apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM

Transcript

1. Beyond REST - multi-form API management Claudio Tag Chief Architect,

   IBM Automation, Asia Pacific [email protected] IBM @ apidays Singapore The Arts House at The Old Parliament, Singapore 12 & 13 April 2023
2. None

3. API Management remains essential to digital transformation Speed application development

   and ongoing app evolution via reusable APIs Expand brand reach by publishing APIs to tap into a broad developer community Enable digital business through new channels for partners and monetizing data Securely expose data and business applications on-premise and across clouds are expected to be delivering "agile connectivity" via APIs and architectures that interconnect digital solutions from cloud vendors, system developers, start-ups, and others. Source: IDC FutureScape: Worldwide CIO Agenda 2019 Predictions 70% of CIOs IBM @ apidays Singapore

4. IBM @ apidays Singapore

5. The API Management Model IBM @ apidays Singapore

6. Without a strong API Management solution Limited visibility of your

   API Estate Without a comprehensive catalog of your existing APIs, you could be wasting time duplicating APIs or not using your APIs to their fullest. Ad-hoc & Inconsistent Lifecycle Experience To deliver a best-in- class experience for consumer and providers the fully managed lifecycle of individual and groups of APIs must be realized. Proper lifecycle management of your APIs includes creation through retirement and everything in between. Security vulnerabilities Every API endpoint is a potential doorway to your IT estate. If you don’t have a robust management system that sees into all APIs and helps you consistently secure and manage them, you are leaving yourself open to cyber attacks. IBM @ apidays Singapore

7. The API Management Model IBM @ apidays Singapore Providing consistency

   and governance across the lifecycle of your APIs

8. API Management – Facets of a Solution IBM @ apidays

   Singapore Developer Portal API Manager API Implementation API gateway API Gateway: • Decoupling/routing • Traffic management • Security • Translation Developer portal: • API discovery • Self-service – Onboarding – API subscription • Account usage analytics API Manager: • API/plan/product design • Access management • Policy administration • API plan usage analytics The API implementation should not be burdened with the complexities of API exposure. These consumer facing aspects should be delegated to a separate capability providing as a minimum, a gateway, a developer portal, and API management.

9. IBM @ apidays Singapore

10. APIs are taking more shapes and sizes IBM @ apidays

    Singapore 9 Websockets SOAP {REST} Kafka GraphQL

11. Common API Management pain points apply across integration use cases

    IBM @ apidays Singapore Ber API-led Integration Event-led Integration Messaging & Connectivity How to control access? • Authentication and authorization How to manage workloads? • Isolation and rate limiting How to enable agile development? • Discovery and self-service How to prevent duplication? • Socialization and reuse How to stop breaking changes? • Decoupling and versioning

12. The API Management Model IBM @ apidays Singapore Providing consistency

    and governance across the lifecycle of your APIs

13. REST, GraphQL and SQL IBM @ apidays Singapore customer (email:

    “[email protected]”) { name orders { deliveryStatus { expectedDate } } } Focus on exposing backend details for one data source Focus on “ease of consumption” across any data source { id: 1 email:.. address: … } { id: date: amt: … } customers orders SQL Focus on flexibility of querying across “relational” data sources select name, .. from customers join orders on (...) join delivery on (...) where email = …

14. Federation is a super power of GraphQL IBM @ apidays

    Singapore One View for the consumer Independence to/from teams Mapping between Domain APIs and Experience APIs Creation of Bespoke BFFs

15. Why API management for GraphQL IBM @ apidays Singapore +

    • Single Gateway technology beyond Web services and REST with GraphQL support • Single Portal to socialize • Secure and Manage APIs with GraphQL backends, efficiently managing compute intensive services • Threat Protection against cyberattacks using advance query complexity analysis to prevent API-based attacks • Rate Limit GraphQL queries with consumer plans based on the query cost

16. Two sides to every good customer experience IBM @ apidays

    Singapore The user engages the app Requests The app engages the user Events YOUR MOBILE APP

