Skip to content
PM Certification

API MANAGEMENT TUTORIAL

5 (100%) 5 votes

Table of Contents

Introduction……………………………………………………………………………. 3
Winning at Digital Business…………………………………………………….. 4
The “Why” of Digital Business…………………………………………………. 5
The “How” of Digital Business…………………………………………………. 7
The Importance of APIs………………………………………………………….. 8
Your API Management Team…………………………………………………. 10
Understanding the API Lifecycle…………………………………………….. 13
The API Management Plays……………………………………………………. 14
Integrate and Create APIs………………………………………………………. 16
Secure the Open Enterprise……………………………………………………. 17
Accelerate Mobile and IoT Development………………………………. 18
Unlock the Value of Data………………………………………………………19
API Management Capabilities………………………………………………. 20
API Design……………………………………………………………………………. 22
API Runtime…………………………………………………………………………. 22
API Protection………………………………………………………………………. 23
API Access Control………………………………………………………………… 23
API Ownership…………………………………………………………………….. 24
API Development…………………………………………………………………. 24
API Intelligence……………………………………………………………………. 25
API Discovery………………………………………………………………………. 25
The CA API Management Portfolio……………………………………… 26
API Gateways………………………………………………………………………. 28
API Developer Portal……………………………………………………………. 29
Live API Creator………………………………………………………………….. 30
Conclusion………………………………………………………………………….. 31

 

Introduction

Application programming interfaces (APIs) are essential for executing ideas quickly and seizing new business opportunities. They are the building blocks of digital transformation, enabling organizations to deliver exceptional customer experiences, create new revenue streams and connect employees, partners, apps and devices to data—anytime, anywhere.

APIs are not necessarily a new technology, but in today’s connected world, they have risen in prominence and become important to every facet of the enterprise. This has increased the demand for effective API management. But what does an effective solution look like?

The API Management Playbook will help you understand:

• Why digital business is crucial in the application economy
• How APIs are the building blocks of digital business
• How APIs affect key stakeholders in your organization
• What the API lifecycle is and how it relates to API management
• Thirteen key “plays” that API management should deliver
• The essential capabilities of an API management solution
• What CA API Management brings to the table

Winning at Digital Business

Digital transformation is not about incremental improvements or minor operational changes. It’s about evolving core businesses to meet the demands of the connected world.

The “Why” of Digital Business

Digital transformation is no longer a new idea—digital business is now a reality. 89% of organizations are currently in some phase of implementing a digital-first approach to business processes, operations and customer engagement.1
When IDG surveyed 702 IT and business management decision-makers to find out their top objectives for their digital business strategy, responses were diverse and spanned almost every aspect of the enterprise.

Top objectives of digital business strategy

Despite these differences in motivation, there is ample evidence that the digital transformation of any kind is a key factor in business outperformance. In a 2018 Frost & Sullivan study about how software development is helping business executives achieve KPIs, respondents were asked about their use of various modern application development components. Not surprisingly, the companies who widely adopted APIs, microservices and other tools were more mature in their digital business strategy.
What is interesting to note, however, is that the more mature companies that adopted a modern
application architecture grew twice as fast as those with a lower adoption rate.2

The “How” of Digital Business

Compared to the spectrum of business imperatives, there is a more concise set of technology challenges that must be solved by architects, developers and product managers before their companies can deliver on the promise of a digital-first business strategy. These projects make up the “how” of digital transformation and are primarily focused on integration, supporting the customer experience and accelerating software development.

Most important digital initiatives3

There is a clear connection between the above initiatives and the broader imperatives that drive them. These technology projects create the building blocks upon which successful digital businesses can be built.

Successfully overcoming challenges like integrating apps, eliminating data silos and providing omnichannel access makes an enterprise far more likely to reach transformative goals such as creating better customer experiences and increasing differentiation.

