Conf42 DevSecOps 2022 - Online

Sustainable API Management

Video size:

Abstract

Are you a developer or an architect who’s curious about managing and securing your API throughout its lifecycle? In that case, we’re excited to help!!

With an increase in the number of APIs, it complexities associated with managing the APIs increase proportionally. We need a sustainable solution to manage our entire API lifecycle efficiently. We can achieve this with the help of MuleSoft’s Universal API management. In this session, we shall learn more about Universal API management and how to manage, secure, and govern the APIs effectively throughout the lifecycle By the end of the presentation, you’ll have a fair idea about API Management and how to protect your API ecosystems

Summary

  • Today in this session were mainly going to learn about sustainable API management. I'm currently working as a developer advocate at Mulesoft. Recently published a book named Newsop for Salesforce developers which is currently available on Amazon.
  • Today were mainly going to discuss about sustainable API management. Using universal API management, you can achieve sustainability across the entire API lifecycle. We'll also see that along with a quick demo using different developer personas.
  • Maxi wants to build her new APIs from the scratch and her organization is insisting on using the design first approach. She wants to implement and test these APIs as well. Using anypoint platform, universal API management, and also keeping sustainability on mind.
  • Using the design center, a developer can design her rest API or an asynchronous API. She can also have a guided approach which will help her throughout the process. Once she's done developing her API, she can publish it to exchange.
  • In exchange we have large number of templates which are provided by mulesoft. Can also use them as a case to speed up youll development if you don't want to build something from scratch. Can manage all the APIs using the anypoint Flex gateway.
  • The flex gateway is the fastest gateway. You can manage your API instance from using the Flex gateway. It's fast, because it's lightweight and it's super easy to configure as well. We have also seen Flexgateware using which we can manage our APIs and application on different platforms.
  • Mulesoft is working to make the APIs more reusable and available across different communities, both internal and external. Using the universal API managing and endpoint platform, Mulesoft can achieve sustainability. What are the next steps?

