1. 1. Welcome
2. 2. Welcome Robin Meehan, CTO, Smart421 @SmartCTO
3. 3. Finding the Path Ronnie Mitra, Director of API Design, CA Technologies API Case Study Gala Coral Interactive Chirag Desai, Head of Sportsbook Delivery, Gala Coral Interactive API Tools in Action Stuart Smith, API Solution Specialist, Smart421
4. 4. Finding the Path: API Design and Implementation Tips That Enable Success Ronnie Mitra, Director of API Design, CA Technologies @mitraman
5. 5. For the content of Ronnies slides, please refer to separate file on slideshare at: http://ow.ly/OYKpz
6. 6. API Case Study Gala Coral Interactive Chirag Desai, Head of Sportsbook Delivery, Gala Coral Interactive @gala_coral
7. 7. Coral API Presentation June 2015
8. 8. Betting has evolved.. 9
9. 9. Gala Coral Group Who are we? 10 The fastest growing online sports betting and gaming operation in Europe covering UK and Italy: 22% share of the Retail betting market 5% share of the online market Turnover of 1.243 billion in FY14 Over 1,800 Coral Betting shops in the UK 870 Eurobet outlets in Italy Coral.co.uk Galabingo.com Eurobet.it Coral Connect Multi Channel
10. 10. API Management Architecture 11 Key business drivers: Single customer wallet Same experience via multiple-channels High rate of business change driven by global sporting calendar Support for multiple external 3rd parties 5 core sets of APIs to be exposed: Account management Authentication Payment Bet placement Bet history
11. 11. Integration with the Racing Post 12 The Racing Post Establishing in 1986, the Racing Post is the UKs number 1 Horse Racing daily paper, delivering all the news and information that a racing enthusiast needs. This news source now allows customers to bet with established operators via the Racing Post site utilising a Remote Betslip. The Problem: With betslip integrations already completed with our competitors, GCI began a project to integrate with the Racing Post so that our customers could also bet via this remote betslip. The Challenge: With our multi platform, single wallet solution, we have a scenario where the customers funds (i.e. Wallet) is in one system, and the betting opportunities are in another. This necessitates third parties to use APIs from both systems in their integrations on a server to server model. However, the Racing Post integration required a client to server integration. The Solution: We needed to find an API management tool that would allow Racing Post to integrate against a single common API that abstracted the core functionality that they required from the multiple underlying APIs.
12. 12. Why CA API Management? 13 We reviewed a number of vendor products, and chose the CA API Gateway product for a number of key reasons: Confidence The product is well known and has been previously used within the industry Once deployed, we wanted to retain the option to make changes using internal or external resources (this was not the case with some other vendor offerings, so would have been potentially exposed to dependency on external professional services Plus all the other things we wanted Cost effective Licencing and support model/cost Well supported product and supplier/integrator base Centralised management of all our internal Playtech & OpenBet API Single access point for authentication and management of all API developers. Elimination of rogue usage of APIs Allow developers to benefit from a single repository of APIs and associated information Maintain PCI compliance Outcome - A single Coral API - secure, documented and consistent that wraps the current OpenBet and Playtech APIs for third parties who want to integrate into the Coral platform.
13. 13. Timeline 14 Began April 2014 - with a timeline to complete supplier selection, scoping, build/installation and deployment by mid May 2014 Target - product live in time for that years Epsom Derby in early June CA recommended to engage with Smart421 Smart421 delivered the initial Coral API release in under a month: From initial conversations, through to initial scoping and onsite presence in Gibraltar Build, integration and deployment to 3 non production and 1 production environments Including liaising with OpenBet and Playtech to unit test/validate the new policies Integration documentation provided to the Racing Post to enable their delivery work Scope Phase 1 of the project involved the build of a simple API that would allow a customer to do the following Log In/Log Out Retrieve a customers wallet balance Validate and place a bet Retrieve a customers bet history
14. 14. Demo- Lets place a bet
15. 15. API Example Placing a Bet (JSON) 16 POST /v1/bets HTTP/1.1 Host: X-APIKey: g63e5f30f845bc83886ef4e42e0b5bc8b7fd283e6233facc9b1f585952769e7d X-Message-ID: 1 X-Token: B19CB0521ADB96B3474D20FA8D84B213 X-Token-Signature: fOWyEuO3ibj1I7NEa1vYL+PFejOUp+5EHKXE9CBtJD0= X-Username: demotest Accept: application/json Content-Type: application/json { "bet": [{ channel : I, clientUserAgentID : 123456, "betNo": "1", "stakePerLine": "5.00", "betType": "SGL", "legType": "W", "leg": { "legNo": "1", "legSort": "--", "part": { "partNo": "1", "outcome": "40733294", "priceType": "L", "priceNum": "13", "priceDen": "10" } } }] } HTTP/1.1 200 OK Content-Encoding: gzip Content-Type: application/json { "response": { "betPlacement": { "numLines": "1", "totalStake": "5.00", "receipt": "O/0107746/0000006", "betPotentialWin": "11.5", "date": "", "betNo": "1", "currency": "GBP", "betId": "5313" } } }>
