![Page 1: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/1.jpg)
How To Build A Successful API Program -
Best Practices For The CarrierK Scott Morrison
CTO
Sept 11, 2012
![Page 2: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/2.jpg)
Researchers have discovered
that the US national divorce
rate has been falling since
2006…
![Page 3: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/3.jpg)
2007: 3.6 divorces per 1000 people
2008: 3.5 divorces per 1000 people
2009: 3.4 divorces per 1000 people
Source: Slate http://slate.me/wGf9et
So, does this mean people are getting better at relationships?
![Page 4: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/4.jpg)
No.
![Page 5: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/5.jpg)
It’s because of the recession.
![Page 6: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/6.jpg)
APIs are like a
relationship
![Page 7: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/7.jpg)
They require
maintenance. high^
very high
![Page 8: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/8.jpg)
This talk is about how to
have a successful
relationship.API
![Page 9: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/9.jpg)
Carriers already know how to monetize relationships
Now Apply This To APIs
![Page 10: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/10.jpg)
Piece of Advice #1
![Page 11: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/11.jpg)
Best Practice #1
It takes two to tango.
![Page 12: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/12.jpg)
The Web wasn’t a
relationship
![Page 13: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/13.jpg)
Successful
relationships
are built on
trust and
equality
![Page 14: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/14.jpg)
Equal, but different
![Page 15: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/15.jpg)
BP #2
Understand and respect the cultural
differences.
![Page 16: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/16.jpg)
Client Server
![Page 17: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/17.jpg)
Inside Outside
![Page 18: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/18.jpg)
Contractor Regular
![Page 19: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/19.jpg)
Contractor RegularPartner
![Page 20: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/20.jpg)
Partner RegularNo Affiliation
![Page 21: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/21.jpg)
Us Them
![Page 22: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/22.jpg)
The New Identity Management
API Users API DevelopersExternal Internal
![Page 23: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/23.jpg)
APIs change composition
of internal teams
CFOAPI
Developer
Security
Officer
Business
Manager
Product
Manager
![Page 24: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/24.jpg)
BP #3
Memorize this simple equation.
![Page 25: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/25.jpg)
API Development !=
Web Development
![Page 26: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/26.jpg)
Beware of habits
![Page 27: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/27.jpg)
BP #4
Take security away from developers.
![Page 28: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/28.jpg)
API
Server
API
Proxy
Security
Expert
API
Expert
Separation of
Concerns
![Page 29: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/29.jpg)
BP #5
Trust, but verify.
![Page 30: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/30.jpg)
Source: https://xkcd.com/327/
SQL Injection (courtesy
XKCD)
Exploits of a Mom
![Page 31: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/31.jpg)
![Page 32: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/32.jpg)
BP #6
SSL everywhere.
![Page 33: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/33.jpg)
It’s Cheap
![Page 34: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/34.jpg)
BP #7
It’s still all about access control.
![Page 35: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/35.jpg)
But think hard about tokens
![Page 36: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/36.jpg)
BP #8
Don’t roll your own.
![Page 37: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/37.jpg)
Security is hard
to get right
![Page 38: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/38.jpg)
BP #9
Manage misconfiguration risk
with appliances.
![Page 39: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/39.jpg)
Secure
Zone
API
Server
Firewall
DMZ
API
Client
Protect the
Servers
Enterprise
Network
API Proxy
![Page 40: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/40.jpg)
BP #10
Engage the developers.
![Page 41: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/41.jpg)
The New Governance
Documentation
Discovery
Approval
Enforcement
User Provisioning
Community
WSDL
Reg/Rep
G10 Platform
Gateway
IAM
What’s that?
Wiki/Blog
Search
Gateway
Portal
Forum
Old New
What’s that?
![Page 42: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/42.jpg)
The Layer 7 API
Developer Portal
Firewall
Enterprise
Network
API
Server
API
Client
iPhone
Developer
API Portal
API Proxy
![Page 43: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/43.jpg)
To Summarize:
The game has changedClients need attention
The security problems are the sameBut the names have changed
Don’t just build APIsBuild secure and managed APIs
![Page 44: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/44.jpg)
Picture Credits
Antelope Canyon 4 by klsmith– stock.exchg
Band silhouettes by mr_basmt– stock.exchg
Check and Statement by kgdsgn– stock.exchg
![Page 45: How to Build a Successful API Program: Best Practices For the Carrier](https://reader034.vdocuments.us/reader034/viewer/2022051516/5598bf641a28abdf208b46ca/html5/thumbnails/45.jpg)
September 2012
K. Scott Morrison
Chief Technology Officer
Layer 7 Technologies
1100 Melville St, Suite 405
Vancouver, B.C. V6E 4A6
Canada
(800) 681-9377
http://www.layer7tech.com
For further information: