ POST http://{ip}/{locationid}/sensors/door1lock/lock

○ Temperature Sensor■ GET http://{ip}/{locationid}/sensors/temperature1

○ Motor■ POST http://{ip}/{locationid}/actuators/motor1/rotate/{turns}/{direction}

■ GET http://{ip}/{locationid}/actuators/motor1/status

**

Advantages - Devices as APIs

● APIs - Standard Integration Pattern○ Heterogenous devices■ protocols, access control mechanisms, data formats

● App Developers - Already familiar programming paradigm

● Seamless Integration with existing systems● Ability to re-user known patterns for securing,

hardening APIs● API Economy

**

Open APIs | Managed APIs

**

Device API – Open | Managed ?

**

Devices Need More Capabilities..

● Throttling● Caching● Request Routing● Buffering● Stats collection & monitoring (Passive Analysis)● Alerting (Real time Analysis)● Decision Making (Predictive Analysis)

**

Sounds familiar?

● Throttling● Caching● Request Routing● Buffering● Stats collection & monitoring (Passive Analysis)● Alerting (Real time Analysis)● Decision Making (Predictive Analysis)

Similar requirements in API Management world

**

Mapping Oauth(2) -> IoT Device Access

● Device capabilities -> resources● OAuth (2.0) tokens -> authorize access ● Tokens -> expire, grant/revoke access

**

IoT Device Eco System + API WorldCreating a new Device API (versioning)Registering a new Device Type (OAuth2 application -> consumer key)

Device Owner Registering a Device (obtaining access token)Device Publishing Sensor DataApp Accessing Device (Controls)Device Polling for Pending Actions

Writing Apps for Device APIsVirtualization (for testing)

Controlling and Monitoring Devices

**

Registering a New Device Type

**

Owner Claiming a Device

**

Device Publishing Sensor Data

**

App Accessing Device

**

Device Polling for Pending Actions

**

WSO2- Reference Architecture for IoT

**

Thank You