Transcript

This transcript was autogenerated. To make changes, submit a PR.
Hello everyone. Thank you so much for joining me today. Myself, Akshata Sawant and I'm super excited to be with you all at Desiccops. With that, let's get started. Today in this session were mainly going to learn about sustainable API management. With that, our safe harbor statement states that make your purchase and decision based on products which are available today, not on the forward looking one quick introduction about myself. So I'm currently working as a developer advocate at Mulesoft. I've been working on Mulesoft technology for over five years now and I have been a Mulesoft ambassadorist and also a global meetup leader. Apart from this, I've written a few technical blogs and I've been a global speaker. And I've recently published a book named as Newsop for Salesforce developers which is currently available on Amazon. You can also connect with me over LinkedIn and Twitter and yeah, that's it. I also love traveling and photography. So with that, let's get started. Today were mainly going to discuss about sustainable API management, the need for it, how we are going to achieve it, what are the use of capabilities, what is universal API managing? And we'll also see that along with a quick demo using different developer personas. So stay tuned. Were all aware that the use of APIs have increased exponentially. Almost all the organizations have been adopting APIs and just absolutely resulted into API proliferation or APIs falling across different ecosystems, different ecosystems and not only different ecosystem but different platform, different cloud, different environments and so on like that. So it's actually a good sign that the API, the use of APIs have increased. But at the same time we need to take into consideration the issues of the problems that have arising because of it. The first one would be like limited access and visibility across all these APIs. As we lack a centralized management ping. We are not able to manage these APIs. Were not having a full control or visibility or control basically over all the APIs. Inconsistency in managing this API is because we are not able to apply the government policies or security rules across all these APIs as they are present in silos. And suppose if there is a change or there is an error which is arising, so it gets difficult to manage whos APIs or it takes a longer time to debug or evaluate the APIs as they are present in silos. So what we are lacking basically here is a centralized management pain or a sustainable approach towards the management. Today in this session were mainly going to focus on that, like how do we achieve the sustainability. So for that we actually need a new method or a new approach in API management. And that's where I introduce you to the Universal API management platform. With universal API management platform, you can actually manage any API which is deployed or which is built on any system or which is like, suppose I can give you an easy example. You have mule API which is deployed on AWS, and you can also have Microsoft API which is deployed on some other Azure cloud, basically. So with all these two APIs, though, they're deployed in different environments or no matter which technology they're built using, you can still manage them using Universal API management platform on the endpoint platform. How cool is that? Right? So today in the session we'll actually see along with the demo as well, how do we manage it and how do we achieve sustainability. So with that, let's get ahead. So using universal API management, you can actually achieve sustainability across the entire API lifecycle. And it's not just a product which you're going to get or it's not just something like you're going to be applying for one particular developer or a particular road that's going to managing the API. So it's going to be spreading across the entire API lifecycle and it will be giving you a different approach towards API management right from the development case till it's deployed, till it's tested, and also for the management, applying security and everything of that. In this we have previously seen universal API management on any point platform. So before going to the universal API management and what are the different products we have or the capabilities we have to offer and how do we achieve sustainability? Before going that, we'll just see what is anypoint platform. So basically, anypoint platform is the world's number one integration tool. It's an iPass tool which gives you everything which you need or basically everything you need for the integration ecosystems. But you can say that there's a lot more to it than that. You can actually manage the entire API lifecycle. You have pre built assets, templates, accelerator which helps you to actually accelerate a speed of development, giving you a higher return on investments. And yeah, there are different capabilities, there are different connectors which are available. It actually gives you a full fledged package and everything to manage under one roof, one ecosystems. You can also manage APIs, you can have security, you can do monitoring, you can do everything that is needed for an API to be a full fledged and in professional way. So with that, were going to learn what do we have for universal API management and what do we mean by universal API management with these three developer personas. So basically we have Maxi here who's can API developer. We have Dan who's an API owner, and then we have Sarah who's an API product manager. So all of these three, they have a different goal to achieve. And we'll see how do we achieve these goals. Keeping sustainability on mind. And then yeah, moving ahead, we have the first one who's Maxi. She wants to build her new APIs from the scratch and her organization is insisting on using the design first approach and she wants to catalog her API. She wants to implement and test these APIs as well. And then she wants to deploy and monitor her API, her performances. So let us see, how do we help Maxi to achieve all of this using anypoint platform, universal API management, and also keeping sustainability on her mind. Firstly, she can design her API using the Anypoint design center using which she can design not only the rest APIs, but also the async APIs and she can design it using the Raml or OAS, whichever format she's comfortable with. She can also import any of the API which she has like the pre existing ones and then start designing. Apart from this, if she's completely