apidays Australia 2023 - APIs Aren't Enough: Why SaaS Leaders Are Investing In IPaaS, Tim Pettersen, Atlassian

APIs aren’t enough Why SaaS leaders are investing in iPaaS
TIM PETTERSEN | HEAD OF DEVELOPER EXPERIENCE, ATLASSIAN | @KANNONBOY

Platform engineer ABOUT TIM @KANNONBOY App developer Dev evangelist

We are a product company ABOUT ATLASSIAN @KANNONBOY

We are a product company ABOUT ATLASSIAN We are a
platform company @KANNONBOY

Atlassian’s Ecosystem In-house Developers Customers and professional services customising our
products is a key differentiator. Strategic Partners Integration with other SaaS partners is key to our product strategy across our Cloud portfolio. @KANNONBOY Commercial Partners Our commercial Marketplace just passed $3B in lifetime sales in Q3 FY23

BUT NOT AS GREAT AS IT CAN BE OUR ECOSYSTEM
IS PRETTY AWESOME, @KANNONBOY

@KANNONBOY

@KANNONBOY !=

@KANNONBOY Jira Cloud Jira Server • “Apps” are stand-alone web
services, operated by Atlassian partners • Data is exchanged via REST APIs and webhooks • UX is provided by iframes, served directly from partner infrastructure

@KANNONBOY Jira Cloud Jira Server • Apps are stand-alone web
services, operated by Atlassian partners • UX is provided by iframes, served directly from partner infra • Data is exchanged via REST APIs and webhooks • Apps are Java OSGi bundles that are executed in process, deployed & managed by customers • UX provided by native Jira view technologies (JSP, Webwork, etc) • ORM, logging, AuthN, AuthZ, scheduling, backups, etc. all provided by the platform

@KANNONBOY Jira Cloud Jira Server Build and operate a high
scale, high availability, secure & compliant web application. Write a few Java classes and front- end assets to handle your business logic, leverage platform abstractions for the rest.

BUT NOT AS GREAT AS IT CAN BE OUR ECOSYSTEM
IS PRETTY AWESOME, @KANNONBOY

@KANNONBOY

Platformise Trust Abstract away security and data privacy concerns Platform
goals Simplify Development Let developers focus on delivering customer value @KANNONBOY

Why a FaaS for Ecosystem? H/W O/S Runtime Web App
Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer @KANNONBOY

Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer Moving up the stack! @KANNONBOY

Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer H/W O/S Runtime Web App Business Logic IPaaS / AppFaaS @KANNONBOY

Functions Eco FaaS platforms are everywhere! @KANNONBOY

After Abstracted Infrastructure Before Function Function Function Forge Platform @KANNONBOY

Abstracted Infrastructure @KANNONBOY # manifest.yml app: id: xxx modules: trigger:
- key: issue-trigger events: - avi:jira:created:issue - avi:jira:updated:issue function: trigger-func function: - key: trigger-func handler: trigger.run // trigger.js export async function run(event) { // business logic console.log(event.issue.id); }

Abstracted Infrastructure ✅ Simple onboarding - can bootstrap an app
in minutes ✅ No infrastructure management ✅ Simplified operations ✅ Mitigates most web app security risks ✅ Atlassian can monitor and scan client code 🚧 Automatic Multi-region & Data Residency @KANNONBOY

Abstracted Infrastructure 🚊 Less flexibility in app architecture 🚌 Significant
migration cost for existing apps 💰 Requires investment in compute & storage primitives @KANNONBOY ✅ Simple onboarding - can bootstrap an app in minutes ✅ No infrastructure management ✅ Simplified operations ✅ Mitigates most web app security risks ✅ Atlassian can monitor and scan client code 🚧 Automatic Multi-region & Data Residency

Network Isolation Function Function Forge Shard Function Function Function Function
STOP Internet Atlassian Services GO @KANNONBOY

# manifest.yml … permissions: external: fetch: backend: - '*.ingest.sentry.io' images:
- '*.giphy.com' … @KANNONBOY

Simplify AuthN & AuthZ App Jira Cloud Before @KANNONBOY

App Jira Cloud (1) Per-tenant secret issued in a signed
installation hook Before @KANNONBOY Simplify AuthN & AuthZ

installation hook   Secrets (2) Store secret, handle rotation protocols Before @KANNONBOY Simplify AuthN & AuthZ

installation hook (3) Use secret to generate JWT (w/ custom claim) to auth   Secrets (2) Store secret, handle rotation protocols (4) Incoming web hooks / iframes also signed with JWTs Before @KANNONBOY Simplify AuthN & AuthZ

App Jira Cloud User Auth Service (1) Per-tenant secret issued
in a signed installation hook (3) Use secret to generate JWT (w/ custom claim) to auth   Secrets (2) Store secret, handle rotation protocols (4) Incoming web hooks / iframes also signed with JWTs (5) Can swap JWT for (short-lived) bearer token to impersonate users Before @KANNONBOY Simplify AuthN & AuthZ

export async function run(event) { await API .asApp() // or
.asUser() .requestJira(route`/rest/api/2/issue/${event.issue.id}/comment`, { method: 'POST', body: { 'Hello there!’ } }); } After No AuthN / No AuthZ @KANNONBOY

Is a hosted ecosystem platform   right for your business?
@KANNONBOY

@KANNONBOY 82% of Forge apps on the Marketplace launched in
3 months or less 44% launched within 4 weeks

go.atlassian.com/onward Case study go.atlassian.com/forge Try it yourself! Thanks! @KANNONBOY

apidays Australia 2023 - APIs Aren't Enough: Wh...

apidays Australia 2023 - APIs Aren't Enough: Why SaaS Leaders Are Investing In IPaaS, Tim Pettersen, Atlassian

More Decks by apidays

Other Decks in Programming

Featured

Transcript