api-governance-in-the-enterprise-161020171821.pptx

xmasmen4u 22 views 27 slides Jul 18, 2024
Slide 1
Slide 1 of 27
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27

About This Presentation

API SMG overnance enter

Size: 1.09 MB
Language: en
Added: Jul 18, 2024
Slides: 27 pages

Slide Content

API Governance in the Enterprise Robert Broeckelmann , Levvel Dino Chiesa , Apigee

Slideshare slideshare.com / apigee Apigee Community https:// community.apigee.com YouTube youtube.com/apigee

API Governance In The Enterprise Robert C. Broeckelmann Jr.

DISCLAIMERS What we present here is one of numerous possible ways to use A pi gee technology. Your situation and requirements will probably differ. As always, test things in a non-production environment prior to using anything in production. We are not responsible for spontaneous combustion of the known universe or any other undesirable outcomes associated with using what is discussed here. 3

AGENDA What is API Management? API Management--The Full Stack API Management Solution Architecture What Is API Governance? One Organization’s Requirements API Lifecycle Management API Governance Ties Into... Lessons Learned Questions 4

WHAT IS API MANAGEMENT? Allows an organized approach to using APIs to open up an organization or system’s data so that it can be utilized by other parts of the organization or third-parties in new and useful ways. 5

WHAT IS API MANAGEMENT? From a business perspective, API Management is a revolution; from a technical perspective, it is an evolution of the earlier Service Oriented Architecture (SOA) paradigm. 6

WHAT IS API MANAGEMENT? Spans B2E, B2C, B2B User Spaces Spans Mobile, Integration, Identity, Security concerns. 7

WHAT IS API MANAGEMENT? The process of publishing, promoting, and overseeing APIs in a secure, scalable environment Ensuring that developers and partners are productive Managing, securing, and mediating your API traffic Allowing an organization to grow their API program to meet increasing demands Enabling the monetization of APIs The intersection of technology, business, organization, and integration concerns 8

THE API M ANAGEMENT ”FULL STACK” 9 Data Modeling Interface Modeling API Management Solution Management Portal Developer Portal API Gateway Registry & Repository Identity Stack Application Infrastructure Monitoring User Repository Federation User Provisioning Application Firewall Reverse Proxy DevOps Logging

API M ANAGEMENT SOLUTION ARCHITECTURE 10

WHAT IS API GOVERNANCE? API Governance is also part of API Management… … probably the most important part. 11

WHAT IS API GOVERNANCE? Governance is not a bad thing; though, your experiences with it would, probably, make you disagree. In fact, for anything to be truly adopted by the enterprise, it must have adequate and functional governance. The trick is to strike the right balance. Self-service and automation is the key to making the governance process(es) workable. 12

WHAT IS API GOVERNANCE? Allows for a policy driven approach (vs. ad hoc) to enforcement; not just runtime, but throughout the design and development process single point to manage policies and enforcement. 13

WHAT IS API GOVERNANCE? API governance includes: tracking what (API) is deployed where (environment) tracking who is calling what how is it (API) protected? defining interface standards gathering statistics (about API consumers, APIs, and the Developer Portal) API versioning JSON (or XML) Schema versi oning tracking routing information tracking what policy should be applied to it (API) sun-setting (retiring a version of the API) 14

One Organization’s Requirements Every organization’s governance requirements will have some unique aspects. There will also be a large amount of overlap. Example Requirements this organization had Isolation between Non-Production and Production. Two Apigee org anizations ; (NP: 3 environments, PRD: 1 environment) Four environments included in SDLC (Software Development Life Cycle) Organization uses Swagger 2.0 to describe interfaces

One Organization’s Requirements Requirements 3rd Party IdP (Azure Active Directory) used AAD acts as token generator for all actors. Apigee customized to work with AAD-produced tokens. came from the organization's IAM and Information Security teams. drove much complexity Top-down development methodology utilized. Building a program that supports the entire business. Rather than a particular line of business or development group. Many different concerns. 16

API LIFECYCLE MANAGEMENT API Lifecycle Management (which tracks the interface’s life-cycle, not the implementation) is part of API Governance. The details will vary, but this basically describes the promotion process (life-cycle) of an API version from initial concept, to definition, to the lowest-level development environment, to production, and eventually to sun-setting. 17

API LIFECYCLE MANAGEMENT S uppose your organization has the following environments: Unit Test Environment Quality Assurance Environment Load Test Environment Production Environment Now, let’s assume that your API life-cycle captures the following additional steps: Inception (identification of a business or technical need) Definition (interface definition) Development Sun-setting (retiring a version of the API) The API Lifecycle will account for all of these states 18

API GOVERNANCE TIES INTO API Governance ties into: Change Management Asset Management Configuration Management Legacy SOA Governance (with the goal of eventually replacing it) Quality Assurance Information Security IT Auditing Within Enterprise IT all of these things are interrelated.  The processes and organization should reflect this. Yes, it sounds heavy weight.  But, effective self-service and good processes makes all the difference in the world. 19

DEVOPS TIE-IN API Governance ties into DevOps The Developer Portal provides a self-service platform to allow developers to register with the system create applications provision credentials subscribe to APIs view documentation other activities The Developer Portal can also increase development and decrease cycle time decrease Mean T ime To Resolution (MTTR) enable stakeholder-level overview ease compliance and reporting 20

LESSONS LEARNED Most small to medium sized organizations can probably use the Apigee developer portal and built-in processes out of the box without significant modification. The enterprise IT organization is different.  Different = messy details. There are exceptions to every rule (including this one).   There is probably a small or medium sized organization out there that has had to deal with these issues. 21

LESSONS LEARNED Not all organizations are focused on opening their data up to arbitrary third parties.  It may be that internal development teams and B2B Business Partner development teams are the primary focus of the API Management Developer Portal. Not the API Management use case we often hear about , but very important for many organizations. Anything that involves interacting with many development teams outside of your control can benefit from an API Management solution to better manage and communicate with those actors. 22

LESSONS LEARNED For th is organization, API Governance was an evolution of SOA Governance paradigm that was already in place. Not starting from scratch. Executive sponsorship, buy-in from business/senior management is critical. 23

LESSONS LEARNED Integration with a Third Party Identity Provider is likely imperative in a large organization. Is Apigee Edge or the third-party IdP issuing tokens to API consumers? If third-party IdP, introduces much complexity to Edge. If so, a pplications must be registered with the third-party IdP and Apigee Edge. If the third-party IdP is issuing tokens, n ecessitates replicating client identifiers into Apigee Edge's IdP for Quota Enforcement and Business Analytics. 24

LESSONS LEARNED The group that is supporting your Apigee Edge API Gateway may not be the same group that supports the Developer Portal infrastructure. Different skill sets. Drupals/PHP vs. Javascript/node.js/Edge Policy Apigee Developer Portal did not have good support for multiple endpoints for the same API. H ad to import the same Swagger for each endpoint (one endpoint per environment).
Tags
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 22
  • Slides 27
  • Age 502 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
21 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views
View More in This Category