Professional Documents
Culture Documents
API Connectivity
Owner: Andrew Stiefel, Product Marketing Manager
Last Updated: January 2023
Additional Resources
Secure API Connectivity Sales Kit:
• Product overview
• Customer deck
• Pricing
• Competitive landscape
• FAQ
• NGINX audiences
• Customer buying journey
• Playbooks for each NGINX track (Kubernetes, Application delivery, API Connectivity)
• NGINX Campaign-in-a-Box
This document will be updated as new assets and messaging become available.
Do not download! Bookmark to ensure you have the latest version.
NGINX PLAYBOOK – SECURE API CONNECTIVITY
Solution Overview
As companies adopt microservices, managing APIs at scale becomes a challenge. Platform and Ops teams
need visibility and control across the enterprise, and API developers need agility and autonomy.
Market Overview • APIs are the most common application modernization technique
• 98% of enterprise customers are building internal APIs; 80% are building public APIs
• API security incidents cost US companies $12 billion in 2022
• API management market reached $2.1 billion in 2020 growing at 24% CAGR
Customer Pain Customers are struggling with issues caused by API sprawl:
Points • Reliability: Increased outages due to misconfigurations or breaking changes
• Visibility: Hard to monitor API traffic for threats and performance
• Complexity: Difficult to apply and scale policies across teams and environments
• Security: Unsecured APIs are easy targets for attacks
Buyers, Buyers: Platform Ops (DevOps, SecOps)
Influencers, • Architectural freedom – NGINX is a runtime agnostic tool you can deploy across
How We Win cloud, on-premises, and edge environments
• CI/CD friendly – Integrate into your CI/CD pipelines using a fully declarative REST
API to automate API infrastructure and lifecycle management
Triggers • I know we need to modernize our applications and I want to start by enabling access to
them through a centralized API gateway
• I’m realizing the complexity of managing API traffic as we start to scale
• We’ve adopted an API-first approach to development, and I need to give distributed
teams access to shared infrastructure so they can easily deploy APIs
• We are experiencing latency with our current API management solution and need
something that delivers performance and security without slowing response time
How We Help NGINX gives developers self-service tools to discover, use, publish, and mange APIs and
provides Platform Ops teams with tools to enable:
• Scalability: Deliver uncompromised performance and reliability with lightweight, real-
time NGINX API gateways
• Insights: Gain visibility into API traffic and configurations across distributed teams and
environments
• Governance: Ensure consistent oversight for APIs with global policies and fine-
grained controls for API owners
• Security: Protect API endpoints from unauthorized access with authorization and
authentication policies
NGINX Products API Connectivity Manager (Management Plane), NGINX Plus (API Gateway), NGINX App
Protect (Advanced Security)*
*NGINX App Protect is not available on API Connectivity Manager at this time – it will be
available in a future release. For now, NGINX App Protect must be priced and deployed
separately from API Connectivity Manager.
Qualifying Questions
Question Answers
How many APIs does your A. APIs mostly support external users, or are mostly from third parties
organizations use?
B. Large API count (50+) and the majority are internal APIs for different microservices
Follow Up: Are they primarily POTENTIAL DISQUALIFY: Their primary use case is integration with third-party APIs
internal or external APIs?
What formats do your APIs primarily A. Doesn’t know or still working with a mix of legacy SOAP APIs and REST
use?
B. Primarily working with REST APIs, may have adopted GraphQL or other standards
POTENTIAL DISQUALIFY: Working with primarily SOAP APIs for legacy applications
Does your organization have an API A. Either doesn’t have an API strategy, or has recently started to implement one.
strategy? How do you approach the
B. Uses an API-first approach to drive API spec and contract development before
development of new APIs?
building the service (or plans to adopt this approach)
Explain your API gateway A. We don’t need to deploy gateways across multiple environments
deployment needs – how many do
B. We are employing a centralized approach, but I need to deploy multiple API gateways
you need, and where will you deploy
across dev, test, prod, on-prem, and cloud environments
them?
How do you approach API A. Doesn’t know or is primarily working with a top-down governance model
governance in your organization?
B. Needs to apply global policies but wants to give development teams flexibility to build
Follow up: What challenges do you their services with the right level of policy control
face with API governance?
How do you secure your API A. I don’t know or we aren’t securing our APIs
environments?
B. We’re using a WAF in front of our APIs
Next steps…
Mostly ‘A’ answers = use Customer Profile A
Mostly ‘B’ answers = use Customer Profile B
Discover where the buyer is in the journey (discover, learn, or try) and send corresponding assets as follow-up
or use this sequence for nurture programs. If the lead is very new to API connectivity, the following resources
will them understand some core concepts:
Discover where the buyer is in the journey (Discover, Learn, or Try) and send corresponding assets as follow-
up or use this sequence for nurture programs.
Security Use Case Blog Best practices for managing internal APIs
Assets Webinar Application security with NGINX
Journey Stage: Learn – “I am researching how NGINX could solve my problem.”
Overview Assets Case Study Capital One
Case Study Mobilcom
Security Use Case Blog Best Practices for DevOps-Friendly API Management
Assets Webinar Achieving Comprehensive API Security with NGINX & Okta
Webinar Implementing Holistic Layer 7 App Security with NGINX
Journey Stage: Try – “I am testing NGINX to see if it solves my problem.”
Trial Try NGINX Plus and NGINX App Protect
Trial NGINX Management Suite Trial
Objection Handling
We already have a solution for managing APIs.
• How is that working for you now? What challenges are you encountering?
• As your applications and APIs span across a multi-cloud, distributed environment, you need a modern
API management solution that can deliver APIs across this distributed environment.
• Relying on a legacy or a SaaS based solution has the following disadvantages:
• Not designed for managing API traffic among microservices
• Poor support for distributed environments – cannot deploy API gateways separately in dev, test,
prod, or sandbox environments
• Not DevOps friendly
• Costly–with NGINX you pay only for successful API calls. No artificial constraints based on
throughput or number of users.
We need a lot of customization, and our last solution didn’t meet our needs.
• NGINX provides some of the most common global policy configurations out of the box, so you don’t
have to do any work to apply them.
• Are there specific global policies you need to apply today?