Azure API Management: Why, what, how, and what’s next BRK2186 Azure API Management: Why, what, how, and what’s next Don Bushell, Global Services Product Manager, Boeing Company Matthew Farmer, Senior Program Manager, Microsoft Vladimir Vinogradsky, Principal Lead Program Manager, Microsoft
Agenda Digital transformation at Boeing Intro to API Management A lap around demo A few API Management capabilities we didn’t show Demo of something new Wrap up and Q&A
Business Goals Modernize IT infrastructure Maintain and grow market presence Quickly respond to customer demands Building a company and defining an industry has left us with myriad heritage systems Continue to push for broader market penetration and outpacing established and emerging competitors Deliver rapid, iteration-based solutions instead of monolithic, multi-year software projects
The Old Way of Building Products CoolProduct
The Old Way of Building Portfolios CoolProduct NewToy WonderThing SuperGizmo GameChanger
A Modern Product CoolProduct
A Modern Portfolio API Store CoolProduct NewToy WonderThing SuperGizmo GameChanger API Store
Challenges with an API-based Approach Discoverability. What APIs are available and what do they do? Onboarding. How can consumers request access to APIs and learn how to use them? Security. How do I secure my vital data? How do I protect my backends from unauthorized access and overload? Monitoring. Who is using my APIs and how much? Are my APIs online and working as expected? Lifecycle. How do I evolve my APIs without adversely impacting consumers?
A Modern Portfolio: Marketecture CoolProduct NewToy WonderThing SuperGizmo GameChanger API Management Backends on Azure Backends on premises
“Helix” walkthrough DEMO
Strategic value of APIs User engagement Ecosystems Multi-speed IT Mobility User experience Crowdsourcing Business models Channels Ecosystems Agility Empowerment Productivity Based on Gartner research note “Articulating the Business Value of APIs” Anne Thomas and Kristin R. Moyer 24 March 2016
API Management - a hub for enterprise APIs Discover Learn On-board Try Get support SDKs and samples 1st and 3rd party apps Abstract Secure & protect Evolve Monitor Analyze Productize Monetize Consume Publis h Mediate Azure portal Gateway Developer portal API managers and developers App developers APIs on Azure and outside
Policies Encapsulate common API management functions Access control, Protection, Transformation, Caching, … Chained together into a pipeline Mutate request context or change API behavior Set in the inbound and outbound directions Can be triggered on error Applied at a variety of scopes
Policy scopes global GET /foo/bar HTTP/1.1 Host: api.constoso.com Key: 0123456789 global CORS LOG product 0123456789 RATE QUOTA from caller to backend inbound api /foo JWT operation /bar CACHE URL BODY to caller from backend outbound
Policy expressions C# “snippets” embedded in policy documents Have read-only access to the request context Can only use whitelisted .NET types Dynamically configure and conditionally execute policies
Versioning is a highly debated subject Version or not? Semantic versioning? What is a breaking change? Where to place version information? Path? Query? Header? Media type? How to identify version? Number? Date? Name?
Our approach to versioning Natively understand versions at the system level Versioning is an opt-in Offer versioning scheme options Inform developers about the changes Control when the changes get adopted Versions Revisions Consumers choose when to adopt Providers choose when to deploy
Versions and revisions in API Management Service Instance API Version Operation Revision /v1 ;rev=1 ;rev=2 ;rev=3 /speakers /sessions /days ;rev=4 https://example.org/ foo /v2 ;rev=1 ;rev=2
A lap around DEMO
Façade and front door Developer portal Gateway Azure portal Consume App developers Gateway Mediate contosoapi-foo.azurewebsites.com 1st and 3rd party apps Azure portal APIs on Azure and outside Publish API managers and developers
Façade and front door Gateway Mediate 1st and 3rd party apps contosoapi-foo.azurewebsites.com 1st and 3rd party apps api.contoso.com/foo contoso.azure-api.net/foo contosoapi-bar.azurewebsites.com
Security and protection Username/Password Microsoft account Google account Facebook account Twitter account Azure AD (Premium) Azure AD B2C (Premium) Delegated Developer portal Consume App developers Key OAuth 2 OpenID Connect Client certificate IP filter Rate limits and quotas HTTP Basic Mutual certificate Shared secret IP filter VNET/NSG Gateway Mediate 1st and 3rd party apps Azure portal Azure account RBAC APIs on Azure and outside Publish API managers and developers
VNETs and Hybrid Developer portal Gateway Azure portal Consume App developers VNET Gateway Mediate 1st and 3rd party apps Azure portal APIs on Azure and outside Publish API managers and developers
VNETs and Hybrid VPN VNET Gateway Mediate 1st and 3rd party apps
Multi-region and scaling 27 public regions in Americas, Europe, Asia and Australia 6 US government and DoD regions (preview) Soon coming to China! North Europe Standard 1 unit
Multi-region and scaling North Europe Standard 3 units 1 unit
Multi-region and scaling Central US North Europe Premium 1 unit remote Standard 3 units 1 unit home Native integration!
Multi-region and scaling Central US North Europe Premium 2 units remote 1 unit remote 1 unit home Native integration!
Custom analytics
What if you wanted to…? Share reports on your APIs with business users Create reports that focus on data specific to my business Get deeper insight into your API users Create your own API analytics store …do it all with eye-catching Power BI dashboards
Power BI Solution Template DEMO
Magic behind the magic Power BI Azure API Management
Azure API Management Analytics Power BI Solution Template http://aka.ms/apimpbi Runs on your subscription for less than $10/day Provisioned automatically Event Hubs, Stream Analytics, Azure SQL are all scalable to meet high traffic demands Don’t like it? Just remove the APIM Policy and delete the resource group All source shared and maintained on GitHub Tell us what works and what you need!
Azure API Management Cloud hosted, turnkey, fully managed 5/19/2018 8:05 AM Azure API Management Cloud hosted, turnkey, fully managed Works with APIs running in the cloud or on-prem Abstracts, protects and optimizes APIs Promotes and supports app developer engagement Provides API governance, insights, and analytics © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Stay in touch http://aka.ms/apimwish http://aka.ms/apimroadmap Feature requests http://aka.ms/apimwish (The) Product roadmap http://aka.ms/apimroadmap Service updates, among other things http://aka.ms/apimblog GitHub repo with sample policies http://aka.ms/apimpolicyexamples Hands-on walkthroughs http://aka.ms/cadlabs Tutorial, documentation, and references http://aka.ms/apidocs
“Differentiation does not come from building your own API management platform. It comes from the APIs you publish to your ecosystems of developers, and how motivated they are to realize application constructs that turn into a business advantage for you.” From the Gartner research note “Top 10 Things CIOs Need to Know About APIs and the API Economy” By Paolo Malinverno, Kristin R. Moyer, Mark O'Neill, Mike Gilpin Published 25 January 2017
https://aka.ms/integrate17usa Keynote Speaker Scott Guthrie Executive Vice President For more details go to https://aka.ms/integrate17usa https://aka.ms/
Please evaluate this session Tech Ready 15 5/19/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.