new to API designing and she is not, were about how to go to any point design center can help her with a guided process which will be automatically designing APIs for her just based on our instructions. We'll see that in the demo as well. She can also use some pre built assets as a help if she wants some help designing the API or if she wants to fasten her development, she can use some pre existing assets as well. And if she wants to use any of her favorite, you can say a VI editor like visual studios, basically an editor. So she can connect the editor as well with the Anypoint studio and get her development done. Development of API done. Now once the development is done, she can also test this API as the endpoints in the mocking services which we have on anypoint platform. So that will kind of give her can assurance or a confidence. But you can say with the help of when it comes to API services, like how the API is going to be, how the response is going to look like and so on. After, once the API is done, I mean once she's done designing her API specifications, she can import this API into any point studio which is like the Mulesoft's native studio built on top of Eclipse platform. And she can actually start with the implementation, implementing the APIs in form of mule application wherein she can find different connectors which she, I mean, it's a no code platform, she doesn't have to write the code from the scratch. She'll be having the pre built connectors and everything to help her accelerate the process. So let's head over to anypoint platform and see how we can help Maxi to achieve her goal. Currently we are in anypoint platform, the Mulesoft unified solution for entire API management. So using this, Maxi can actually achieve her goals. She can design an entire API from the scratch, she can publish it, she can manage the APIs across different environments, and she can deploy her API on cloud. So let's get started with the first one which is designing her API. So using the design center, she can actually design her rest API or an asynchronous API. You can give some project name as she can design Raml or an OS. She can also have a guided approach which will help her throughout the process while creating an API. And then she can give her API name, she can select the protocols and the media type. And if you see towards the right hand side, the code has been developed. It's in Ramble, you can have it in OS or you can edit it in the ramble, you can download it, you can have it edited in your favorite code editor as well. And then she can have a base UrI if she wants. She can basically have everything just without writing any of the code, and it will be auto populated. So it could be like get orders. And if you can see the protocols methods, updating the get orders, post orders. And then once she's done developing her API, she can publish it to exchange. So exchange is basically the repository where we have the collection of assets and stuff, publishing to exchange. You can also have a version control where you can maintain the assets and the API version and the lifecycle development stage. So while it's publishing to exchange, let's have a look at the pre existing APIs and see how we can apply or how we can start maintaining or achieving sustainability right from the scratch when we are in the governing stage. So while we are in the design center, I already have a pre existing API on which I have applied the security schema and stuff, and I'm making sure that the API governance policies, the best practices has been applied. So I have already applied the rule set over here, a security rule set which states that for any point, security, best practice and also see in file. So it will ensure that all this thing, the validations and stuff are being taken care. The rule set, basically it will ensure that the validation practices, the security and the best practices are taken care. So if my APR, if I have a new developer who's trying to violate this validation sort of security best practices, if they're going to miss out something, my API will be giving me out an error. So in this case I'm actually ensuring that my security best practices, the validations and everything is applied. It's in the development stage and I'm not waiting for it till the end or I'm actually saving lot more iterations as well. So here you can see some endpoints, so I can actually try out the endpoints and see how it will look like what kind of response am I going to get using the endpoint, using the mocking services. So here you can see I got a validation error, a bad request because I had not entered the basic authentication. So let me give some username password and then send the API which will give me a proper response as I'm, it's not actually validating the credentials, but it's making sure that it's kind of mocking it or it's simulating the response and request. So yeah, that's the beauty of it. You're actually designing an API simulating it. You're mocking the API, the response and stuff at the designing case itself. Moving ahead, let's go ahead to exchange were we can see how we have the templates and how maxi can actually leverage the templates to speed up a development process. So in exchange we have large number of templates which are provided by mulesoft. It could be templates, example policies, different types of APIs and stuff. You can also use them as a case to speed up youll development if you don't want to build something from scratch. So let's go to one of the APIs, a rest APIs and see how everything is documented or cataloged at one single place. So I have all information about a particular endpoint just in documenting it. So this basically gives me all the information I need to know about an API. I may be a technical or a non technical person, but still I'm able to easily understand my API. It acts as my API repository or an API documentation and I have everything at one single place. You can also download it and share with external users, or you can give them access and they can also view it on exchange. So basically you're collaborating with different developers, different team members and bringing them all to view your APIs, to view your access assets at one place. So this is anypoint studio and you can actually design your new application using what you have built the API which you have built, you can import it, you can get your API scaffolded and design the application. You do not have to write the entire code from the scratch if you want to connect to different connectors, different end systems, basically. So