Building an API Factory: Turn your APIs into Products
nuwandias
156 views
20 slides
Oct 29, 2020
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
A session which discusses how an organization should look at treating their APIs and the things to be concerned of at each lifecycle state of their APIs.
Slide Content
Building an API Factory: Turn your APIs
into Products
October 29, 2020
into Products
October 29, 2020
Hello!
Nuwan Dias
VP and deputy CTO for API Management and Integration - WSO2
@nuwandias
Co-Author of Microservices Security in Action
Nuwan Dias
VP and deputy CTO for API Management and Integration - WSO2
@nuwandias
Co-Author of Microservices Security in Action
Anything that can be offered to a market to satisfy the desires or needs of a
customer.
What is a Product?
3
customer.
What is a Product?
3
APIs are building the foundation of our
entire digital experience.
entire digital experience.
APIs do two valuable things.
●APIs connect your customers to your data and services.
●APIs simplify that connection process.
The API Wave
5
Makes it easy to securely connect your bank to
the apps you want to use
●APIs connect your customers to your data and services.
●APIs simplify that connection process.
The API Wave
5
Makes it easy to securely connect your bank to
the apps you want to use
The API Product Factory
Observe
Build
Test
Deploy
Evangelise
API Product Lifecycle
Evolve
Observe
Build
Test
Deploy
Evangelise
API Product Lifecycle
Evolve
Building APIs: Strategy
●API Goals
⦿Why are you building your API?
⦾Direct revenue (Twilio, Stripe)
⦾Digital Services -> More Reach -> More Customers
⦾Lowered OPex
⦿Who are you building your API for?
⦾Internal
⦾External
⦾Public
●API Tactics
⦿What KPIs should be captured from the API?
⦾No of subscriptions
⦾API Usage
⦿How to promote the API?
7
●API Goals
⦿Why are you building your API?
⦾Direct revenue (Twilio, Stripe)
⦾Digital Services -> More Reach -> More Customers
⦾Lowered OPex
⦿Who are you building your API for?
⦾Internal
⦾External
⦾Public
●API Tactics
⦿What KPIs should be captured from the API?
⦾No of subscriptions
⦾API Usage
⦿How to promote the API?
7
Building APIs: API Architecture
●Layered and Segmented Architecture
8 Reference: https://github.com/wso2/reference-architecture/blob/master/reference-architecture-layered-segmented.md
●Layered and Segmented Architecture
8 Reference: https://github.com/wso2/reference-architecture/blob/master/reference-architecture-layered-segmented.md
Building APIs: API Architecture
●Decentralized Cell Based Architecture
9Reference: https://github.com/wso2/reference-architecture/blob/master/reference-architecture-cell-based.md
●Decentralized Cell Based Architecture
9Reference: https://github.com/wso2/reference-architecture/blob/master/reference-architecture-cell-based.md
Building APIs: Design
●Choose the style of your API
⦿REST/JSON
⦿gRPC
⦿GraphQL
⦿Streaming APIs / Asynchronous
⦿SOAP
●Choose your design methodology
⦿Prototype -> Implement -> Evolve
●Choose your API versioning strategy
●Choose your vocabulary and design standards
⦿ Guideline for REST APIs: https://wso2.com/whitepapers/wso2-rest-apis-design-guidelines/
10
●Choose the style of your API
⦿REST/JSON
⦿gRPC
⦿GraphQL
⦿Streaming APIs / Asynchronous
⦿SOAP
●Choose your design methodology
⦿Prototype -> Implement -> Evolve
●Choose your API versioning strategy
●Choose your vocabulary and design standards
⦿ Guideline for REST APIs: https://wso2.com/whitepapers/wso2-rest-apis-design-guidelines/
10
Building APIs: Integrating Systems
●Modern APIs often connect to to other systems/APIs.
⦿SaaS APIs
⦿Datasources
⦿Legacy Systems
⦿Files
●Building modern APIs therefore require strong integration capabilities.
⦿Low code/No code integration capabilities
⦿Building resilient communications
⦿Securing communication channels
⦿Managing errors
⦿Traceability of messages
●Enterprise Integration plays a major role in building APIs.
11
●Modern APIs often connect to to other systems/APIs.
⦿SaaS APIs
⦿Datasources
⦿Legacy Systems
⦿Files
●Building modern APIs therefore require strong integration capabilities.
⦿Low code/No code integration capabilities
⦿Building resilient communications
⦿Securing communication channels
⦿Managing errors
⦿Traceability of messages
●Enterprise Integration plays a major role in building APIs.
11
API Security is much more than Authentication and Authorization!
