Wednesday, January 28, 2015

All around the world - API Workshops for OAuth, Mobile, REST

Here at Axway, we regularly run API Workshops worldwide which bring together API practitioners in discussion, debate, and exposure to technologies such as OAuth 2.0, API developer portal design, and identity. And when we say "worldwide", we mean worldwide. To illustrate this, my colleague Philipp Schöne has created an interactive map on CartoDB of the API Workshops over the past year, with photos of each. All that's missing is a backing track of Daft Punk's "Around the World" :)

Each API Workshop has been eventful in its own way, and for example I recall the spirited debate on SOA and API Management, led by Kevin Kohut from Accenture and Randy Heffner from Forrester, at our API Workshop in Phoenix in September.

Here are other highlights I'd pick out:

Tuesday, January 27, 2015

Axway/Oracle/Vordel API Gateway specialist required in New South Wales, Australia

Readers of this blog might be interested is this position:

Tom Agar at Total Resource Solutions in Sydney, Australia, is currently recruiting an API Gateway Designer/Developer to join a large New South Wales organisation for an initial 6 month contract. The right candidate will have experience with the Axway / Oracle / Vordel API Gateway.

If this is of interest please get in touch ASAP with Tom Agar on 02 8705 8554 or via email at for more information.

Monday, January 19, 2015

APIs for Integration with NASDAQ

The new Axway website is full of great nuggets of information. For example, check out this case study for integration with NASDAQ, using Axway's API Gateway. The customer is Storebrand, an insurance and savings company with 1.8 million customers in Norway and Sweden.
NASDAQ interface: For its private customers in Sweden, Storebrand implemented an SSO integration with NASDAQ, the largest U.S. electronic stock market, which lists 3200 companies and trades some two billion shares per day. The Axway API Gateway solution enables customers who are logged on to the Storebrand site to directly access NASDAQ and carry out trades.
Many people may not realize that API Management solutions can be used for Single Sign-On integration with services like NASDAQ, using technologies such as SAML, OAuth, and OpenID Connect. But, check out the Storebrand case study to see how this is done.

Friday, January 9, 2015

ANZ Bank: Embracing APIs and real-time processing

One of the key benefits of APIs, side-by-side with file-based approaches, is that they enable real-time integration. This is especially important to banks and other financial institutions.

In this video below, Leigh Mahoney from ANZ Bank in Australia talks about how Real-time integration is one most significant benefits of APIs. We hear about how APIs enable, in real-time, insurance quotes and loans (at minute 1.00). Leigh also explains how governance of APIs enables the bank to do business in a real-time world.

To put this into perspective, as Leigh explains in this other YouTube video, ANZ Bank processes 2.8 million dollars a minute, and how Axway enables their customers to connect their ERP systems into the bank in real-time. 

Thursday, January 8, 2015

APIs at Hackathons - The Security Angle

This week, Bill Doerrfeld in ProgrammableWeb covered a post by Costas Pardalis of APIrise about "How to better promote your API at hackathons".

The article is full of very sensible advice about ensuring that you provide an API Portal to enable simple sign-up for your API, provide a sandbox environment, and provide sample client code. But one part caught my eye. Here it is (emphasis added):
According to Pardalis, Salesforce employed the most successful method of exposing their APIs at the event, lessening security measures, and including a visual platform that greatly aided in onboarding developers so that direct calls via REST was not necessary. 
Now, reading between the lines, I know what is meant here by "lessening security measures". For some APIs, it can be difficult to get started with OAuth credentials or API Keys. That's why it's important that, right in the API Portal, you allow developers to obtain API Key and, just as importantly, tee up and test API calls within active API documentation. Below we see an example of this in action. As a developer who wants to use an API, I can test with API Key based security just as easily as without (so no need to lessen security measures):

Where does the API Key (or OAuth credential) come from? The answer is: From the developer portal also. Below we see how it can be generated:

In this way, in a Hackathon environment, developers can obtain the keys they need, see them in action with sample queries, and quickly get up and running with your API. More info on the Axway API Portal, which includes active API documentation and can be tailored to your own organization's APIs, is here on the Axway website.