GO-TO-MARKET PLAYBOOK:

API Connectivity
Owner: Andrew Stiefel, Product Marketing Manager
Last Updated: January 2023

CONFIDENTIAL – FOR INTERNAL USE ONLY

Table of Contents
Solution Overview 1
Qualifying Questions 2
Customer Profile A: Low-to-Mid API Maturity 3
Nurture Assets for API Gateway + WAF Leads 4
Customer Profile B: Mid-to-High API Maturity 5
Nurture Assets for API Connectivity Manager Leads 6
Objection Handling 7

Additional Resources
Secure API Connectivity Sales Kit:

• Product overview
• Customer deck
• Pricing
• Competitive landscape
• FAQ

F5 NGINX Product Page:

• NGINX audiences
• Customer buying journey
• Playbooks for each NGINX track (Kubernetes, Application delivery, API Connectivity)
• NGINX Campaign-in-a-Box

This document will be updated as new assets and messaging become available.
Do not download! Bookmark to ensure you have the latest version.
 NGINX PLAYBOOK – SECURE API CONNECTIVITY

Solution Overview
As companies adopt microservices, managing APIs at scale becomes a challenge. Platform and Ops teams
need visibility and control across the enterprise, and API developers need agility and autonomy.
Market Overview • APIs are the most common application modernization technique
• 98% of enterprise customers are building internal APIs; 80% are building public APIs
• API security incidents cost US companies $12 billion in 2022
• API management market reached $2.1 billion in 2020 growing at 24% CAGR

Average ARR Beachhead deal - $20k

Medium to large enterprise deal - $120K+
Including API Connectivity Manager (management plane) or NGINX App Protect (Advanced
Security)* can more than double the deal size.

Customer Pain Customers are struggling with issues caused by API sprawl:
Points • Reliability: Increased outages due to misconfigurations or breaking changes
• Visibility: Hard to monitor API traffic for threats and performance
• Complexity: Difficult to apply and scale policies across teams and environments
• Security: Unsecured APIs are easy targets for attacks
Buyers, Buyers: Platform Ops (DevOps, SecOps)
Influencers, • Architectural freedom – NGINX is a runtime agnostic tool you can deploy across
How We Win cloud, on-premises, and edge environments
• CI/CD friendly – Integrate into your CI/CD pipelines using a fully declarative REST
API to automate API infrastructure and lifecycle management

Influencers: Software engineers (API Owners, API Consumers)

• Streamlined API lifecycle management – Automatically generate documentation and
publish APIs using the OpenAPI Specification (OAS)
• Reduced complexity – Discover, test, and onboard APIs through the developer portal

Triggers • I know we need to modernize our applications and I want to start by enabling access to
them through a centralized API gateway
• I’m realizing the complexity of managing API traffic as we start to scale
• We’ve adopted an API-first approach to development, and I need to give distributed
teams access to shared infrastructure so they can easily deploy APIs
• We are experiencing latency with our current API management solution and need
something that delivers performance and security without slowing response time

How We Help NGINX gives developers self-service tools to discover, use, publish, and mange APIs and
provides Platform Ops teams with tools to enable:
• Scalability: Deliver uncompromised performance and reliability with lightweight, real-
time NGINX API gateways
• Insights: Gain visibility into API traffic and configurations across distributed teams and
environments
• Governance: Ensure consistent oversight for APIs with global policies and fine-
grained controls for API owners
• Security: Protect API endpoints from unauthorized access with authorization and
authentication policies

NGINX Products API Connectivity Manager (Management Plane), NGINX Plus (API Gateway), NGINX App
Protect (Advanced Security)*

*NGINX App Protect is not available on API Connectivity Manager at this time – it will be
available in a future release. For now, NGINX App Protect must be priced and deployed
separately from API Connectivity Manager.