The Importance of APIs

Because they connect data, people, systems and devices, APIs are heavily relied on to deliver the robust and flexible integrations needed for important digital initiatives. As the rate of innovation and the number of connected devices have increased, so too has the importance of APIs and how they are created, consumed and managed at an enterprise scale.

In fact, according to a recent IDG survey, 40% of organizations are already implementing APIs in their digital strategy, making it one of the top five technologies being adopted.

Implementing an effective API strategy empowers organizations to cope better with the rising volume, scale and volatility of customer-facing applications. It also allows them to meet constant demands for new or improved functionality and makes it easier to decouple existing or potential endpoints from backend systems for improved performance, security and manageability.

In Frost & Sullivan’s global survey of IT and business executives, respondents almost universally agreed that APIs and microservices are key success factors for transforming to a digital business.

On average, 8 in 10 executives surveyed believe that a modern application architecture paves the way for faster, better software development while accelerating time to market, reducing costs, streamlining processes and generating better insights.

This is where an API management solution comes in—to provide a formal way of creating, securing, managing and optimizing APIs at enterprise scale throughout the API lifecycle. With so much riding on APIs, these solutions have become a preferred strategy for the world’s most effective digital businesses.

Modern Application Development Success Factors Exh 5

Base: All lines of business except IT (n=768) Q17-Q19. How much do you agree or disagree with the following statement?

Your API Management Team

Because digital transformation reaches deep into the enterprise—affecting every facet of the business and involving every customer channel—there is a diverse range of stakeholders to consider.

Understanding the API Lifecycle

The API lifecycle is a final area to consider. This is an approach that governs the creation, deployment, promotion and optimization of APIs on the provisioning side, as well as their acquisition and usage by API consumers.

On the API provisioning side, enterprises are responsible for a continuous sequence of definition, design, creation, deployment, promotion, security and optimization. This meshes with a parallel cycle for developers who design, acquire APIs for, build, launch and iterate their apps, while potentially providing feedback to improve the overall digital business program.

Although exact responsibilities will overlap and vary, each stakeholder has distinct areas of interest within the lifecycle. Functional coverage within each area is important when considering API management because a good solution offers effective tools with clear benefits for each role.

Good API management provides the foundation needed to execute the entire API lifecycle, along with targeted tools, to help stakeholders efficiently complete the work required to move APIs through each step.

The API Management Plays

With five different stakeholder groups, two interdependent lifecycles and 13 unique steps, it’s no wonder that API management is often viewed as confusing. When you also consider the diverse business imperatives that drive digital transformation, plus the intrinsic flexibility of API integrations, the relative merits of different API management solutions can be hard to assess.

Consider evaluating API management capabilities based on their ability to make these tactical “plays”—a collection of the most common and essential use cases, grouped into focus areas for each of the key stakeholders. The best part of this method is that almost any business scenario that calls for a managed approach to deploying APIs will be composed of some combination of these 13 plays.

Key Players: Enterprise Architects, API Owners

Digital initiatives based on APIs are all about providing scalable, reliable connectivity between data, people, apps and devices. To support this mission, experienced architects look for API management to help them solve the
challenge of integrating systems, adapting services, orchestrating data and rapidly creating modern, enterprise-scale REST APIs from different sources. The right solution will help them:

• Easily connect SOA, ESB and legacy applications. API management will streamline integrations across disparate systems such as CRM or databases by providing protocol adaptation, mediation and transformation.
• Aggregate data including NoSQL up to 10 times faster. API management will orchestrate both structured and unstructured data from multiple sources at the API layer to accelerate the development of better, more engaging web and mobile apps.
• Build scalable connections to cloud solutions. API management will enable the creation of high-performing yet cost-effective digital platforms that integrate on-premises systems and cloud solutions with robust traffic management.
• Automatically create data APIs with live business logic. API management will provide point-and-click functionality that can instantly generate enterprise-grade REST APIs from multiple data sources, with business logic processing to streamline the integrations.

