Saturday, November 7, 2015

From Ideas to Innovation - UniCredit Appathon 2015

Right now the UniCredit Appathon is happening in Milan, Italy, with the Axway team involved as a sponsor. A key part of any hackathon is setting up mocked-up or simulated API endpoints in a managed environment - which is where Axway comes in:
"...developers will have access to UniCredit API infrastructure, loaded on an external playground with fake data, and API management solutions sponsored by Axway"
In this way, developers have a sandbox of mocked-up data to develop apps against APIs.

Of course, prizes and free "API First" t-shirts are also a part of any hackathon! And it's also great to see the Axway red ball up in lights with the UniCredit red ball the big kick-off today:

My colleague Luigi Ferrari has shared photos of the Appathon in action:

I had the pleasure of visiting UniCredit in Milan earlier this year, and I was very impressed with their vision for their APIs. UniCredit includes developers as a central part of this vision. Even before their APIs are out of beta, they have engaged developers using sandboxed APIs in their Appathon hackathon. The Appathon then becomes an important part of sourcing ideas for the future direction of their APIs, because the apps coming from the Appathon feed innovation into future versions of the APIs. It's a great example of continuous innovation, as the UniCredit slide below, presented at the Appathon today, shows:

Best of luck to all the participants!

Thursday, November 5, 2015

Managing API Lifecycle - Publishing, Versioning, Deprecating, Retiring

One of the most important part of API Management is to manage API lifecycle. This includes publishing APIs, versioning APIs, and then finally deprecating APIs.

Here you can see how the Axway API Manager makes it simple to right-click on an API definition and choose to upgrade it:

When you upgrade an API, you have the options of deprecating and/or retiring the previous version of the API. Of course, you can also deploy the new version of the API side-by-side with the previous version. Here are the options which you're provided with in the Axway API Manager:

SOAP APIs (Web Services) have not gone away, even though REST is clearly the future. At Axway, REST APIs sit side-by-side with SOAP APIs, and both benefit from the same API Management functionality. Here we see a SOAP API being upgraded to a later version (which uses SOAP 1.2 in this case):

Finally, here we see API deprecation in action. Axway API Manager allows you to set the date on which the API will be deprecated. Developers who have signed up to use the API are notified.

For more info on API Lifecyle Management and more, using Axway API Manager, check out the Axway API Management product info.

Tuesday, October 20, 2015

Controlling API Access based in identity and API parameters using the Axway API Gateway

The Axway API Management platform makes it simple to configure a policy so that, for example, the userId "joe" is allowed to call /api/service?id=222  but not /api/service?id=333

Let's see how this can be done.

Firstly, I have setup a path on the API Gateway for "/api/service" to a policy called "Fine Grained AuthZ"

Let's look at this "Fine Grained AuthZ" policy:

You can see that it's a relatively simple policy, where the important work is being done by a "Compare Attribute Values" filter which is checking the identity of the client and the value being passed in the API call. Because the client has been authenticated at the top of the policy, the client ID is available in the "" attribute.

Now, if you press "Next" on the "Compare Attributes" filter, you can set the info that is shown when the filter runs:

You can see that I am setting that if the user is not authorized, then I will see the following parameterized info in my traffic log:

UserID ${} & parameter ${} not Authorized

So let's test this now, using a browser:

You can see that, when I pass "222" as the parameter, and authenticate as "joe", then I am authorized.

As the API Gateway admin, this is what I see in the Traffic Monitor:

If I pass in a different parameter, then we see where the info I configured in the "Next" part of my "Compare Attributes" filter is displayed:

This enables me to see exactly why the API call was blocked.

What if you want this policy to be called for all incoming requests? You do this by right-clicking on the policy and choosing "Set as a Global Request" policy, as shown below:

This is quite a simple ACL (Access Control List) example. If you have a long list of users and attributes, you could use the Key Property Store (KPS), or make use of the embedded Apache Cassandra database to look up the authorization. 

Locking configuration for team development in the Axway API Gateway

The Axway API Gateway provides a very rich environment for configuring policies for API traffic, using the Policy Studio tool. For example, you can configure a policy for content-based routing, for transformation, or for protocol mediation.

Frequently, a team of developers may be developing policies. In this case, it's particularly useful to use the "Lock Configuration" functionality to avoid any overlapping changes. 

Let's look at how this is done...

In Policy Studio, you can choose the "Lock Group Access" option, as shown below, to "lock" the configurations of the API Gateways in this "Demo" group.

Let's say I create a policy developer called "joeDeveloper" (being an engineer, he has a camel-case name). The developer is setup using the web-based API Gateway Manager (under "Settings"). I've set him up to be a Policy Developer, as you can see below:

Now, let's say joeDeveloper wants to make changes to one of the Gateways in the "Demo" group. He is clearly shown the Group "is locked for deployment" by a different user. 

The first user will then make their changes to the configuration, without worrying about other developers making changes. Finally, when they have updated the configuration, they can unlock the access to the group of API Gateways. In the screenshot below, you see that a new policy configuration has been pushed (v2), and now the first user can "Unlock Group Access". Other users, such as joeDeveloper, can now make changes. 


Sunday, October 18, 2015

Two day Digital Transformation Workshop at Axway Connections this week

Later today I fly to Phoenix for Axway Connections 2015. One of the most popular sessions at Connections this year is the two-day hands-on Digital Transformation Workshop, taking place tomorrow and Tuesday.

The workshop will cover API design and architecture, including technologies such as OAuth 2.0 and OpenID Connect. There will be also a strong mobile and cloud (e.g. brokering to SalesForce) element. Capping off the two days is a DevOps session in conjunction with Chef, which I am particularly excited about.

The two-day workshop is sold out, but contact me and maybe there will be a way to fit you in!