Confidential – For Internal Use Only Page 1 of 10 as of November 14, 2022

 NGINX PLAYBOOK – SECURE API CONNECTIVITY

Qualifying Questions
Question Answers

How many APIs does your A. APIs mostly support external users, or are mostly from third parties
organizations use?
B. Large API count (50+) and the majority are internal APIs for different microservices

Follow Up: Are they primarily POTENTIAL DISQUALIFY: Their primary use case is integration with third-party APIs
internal or external APIs?

What formats do your APIs primarily A. Doesn’t know or still working with a mix of legacy SOAP APIs and REST
use?
B. Primarily working with REST APIs, may have adopted GraphQL or other standards
POTENTIAL DISQUALIFY: Working with primarily SOAP APIs for legacy applications

Does your organization have an API
strategy? How do you approach the
development of new APIs?
A. Either doesn’t have an API strategy, or has recently started to implement one.
B. Uses an API-first approach to drive API spec and contract development before
building the service (or plans to adopt this approach)

Explain your API gateway A. We don’t need to deploy gateways across multiple environments
deployment needs – how many do
B. We are employing a centralized approach, but I need to deploy multiple API gateways
you need, and where will you deploy
across dev, test, prod, on-prem, and cloud environments
them?

How do you approach API
governance in your organization?
Follow up: What challenges do you
face with API governance?
A. Doesn’t know or is primarily working with a top-down governance model
B. Needs to apply global policies but wants to give development teams flexibility to build
their services with the right level of policy control

How do you secure your API A. I don’t know or we aren’t securing our APIs
environments?
B. We’re using a WAF in front of our APIs

Next steps…
Mostly ‘A’ answers = use Customer Profile A
Mostly ‘B’ answers = use Customer Profile B

Confidential – For Internal Use Only Page 2 of 10 as of November 14, 2022

 NGINX PLAYBOOK – SECURE API CONNECTIVITY

Customer Profile A: Low-to-Mid API Maturity

● Overview of Customer Scenario
o The customer is initiating or moving through the early stages of digital transformation
o Working to unlock data with APIs and have adopted REST APIs to varying degrees
o Have adopted DevOps principles including automation and CI/CD pipelines
o Have some standards of API governance in place, but may rely on a centralized model

● What are their challenges?

o Need to deliver high-performance APIs within the data plane
o Need to secure and protect APIs at the gateway
o Need to establish basic governance for APIs and microservices

● What do they need from NGINX?

o Education on best practices and what to expect as they start to put more APIs into production
o Position NGINX as a trusted advisor and partner
o Provide NGINX API Gateway and WAF to manage and secure API requests

Discover where the buyer is in the journey (discover, learn, or try) and send corresponding assets as follow-up
or use this sequence for nurture programs. If the lead is very new to API connectivity, the following resources
will them understand some core concepts:

• What is an API Gateway?

• What is a WAF?
• Building Microservices: Using an API Gateway
• What is API Management?

Ready to share NGINX resources?

Continue to the next page for
Nurture Assets for NGINX API Gateway Leads

Confidential – For Internal Use Only Page 3 of 10 as of November 14, 2022

 NGINX PLAYBOOK – SECURE API CONNECTIVITY

Nurture Assets for API Gateway + WAF Leads

Journey Stage: Discover – “I am researching how to solve my problem.”
Overview Assets Blog How Real-Time APIs power our lives
Blog Is your API Real-Time?
Security Use Case Blog Fortifying APIs with Advanced Security
Assets Webinar Application security with NGINX
Journey Stage: Learn – “I am researching how NGINX could solve my problem.”
Overview Assets Brief The Importance of Securing Real-Time APIs
Webinar Deploying NGINX Plus as an API Gateway 
Case Study Capital One
Case Study Mobilcom
Security Use Case Blog Deploying NGINX as an API Gateway, Part 2: Protecting Backend Services
Assets Blog NGINX App Protect Brings Security to the API Ecosystem
Webinar Achieving Comprehensive API Security with NGINX & Okta
Webinar Implementing Holistic Layer 7 App Security with NGINX
Journey Stage: Try – “I am testing NGINX to see if it solves my problem.”
Trial Try NGINX Plus and NGINX App Protect

