Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
API Management. What financial and public sector customers require. NOW.
Agenda
API Economy
API for Banks
API for Public Institutions
Differences SOA vs. API
3scale API management Platform & Architecture
Demo
The API Economy
Importance of APIs Your company’s brand to the marketBridge between IT & business concernsCore for business successGrowth drivers – API EnterpriseMobile: 54% ecommerce sales (Forrester)B2B: 2016 50% of B2B collab. via APIs (Gartner)IOT: $7.1 trillion by 2020 (IDC)You’re not aloneExpedia: $4B revenue from APIseBay: 60% listings via APIs
The API Economy?What we need to create
API We need
The most popular APIs:
Who needs API?
Cross industries
Mobile Appssecurityauthentication & authorizationSLA
Brand Awareness digital channels
Bank & Finance
PSD2 XS2ANew offerings:
new channel for e-commerce(loans & credits for on-line shopping)loyalty programs
Insurance:new channel for partners & clientson-line paymentsinsurance for travel, shopping & delivery
Public & Government
Open dataSmart CitiesPublic services
On the top strategic level of your customers Digital Agenda & Digital Transformation
The API Economy
New initiatives & legislations
Bank & Finance: PSD2 XS2A Open Bank Project
Public Sector: OpenData & Open API
Banks & Finance
Open Bank Project
Open Bank Project
10
PSD2
“Whenever a bank has to deal with external parties, security is quite rightly at the forefront of their thinking. And when this interaction with third parties can take place without specific bilateral contracts and jointly developed integration, it is even more critical. Under the XS2A service requirements, European banks must create an API structure that any company registered with a ‘competent authority’ and with the consent of the bank customer, can tap into to provide a service. 88% of respondents feel strongly that security around their data integration points is a major concern. […]My observation is that it is important for banks to see the API framework, their API strategy and their APIs as business issues, business decisions and business architectures and not as some obscure technology problem to be solved in the bowels of the IT department. This new approach means shifting to components and networks and APIs connecting everything in anorganisation, not simply adding an API layer on top of customer interfaces.”REPORT ON A SURVEY BY FINEXTRA AND FIS
“Banks will be required to provide API access to customer accounts […] This will require bank investment in application service governance and API management. For example, most financial institutions will need to build or buy an API management gateway and create new APIs to provide access to customer accounts.”USE PSD2 TO ACCELERATE OPEN BANKING, GARTNER
11
PSD2
Why 3scale for PSD2?
12
Strong authentication methods required on the electronic payment transaction channel
Various OAuth scenarios supported for application authentication
PSD2 opportunities 3scale platform
XS2A requires end users authentication, 2FA and user consent OpenID authentication is supported
PSD2 allows TPP to monetize different scenarios and interactions
Monetization module highly configurable and with a number of integrations already
PSPs must establish an operational risk management framework and provide the regulator with an assessment of the risks and the adequacy of their controls
3scale will provide upon request Security Incident Report, without delay
Public Institutions
© 2015 IBM Corporationhttps://en.wikipedia.org/wiki/Open_API#/media/File:Open-APIs-v5.png
1. [4] They are free for anyone to use. Open APIs are available to use by all developers.2. They are typically backed by open data.[5] Open data is freely available for everyone to use and republish as they wish,
without restrictions from copyright, patents or other mechanisms of control. An Open API may be free to use but the publisher may limit how the API data can be used.
3. They are based on an open standard.
Open Data & Open Api
© 2015 IBM Corporation
Open Data RULES
Open public data to citizens
Without registration and restrictions
Collected at the source
On-line & for free
Machine processable
https://opengovdata.org
https://opengovdata.io
http://www.wroclaw.pl/open-data/
http://www.danepowarszawsku.pl/
http://opendata.bcn.cat/opendata/en
https://data.lacity.org/
https://data.london.gov.uk/
© 2015 IBM Corporation
Open Data vs. Open API
≠Fully Machine processablePartially/Not Machine processable
{"$type":"Tfl.Api.Presentation.Entities.RouteSearchResponse, Tfl.Api.Presentation.Entities","input":"victoria","searchMatches":[{"$type":"Tfl.Api.Presentation.Entities.RouteSearchMatch, Tfl.Api.Presentation.Entities","lineId":"victoria","mode":"tube","lineName":"Victoria","lineRouteSection":[{"$type":"Tfl.Api.Presentation.Entities.LineRouteSection, Tfl.Api.Presentation.Entities",
"routeId":1230,"direction":"inbound","destination":"Brixton Underground Station","fromStation":"Walthamstow Central Underground Station","toStation":"Brixton Underground Station","serviceType":"Regular","vehicleDestinationText":"Brixton Underground Station"},{...}
Source:https://blog.tfl.gov.uk/2015/10/19/unified-api-part-3-rot-routes-of-things/
Who else?
Superheroes already have
SOA vs. API
SOA
Mostly for internal usage → Possible to estimate no of callsUsually SOAP based → Well described, but fattySOA Governance implemented → Not easy to modifyImplementation focus on re-usage → Complicated, many params etc.
