How can enterprises ensure that their APIs are consumable, secure, and managed? My name is Whitney Lee. I'm a cloud developer here at IBM. Before I answer that question, please go ahead and hit that subscribe button. API management is the process of building, publishing, and managing APIs across an enterprise and multi-cloud setting. More than just a place for these APIs to
live, API management offers a centrally visible, scalable platform, where enterprises can share and socialize their APIs while ensuring controlling access, collecting usage statistics, and enforcing associated security policies. So, what is an API? A popular way to talk about what an API is is by using a restaurant metaphor. So, let's think of a kitchen at a restaurant. Now, there's a lot of complexity here. There's what ingredients the kitchen uses? Where
they source those ingredients? The personnel? The equipment? But as a diner, all you need to know is what is on the menu. So, in this analogy the kitchen would be an application or service, and the menu would be an API definition. And, once the diner knows what they want, how do they communicate that? Well, they do that through their waiter. So, an API is like a waiter, it's a way to interface with the application, without understanding the complexity. So, the user would make a request to the API, some time would pass, and they would get what they asked for back. Now where this analogy falls short is that it is possible to supply information to an API. So, imagine a restaurant where, as a diner, you could supply some raw ingredients to your server, and the server could use that in the kitchen to affect what dish is coming back out to you. So, let's talk about a retail application where APIs are used to kind of give a sense of how they're used in microservices. So, let's consider a contact information database, and then that is going to expose information through an API, and maybe there's an inventory database, and these are backend services, and then for front end, let's say we have a shopping cart, and that will use our inventory, but not necessarily a contact information API. Let's have a check out which will need both, and then finally let's do reviews, which might only need contact information, not necessarily inventory. So, these are consuming information from our backend services, transforming it, and then exposing those results through their own APIs, and these APIs up top are exposed to the public. So, it's possible, too, to expose your backend service to the public if you want with its own API. So, if you wanted to create an API that lets your users change their contact information directly, you can definitely do that. So, an API management system, how is that going to improve upon what's already happening here? So, there are 4 core elements of an API management system. So, the first one is going to be the gateway. So, the gateway sits between the web client and the systems and services that it's connected to. So, the gateway is going to handle all routing requests. It handles a data composition and protocol transformations. In addition to that, the gateway handles security authentication and authorization, and it can use state-of-the-art security like OAuth, OpenID, JWT. The gateway also handles data aggregation, so it receives one request from the web client that may involve multiple services, but then it will aggregate that and send it back as one response. The next part of an API management system is a developer portal. So, the developer portal is a self-service hub where developers can go to browse access and share API documentation. So, if an API definition is like our menu, this is like a menu of menus, and this is going to really streamline communication between teams in an enterprise, which results in faster time to market and lower development costs. This example has six APIs, so you can imagine across an enterprise there could be hundreds or even thousands of APIs. So, being able to centralize access to that is invaluable. Next up, we have a lifecycle manager. So, we can think of an API as a building block. If you make an API and expose that for other people to use, and they incorporate your API into their system, they're trusting you to keep your part of their system healthy. So, the life cycle manager will help you build, test, on board, manage, and eventually retire your APIs. You can manage your APIs every step of the way,
while ensuring adequate version control. Last up is reporting and analytics. API management solutions use synthetic monitoring to watch each API's availability, response time, and overall health. You can also incorporate analytics solutions for automated recording over time. So, these can be used to diagnose and troubleshoot integration issues as they arise and they can also help enterprises make better informed decisions about their applications and services. So, how how does this affect some real life scenarios? So, let's consider banks and now they offer login through a mobile app. That mobile app login requires two-factor authentication. So, regular login plus a phone number verification. So, a telecommunications company might build an API, build a service, that verifies phone numbers and expose that service via an API, and in that way they're able to monetize their existing data and create an entirely new source of revenue. So, they're going to use the reporting part of the API management to be able to see who's using their new API, how it's being used, and to set their prices and eventually collect money. Or, let's consider a rideshare app. That rideshare app, let's say they decided to use a non-relational database for their back end. They want to do this for scalability and flexibility, but in practice communicating between teams can result in really messy data. So, the the rideshare company can use the developer portal to define objects like a car, a journey, a time slot, and it can formalize the relationships between those objects, and then communicate all of that with the developer portal, and that's going to result in much more powerful data queries. So, they can harness the flexibility and the scalability of a non-relational database, while using the control of a more traditional relational database. And, finally, let's consider a bank that wants to offer third-party products and services to their clients. They can do this by using the API gateway. So, the API gateway is going to centralize access and security. So, the user has a unified login experience and then the bank can use internal APIS to expose their customers to third-party products and services, and then only share that information with the third parties if the customer agrees. So, they're using the gateway to centralize access, to aggregate data, so it presents a unified experience, and they're also using the gateway to ensure their high security standards. So, API management can be used by enterprises to make sure their APIs are secure, consumable, and managed. Thank you. If you have questions please drop us a line below. If you want to see more videos like this in the future please like and subscribe, and don't forget: you can grow your skills and earn a badge with IBM Cloud Labs, which are free browser-based interactive Kubernetes labs.