17. APIs and Events IBM @ apidays Singapore Request Action Request

    State Notifications App Ack Req API App Resp Req API App App

18. Decentralised Discoverable Described Decoupled E n g a g i

    n g a n d I n t e l l i g e n t a p p s R e s p o n s i v e e x p e r i e n c e s Event Distribution API Management for Events IBM already contributing into the Async APIspecification. Async API is rapidly evolving and IBM tooling produces a valid AsyncAPI doc for a Kafka cluster with no knowledge required. IBM @ apidays Singapore Describing Events Events need to be described so developers can quickly understand what they are and how to consume them. Discovering events An interface that cannot be found is no use to anyone. Decentralise access Innovation flows best when people have the freedom to explore. Decoupled systems Loosely coupled systems are more flexible and less fragile. The technology emitting the event should not dictate how it must be consumed.

19. API Management – Facets of a Solution IBM @ apidays

    Singapore Developer Portal API Manager API Implementation API gateway API Gateway: • Decoupling/routing • Traffic management • Security • Translation Developer portal: • API discovery • Self-service – Onboarding – API subscription • Account usage analytics API Manager: • API/plan/product design • Access management • Policy administration • API plan usage analytics The API implementation should not be burdened with the complexities of API exposure. These consumer facing aspects should be delegated to a separate capability providing as a minimum, a gateway, a developer portal, and API management.

20. IBM @ apidays Singapore Developer Portal API & Event Endpoint

    Manager Producer application Event gateway Event Gateway: • Decoupling/routing • Traffic management • Security Developer portal: • Topic discovery • Self-service – Onboarding – Topic subscription • Account usage analytics API & Event Endpoint Manager: • Topic/plan/product design • Access management • Policy administration • Usage analytics Producer application Producer application Producer application Event broker Event broker Event Endpoint Management

21. With IBM you can manage APIs, GraphQL, and Events in

    one way, one place - across multiple gateway types IBM @ apidays Singapore IBM Developer Portal IBM API & Event Endpoint Manager API Implementation IBM API gateway API Implementation IBM Event gateway Producer application Producer application Producer application Event broker Event broker

22. With IBM you can manage APIs, GraphQL, and Events in

    one way, one place - across multiple gateway types IBM @ apidays Singapore IBM Developer Portal IBM API & Event Endpoint Manager API Implementation IBM API gateway API Implementation IBM Event gateway Producer application Producer application Producer application Event broker Event broker Third-party API gateway

23. IBM API Connect IBM @ apidays Singapore IBM API Connect

    powers digital applications by unlocking business data and assets as APIs Socialize Empower API consumers with integrated portals to discover, test, & consume APIs building your digital brand and community Secure Easily apply built-in and extensible policies to secure, control and mediate the delivery of APIs with scalable enterprise-grade gateways Create Develop new APIs rapidly with the intuitive API Editor, thereby unlocking data, applications and services by using open standards Manage Package, publish, promote and reuse APIs across environments with full lifecycle control throughout

24. IBM API Connect is consistently recognized as a market leader

    IBM @ apidays Singapore IBM Ranking: Leader IBM Ranking: Leader 7th time in a row. IBM is the only vendor to score in the top 3 for each of the critical capabilities: – Multiexperience Architecture – Integration using APIs – Internal API management – Productizing APIs – Distirbuted API management Source: The Forrester Wave: API Management Solutions, Q3 2022 Source: Gartner Critical Capabilities for Full Life Cycle API Management Source: Gartner Magic Quadrant: Full Lifecycle API Management, 2022

25. IBM API Connect & StepZen IBM @ apidays Singapore Create

    Build APIs your consumers will love: declaratively build GraphQL APIs. Manage, Secure & Socialize Package, publish, promote and socialize. Control and mediate delivery with API Gateway. IBM API Connect SOFTWARE DEVELOPER Build and consume APIs with multiple languages & devices Build here Manage there

26. Join us at Booth#11 and learn about how the API

    management model can apply more broadly beyond REST IBM @ apidays Singapore
27. None