Upgrade to Pro — share decks privately, control downloads, hide ads and more …

apidays Australia 2023 - APIs Aren't Enough: Wh...

apidays
October 18, 2023

apidays Australia 2023 - APIs Aren't Enough: Why SaaS Leaders Are Investing In IPaaS, Tim Pettersen, Atlassian

apidays Australia 2023 - Platforms, Products, and People: The Power of APIs
October 11 & 12, 2023
https://www.apidays.global/australia/

APIs Aren't Enough: Why SaaS Leaders Are Investing In IPaaS
Tim Pettersen, Head of Developer Experience at Atlassian

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays

October 18, 2023
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. APIs aren’t enough Why SaaS leaders are investing in iPaaS

    TIM PETTERSEN | HEAD OF DEVELOPER EXPERIENCE, ATLASSIAN | @KANNONBOY
  2. Atlassian’s Ecosystem In-house Developers Customers and professional services customising our

    products is a key differentiator. Strategic Partners Integration with other SaaS partners is key to our product strategy across our Cloud portfolio. @KANNONBOY Commercial Partners Our commercial Marketplace just passed $3B in lifetime sales in Q3 FY23
  3. BUT NOT AS GREAT AS IT CAN BE OUR ECOSYSTEM

    IS PRETTY AWESOME, @KANNONBOY
  4. @KANNONBOY Jira Cloud Jira Server • “Apps” are stand-alone web

    services, operated by Atlassian partners • Data is exchanged via REST APIs and webhooks • UX is provided by iframes, served directly from partner infrastructure
  5. @KANNONBOY Jira Cloud Jira Server • Apps are stand-alone web

    services, operated by Atlassian partners • UX is provided by iframes, served directly from partner infra • Data is exchanged via REST APIs and webhooks • Apps are Java OSGi bundles that are executed in process, deployed & managed by customers • UX provided by native Jira view technologies (JSP, Webwork, etc) • ORM, logging, AuthN, AuthZ, scheduling, backups, etc. all provided by the platform
  6. @KANNONBOY Jira Cloud Jira Server Build and operate a high

    scale, high availability, secure & compliant web application. Write a few Java classes and front- end assets to handle your business logic, leverage platform abstractions for the rest.
  7. BUT NOT AS GREAT AS IT CAN BE OUR ECOSYSTEM

    IS PRETTY AWESOME, @KANNONBOY
  8. Platformise Trust Abstract away security and data privacy concerns Platform

    goals Simplify Development Let developers focus on delivering customer value @KANNONBOY
  9. Why a FaaS for Ecosystem? H/W O/S Runtime Web App

    Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer @KANNONBOY
  10. Why a FaaS for Ecosystem? H/W O/S Runtime Web App

    Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer @KANNONBOY
  11. Why a FaaS for Ecosystem? H/W O/S Runtime Web App

    Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer @KANNONBOY
  12. Why a FaaS for Ecosystem? H/W O/S Runtime Web App

    Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer Moving up the stack! @KANNONBOY
  13. Why a FaaS for Ecosystem? H/W O/S Runtime Web App

    Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer H/W O/S Runtime Web App Business Logic IPaaS / AppFaaS @KANNONBOY
  14. Abstracted Infrastructure @KANNONBOY # manifest.yml app: id: xxx modules: trigger:

    - key: issue-trigger events: - avi:jira:created:issue - avi:jira:updated:issue function: trigger-func function: - key: trigger-func handler: trigger.run // trigger.js export async function run(event) { // business logic console.log(event.issue.id); }
  15. Abstracted Infrastructure ✅ Simple onboarding - can bootstrap an app

    in minutes ✅ No infrastructure management ✅ Simplified operations ✅ Mitigates most web app security risks ✅ Atlassian can monitor and scan client code 🚧 Automatic Multi-region & Data Residency @KANNONBOY
  16. Abstracted Infrastructure 🚊 Less flexibility in app architecture 🚌 Significant

    migration cost for existing apps 💰 Requires investment in compute & storage primitives @KANNONBOY ✅ Simple onboarding - can bootstrap an app in minutes ✅ No infrastructure management ✅ Simplified operations ✅ Mitigates most web app security risks ✅ Atlassian can monitor and scan client code 🚧 Automatic Multi-region & Data Residency
  17. App Jira Cloud (1) Per-tenant secret issued in a signed

    installation hook Before @KANNONBOY Simplify AuthN & AuthZ
  18. App Jira Cloud (1) Per-tenant secret issued in a signed

    installation hook 
 Secrets (2) Store secret, handle rotation protocols Before @KANNONBOY Simplify AuthN & AuthZ
  19. App Jira Cloud (1) Per-tenant secret issued in a signed

    installation hook (3) Use secret to generate JWT (w/ custom claim) to auth 
 Secrets (2) Store secret, handle rotation protocols (4) Incoming web hooks / iframes also signed with JWTs Before @KANNONBOY Simplify AuthN & AuthZ
  20. App Jira Cloud User Auth Service (1) Per-tenant secret issued

    in a signed installation hook (3) Use secret to generate JWT (w/ custom claim) to auth 
 Secrets (2) Store secret, handle rotation protocols (4) Incoming web hooks / iframes also signed with JWTs (5) Can swap JWT for (short-lived) bearer token to impersonate users Before @KANNONBOY Simplify AuthN & AuthZ
  21. export async function run(event) { await API .asApp() // or

    .asUser() .requestJira(route`/rest/api/2/issue/${event.issue.id}/comment`, { method: 'POST', body: { 'Hello there!’ } }); } After No AuthN / No AuthZ @KANNONBOY
  22. @KANNONBOY 82% of Forge apps on the Marketplace launched in

    3 months or less 44% launched within 4 weeks