How to Get Your Business Selling in the API Economy

Moderator: David Chiu, Commerce Strategist, Elastic PathPresenter: Andrew Lau, Commerce Architect, Elastic PathPresenter: Sachin Agarwal, VP Product Marketing, SOA Software

SOA Software

• SOA Software is an API Management and SOA Governance leader• More than 300 customers – many Fortune 1000• On-Premise and Cloud offerings• Gartner and Forrester leader

Elastic Path

• Elastic Path software adds omnichannel ecommerce, subscriptions, and enhanced connectivity to digital engagement platforms

• Enables companies to deliver a truly complete customer experience • Run the world’s #1 Ecommerce Blog Get Elastic www.getelastic.com• Every year, we generate billions of dollars in digital revenue for the world’s best brands

What is an API?Your APIYour Customers Your Application

The API Economy

Capture new Opportunities with APIs

Drive Innovation

Increase Reach

Support New Devices

Discover New Business Models

Increase Partner Network

Adopting an API Strategy

Securing your Digital Channels

• Authenticate the user• Control what the App can can access• Rate Limit access• Protect from hackers• PCI compliance

Au/Az/SSO

Licensing

Quota Management Protection

Security

Cross-cutting Security• Aspects that cut across a given API should be offloaded to a Gateway.• Examples: Throttling, App IDs and Keys, Security certificates

Roles-based Access Control• If multiple roles are intrinsic to your API, these are best modeled and

handled by the API itself.• Finer-grained hypermedia resources makes offloading to an API

gateway difficult

Authentication/Authorization/SSO

Control and restrict access to your APIsMake it easy yet secure

Security

OAuth is hardReally really hard...

Test that your API works with different API Gateways. Confirmation that the API architecture correctly separates

concerns: Authentication, Identity, Access Control

Licensing

Package your APIs in different waysRestrict what the App can access

Quota Management/Rate Limiting

Restrict the number of calls an App can makeApply controls based on context, affinity, segmentation etc.

Performance & Reporting

API Monitoring• Aggregated metrics such as response,

SLA thresholds, error/failure rates can be pushed out to an external system

Reporting• Domain specific data, such as those in

context of the API subject and resource, should be captured by the API

Protection

Protect from Denial of Service and other forms of attackScan APIs for viruses and malformed content

Scaling Your APIs

Caching for quick access globallyPaging to improve User Experience

Developer Community

The DX Experience• The end to end experience is now key. Sign-up, access requests, interactive docs,

timely support are now the expectation. DX is not just having a beautiful API design.

API portals are marketing tools• The API sign-up process should be treated as a marketing activity. Track funnel,

metrics, campaigns.

• Build it and they will come doesn’t apply in a world where APIs are readily available

API Orchestration and Mediation

Aggregate multiple backend servicesSelectively call services based on business logic≈

Mediation

• Mediation is key to abstracting back-end changes from the client applications

• Common commerce example: Abstracting the payment gateways.

Versioning

• Hypermedia can be versionless• Clients need to follow the rules:

o Enter only via the entry pointso Always follow linkso Ignore relationships you don’t recognizeo Deprecate relationships like traditional API methods

• Hypermedia doesn’t have to be versionlesso Leverage the Gateway to support multiple versions

Transformation

• Competing Media Types are healthyo Siren, HAL, Collection+JSON,

Collection.Doc are just the start

• Content Types are no longer as polarizing. JSON is winning, XML is still useful. What other content types we will want to utilize in the future?

Summary Slide

Digital Commerce + Content Management + API managementCall to action

Discussion with SOA

Software & Elastic Path

If you have questions please reach out to us at info@elasticpath.com