Embed Size (px)
DESCRIPTION
What is Feeding Your Mobile Apps? How to Deliver and Secure Mobile Enabled APIs. Enterprises are building mobile applications for customers, partners, employees, and vendors. Whether the applications are for Apple, Android or Windows powered devices, these applications increasingly need to communicate with enterprise applications, transmit sensitive data and perform business transactions. To enable rich capabilities for mobile applications, the backend APIs supporting these applications must be delivered in a secured and scalable manner. In this session we will discuss how to deliver mobile enabled APIs for enterprise applications in a way that is secure, scalable and manageable. Ed King, Vice President of Product Marketing- Vordel
Citation preview
What Is Feeding Your Mobile Apps? How to Deliver and Secure Mobile Enabled APIs Ed King Vice President, Product Marke>ng Vordel
APIs Power Mobile Applications
2
Which Type of API Do You Have?
3
Consumer APIs § Social media, content delivery,
shopping, public service § Do not transmit sensitive data § User has data ownership § No service quality obligations § Commodity, low switching cost
Enterprise APIs § Business or consumer transactions § Transmit sensitive data § Covered by compliance mandates § Contract-binding quality obligations § National security or public safety
implications
§ No/low barrier for access § Differentiate on ease of adoption § Minimal security & audit § Minimal integrations § Business usage statistics
§ Authorized access only § Strong security & audit § Meet compliance requirements § Support existing systems,
processes, & integration § Operational support
All-In-One Consumer API Portal
4 3rd-Party APIs
Developers Applications
Forum & Community
API Configuration
Documentation
Self-Service
Application Registration
API Proxy Lite Transformation
Credentials
API Owners
Own APIs
Business Reporting
§ Simple solution for limited consumer APIs distribution
§ Business ownership without much IT support
§ 24x7 self-service without internal process dependencies
§ Good standard user experience out-of-the-box
Two-Tier Enterprise API Delivery Platform
5
Partner Developer
Portal
Internal Developer
Portal
API Gateway
Partners Applications API Owners
§ Leverage existing systems, processes, & relationships
§ Support multiple portals from a single infrastructure
§ Convert backend interfaces into usable external APIs
§ Meet enterprise security, compliance, & operational requirements
3rd-Party APIs Own APIs
API Aggregation
6
§ Aggregate APIs across multiple sources
§ Virtualize & create branded APIs
§ Simplify adoption of APIs
API Orchestration
7
§ Mash-up APIs to create differentiated services
§ Leverage third-party APIs, i.e. GoogleMaps, Twitter, FedEx Tracking
§ Make use of existing B2B and A2A web services
API Transformation
8
§ Transform enterprise application’s legacy interfaces to REST / JSON / OAuth
§ Leverage decade of Service Oriented Architecture (SOA) investment
§ Keep up with the evolution of mobile & web API technologies
API Security
9
§ Secure communication channel with signing & encryption
§ Protect against API & device vulnerabilities, poor mobile app design
§ Monitor & prevent data leakage
API Authentication & Authorization
10
§ Extend identity management platforms to handle user, application, & device level authentications
§ Enable “Bring-Your-Own-Identity” customers with federation
§ Leverage pre-built integrations with leading identity management platforms & identity provider services
API Traffic Control
11
§ Set quota & meter usage, route traffic & APIs
§ Uphold service quality & offer different service levels
§ Protect against “friendly fire” & “noisy neighbor” problems
API Monitoring & Audit
12
§ Audit end-to-end transactions
§ Provide audit trail for compliance, billing, & service audit
§ Analyze API usage statistics
Business Process Integration
13
§ Integrate with partner on-boarding, billing, & other business processes
§ Integrate with sales & marketing automation, CRM, ERP, commerce, & logistics systems
§ Manage APIs as products & channels
API Gateway Capabilities
14
Traffic Management • Request & response routing • Throttling & metering • Quota management • SLA management • Caching
Security • API key & certificate mgmt. • OAuth & SAML federation • Auth’N, auth’Z, & audit • Content firewalling
Reporting & Monitoring • Transaction logging • Service statistics reporting • SLA monitoring & alerting • Real-time monitoring
External APIs
Service Mediation • External API virtualization • Protocol translation • Data transformation • Data redaction & enrichment
Mash-up Transformed Aggregated Virtualized
Internal APIs,
Services, Interfaces
API Gateway
Linking Applications, Users, Devices
[email protected] www.vordel.com
twitter.com/vordel
Hall F, Booth 5343 Win an iPad!