Confidential – For Internal Use Only Page 4 of 10 as of November 14, 2022

 NGINX PLAYBOOK – SECURE API CONNECTIVITY

Customer Profile B: Mid-to-High API Maturity

● Overview of Customer Scenario:
o Large number of DevOps teams each needing their own API Gateway (multiple API gateways)
o Reasonably mature automation practices
o Moving towards adoption of API-first approach to development (contract driven, spec first)
o Platform flexibility is important
o Need to secure APIs
o High performance requirements
o Modernizing apps using microservices powered by APIs

● What are their challenges?

o Need visibility into API traffic and API gateway configurations across multiple, distributed
environments
o Need to reduce outages resulting from poor documentation and versioning
o Need to apply global policies to ensure consistent security and compliance
o Need to give developers pre-configured policies to adopt in their APIs
o Need to allow some fine-grained control at the service level (rate limiting, authentication, etc.)

● What do they need from NGINX?

o NGINX API Connectivity Manager

Discover where the buyer is in the journey (Discover, Learn, or Try) and send corresponding assets as follow-
up or use this sequence for nurture programs.

• Best Practices for Managing Internal APIs

• Best Practices for DevOps Friendly API Management
• Continuous API Management

Ready to share NGINX resources?

Continue to the next page for
Nurture Assets for NGINX API Connectivity Leads

Confidential – For Internal Use Only Page 5 of 10 as of November 14, 2022

 NGINX PLAYBOOK – SECURE API CONNECTIVITY

Nurture Assets for API Connectivity Manager Leads

Journey Stage: Discover – “I am researching how to solve my problem.”
Overview Assets Blog What is API Management?
Video API Management for Modern Apps
Ebook Continuous API Management

Security Use Case Blog Best practices for managing internal APIs
Assets Webinar Application security with NGINX
Journey Stage: Learn – “I am researching how NGINX could solve my problem.”
Overview Assets Case Study Capital One
Case Study Mobilcom
Security Use Case Blog Best Practices for DevOps-Friendly API Management
Assets Webinar Achieving Comprehensive API Security with NGINX & Okta
Webinar Implementing Holistic Layer 7 App Security with NGINX
Journey Stage: Try – “I am testing NGINX to see if it solves my problem.”
Trial Try NGINX Plus and NGINX App Protect
Trial NGINX Management Suite Trial

Confidential – For Internal Use Only Page 6 of 10 as of November 14, 2022

 NGINX PLAYBOOK – SECURE API CONNECTIVITY

Objection Handling
We already have a solution for managing APIs.

• How is that working for you now? What challenges are you encountering?
• As your applications and APIs span across a multi-cloud, distributed environment, you need a modern
API management solution that can deliver APIs across this distributed environment.
• Relying on a legacy or a SaaS based solution has the following disadvantages:
• Not designed for managing API traffic among microservices
• Poor support for distributed environments – cannot deploy API gateways separately in dev, test,
prod, or sandbox environments
• Not DevOps friendly
• Costly–with NGINX you pay only for successful API calls. No artificial constraints based on
throughput or number of users.

We need a lot of customization, and our last solution didn’t meet our needs.

• What were the shortcomings and gaps in your previous solution?

• You can customize NGINX using NGINX JavaScript for custom deployment needs
• F5 Professional Services can assist with some common challenges

We need support for SOAP/GraphQL/gRPC APIs.

• What percentage of your APIs today are REST APIs?

• Additional support for other API frameworks is on our product roadmap.

We need to create our own custom global policies.

• NGINX provides some of the most common global policy configurations out of the box, so you don’t
have to do any work to apply them.
• Are there specific global policies you need to apply today?

Confidential – For Internal Use Only Page 7 of 10 as of November 14, 2022