Exposing enterprise services using web API management solutions from IBM

Share this post:

Web application programming interfaces (APIs) are quickly establishing a mainstream position in the marketplace. As with any other business access route, the web API channel has to be secure and managed to ensure the necessary level of technical and business control. The purpose of this blog post is to provide a brief overview of the IBM API Management capability.

API economy and new open enterprise

The rapid growth in mobile apps, cloud services, Internet of Things and developer communities have driven many enterprises to open up valuable data through APIs. API economy helps companies realize opportunities for new and open enterprise, where they can repurpose their IT and services and expose them to new revenue streams, markets and a much faster pace of innovation. The market pressures driving this activity are caused primarily by the proliferation of new devices and channels, smaller and fast-changing applications, competition within the market, as well as fast forming and changing business alliances and partnerships. Judging by the exponential growth in numbers of publicly registered APIs, companies are more readily opening their boundaries with data and services to partner organizations, the web, mobile apps, smart devices and the cloud.

Web APIs are already driving significant new economic activity. According to this developerWorks article, by the end of 2014, 75 percent of the Fortune 1000 will offer public web APIs. The same article states that by 2016, 50 percent of B2B collaboration will take place through web APIs. According to Mark Carges (eBay CTO), his company already trades about “$7bn worth of items on eBay through APIs” (download source).

Why API management?

APIs provide a distribution channel for a company’s products and services. This can be observed across most of the industries, including the financial services sector. Naturally, IT organizations want to manage the APIs as they are being provisioned externally to be repurposed by business partners and a large community of external developers, not just developers they employ. API management solutions aim to simplify the process of opening the company’s information assets to third parties and developers for even the most security-conscious organizations.

The key API management capabilities required

At the highest level, an API management solution needs to include the following functionality:

• The enterprise information and services have to be exposed in a simple and API-friendly manner as RESTful APIs

• The information systems exposed by APIs must be protected against message-level attacks and hijack

• Strong access control, identity federation and social login functionality must be deployed

• You must maintain the availability of backend systems for APIs, applications and users

• Engage, onboard, educate and manage developers to help them deliver real value.

• Enable business users to monitor and analyze the API usage

The IBM API Management solution and its essential building blocks

IBM API Management provides a complete set of capabilities to help companies expose enterprise assets and services to a wide spectrum of application environments such as web and mobile applications. It offers flexible deployment options, including capabilities for creating, assembling, securing and scaling APIs in full compliance with the above requirements. This is represented in the following simple architecture overview diagram:

API management

The IBM API Management solution includes the following key actors and components:

• IT Operator: creates the original APIs, either as API proxies or composite APIs. The IT Operator may rely on WebSphere Service Registry and Repository (WSRR), z/OS Connect or both to identify and manage the candidate and active backend services.

• App developer: composes apps from existing services and the APIs fronting those services to create new business value.

• Business user: needs to understand how many developers are consuming APIs, which APIs are being utilized, who accesses them and where from. How is this picture changing in time?

• API manager: allows for easy assembly of new APIs. Responsible for securing and management of APIs from an IT Ops perspective.

• Management console: assists with analytics and provides controls to publish APIs, to document APIs, to set quotas, manage communities and monitor service levels.

• Application developer portal: allows for self-service registration and provides hooks into social communities. The portal allows developers to see API documentation, view lists of available APIs, view associated service level agreements (SLAs), subscribe to chargeable APIs, set up their own dev community and enable collaboration.

• API gateway: is a physical or virtual appliance that secures and mediates the traffic between the source APIs and their end consumers.

In addition to the core stack above, there are also few optional components that can be considered. These are represented by IBM WebSphere Registry and Repository and z/OS Connect components as follows:

WebSphere Registry and Repository. This is an enterprise service catalog that governs all the services behind the APIs and manages their lifecycle. API Manager can rely on WSRR to fetch Web Service Description Language (WSDL) for the required services. 

z/OS Connect. z/OS Connect is software function written to run inside IBM WebSphere Liberty for z/OS and serves as an enabler of connectivity between digital access channels and back-end z/OS systems. z/OS Connect provides a discovery function for identifying the relevant back-end services (Customer Information Control System, or CICS, and Information Management System, or IMS, Batch and others) and maps them to simple RESTful APIs. It also accepts JavaScript Object Notation (JSON) data payloads.

This blog post presents only a brief overview of the relatively complex API management subject. My intention is to continue this discussion in follow up posts by deep diving into more specific web API-related areas. If you found this post useful, let me know what other web API topics are interesting to you. Comment below or contact me on Twitter @mariuslesniak.

More stories

Why we added new map tools to Netcool

I had the opportunity to visit a number of telecommunications clients using IBM Netcool over the last year. We frequently discussed the benefits of have a geographically mapped view of topology. Not just because it was nice “eye candy” in the Network Operations Center (NOC), but because it gives an important geographically-based view of network […]

Continue reading

How to streamline continuous delivery through better auditing

IT managers, does this sound familiar? Just when everything is running smoothly, you encounter the release management process in place for upgrading business applications in the production environment. You get an error notification in one of the workflows running the release management process. It can be especially frustrating when the error is coming from the […]

Continue reading

Want to see the latest from WebSphere Liberty? Join our webcast

We just released the latest release of WebSphere Liberty, It includes many new enhancements to its security, database management and overall performance. Interested in what’s new? Join our webcast on January 11, 2017. Why? Read on. I used to take time to reflect on the year behind me as the calendar year closed out, […]

Continue reading