Professional Documents
Culture Documents
Why Your Business Needs APIs
Why Your Business Needs APIs
White Paper
Using APIs in today’s business Services Directive 2 (PSD2) that require banks in the region to
environment provide access to account information through trusted third
Companies in every industry worldwide are evaluating, parties. Visit the IBM PSD2 website for additional information
implementing and deploying business API solutions. (See the on these standards.
API Connect resources page to access examples of companies
using APIs.) Here are a few examples of companies that are using In the US, the federal government’s General Services
business APIs: Administration (GSA) released a set of API standards to help
drive open data initiatives with consistency around qualities of
• arbip helps drivers and travelers throughout France
C service while promoting innovation. The standards are managed
coordinate car-sharing and carpooling. by 18F, an office inside the GSA. The purpose of the standards is
• tarwood Hotels leverages cloud technology and APIs to
S to promote best practices around government APIs; these best
drive an iterative, low-cost and low-risk approach to practices are viewed as a living set of documents that can be
developing and deploying new services for Starwood guests improved over time. The standards are available at GitHub.
and personalizing the guest experience. Healthcare in the US also initiated requirements for the use of
• almart provides its developers with an API-driven cloud
W APIs by 2018. (See the article, “Life as a Healthcare CIO,” for a
platform to speed time to market. The platform offers brief summary of the CMS Meaningful Use final rule.)
on-demand access to the resources developers need, including
infrastructure, storage, databases and web servers. The The UK government established recommendations for API
Walmart cloud also helps the business scale to meet standards to help drive innovation and an API economy.
unpredictable spikes in demand. In Singapore, the government is putting together a common user
• es Bank offers the first API banking facility in India for
Y interaction layer using APIs to hide the various back-end agencies
inward remittance, enabling real-time banking from any and complexity encountered when trying to find the correct
enterprise resource planning (ERP) system. agency to meet specific needs. And in Brazil, the government is
also driving the use of APIs for open data initiatives. (See the
In addition, industries and governments are starting to look at list of Brazilian APIs at ProgrammableWeb.com.)
APIs as a standardized approach to cooperate in their domains
and drive new innovation. In the European banking industry, the For more information on industry standards and government
European Commission defined new standards called Payment regulations, see the IBM API Connect blog post, “API Industry
Standards and Regulatory Requirements.”
IBM Cloud 5
Speed (also known as two-speed IT, bimodal IT • device sends data through an API call, such as a shopping
A
or multispeed IT) cart that identifies items placed in the cart for either rapid
The speed driver focuses on allowing the checkout or product cross-selling identification.
business and IT organization to run at • A device is sent a command or data through an API call, such
different speeds. Traditional IT management as sending a targeted advertisement to a shopping cart screen.
of core SOR can be changed at a certain rate. • A device sends data through a non-API call using other
Trying to force rapid changes into core technology such as Message Queuing Telemetry Transport
systems in the enterprise can result in outages or security (MQTT)—a high-volume messaging protocol and transport
exposures. Yet the business needs to react very quickly to new for telemetry devices—because not all data calls require an
opportunities and competitive threats. It needs a higher rate of action. However, APIs can access the data inside the enterprise
change than can be delivered by the controlled changes and look for or react to particular situations or events. For
required to the SOR. Using APIs, you can prepackage core example, data from shopping carts can be transmitted to the
system assets for consumption by the business to create new enterprise to be analyzed. Resulting data patterns can be used
and innovative systems of engagement. This driver often tends to help determine common traffic patterns through the store,
to be the first one that drives API use in the enterprise. shopper duration in particular locations and products
ultimately purchased, which can help identify marketing
Reach opportunities or optimized product placement.
To reach new markets and obtain new
customers, you can make APIs available to APIs are not generally used to provide a constant flow of
other enterprises, such as partners who, information that does not require any real-time action and is
through their interaction with clients, can only being used later for analytics purposes. However, an API
generate additional revenue and new might be used to drive a business process or other action
customers for your enterprise. For example, a clothing retailer based on insights gained from the analytics. APIs are a good
might partner with a travel company to provide destination- choice when you desire a real-time action on the part of the
appropriate attire as part of trip planning. device—making the device do something—or a real-time
action needs to be taken in the enterprise based on
information captured and sent through calls from the device.
