Presentation is loading. Please wait.

Presentation is loading. Please wait.

API Manager for Vendorlink

Published byLucinda Bennett Modified over 6 years ago

Similar presentations

Presentation on theme: "API Manager for Vendorlink"— Presentation transcript:

1 API Manager for Vendorlink
Chris Messner Goal is to give a good background on API Manager, what it is, why we’re moving towards it, the benefits, the migration plan/timeline Interactive session Ask questions at any time

2 “Oh no, Vendor ABC is hammering VendorLink again!”
“I cannot determine which Vendor is causing the SQL Server to spike! Help!” “ABC Vendor is making hundreds of calls a minute and it’s killing my database! I wish I could prevent them from doing that!” “Vendor ABC is reporting that Student Snapshot is running slow, but when I call it with the test client it returns almost immediately. Is it really running slow or not?” “Oh no, Vendor ABC is hammering VendorLink again!” How many of us have uttered these words or thoughts at some point over the last few years.

3 Azure API Manager (APIM)
What is it? Proxy service built by Microsoft Hosted on Microsoft’s Azure cloud platform How does it work? Provides a proxy over an existing API Applies policies to the incoming/outgoing requests Routes the request to appropriate backend service Policies: preliminary input validations and authorizations, adjust the HTTP Request prior to forwarding to backend, re-format outputs into different formats

4 Current Vendorlink Architecture
Vendor application authenticates directly against each individual ITC using unique keys per

5 VendorLink APIM Architecture
3 parts of APIM: Admin Portal, Vendor API Portal, API Gateway

6 Admin portal Administrative portion of APIM
Setup and configuration of actual proxy VendorLink APIs Necessary policies (routing, rate-limiting, ip whitelist) Activation and management of Vendor accounts and subscriptions Analytics Managed by Software Answers -Where all of the APIM administration is performed -Each VendorLink API has been setup in APIM -ITC Request routing policies are in place -Initially there will be no rate-limiting -To protect the APIs we will not make API publicly available and provide subscriptions only to approved Vendors -Analytics: overall health of APIM

7 Vendor API portal Vendor integration point
Management of APIM Gateway Subscriber keys Direct access to VendorLink documentation Integrated test client Analytics -Where Vendor configure their subscription -APIM Gateway Subscriber Key management -200 pg User Guide becomes stale vs. Instantly updated documentation -Integrated Test Client that immediately has the configurations necessary to call APIs as soon as they are published to APIM -Analytics: Vendor drill down analytics

8 API Gateway Authenticate with Auth Server Call API Gateway
Authenticates subscriber key Handles ITC routing Manages and applies API request policies -Initial authentication with PB Auth Server -Vendor applications integrate here -Authentication of APIM Gateway Subscriber Key -Policies applied here: ITC routing, Analytic mechanisim

9 Benefits of APIM Visibility into VendorLink usage
-Aid VendorLink committee in knowing how to prioritize enhancement requests -Aid Development in knowing how/where to optimize

10 Benefits of APIM Ability to rate-limit Vendor requests
-Types of rate-limiting (by itc, by vendor, by api) -Initially there will be no rate-limiting applied – can be added as needed

11 Benefits of APIM Built-in API documentation
-API documentation built right into the API manager -Example of the documentation -Example of the URL format -Actual code samples of how to call the API -Sample request/response

12 Benefits of APIM Built-in API test client -Built-in test client
-In the past we have had issues with firewalls and network (internal vs. external) with using the Rest Test Client. The Vendor API Portal test client will remove those as an issue and make the call exactly as a vendor would from outside the network.

13 Vendor Modifications Retrieve an OAuth token from centralized ProgressBook authentication server Increased efficiency OAuth 2.0 industry standard vs. VendorLink native HMAC approach Convert application to navigate to a single endpoint Url Single endpoint Single Vendor Id/Key -Simplified model allows for them to manage/maintain a single VendorKey managed by the Centralized Auth Server - Software Answers ProgressBook Support during migration process

14 Vendor Modifications HTTP Header changes for VendorLink call
Remove VL-Authorization (used in HMAC) Remove Date (used in HMAC) Add Ocp-Apim-Subscription-Key (APIM subscriber key) Add Authorization (containing the OAuth token) Add Itc (request routing key) Provide IP Addresses of all client applications to ProgressBook Support