you can just drag and drop any of the connector, whichever process you want to work with and you can configure the connector using the configuration details and you're good to go. So this is anypoint platform Mulesoft native studio which is built on top of eclipse and you can see how easily you can design or build youll mail application. All you need to do is you can import your AML and you can scaffold it. If you want to connect to different end system, you have different connectors which are available. There are a few here, but you can import a few more from exchange, like whichever end system you want to connect into. So suppose I want to connect to Salesforce and I want to need some batch info. I can just drag and drop the connector and I can configure it using my salesforce credentials and then I can test some connections and I'm good to go. I do not write the code for this from the scratch, the code will be written for me. So it's basically a no code tool. Youll can perform some complex logical transformation using database as well. And yeah, you can do a lot more with it without writing the entire code. You just have to focus on the integration part. So we have seen how Maxi was able to build her new APIs from the scratch. She was able to test her endpoints as well using the mocking services, and then she can build her new application using the endpoint studio and also publish her assets to exchange, or use the pre existing assets from exchange to speed up to development time. So we have Dan who's an API owner, and his main responsibility is to manage all these APIs, to apply security policies, best practices, to deploy proxies, to have monitor his application, monitor the performance, approve SLA contracts as leaders, and to ensure that all the governance policies, security policies are well in place. So let's see how we can help can to achieve all of this using the mules of anypoint platform using the universal API management. So firstly, can can manage all the APIs using the anypoint Flex gateway, which is like the fastest gateway. It's fastest because it's lightweight and it helps you to manage any application, whether it's non mule mule application non mule deployed anywhere across any server. So it's actually the combination of the latest technology combined with the speed. Apart from this, you can actually manage all the applications API services on the API manager. You can apply different policies, different security policies, different schemas, different governance rules. You can monitor the performance of API using a custom dashboard, or you can use pre existing dashboards. You can monitor the performance throughput using the interactive graphs. Apart from this, you can also have the API governance which makes sure that you're applying the proper rule sets and standards best practices to your APIs. So let's head over again to anypoint platform and see how we can help can to achieve sustainability and how we can achieve scope. So currently we are in API governance where we'll see how we apply standards and best practices to our APIs. We can create some new API profile and we'll make sure we're applying some security best practices or standards. I can give it any name like security best practices and then some description of what it's doing, and then I can apply some rule sets like any point best practices or whichever rule sets you want to apply basically to your API. So I'm selecting these two of them, the endpoint best practices and the security best practices. I can select some tag if I have applied, I have applied some securing tags to my APIs as well. I can select which API I want to apply the rule sets and it's giving me just one API after applying the filter. And if there is some error, if the API becomes non confirmed, it's going to send an email to basically the API publisher or API contact if there's any available going ahead. Yeah, I have created this profile, so it will ensure. So if you see the profile it's currently giving me, let's see what are the results that we are getting. So basically it's a non conformant. It has passed some of the, it is still evaluating on the best practices, but it has passed the authentication best practices. So if can API is conforming to your standard, it will be giving you green mark, which is like conformance. If it is not, like, if it is at risk, if it's not conforming to the best practices of the security standards, it will be giving you a red non conformant and an alert will be also sent to you. Yeah, so there is a few of the security rules that are not passed by my API, which we had seen previously. So that's how it is giving me a lot. So out of the two, one of them is like it's good, the other one is not. So if you previously, if you have used sonar cube, so you must be aware like how you used to apply coding best practices and standards and then used to get the bugs or severity issues as well. Severe, not severe, good. Similarly, you're applying this thing to API at the development stage, which is actually good because you're preventing further iterations. Let's go ahead to API manager and see how we can manage our API. API manager is actually the one place stop where you can actually manage all your APIs. So I already have an API instance which I've created over here for my API and I can apply some policies. Security policies, not necessarily security policies. I can have different kinds of policies like quality of service, compliance, transformation, troubleshooting. So inside I have already applied a basic authentication policy. I can have IP allow list, block list, JSON threat protection, JWT policy, call us and I can apply it to my API. You can see like already the stuff has been configured. You can see that already everything has been configured. You can select the algorithm you want to or JWT key, you can select all the claims and all and you can just apply. It's that simple to apply a policy to your API and it not necessarily be a security policy. You can apply some transformation or troubleshooting or message logging. You can apply some loggers to your APIs and you don't have to actually make any changes while it's in the development stage. You can add like whatever logs you want to be displayed, you can add them as well. So you can actually debug or troubleshoot your API while it's still deployed. You can have some alerts set for your API which will be sending you out email if there is anything which is going wrong behind the scenes, if the response time is like if it doesn't timed out, or if the policy has