6 Why your business needs APIs
Businesses often tend to start with a focus on the requirement In addition, many IT organizations are acting in anticipation of
for speed. After initial success in this area, they address the the business requirements because they recognize that the
other drivers. It is not uncommon for businesses to benefit business request is coming.
from APIs across all four drivers.
IBM Cloud 7
What does a basic API management • Analytics: The enterprise needs to understand who is using
solution provide? the asset and how much it is being used. This requirement
APIs expose business assets for consumption by a target is valuable to make sure appropriate resources are in place
audience: developers. The developers—who may be inside and to ensure the API initiative is successful. The analytics
your company, in a partner company or in the public domain— data and dashboard tells the enterprise what is working and
use these assets in the new capability they are building. what isn’t.
When exposing a business asset, a set of requirements exists to
manage and secure APIs that businesses want in place: For many years, IBM and other companies have offered API
management solutions to help guide organizations along their
• Security: This requirement helps ensure only authorized journey in the API economy. At a high level, the solutions
developers who are targeted to use the API access it. In provide the following capabilities:
addition, API access to core business assets needs to expose
only the appropriate assets through the API, and as • An API composer to access the SOR resources, perhaps
necessary to make sure consumers using the applications using existing service-oriented architecture (SOA) services
built with the API have access to only appropriate and an enterprise service bus (ESB) to compose APIs
information or transactions. • A lifecycle for testing
• Self-service: This requirement allows the intended • Policies for security and consumption levels associated with
developer audience to sign up and use the API with minimal the APIs
effort. It should not be necessary to hand-hold the on- • A self-service developer portal to make APIs available
boarding of each developer wanting to use the API. to developers either inside or outside the company, and
• Lifecycle and version management: Prior to being made where developers can register to use the APIs
available, an API is constructed and taken through a lifecycle • A gateway through which secured and managed developed
for testing. As changes are required, new versions can be made apps call the APIs; some transformation of messages and
available, and consumers can either be automatically moved to routing may occur in the API—however, more robust
the new version when possible or notified that they need to transformation or routing needs are typically handled in the
move to the new version within a specified time period. SOR environment, often by the ESB
• Consumption management: Companies can establish • Analytics about API usage, which are gathered and displayed
policies to allow a controlled number of calls of the API. through role-appropriate dashboards
This requirement protects the core business asset and IT
systems from being overwhelmed with requests. It also can
be used to ensure appropriate controls for individual usage
and for monetization of the business asset.
8 Why your business needs APIs
IBM supplies two options for the API gateway component IBM brings an end-to-end solution perspective to API initiatives.
that is the key runtime component to secure and execute the An API is not by itself a complete solution. APIs are consumed
APIs that are created. These options are IBM DataPower® by something—for example, a mobile app or a partner
Gateway and Micro Gateway. DataPower Gateway has been application—and APIs need to connect this consumer with a
in the market for more than 15 years with thousands of back-end SOR or other resources that provide the necessary
deployments and is recognized for its significant strengths in information and transactions to be executed. IBM has been
security, performance and scalability. It is a single, multichannel helping clients build these consuming and provider systems for
gateway that helps provide security, control, integration and decades and understands that the solution must consider all the
optimized access to a full range of API, B2B, cloud-based, components and not just focus on the API as a stand-alone entity.
mobile, SOA and web workloads. It also enables you to rapidly
expand valuable IT assets to new channels, giving customers, While your API consumers may or may not all be within the
employees and partners access to critical resources. same company, taking this end-to-end perspective in
developing your APIs and running your API initiative so the
With such a powerful gateway already in many client correct components, security and controls are in place is
environments, deciding to build the API Connect solution on important. Also vital is ensuring that parts of the solution are
DataPower Gateway was an easy choice. Clients who already being used in the most optimal manner. Some vendors offer
own DataPower Gateway can continue using their existing API-only solutions and have no experience beyond the API.
infrastructure, assuming there is sufficient capacity available Others may be SOA or ESB vendors that are extending their
for the additional API workload. Companies that do not existing products to execute APIs. This architecture can be
already own DataPower Gateway can easily add it to their suboptimal, leading to performance and security exposures
architecture as a physical appliance or a virtual appliance, or and poor governance over crucial SORs in the enterprise.
they can execute it on Linux or deploy it in Docker
containers. For IBM-managed cloud solutions, IBM
administers DataPower Gateway instances for the client. APIs play a key role in IBM strategies
APIs are a critical and highly strategic technology for IBM.