Key Players: Security, Developers

The open enterprise must be secured completely, from the app to the API, while maintaining streamlined user experience. Information security professionals look for API management to identify and neutralize critical threats, enable robust policies, offer consistent and repeatable security for mobile apps and provide the capabilities needed to deliver features such as single sign-on and risk-based access. The right solution will help them:

• Protect against threats and OWASP vulnerabilities. API management will provide threat detection and neutralization for key OWASP vulnerabilities such as SQL injections, cross-site scripting and denial-of-service (DDoS) attacks.
• Control access with SSO and identity management. API management  will secure apps and their connections, while maintaining or enhancing user convenience.
• Provide end-to-end security for apps, mobile and IoT. API management will protect the digital value chain from frontend app to backend API and bring security to the IoT. It should extend controlled access to all touchpoints—from web apps to vehicles—while supporting convenient features such as social login or risk-based authentication.

Key Players: Developers, API Owners

Competitive pressure, rising customer expectations and the increasing pace of change mean that applications—especially for mobile and IoT—must be delivered faster and more efficiently than ever. Developers look for API management to help them discover, acquire and consume APIs quickly, while also providing tools that speed up or eliminate the “dirty work” of repeatedly building core functionality to handle data and security. The right solution will help them:

• Simplify and control developer access to data. API management will provide a controlled way to access systems of record that shields developers from unnecessary complexity. It should aggregate and orchestrate data while ensuring compliance through authorization, shaping and policy management.
• Build a wider partner or public developer ecosystem. API management will empower internal and external developers by streamlining API consumption lifecycle tasks such as discovery, acquisition, design and collaboration.
• Leverage tools that reduce mobile app delivery time. API management will accelerate and simplify mobile implementations by providing
• developers with reusable services in the form of SDKs and APIs that handle security, messaging and offline storage.

Key Players: Line of Business, API Owners

• Monetize APIs to generate revenue. API management will provide the functionality needed to package, price and sell data products or services via any combination of free, freemium, purchase, subscription or consumption models. It should also simplify integration with analytics and billing services.
• Build digital ecosystems to enhance business value. API management will deliver the granular control, compliance, security and reporting mechanisms needed to support the expansion of digital value chains across a wide range of platforms, apps, devices, partners and third parties.
• Create efficiencies through analytics and optimization. API management will encourage companies to build more efficient, higher-performing and scalable digital ecosystems by providing instrumentation and analytics that allow them to optimize technical and business performance.

By focusing on these 13 plays when considering an API management solution, you can ensure that the platform will offer the right mix of functionality while also providing a high degree of flexibility, scalability and security to meet current and future requirements.

API Management Capabilities

Successfully covering all of the plays requires an API management solution to have features that address every step in the API lifecycle. CA API Management delivers this range of capabilities. It’s a strategic foundation for the entire API lifecycle that provides specific tools needed by each persona to move APIs through the process, from design to monetization.

API Design

Area of Focus: Integrate and Create APIs
Key Players: Enterprise Architects, API Owners

• API connectivity centralizes connectivity and authentication between on-premises enterprise platforms, social networks, cloud apps and notification services.
• Rapid API creation generates enterprise-grade APIs from multiple data sources—including RDBMS, NoSQL, existing APIs and JSON—with an efficient point-and-click interface that supports pagination, optimistic locking, filtering, sorting and more.
• Adaptation reliably externalizes services and data as modern RESTful APIs for Web, mobile and IoT consumption.
• Orchestration composes and orchestrates modern REST and OData APIs from existing or legacy backend APIs.

API Runtime

Area of Focus: Integrate and Create APIs
Key Players: Enterprise Architects, API Owners

• Rules processing significantly reduces the complexity of composing data from multiple sources by applying reactive business logic at runtime.
• Traffic management improves performance and user satisfaction by prioritizing traffic to ensure that APIs remain available and responsive.
• Aggregation reduces on-device processing and latency by aggregating API responses for mobile apps and the IoT.
• Caching/compression improves performance and service availability by caching responses to common API requests, pre-fetching content, doing JSON conversion and performing message compression.