API
Mostly for external usage → Hard to estimate no of callsMostly REST based → Well described (swagger), skinnyNo governance → Easy to modifyFocus on easiness of usage → Easy to understand, many simple APIs
≠Everything Should Be Made as Simple as Possible, But Not Simpler
Albert Einstein
Challenges of API
Unknown number of developers → Does my infrastructure is well prepared?
Unknown number of calls/requests → Am I ready for huge load?
How to identify and authorize requests? → Should I use Identity management?
How to communicate with developers? → Can I create different levels/groups of developers?
How to monetize API? → How to create free and paid API?
Challenges
Unknown number of developers → I need SLA between me & developer
Unknown number of calls/requests → I need throttling functionality to protect back-end
How to identify and authorize requests? → I need to integrate with 3rd party IM systems
How to communicate with developers? → I need developer portal to share docs&info
How to monetize API? → I need billing functionality with invoicing & payments
3scale
I need SLA between me & developer → 3scale supports application plans, developers can subscribeto one of offered application plans (contract)
I need throttling functionality to protect back-end → 3scale supports limits and can throttle requests above threshold to protect back-end against overloading
I need to integrate with 3rd party IM systems → 3scale can be integrated with IM via OAuth 2.0
I need developer portal to share docs & info → 3scale has developer portal with self registration functionality or by invitation only
I need billing system with invoicing & payments → 3scale monetization module (billing+invoicing&payments)API can be used free of charge or paid
The 3scale Platform
Full control of your APIsNow and into the future
Control– Security– Key Management– Rate Limiting– Policy Enforcement– App & User Management– Provisioning
Flexibility– Distributed– Multi-Department– Multi-Environment– Highly Scalable– Powerful APIs– Webhooks
Visibility– Analytics– App Tracking– User Tracking – Traffic Alerts– Engagement– Developer Support
The 3scale API Platform
Your content, data & services
Your API
Traffic Management
Access control & security
API contracts & rate imits
Analytics & reporting
Developer portal & docs
Billing & payments
Developers
Customers
Mobile Apps
Affiliates
Partners
Internal Projects
Flexible Distributed Control
Modular
No single point of failure
Cloud access
Highly scalable
No lock-in factor
Possibility to enhance the product using publicly available resources
No product specific language required
Many information resources available Component Technology
Front End Ruby on Rails
Gateway NGINX, Lua
Back End Ruby, Sinatra, Redis
Open Source technologies
THE API MANAGEMENT STACK
The 3scale API Management Stack
Security & Access Control
Your API Security Authenticate and restrict access to your APIs. Protect backend services.
Multiple authentication mechanisms
Can be combined with IP / Domain referrer whitelisting
Authenticate traffic
Restrict by policy
Drop unwelcome calls
Protect backend services
Generate overage alerts
Impose rate limits
– API Key – App ID / App Key – OAuth 2.0
API Contracts, Throttling & Rate Limits
Partner Ecosystem
• Allow/restrict access
to your API end points
along with rate limits
• Rate-limit account,
user and end-point
level
• Allow/restrict access
to your API end points
along with rate limits
• Rate-limit account,
user and end-point
level
API ServicesAPI Services
Rate LimitsRate Limits
PricingPricing
END POINT A END POINT B
X CALLS / MINUTES Y CALLS / DAY
FREE $X PER MONTH $Y PER CALL
Application #1Application #1
Application #3Application #3
INTERNAL TEAMS
STRATEGIC PARTNERS
DEVELOPERS
Application #2Application #2
Reports & Analytics
APIs as a Business
Developer Portal
PRE-INTEGRATED PAYMENT GATEWAYS
PACKAGING, BILLING & PAYMENTSSetup pricing rules. Invoice every month. 100% PCI compliant.
MULTIPLE PRICING RULES
• ONE TIME PAYMENT• FIXED RECURRING MONTHLY
FEE• VARIABLE RECURRING
MONTHLY FEE• COST PER UNIT• TIERED PRICING
BILLING CYCLES
• INVOICES ISSUES ON A MONTHLY BASIS
• 2 BILLING OPTIONS: • PREPAID (FIXED FEES
CHARGED BEGINNING OF MONTH, VARIABLE FEES CHARGED END OF MONTH)
• POSTPAID (ALL FEES CHARGED AT THE END OF THE MONTH)
NO CREDIT CARD DETAILS STORED ON 3SCALE INFRASTRUCTURE
Where API is...
Cross industries
Mobile Appsecurityauthentication & authorizationSLA
Brand Awareness digital channels
Bank & Finance
PSD2 XS2ANew offerings:
new channel for e-commerce(loans & credits for on-line shopping)loyalty programs
Insurance:new channel for partners & clientson-line paymentsinsurance for travel, shopping & delivery
Public & Government
Open dataSmart CitiesPublic services
On the top strategic level of your customers Digital Agenda & Digital Transformation