Micro Gateway is also supplied as a software-based option for
IBM Watson®, a core part of the IBM cognitive strategy, is
the API gateway. Built on Node.js, it enforces the
accessed through APIs. The Bluemix cloud-based,
authentication, authorization and flow requirements of an platform-as-a-service (PaaS) offering includes API Connect,
API. Micro Gateway has a limited number of policies and many Bluemix functions are APIs. The IBM CIO’s office
compared with DataPower Gateway, so you might choose is also using API Connect for both internal and partnering
Micro Gateway for testing, internal deployments, or smaller- projects. Check out the IBM API Explorer portal containing
scale and security requirements. Watson, The Weather Company® and many other APIs at
https://developer.ibm.com/api
IBM Cloud 11
Where does API Connect fit in the • Developer Portal (1): This portal allows target developer
enterprise architecture? communities to see the APIs available to them and offers
API Connect features both enterprise-focused and developer- everything necessary for self-service API consumption by
focused capabilities. Everything is provided to create, run, the developers. Social aspects such as blogs, FAQs and
manage and secure the APIs and microservices as well as connect other capabilities can be used to help developers and
them to the SOR. API Connect is also designed as a drive API usage.
comprehensive solution for developers to access the API • API Manager (2): As the core server component for API
portfolio, register and consume the APIs, and visualize analytics Connect, the API Manager provides all the lifecycle
about their usage of the APIs selected. API Connect contains the management and design and development aspects for
following components that work together to provide an end-to- creating and managing APIs. It also has analytics views
end API management solution (Figure 3): based on roles.
Developer
2 API Manager 4 Toolkit
Developer
External app Partner app 1
developer developer Portal
Container
5 Data store
Internal app manager
developer
Cloud service
Microservices Microservices
Mobile and Business traffic
web apps Partner apps 6 compute runtime
(Node.js/Java)
Application server
API gateway
3 (DataPower/
Micro Gateway)
API traffic
ESB/middleware
Enterprise IoT
internal apps
IBM z Systems®/
legacy apps
Figure 3. The end-to-end API Connect topology consists of several interacting components that enable access to APIs, supporting the full create, run,
manage and secure API lifecycle.
12 Why your business needs APIs
• API gateway (3): This component—either DataPower 5. The applications invoke the API when necessary, which
Gateway or Micro Gateway—serves as the runtime gateway. flows it to the API gateway (3), where appropriate security
• Developer Toolkit (4): A downloadable component that and other runtime policies are enforced.
enables API developers—not consumers—to work offline, 6. For APIs that do not require any new or changed business
the toolkit can be used to develop and test APIs and logic or other microservices, the API traffic flows from the
microservices. Once complete, developers can transfer the API gateway (3) directly to the back-end SOR, ESB or cloud
API and microservices to the API Manager to complete the applications; retrieves the necessary information; and returns
lifecycle and deployment. through the gateway to the invoking application.
• Container manager (5): This component provides unified 7. If the solution requires new business logic or microservices,
operations and management for the microservices compute then the same Developer Toolkit (4) and API Manager (2)
runtime. You can use the IBM-provided Bluemix container are used as with APIs. However, when it is time to deploy the
service or another container manager of your choice, such as microservices, the container manager (5) is used to deploy
Docker Swarm, Kubernetes, Apache Mesos or others. them into the microservices compute runtime (6).
• Microservices compute runtime (6): This runtime 8. During the app’s runtime, it calls the API in the API gateway
executes API and microservices business logic written in (3) as before. However, the gateway recognizes that this
Node.js or Java. invocation requires microservices and calls the necessary
microservices in the microservices compute runtime (6).
Here is a step-by-step scenario that outlines how the In turn, it can invoke the SOR, ESB or cloud applications
components are used and how they interact: and retrieve the necessary information. The data is then
returned to the microservices compute runtime (6), where
1. An API developer uses the Developer Toolkit (4) to develop an additional business logic can be executed before responding
API on their laptop while offline. The developer can test through the API gateway (3) back to the calling application.
the API using a local Micro Gateway that is part of the Note that it is also possible to invoke business logic prior
toolkit, if desired. to calling the back-end systems.