16. 16. What happened next what did we learn? 17 Phase 1 of the Coral API was delivered in mid May 2014 as planned with a Phase 2 of extended functionality delivered in August. 2014. The API itself began to deliver immediate benefit in allowing us to quickly start integrations with third parties and build our own proof of concept applications. This has led to a significant functional increases in the capability of the API Working with Smart421 allows Coral to undertake this work in a controlled and cost effective manner. Operational experience CA API Gateway is very stable Once its working (i.e. API choreography is tested), it just stays working Smart421 providing support service, utilising their close relationship with CA So what's next? Racing Post on iPad - launched June 2015using the Coral API Weve only scratched the surface on the APIs that remain to be integrated CA API Gateway is proving itself to be an essential integration service for our third parties and its scope will continue to grow Smart will be providing Technical Training to the GCI infrastructure team More apps are awaiting integration
17. 17. Thank you! 18
18. 18. API Tools in Action Stuart Smith, API Solution Specialist, Smart421 @Smart421
19. 19. Manage Developers Access to APIs Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Manage Lifecycle & Availability of API Throttling Prioritization Caching Routing Traffic ControlTransformation Security Secure & Manage Interface + Data Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access & Credentialing to API Token Service Features of an API Delivery & Management Platform
20. 20. Manage Developers Access to APIs Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Manage Lifecycle & Availability of API Throttling Prioritization Caching Routing Traffic ControlTransformation Security Secure & Manage Interface + Data Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access & Credentialing to API Token Service Features of an API Delivery & Management Platform
21. 21. Manage Developers Access to APIs Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Manage Lifecycle & Availability of API Throttling Prioritization Caching Routing Traffic ControlTransformation Security Secure & Manage Interface + Data Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access & Credentialing to API Token Service Features of an API Delivery & Management Platform
22. 22. Manage Developers Access to APIs Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Manage Lifecycle & Availability of API Throttling Prioritization Caching Routing Traffic ControlTransformation Security Secure & Manage Interface + Data Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access & Credentialing to API Token Service Features of an API Delivery & Management Platform
23. 23. Manage Developers Access to APIs Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Manage Lifecycle & Availability of API Throttling Prioritization Caching Routing Traffic ControlTransformation Security Secure & Manage Interface + Data Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access & Credentialing to API Token Service Features of an API Delivery & Management Platform
24. 24. Manage Developers Access to APIs Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Manage Lifecycle & Availability of API Throttling Prioritization Caching Routing Traffic ControlTransformation Security Secure & Manage Interface + Data Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access & Credentialing to API Token Service Features of an API Delivery & Management Platform
25. 25. Manage Developers Access to APIs Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Manage Lifecycle & Availability of API Throttling Prioritization Caching Routing Traffic ControlTransformation Security Secure & Manage Interface + Data Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access & Credentialing to API Token Service Features of an API Delivery & Management Platform
26. 26. Health Tracking Workflow Performance Global Staging Reporting Config Migration Patch Management Policy Migration Manage Lifecycle & Availability of API Throttling Prioritization Caching Routing Traffic ControlTransformation Security Secure & Manage Interface + Data Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access & Credentialing to API Token Service Features of API Management Gateway
27. 27. Railways We want to write an app so customers can login and get their ticket details We want to display the boarding pass on their phone so they dont need to print it We want it to be secure We want to be able to audit usage CIO says -
28. 28. Railways Weve got existing SOA services that we could use They are SOAP/XML and for internal use, so no security, not suitable for mobile consumption Help us to make our app work ! CIO says -
29. 29. SOLUTION Internet Railways API Management Gateway
30. 30. API Management Gateway Identity Provider (internal GW provider used) SOA enterprise (mocked by GW) GET https://192.168.0.5:8443/ticket AUTHENTICATE (username, password) POST https://192.168.0.5:8443/internalBooking OK JSON response (ticket info) XML response (full enterprise ticket data) Demo Setup
31. 31. Railways SECURITY expose over SSL/HTTPS, with HTTP Basic Authentication to capture username, password. AUTHENTICATION use customer existing LDAP THREAT PROTECTION CA API assertions TRANSFORMATION SOAP/XML to REST/JSON CA API assertions THROTTLING CA API assertions AUDITING audit to CA API database SOLUTION
32. 32. Q+A
33. 33. Thank you for coming