API Protection

Area of Focus: Secure the Open Enterprise
Key Players: Security, Developers

• Fine-grained policies centrally manage and secure data assets, with integrations to popular IAM systems and support for standards such as OAuth and OpenID Connect, in a platform that is FIPS 140-2 compliant with Common Criteria Certification.
• OWASP vulnerabilities protect apps and APIs against critical threats such as SQL injections, cross-site scripting and DDoS attacks, and validates HTTP parameters, REST queries, JSON data structures, XML schemas and other payloads.
• Security SDKs improves mobile security with client-side libraries, code, documentation and mobile services to help developers simplify the implementation of SSO, encryption, certificates and secure offline data storage.
• Mobile/IoT security extends enterprise security infrastructure to new endpoints by integrating popular IAM systems with mobile and IoT apps.

API Access Control
Area of Focus: Secure the Open Enterprise
Key Players: Security, Developers

• Authorization provides trusted, industry-standard access control for front-end apps, with support for a wide range of protocols and standards. Tracks policy violations and failed authentications to identify patterns and potential threats.
• Risk-based access adds additional trust and convenience to authentication with access based on geolocation, social credentials and device proximity through QRC, NFC or BLE connections.
• SSO improves the user experience with SSO capabilities that integrate with popular IAM applications including CA Single Sign-On, LDAP and platforms from other vendors.
• OAuth/OpenID Connect offers support for common standards including OAuth 2.0, OpenID Connect, SAML, X.509 certificates and LDAP.

API Ownership
Area of Focus: Accelerate Mobile and IoT Development
Key Players: API Owners, Developers

• API Discovery/Portal streamlines API publication with a full suite of portal features including developer enrollment and onboarding, key management, provisioning and reporting.
• Collaboration tools deliver a better developer experience and ecosystem via a sophisticated content management system, support tools and discussion forums.
• Code generation allows developers to automatically generate client-side code in popular programming languages including JavaScript, node.js, Python, Ruby, PHP, Objective C, Java™ and Curl.
• Documentation automatically produces interactive documentation from industry-standard WADL/RAML files to help developers accelerate implementation.

API Development

Area of Focus: Accelerate Mobile and IoT Development
Key Players: Developers, API Owners

• Mobile/IoT services provide common backend services in the form of APIs and SDKs that can be used and shared across multiple mobile or IoT apps, improving implementation speed, consistency and security.
• Mobile security protects mobile and IoT apps with a wide range of methods, including OAuth 2.0 and OpenID Connect for authorization, mutual SSL for encryption, PKI support and secure offline data storage.
• Offline data storage allows for secure, easy-to-use local and cloud data stores in mobile apps, with standards-based APIs, native mobile SDKs and encryption.
• Messaging/pub-sub provides user and group management via SCIM 2.0, secure messaging and publish-subscribe services using MQTT and native mobile SDKs.

API Intelligence

Area of Focus: Unlock the Value of Data
Key Players: Line of Business, API Owners

• Performance analytics deliver up-to-the minute tracking of operational KPIs such as transactions, availability and latency for troubleshooting and adherence to SLAs.
• Business analytics generate summary reports to track how developers are utilizing APIs against their quota, and provide custom, ad-hoc reporting into the health and performance of the API ecosystem for forecasting or analysis.
• Mobile app analytics track applications as they move from development through testing to production and report on metrics such as revenue generation per app or developer over time.

API Discovery

Area of Focus: Unlock the Value of Data
Key Players: Line of Business, API Owners

• Account management provides plans, accounts and tiers to organize filter and stratify developers, and monitors application usage to determine which developers are the most valuable and allows account managers to be assigned.
• Keys/provisioning allows managers to create, assign, suspend or revoke API keys and optionally gate the generation of keys for each application, as well as provides throttling and shaping to customize access to APIs based on different SLAs once authorized.
• Plans/tiers allow for standard or unique plans and tiers for each API, with individual quotas, rate limits and other fine-grained controls.
• Billing integration provides a revenue planner to help map the monetization potential of charging developers for API usage and allows the model to be applied to a billing system with a single click.

