Politics is all about power. Whether in Washington DC, Brussels, or Beijing, individuals jockey for advantage using the political process. The politics of APIs centers on ‘knowledge being power’ and ‘data content being power’. Individuals and corporations gain a powerful advantage in the API economy by enforcing content ownership, access privileges, and distribution rights to their advantage.
Choosing appropriate API security options will help you gain developer trust, increase API adoption, and build an effective API ecosystem. While APIs are the ‘coolest’ and most effective mechanism to expose business functionalities out towards the outside world and inward to other teams, API security requires learning new technologies (i.e. OAuth, MAC token profiles, and JSON Web Token [JWT]) and retrofitting existing identity management architecture with token chaining and identity brokering.
Many mobile application developers and architects find API security and identity options are arcane, jargon-filled, and confusing. They frequently ask whether selecting one choice over another is appropriate – and you need to cautiously identify and isolate tradeoffs. A robust API security platform can help guide you in the right direction.
API Security Basics
Security is not an afterthought. Incorporate security as an integral part of any application development project. The same approach applies to API development as well. API security has evolved significantly in the past five years. The recent standards growth has been exponential. OAuth and bearer tokens are the most widely adopted standard, and are possibly now the de-facto standard for API security.
What API security decisions should you consider?
In section 6.3 of Roy’s dissertation, he explains how REST applies to HTTP. But the implementing a RESTful approach requires painstaking assembly without REST tooling. Java JAX-RS and API Management infrastructure reduce the learning curve, increase API adoption and decrease development effort by simplifying API creation, publication, and consumption.
RESTful systems must consider security, separation of concerns, and legacy web services.
During the SOA craze days in the past, proponents pitched SOA’s lofty benefits from both business and technical perspectives. The benefits are real, yet sometimes very difficult to obtain. Surprisingly, today’s API proponents target similar benefits, but with an execution twist.
While everyone acknowledges API and Service Oriented Architecture (SOA) are best practice approaches to solution and platform development, the learning curve and adoption curve can be steep. To gain significant business benefits, teams must understand their IT business goals, define an appropriate SOA & API mindset, describe how to implement shared services and popular APIs, and tune governance practices.
The crew in the Home Port Lighthouse spotted a few interesting posts were spotted. Here are the links and my sighting report:
Location: CloudBees Cloud App Development Platform Available on Verizon Cloud
WSO2 App Factory is an Open Source PaaS offering functionality similar to CloudBees. The DevOps PaaS delivers Jenkins, continuous delivery, enterprise governance, and DevOps best practices.
Location: Harnessing the Power of APIs
Are you publishing Naked APIs, or Managed APIs? A managed API is:
- Actively advertised and subscribe-able
- Available with an associated, published service-level agreement (SLA)
- Secured, authenticated, authorized and protected
- Monitored and monetized with analytics
When creating an API Management program, consider including these five steps:
- Step 1 Embrace the Managed API
- Step 2 Establish a Monetization Model
- Step 3 Make APIs Easy for Developers to Access
- Step 4 Employ Governance
- Step 5 Monitor API Use
- Excellent distinction by Dave when parsing Cloud’s momentum and investment drivers. “That’s not new money, just moved money.”
- ” focus on the specific aspects and the value they bring to your business — that’s where you want to align your own investments.”
๏Step 1: Foundational value metrics focus on Time to Market
๏Step 2: Optimization value metrics focus on Portfolio Efficiency
๏Step 3: Transformational value metrics focus on Productivity
API governance is heavily influenced by IT business goals and objectives. Leading API governance platforms provide analytics supporting the assessment of IT business value. The platform should capture service tier subscription information, collects usage statistics, present productivity metrics, and integrate with billing and payment systems.
The SOA perspective is reverberating into an API echo. During past SOA craze days (2003-2008), proponents pitched SOA’s lofty benefits from both business and technical perspectives. The benefits are real, yet sometimes very difficult to obtain. Surprisingly, today’s API proponents target similar benefits, but with an execution twist.
When crafting an API strategy and proposing API benefits, consider whether your organization is pursuing an API-Access Mindset or and API-centric Enterprise Mindset. These API approaches are similar to recognized Big SOA / Small SOA or Top-down SOA / Bottoms-up SOA approaches.
A SaaS API must (by definition) serve multiple consumers – tenant organizations that desire programmatic access to SaaS provider business capabilities. Â Building a SaaS API goes beyond simply adding a tenant key to your API message parser.
Delivering an effective API Brand and standing out from the crowd requires personalizing the API experience per user, tenant, developer, or channel. API provider teams personalize the API experience by accepting diverse message formats or authentication credentials. Teams also contextualize the API experience by applying personalized service levels, security policies, governance policies, business rules, or data sources.
Creating a SaaS API requires more than run-time message personalization. API administration, discovery, exploration, and usage portals must adapt, foster a 1-to-1 relationship, and encourage Long Tail adoption. Â Most API Management platforms do not support multi-tenant presentation of API developer portals or API publisher portals.
With WSO2 API Manager 1.4, deep multi-tenant support enables you to take your entire API portfolio and segment out only the APIs that are applicable to your developer audience. The multi-tenant API publisher enables API providers to create a customized lists per constituency. An organization can present an API portal personalized by role or domain. For example, an API portal for partners, suppliers, distributors, or customers. The API portal may also be contextualized per distribution channel (e.g. retail, wholesale, institutional, government) or API brand.
Because the infrastructure is multi-tenant, you don’t need to deploy multiple API gateways, API management back-end infrastructure, or purchase multiple software licenses.
When crafting a SaaS API, consider your ability to present a personalized developer portal and segment APIs by audience. A multi-tenant API Management platform can help API providers create a compelling brand experience.