Download - APIs : Mapping the way
![Page 2: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/2.jpg)
![Page 3: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/3.jpg)
Mapping the Way
• Looking back – where have we come from • Current state of the world • Taking a look to the future
![Page 4: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/4.jpg)
![Page 5: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/5.jpg)
APIs • An API is a business capability delivered over the Internet
to internal or external consumers – Network accessible funcLon – Available using standard web protocols – With well-‐defined interfaces – Designed for access by third-‐parLes
• A Managed API is: – AcLvely adverLsed and subscribe-‐able – Available with SLAs – Secured, authenLcated, authorized and protected – Monitored and moneLzed with analyLcs
![Page 6: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/6.jpg)
Web API History
• The earliest APIs were various XML and SOAP services – Also people manipulaLng web applicaLons and parsing HTML
![Page 7: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/7.jpg)
Authorize.net (1998)
![Page 8: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/8.jpg)
Salesforce
![Page 9: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/9.jpg)
Dec 6th 2000
![Page 10: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/10.jpg)
Key differenLators in the evoluLon
• Self-‐signup / Portal / API Store • A clear moneLzaLon model – And a clear value model
• Ecosystem thinking – Hackathons – Forums* – Social Media integraLon
• Monitoring • Simple keys to OAuth to OAuth2
* yes, I know the proper LaLn is fora. I’m not an ancient Roman though
![Page 11: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/11.jpg)
REST or rest?
• REST – RepresentaLonal State Transfer – From Roy Fielding’s thesis (hbp://freo.me/O9t4nj)
• A clear shie from SOAP/HTTP to more resful JSON/HTTP
• REST is a good thing – but actually quite rare amongst many APIs
![Page 12: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/12.jpg)
PrioriLzing which bits of REST
• Proper use of verbs • Caching and cache-‐ability • Good error codes • Do not use poorly defined aspects of the HTTP spec – E.g. including an EnLty Body with a DELETE
• Re-‐usable / bookmark-‐able links and URIs • HATEAOS
![Page 13: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/13.jpg)
Versioning
![Page 14: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/14.jpg)
Versioning
• There are some who say that APIs should NEVER have a version number in the URI
• I disagree: – Versioning properly allows for evoluLon and agility
– Clear deprecaLon and well-‐defined support for old versions
![Page 15: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/15.jpg)
hbp://www.pdt.com/news/688
![Page 16: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/16.jpg)
Minimum Viable API
• Minimum Viable Product has just enough features that the product can be deployed and used by some customers, and no more. – Typically this is a small subset of the future customer base
• “Minimum Viable API” is just enough API that it can be used by some partners
• Highly recommended especially in evolving an API strategy
![Page 17: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/17.jpg)
![Page 18: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/18.jpg)
API First
• Start with the API – Before the website / mobile app / internal app / …
• Why? – Ensures a good API – External Developers are not second class ciLzens – Inherently “mobile-‐first-‐friendly” – Decoupled development – Evolve-‐ability – APIs everywhere
![Page 19: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/19.jpg)
API First has requirements
• Excellent access control • Versioning and agile • Throbling • Metering and moneLzaLon
![Page 20: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/20.jpg)
OAuth2
• OAuth2 has widely taken over from simple API keys – E.g. Google, Github, Twiber, etc
• Standard model from the IETF • Almost the same as a simple key – Well-‐defined place to put into headers – Refresh semanLcs – If you offer a long-‐lived key then ignore refresh
![Page 21: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/21.jpg)
OpenId Connect
![Page 22: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/22.jpg)
What is OpenID Connect
• A well-‐defined pabern for using OAuth2 for idenLty – A pre-‐defined scope – A well-‐defined REST API for user info – A discovery model
• My predicLon: – Widespread adopLon
![Page 23: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/23.jpg)
hbps://www.flickr.com/photos/1stpix_diecast_dioramas/
![Page 24: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/24.jpg)
![Page 25: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/25.jpg)
Ecosystems • Allow smaller organizaLons to compete effecLvely – Be more agile, nimble
• Allow larger organizaLons to compete more effecLvely – By working with smaller, more agile partners!
• Enable “best-‐of-‐breed” capabiliLes to conjoin to create beber soluLons
• Take advantage of APIs and promote APIs – A virtuous circle
![Page 26: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/26.jpg)
The wider sense of virtualizaLon
Import org.apache.x
} Automation Control Monitoring Agility Flexibility
![Page 27: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/27.jpg)
APIs and PaaS
• APIs are the virtualizaLon of funcLon • PaaS is the virtualizaLon of applicaLon deployment
• App Factory is the virtualizaLon of development
• Together this is basis for the virtualizaLon of an ecosystem
![Page 28: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/28.jpg)
Summary
• Build an API strategy that revolves around: – CreaLng or parLcipaLng in an ecosystem – Giving API consumers the tools and capabiliLes they need
– By being agile and responsive – And using the right technologies
![Page 29: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/29.jpg)
![Page 30: APIs : Mapping the way](https://reader034.vdocuments.us/reader034/viewer/2022051608/54418169b1af9fff4b8b4741/html5/thumbnails/30.jpg)
QuesLons?
hbp://wso2.com/contact