Building APIs: API Security
12
API
Bot Detection
Authentication
& Authorization
Rate Limiting
Payload
Scanning
Payload
Scanning
Data Redaction
Surveillance
Logs
AI / ML Analysis
Building APIs: API Security
12
API
Bot Detection
Authentication
& Authorization
Rate Limiting
Payload
Scanning
Payload
Scanning
Data Redaction
Surveillance
Logs
AI / ML Analysis
Building APIs: Lifecycle Management
●Under Development
⦿WIP - Private access only
●Published
⦿Active - Available for regular access
●Maintenance
⦿Down for maintenance, will be up shortly
●Deprecated
⦿Current version works for existing users only. New users have a newer version to use.
●Retired
⦿Taken out of action. Newer version available.
13
●Under Development
⦿WIP - Private access only
●Published
⦿Active - Available for regular access
●Maintenance
⦿Down for maintenance, will be up shortly
●Deprecated
⦿Current version works for existing users only. New users have a newer version to use.
●Retired
⦿Taken out of action. Newer version available.
13
Building APIs: API Documentation
●DX is key - Focus largely on intuitiveness of APIs.
●Automate the creation of API docs as much as
possible.
●Provide SDKs for API consumers.
●Provide an API Try Out tool with examples.
14
●DX is key - Focus largely on intuitiveness of APIs.
●Automate the creation of API docs as much as
possible.
●Provide SDKs for API consumers.
●Provide an API Try Out tool with examples.
14
API Testing
●Development Time
⦿Functional testing - Unit and Integration tests for APIs
●Continuous Testing
⦿Availability Tests - API health endpoints
⦿Response Time Tests
⦿Security Tests
⦿Test availability of dependant APIs
●API Testing Tools
⦿ Postman
⦿ RapidAPI
⦿ Insomnia
⦿ API Fortress
●Provide a Sandbox API for consumers
15
●Development Time
⦿Functional testing - Unit and Integration tests for APIs
●Continuous Testing
⦿Availability Tests - API health endpoints
⦿Response Time Tests
⦿Security Tests
⦿Test availability of dependant APIs
●API Testing Tools
⦿ Postman
⦿ RapidAPI
⦿ Insomnia
⦿ API Fortress
●Provide a Sandbox API for consumers
15
API Deployment
16
●Two aspects of APIs to deploy
⦿API Runtime
⦿API Metadata
●Create immutable API deployment packages
⦿Can’t be modified, only replaced.
●Build a CI/CD pipeline for your APIs
⦿APIOps - DevOps for APIs
⦿Every change becomes a revisioned commit, that can be reverted.
●Deployment Strategies
⦿Blue/Green
⦿Canary
●Autoscaling API Runtimes
16
●Two aspects of APIs to deploy
⦿API Runtime
⦿API Metadata
●Create immutable API deployment packages
⦿Can’t be modified, only replaced.
●Build a CI/CD pipeline for your APIs
⦿APIOps - DevOps for APIs
⦿Every change becomes a revisioned commit, that can be reverted.
●Deployment Strategies
⦿Blue/Green
⦿Canary
●Autoscaling API Runtimes
Evangelise
●Publishing APIs on API Marketplaces
⦿Internal
⦿External
⦿Public - RapidAPI, ProgrammableWeb
●API Developer Portals
17
●Publishing APIs on API Marketplaces
⦿Internal
⦿External
⦿Public - RapidAPI, ProgrammableWeb
●API Developer Portals
17
Observe
●API Runtime Metrics
⦿ Uptime
⦿ Response Time
⦿ Request Rates
⦿ Error Results
⦿ Tracing, Metrics and Logs
●API Business Metrics
⦿ New subscriptions
⦿ Churn
⦿ Generated revenue (direct monetization)
⦿ Contribution to overall revenue (indirect monetization)
●Developer NPS
⦿ Attention to issues being reported
⦿ Feature requests
●Establish a good feedback mechanism and strategy
18
●API Runtime Metrics
⦿ Uptime
⦿ Response Time
⦿ Request Rates
⦿ Error Results
⦿ Tracing, Metrics and Logs
●API Business Metrics
⦿ New subscriptions
⦿ Churn
⦿ Generated revenue (direct monetization)
⦿ Contribution to overall revenue (indirect monetization)
●Developer NPS
⦿ Attention to issues being reported
⦿ Feature requests
●Establish a good feedback mechanism and strategy
18
Evolve
●API Roadmap and alignment towards strategy
●Launching of newer API versions
⦿Advertise/Evangelise
●Migration strategy for users of the existing version
⦿Backwards (in)compatibility
⦿Grace period
●Retirement plan for APIs
⦿Deprecate first
⦿Notify users of deprecation
⦿Use analytics to find usage of current/old version
⦿Retire when ready
19
●API Roadmap and alignment towards strategy
●Launching of newer API versions
⦿Advertise/Evangelise
●Migration strategy for users of the existing version
⦿Backwards (in)compatibility
⦿Grace period
●Retirement plan for APIs
⦿Deprecate first
⦿Notify users of deprecation
⦿Use analytics to find usage of current/old version
⦿Retire when ready
19
wso2.com
Thanks!
Thanks!
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 156
- Slides 20
- Age 1860 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
20 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
24 views