2. When ready, the API developer connects to API Manager (2)
and uses it to continue working on the API by adding API Connect works with both IBM and non-IBM products
policies, completing testing and taking the API through its and technologies as consumers of APIs and the resources that
lifecycle until it’s ready to be consumed by others. the API connects to in the SOR. However, if you want to use
3. When ready, the API is deployed from API Manager (2) to additional IBM solutions for these purposes, IBM has pre-built
the Developer Portal (1) and the API gateway (3). The API is connections to ease the integration.
now ready to be used.
4. The appropriate target consumer audience logs on to the
Developer Portal (1). This consumer can be an internal
developer, a partner or an external developer who finds the
API and chooses to use it to build an application.
IBM Cloud 13
Services
on CICS
Cloud Web z/OS
Connect
Mobile IoT IBM API Connect Services
Systems of Management on IMS
engagement +
runtime gateway
enforcement Systems of record
DataPower
Gateway
MobileFirst
Platform Foundation
Figure 5. z/OS Connect pushes interfaces directly into API Connect.
Getting started in the API economy • Establish a strategy and goals. Understand why you are
API initiatives are best done iteratively using an agile-like executing an API initiative, and set goals for the initiative
methodology. Don’t wait for perfection or for all answers to that involve time frames and reporting metrics.
be known; API initiatives are about speed and need aggressive • Make a commitment to roles, responsibilities and
change agents as leaders. In the early stages, focus on a few key resources. Resources that are dedicated to the API initiative
items to ensure success and maximum value: help you make governance effective.
• Get the message out. Become an API evangelist. The
• Obtain executive and business backing. APIs are a product core team’s role or roles must be understood and propagated.
to be delivered by your business, not a technology for IT to Involve people skilled in formal communication and
improve efficiency. Lack of executive or business buy-in can education campaigns. Also, collect and publish metrics.
result in a technology implementation with little or no impact
on the business. The leadership absolutely needs to IBM is ready to assist you with a full range of workshops and
participate. Emphasize the importance of backing the services offerings (Figure 6). For more information about the
initiative by sharing the “Evolution of the API Economy” study workshops, visit the Digital Transformation Workshops and
from the IBM Institute for Business Value with executives. Service Engagements sign-up page.
Digital
Enable and transformation Managed
Quick-win integrate • Applications services
pilots • Lines of • Agile • As a service
• Running business • Return on • Service-level
Boot camp agreement
• Measure • Go live investment
• API Connect
• Validate • Secure • Production
deep dive
Discovery • Best practices
workshop • Architectures
• Scenarios • Platforms
i Quick start
• API Connect
• Capabilities
• Patterns
• Next steps
Quick-win pilots
• Testing
deep dive Quick starts
• Monitor
• Hands-on • API Connect
• DevOps
Briefing • Features • MobileFirst
• Economy • Skills • Bluemix
• Value • Integrated bus
• IBM • IBM WebSphere® Liberty
Figure 6. IBM workshops and quick-start services can help you move quickly along the path to full participation in the API economy.
IBM Cloud 15
IBM Cloud
Route 100
Somers, NY 10589
IBM, the IBM logo, ibm.com, Bluemix, CICS, DataPower, IBM API
Connect, IBM Watson, IBM zSystems, IMS, MobileFirst, WebSphere, and
z/OS are trademarks of International Business Machines Corp., registered
in many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks
is available on the web at “Copyright and trademark information” at
ibm.com/legal/copytrade.shtml
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.
The performance data and client examples cited are presented for
illustrative purposes only. Actual performance results may vary depending
on specific configurations and operating conditions. THE INFORMATION
IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY
WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT
ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION
OF NONINFRINGEMENT. IBM products are warranted according to
the terms and conditions of the agreements under which they are provided.
The client is responsible for ensuring compliance with laws and regulations
applicable to it. IBM does not provide legal advice or represent or warrant
that its services or products will ensure that the client is in compliance with
any law or regulation.
Please Recycle
APW12365-USEN-01