Tag Archives: API

Accessible

Choosing API Security Options Fostering API Ecosystems

Choosing appropriate API security options will help you gain developer trust, increase API adoption, and build an effective API ecosystem.  While APIs are the ‘coolest’ and most effective mechanism to expose business functionalities out towards the outside world and inward to other teams, API security requires learning new technologies (i.e. OAuth, MAC token profiles, and JSON Web Token [JWT]) and retrofitting existing identity management architecture with token chaining and identity brokering.

 

Many mobile application developers and architects find API security and identity options are arcane, jargon-filled, and confusing.   They frequently ask whether selecting one choice over another is appropriate – and you need to cautiously identify and isolate  tradeoffs.  A robust API security platform can help guide you in the right direction.

API Security Basics

Security is not an afterthought. Incorporate security as an integral part of any application development project. The same approach applies to API development as well. API security has evolved significantly in the past five years. The recent standards growth has been exponential. OAuth and bearer tokens are the most widely adopted standard, and are possibly now the de-facto standard for API security.

What API security decisions should you consider?

Continue reading

Accessible

SOA & API Strategy, Tactics, and Convergence

During the SOA craze days in the past, proponents pitched SOA’s lofty benefits from both business and technical perspectives.   The benefits are real, yet sometimes very difficult to obtain. Surprisingly, today’s API proponents target similar benefits, but with an execution twist.

While everyone acknowledges API and Service Oriented Architecture (SOA) are best practice approaches to solution and platform development, the learning curve and adoption curve can be steep. To gain significant business benefits, teams must understand their IT business goals, define an appropriate SOA & API mindset, describe how to implement shared services and popular APIs, and tune governance practices.

Continue reading

Home Port Lighthouse - Galle

From the Home Port Lighthouse

The crew in the Home Port Lighthouse spotted a few interesting posts were spotted.   Here are the links and my sighting report:

Location: CloudBees Cloud App Development Platform Available on Verizon Cloud
WSO2 App Factory is an Open Source PaaS offering functionality similar to CloudBees. The DevOps PaaS delivers Jenkins, continuous delivery, enterprise governance, and DevOps best practices.

 

Location: Harnessing the Power of APIs
Are you publishing Naked APIs, or Managed APIs?  A managed API is:

  • Actively advertised and subscribe-able
  • Available with an associated, published service-level agreement (SLA)
  • Secured, authenticated, authorized and protected
  • Monitored and monetized with analytics

When creating an API Management program, consider including these five steps:

  • Step 1 Embrace the Managed API
  • Step 2 Establish a Monetization Model
  • Step 3 Make APIs Easy for Developers to Access
  • Step 4 Employ Governance
  • Step 5 Monitor API Use

 

Location:Cloud Spending Spikes, Here’s Where to Invest

  • Excellent distinction by Dave when parsing Cloud’s momentum and investment drivers. “That’s not new money, just moved money.”
  • ” focus on the specific aspects and the value they bring to your business — that’s where you want to align your own investments.”

When DevOps Meets ALM in the Cloud, teams can follow a three step PaaS performance metrics adoption plan:

๏Step 1: Foundational value metrics focus on Time to Market

๏Step 2: Optimization value metrics focus on Portfolio Efficiency

๏Step 3: Transformational value metrics focus on Productivity

 

 

 

 

SOA Perspective and API Echo

The SOA perspective is reverberating into an API echo. During past SOA craze days  (2003-2008), proponents pitched SOA’s lofty benefits from both business and technical perspectives.   The benefits are real, yet sometimes very difficult to obtain. Surprisingly, today’s API proponents target similar benefits, but with an execution twist.

Continue reading

Crafting a SaaS API

A SaaS API must (by definition) serve multiple consumers – tenant organizations that desire programmatic access to SaaS provider business capabilities.  Building a SaaS API goes beyond simply adding a tenant key to your API message parser.

Delivering an effective  API Brand  and standing out from the crowd requires personalizing the API experience per user, tenant, developer, or channel.   API provider teams personalize the API experience by accepting diverse message formats or authentication credentials.   Teams also contextualize the API experience by applying personalized service levels, security policies, governance policies, business rules, or data sources.

Creating a SaaS API requires more than run-time message personalization.   API administration, discovery, exploration, and usage portals must adapt, foster a 1-to-1 relationship, and encourage Long Tail adoption. Â Most API Management platforms do not support multi-tenant presentation of API developer portals or API publisher portals.

With WSO2 API Manager 1.4,  deep multi-tenant support enables you to take your entire API portfolio and segment out only the APIs that are applicable to your developer audience.   The multi-tenant API publisher enables API providers to create a customized lists per constituency.   An organization can present an API portal personalized by role or domain. For example, an API portal for partners, suppliers, distributors, or customers.   The API portal may also be contextualized per distribution channel (e.g. retail, wholesale, institutional, government) or API brand.

Because the infrastructure is multi-tenant, you don’t need to deploy multiple API gateways,  API management back-end infrastructure, or purchase multiple software licenses.

When crafting a SaaS API, consider your ability to present a personalized developer portal and segment APIs by audience.   A multi-tenant API Management platform can help API providers create a compelling brand experience.

Swagger with WSO2 API Manager

APIs are often described in JSON, and XML Schema or XML-based client tooling doesn’t work.  Swagger enables developers to describe the API message, produce API schema documentations, and simplify connecting clients to APIs. The overarching goal of Swagger is to enable client and documentation systems to update at the same pace as the server. The documentation of methods, parameters and models are tightly integrated into the server code, allowing APIs to always stay in sync.  WSO2 API Manager now integrates Swagger code.  Swagger spans six distinct GitHub modules:

Continue reading