15 https://pbapi.azure-api.net/VendorLink/SisService/Version Headers
Ocp-Apim-Subscription-Key: 2a84558b9090b3cdd112a Used by APIM Gateway to authenticate the subscriber itc: ITC-Routing-Key Used by APIM Gateway to route the request to the ITC Authorization: Bearer eyJ0eXAiOLCbG {truncated for brevity} Used by VendorLink application to authorize the user

16 ITC Perspective Continue to maintain data security via SIS Security
Which Vendor’s can access your data What data each Vendor can access -ITCs still manage/protect their districts data

17 ITC Perspective Management of Vendor Key shifts to centralized ProgressBook Auth Server Vendor still needs to exist in Central and SIS ITC Vendor Key is no longer used by the Vendor VendorLink versioning transparent to Vendors New Operations will be added to Vendor API Gateway prior to the VendorLink release -Vendor still necessary in Central/SIS to allow for authentication/authorization -Vendor will no longer use the VendorKey that they received from the each of the ITCs

18 ITC Perspective Existing Vendor Integrations New Vendor Integrations
Vendor completes the migration process on their side No intervention necessary from ITC staff New Vendor Integrations Syncer process continues to publish the VendorLink Users and Roles to the ITCs Continue to setup Vendors (Central & SIS) for security authorization purposes

19 ITC Perspective VendorLink test/play environments
Configured as a separate Vendor Product in APIM Ability to expose VendorLink test/play environments externally -Necessary by v18.0 because of end of HMAC support -ITCs still control what vendor users have access to the environments so external exposure optional

20 What to do if… …you find the need to enforce a rate-limit on a vendor?
Contact the ProgressBook Support Team (Software Answers) and provide the following details ITC Name Vendor Name Specify the Operation (GET Student Snapshot) OR All Operations Desired rate-limit (x calls / minute)

21 What to do if… …you have a vendor reporting issues connecting to VendorLink? Determine if the issue is with APIM or with the VendorLink application If call not in the VendorLink logs then potential issue w/ APIM Attempt identical call from the Integrated APIM Test Client Verify the request headers exist and are correct ProgressBook Support can help to further analyze specific issues

22 Migration Process Step Responsible Activity Status 1 Software Answers
Complete VendorLink setup in ProgressBook Admin Portal Complete 2 Setup all Pristine Vendors in the Central Authentication Server 3 all Vendors to inform them of migration plan Spring 2017 4 Vendor Register for an account at the ProgressBook Vendor API Portal Spring Summer 2018 5 Monitor ProgressBook Admin Portal for new accounts that need a VendorLink subscription 6 Perform necessary updates to client application to support/call the new ProgressBook API Gateway

23 Next Steps Visit the Vendor API Portal and register your ITC for a developer account Provide your test/play environment Url to ProgressBook Support prior to ProgressBook v18.0 release Become familiar with the Vendor API Portal Peruse the VendorLink documentation Use the Integrated Test Client

24 Questions?

Download ppt "API Manager for Vendorlink"

Similar presentations

MFA for Business Banking – Security Questions with 2nd Request Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.

MFA for Business Banking – Security Questions with 2nd Request Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.

MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Attacking Session Management Juliette Lessing

Attacking Session Management Juliette Lessing
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Network security policy: best practices

Network security policy: best practices
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Www.regouniversity.com Clarity Educational Community Get the Results You Need When You Need Them Transitioning to CA PPM On Demand Presented by: Joshua.

Clarity Educational Community Get the Results You Need When You Need Them Transitioning to CA PPM On Demand Presented by: Joshua.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.

Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,

20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
2013 Dynamics SL Event May 15, 2013. As of 5/1/2013 the most recent version of MR is 2012 Rollup 5 Proceed with caution if you choose to update your MR.

2013 Dynamics SL Event May 15, As of 5/1/2013 the most recent version of MR is 2012 Rollup 5 Proceed with caution if you choose to update your MR.
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Sudarshan Yadav Sr. Program Manager, Microsoft

Sudarshan Yadav Sr. Program Manager, Microsoft

Similar presentations

Ads by Google