ADOBE COLDFUSION SUMMIT 2016

Elishia Dvorak | AdobeAPI Economy: Realizing The Business Value of APIs Through Adobe API Management

API Economy

• Treat your APIS as one of your value added products• Added value service for your customers• Monetization of new services through business models• Flexibility for future transitions

• Additional revenue streams• What are businesses core assets?

• Customer data• Processes• Functionality• Content

• Future Business Opportunities• Leverage core assets + External Services

2

Business Value

Added value

services

Core Assets

Core Assets + External Services

How To Monetize an API?

• Analytics expose metrics• Access Control

• API call to exposed analytics and reporting services• Every component of APIM is exposed as a REST API

3

Monetization: Transactional

• Transactional Processing• Micropayment solutions• Revenue based on volume• Fee per transaction• API (fee per call)

• Global Cash Card• Experian• Paypal• Google Maps API

4

Monetization: Subscription

• Subscription Packages• Premium Services

• Different SLAs

5

Free

• Minimum SLA

• Entry Level

• Freemium

Tier 1

• Unlimited SLA

• Paid• Unlimited• Premium

Tier 2

• Medium SLA

• Paid• Basic

Monetization: Marketplace

• Drive growth in services through vendor products• API Services to increase vendor visibility• Subscriptions• Commissions

6

Marketplace

Vendor Vendor Vendor You

Monetization: Partnership

• Partnership Expansion • Strategic distribution through revenue sharing• Growth in numbers

• Groupon• Market America shop.com

7

Why API Management?

Access Control Versioning Analytics Documentation

PortalsTestingCaching

Manual• Build your own

• Multiple methods• API Key• Oauth2• Basic

• Be a security expert• Ensure update schedule• Manually manage edits

Managed• Choose method

• API Key | Oauth2 | Basic• Publish your API• Global configuration settings

• Easily updated• Managed software

• Regular update schedule

Access Control

Manual• Build a manual approach

• Stick with it

• Manually update connected consumers of changes

• Create a notification system for URI changes

Managed• Specify the version number

in publish workflow• Choose Lifecycle

• Draft• Published• Deprecated• Retired

• Notifications happen automatically

Versioning & Lifecycle

Manual• Potentially leverage an

analytics API• Build your own

• Complex• High effort level

Managed• Auto-generated• Customized Views/Reports

• Drag and drop

• Detailed statistics• Drill-down click through

Analytics

Manual• Manually Implement

documentation framework• Swagger• RAML

Managed• Integrated Swagger• Subscribers can view

formatted details of APIs• Lifecycle of API• Version/Description• Security Level• Resources

Documentation

Manual• Create a cache layer

• How to cache?• Where to store cache?• What to cache?

Managed• Click the box and specify

timeouts

• Cache response (GET)• Method level caching

Caching

Manual• Build test platform for user

roles• Creating API• Consuming API

Managed• Available Interface for testing

based on role• Publisher testing at creation• Subscriber testing via portal• View

• Inputs & Request details• Returned JSON/XML

details• Status codes

Testing

Manual• Build a new site for

developers to view APIs• Complex project• Resourcing• High effort level

Managed• Roles based portal available

• Publisher Role• Create APIs• Manage subscribers• Metrics Dashboard

• Subscriber Role• Explore APIs• Register Applications• Subscribe to API

Portals

API Management Platform 2016

6

Throughput: single node – More than a billion requests per day!

Negligible latency for thousands of concurrent users < 30ms

Throughput: 1.8x per additional node Users: 2x more per additional node Latency: continues to be < 30ms

Simplified API workflows Intuitive user interface Easy analytics interface

Speedy SimpleScalable

Request Flow of an API Manager7

</>

API Gatew

ay

API Portal

REST

REST

REST

SOAP

Partner

IoT

People

Adobe ColdFusion

Intranet App Server

Cloud Network

Demo

Future Updates and Plans

• Update release target mid-November 2016• Primary Focus on Threat Protection

• Track a range of vulnerabilities• Maximum request size associated with an API• Restrict access to the API based on a range of IP address• Validation of XML/JSON data based on the number of nested levels of data

• configurable by the publisher • DOS, can have many nested levels to break API• specify the schema of what is acceptable

• Prevention of XSS by encoding the input to an API • Protection against CSRF• Ability to enforce HTTPS for the API request to the gateway• 2 way SSL (between API Manager and End point)

9

Future Updates and Plans

• Basic and Oauth added to Test Workflow• Multiple test end points: support for Oauth• Error response in JSON/XML format rather than HTML• Unbundled Installer• User Management:

• SAML Integration for Portals • role-driven

• Multitenancy – Sandboxed Partners• different portals and different administrators• organization level concept with own policies

• JSON to XML and XML to JSON choice

0

Proof of Concept Opportunity

1

21

API Manager

POC

Direct EngineeringResources

No License Required

Hot Fix Support

Step by Step

Guidance

Contact: elishia@adobe.com

More API Focused Sessions

• Powering Adobe PhoneGap Applications with ColdFusion APIs• Monday 2:45-3:45pm

• Build your own secure and real-time Dashboard for mobile and web• Monday 4 -5pm

• Customer Showcase: Bringing the API manager into your existing stack• Monday 4 -5pm

• Deep Dive into new API Manager : Hands on Approach (BYOL – VM install prerequisite)• Tuesday 10:15 -12:30 (Walkthrough)

• Security and Access Control for APIs using ColdFusion API Manager• Tuesday 4 -5pm

2