Upgrade to Pro — share decks privately, control downloads, hide ads and more …

apidays Australia 2023 - APIs Aren't Enough: Wh...

Avatar for apidays apidays PRO
October 18, 2023

apidays Australia 2023 - APIs Aren't Enough: Why SaaS Leaders Are Investing In IPaaS, Tim Pettersen, Atlassian

apidays Australia 2023 - Platforms, Products, and People: The Power of APIs
October 11 & 12, 2023
https://www.apidays.global/australia/

APIs Aren't Enough: Why SaaS Leaders Are Investing In IPaaS
Tim Pettersen, Head of Developer Experience at Atlassian

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

Avatar for apidays

apidays PRO

October 18, 2023
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. APIs aren’t enough Why SaaS leaders are investing in iPaaS

    TIM PETTERSEN | HEAD OF DEVELOPER EXPERIENCE, ATLASSIAN | @KANNONBOY
  2. Atlassian’s Ecosystem In-house Developers Customers and professional services customising our

    products is a key differentiator. Strategic Partners Integration with other SaaS partners is key to our product strategy across our Cloud portfolio. @KANNONBOY Commercial Partners Our commercial Marketplace just passed $3B in lifetime sales in Q3 FY23
  3. BUT NOT AS GREAT AS IT CAN BE OUR ECOSYSTEM

    IS PRETTY AWESOME, @KANNONBOY
  4. @KANNONBOY Jira Cloud Jira Server • “Apps” are stand-alone web

    services, operated by Atlassian partners • Data is exchanged via REST APIs and webhooks • UX is provided by iframes, served directly from partner infrastructure
  5. @KANNONBOY Jira Cloud Jira Server • Apps are stand-alone web

    services, operated by Atlassian partners • UX is provided by iframes, served directly from partner infra • Data is exchanged via REST APIs and webhooks • Apps are Java OSGi bundles that are executed in process, deployed & managed by customers • UX provided by native Jira view technologies (JSP, Webwork, etc) • ORM, logging, AuthN, AuthZ, scheduling, backups, etc. all provided by the platform
  6. @KANNONBOY Jira Cloud Jira Server Build and operate a high

    scale, high availability, secure & compliant web application. Write a few Java classes and front- end assets to handle your business logic, leverage platform abstractions for the rest.
  7. BUT NOT AS GREAT AS IT CAN BE OUR ECOSYSTEM

    IS PRETTY AWESOME, @KANNONBOY
  8. Platformise Trust Abstract away security and data privacy concerns Platform

    goals Simplify Development Let developers focus on delivering customer value @KANNONBOY
  9. Why a FaaS for Ecosystem? H/W O/S Runtime Web App

    Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer @KANNONBOY
  10. Why a FaaS for Ecosystem? H/W O/S Runtime Web App

    Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer @KANNONBOY
  11. Why a FaaS for Ecosystem? H/W O/S Runtime Web App

    Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer @KANNONBOY
  12. Why a FaaS for Ecosystem? H/W O/S Runtime Web App

    Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer Moving up the stack! @KANNONBOY
  13. Why a FaaS for Ecosystem? H/W O/S Runtime Web App

    Business Logic H/W O/S Runtime Web App Business Logic H/W O/S Runtime Web App Business Logic Infrastructure as a Service Platform as a Service Functions as a Service Provided by Platform Built by Developer H/W O/S Runtime Web App Business Logic IPaaS / AppFaaS @KANNONBOY
  14. Abstracted Infrastructure @KANNONBOY # manifest.yml app: id: xxx modules: trigger:

    - key: issue-trigger events: - avi:jira:created:issue - avi:jira:updated:issue function: trigger-func function: - key: trigger-func handler: trigger.run // trigger.js export async function run(event) { // business logic console.log(event.issue.id); }
  15. Abstracted Infrastructure ✅ Simple onboarding - can bootstrap an app

    in minutes ✅ No infrastructure management ✅ Simplified operations ✅ Mitigates most web app security risks ✅ Atlassian can monitor and scan client code 🚧 Automatic Multi-region & Data Residency @KANNONBOY
  16. Abstracted Infrastructure 🚊 Less flexibility in app architecture 🚌 Significant

    migration cost for existing apps 💰 Requires investment in compute & storage primitives @KANNONBOY ✅ Simple onboarding - can bootstrap an app in minutes ✅ No infrastructure management ✅ Simplified operations ✅ Mitigates most web app security risks ✅ Atlassian can monitor and scan client code 🚧 Automatic Multi-region & Data Residency
  17. App Jira Cloud (1) Per-tenant secret issued in a signed

    installation hook Before @KANNONBOY Simplify AuthN & AuthZ
  18. App Jira Cloud (1) Per-tenant secret issued in a signed

    installation hook 
 Secrets (2) Store secret, handle rotation protocols Before @KANNONBOY Simplify AuthN & AuthZ
  19. App Jira Cloud (1) Per-tenant secret issued in a signed

    installation hook (3) Use secret to generate JWT (w/ custom claim) to auth 
 Secrets (2) Store secret, handle rotation protocols (4) Incoming web hooks / iframes also signed with JWTs Before @KANNONBOY Simplify AuthN & AuthZ
  20. App Jira Cloud User Auth Service (1) Per-tenant secret issued

    in a signed installation hook (3) Use secret to generate JWT (w/ custom claim) to auth 
 Secrets (2) Store secret, handle rotation protocols (4) Incoming web hooks / iframes also signed with JWTs (5) Can swap JWT for (short-lived) bearer token to impersonate users Before @KANNONBOY Simplify AuthN & AuthZ
  21. export async function run(event) { await API .asApp() // or

    .asUser() .requestJira(route`/rest/api/2/issue/${event.issue.id}/comment`, { method: 'POST', body: { 'Hello there!’ } }); } After No AuthN / No AuthZ @KANNONBOY
  22. @KANNONBOY 82% of Forge apps on the Marketplace launched in

    3 months or less 44% launched within 4 weeks