The CA API Management Portfolio

For maximum flexibility, CA API Management is comprised of several products, each focused on a specific area of the API lifecycle. In addition, many of the capabilities are offered in several deployment options— on-premises, SaaS or hybrid—to meet the infrastructure and investment preferences of any business.

CA API Management is a flagship solution that addresses and streamlines the entire API lifecycle and digital value chain. The functionality it provides allows organizations to rapidly integrate and create APIs, secure the open enterprise, accelerate mobile development and unlock the value of data.

CA API Gateway, CA Mobile API Gateway and CA API Management SaaS are the heart of the API management portfolio and enable enterprises to securely open their data and applications to both internal and third-party developers. They combine policy management with runtime policy enforcement and can integrate with identity and access management products for a true plug-and-play solution to building a secure digital ecosystem.

CA API Gateway can be configured in a variety of form factors, scales easily and may be deployed in a failover environment for high availability.

CA Mobile API Gateway adds additional capabilities that simplify the process of adapting internal data, applications and security to meet the needs of mobile endpoints and IoT.

Finally, CA API Management SaaS offers a turnkey API lifecycle and developer management option for enterprises where ease of use, fast time to value and reducing capital spending are paramount. Built from the ground up as a multi-tenant cloud offering, it leverages Amazon Web Services infrastructure to scale efficiently and cost-effectively while still providing the enterprise-grade functionality that businesses need to fully participate in the
application economy.

CA API Developer Portal gives businesses a central place to empower developers who are building Web, mobile and IoT applications based on enterprise APIs. It provides robust developer management capabilities that make it easier to plan, package, provision and monitor the usage of APIs by both internal and external resources. It supports the developers themselves with tools such as documentation, automatic code generation and collaboration features that simplify and accelerate front-end development.

When integrated with the gateway products, the CA API Developer Portal eliminates the need to deploy solutions from multiple vendors, greatly reducing acquisition costs, infrastructure requirements and maintenance overhead.

CA Live API Creator is an innovative API lifecycle product that allows businesses to almost instantly create responsive, enterprise-grade REST APIs from both legacy and modern data sources. It significantly reduces time and cost during the development process by adding automation and business logic enforcement to the definition, design, creation and runtime steps of the API lifecycle.

Enterprise architects, developers and API owners can build and extend REST endpoints that combine data from structured, unstructured and other API sources using a streamlined point-and-click interface. A reactive programming model 40x more concise than code vastly improves productivity over traditional approaches. A high-performing API server allows for the live execution of business rules at runtime.

For any organization that has embraced APIs and is ready to expand the scope of their lifecycle beyond management and enforcement, CA Live API Creator offers an incredible opportunity to shift left and move forward.

Conclusion

APIs are the building blocks of digital transformation. They enable organizations to deliver exceptional customer experiences, create new revenue streams and connect employees, partners, apps and devices to data-anytime, anywhere.

CA API Management is a central launch point for these digital initiatives. It provides the full range of capabilities needed to orchestrate legacy and modern systems, rapidly create APIs to safely expose data, protect these integrations with militarygrade security, accelerate mobile development and unlock the value of these digital ecosystems through analytics and monetization. And because every business is unique, CA API Management offers the most flexible deployment options, including on-premises, SaaS or a hybrid combination—all with enterprise-grade scalability and performance.

In November 2016, CA Technologies was recognized as a Leader in the API Management space by Forrester Research in The Forrester Wave™: API Management Solutions, Q4 2016 evaluation. CA Technologies was also named a Leader in Gartner’s 2018 Magic Quadrant for Full Life Cycle API Management and is the only vendor to be named a Leader for six consecutive reports.6 Analyst firm KuppingerCole placed CA Technologies atop the “Overall Leadership” category in its KuppingerCole Leadership Compass: API Security Management report in July 2015.