been violated. So you can create some alerts, you can group your APIs into different contracts, youll can have different SLA tiers like I have set one for incoming traffic which will be like you can create your own slatrs as well. And apart from this, let's go ahead and see more about the flex gateway which we discussed. Let's go to runtime manager. So runtime manager is actually the place where you're going to have all your APIs or deployed. Okay, I have deployed a few APIs, deployment fail, deployment. I have deployed basically on cloud app. So that's how it is. You can actually manage the state of your API over here, like where it is deployed, how is the state, the logs and everything associated to an application basically. So this is a new application which I have deployed on cloud API, going ahead to a flex gateway which I had mentioned previously, it is the fastest gateway. So I can actually create a gateway wherein I can select my os or environment where I want to host the gateway. And then there are the steps to deploy to install the gateway. The Flex gateways are also mentioned and then you can manage your API instance from using the Flex gateway. And it's fast, as I mentioned before, because it's lightweight and it's super easy to configure as well. Going ahead. So we have seen how we can help Dan to achieve his goal to apply security best practices standards across his APIs, to monitor his APIs, to apply some governance rule sets, and see if the API is conformant or not using the API governance. We have also seen Flexgateware using which we can manage our APIs and application on different platforms. So moving ahead, we have Sarah who is an API product manager. Her main responsibility is to group the APIs to make them adoptable, available across different communities, both internal and external. So how rare it is that you have an API which you have to reuse, built for some different developers and you're doing it without any hiccups? That's quite rare, right? So we need to ensure that we are making the APIs more reusable and more easy to reuse basically. So let's see how we can help Sara to do this. So Sarah can use API manager to make sure that we are grouping the APIs rightly, so that if any other new developer wants to use the API, he or she can basically use the API manager. You can also document the API, as we have seen previously in our first demo, using the anypoint exchange. Or you can make them available to the other developers community or your own internal community using the anypoint experience hub in the community manager. So let's head over to anypoint platform and see how we can engage our developers and different communities in order to adopt our API and increase the visibility of APIs. So currently we are in exchange and you can see there are several assets which are already available to provide by Mulesoft, different policies, temples and all. You can also go to your organization data and you can have youll organization API which you have already published as a repository. You can create your own repository as well. You can share it with the collaborators, both internal external. So I already have an API which I had deployed, which I have published to exchange, and I have also provided some documentation endpoints for this API. So this is how we are going to help Sarah to achieve sustainability and achieve her goals basically, which are like creating an API reusable and making sure that it's been adopted. So we have provided all the documentation resources for API at one place. We can also see, we can share this API with the collaborators, we can make it public as well while maintaining the versions. You can add the teams with whom you want to share the API with and you're actually making sure that both technical and non technical persons are able to use these APIs and they will be knowing basically what the API consists of. And you are already exposing your pre existing assets which makes them more reusable. So you can create more customized experiences in the endpoint experience hub, API experience Hub and the API community manager. So that will give you a more customized dashboard, a more fancy way basically of doing collaborating your API or making them available to the community. So you have seen how we have helped Sarah to achieve her goal, that is engaging a community, making her API more adaptable. So we have done this using the anypoint exchange, but you can do it similarly or with a more personalized customized experience using the API experience hub or the API community manager. So I've seen how universal API managing and endpoint platform helps us to achieve sustainability. We can have our APIs deployed across using any technology, at any platform, on any cloud, and we can still manage them under one roof. This has actually accelerated a speed of development and ensuring that we have higher return on investments. Apart from that, we also get modern architectures. We can actually deploy or use any technologies we want and we can still manage them under a single platform, on a single roof. And as we are managing all of these things under one roof, we are making sure that we're gaining consistency, security and reliability. And we are also able to exchange our APIs. We are able to collaborate them with the external users or with the community and thus making sure that the APIs are adoptable. And we are making sure that were creating a vibrant ecosystems with the help of that. So with that we have learned how we are able to sustainable, basically, what was the need for sustainability and how are we able to achieve sustainable API management using the universal API management. And on the endpoint platform we have seen the different offerings for the universal API management and also how to achieve sustainability. We have seen to the different developer personas and throughout the EPA lifecycle how we can achieve sustainability under one roof. So moving ahead, like what are the next steps? You can join Mulesoft community and you can participate in different initiatives. You can learn more from Mulesoft community. You can watch us live on Twitch every Thursdays and you can also join endpoint platform for free, the 30 days free trial account. You can try out all of these resources and the components capabilities which I've shown you today as well, for free for 30 days. And yeah, if you guys have any question, you can reach out to me directly or you can can this QR code. I would be happy to connect with you all over LinkedIn and Twitter as well. And with that, thank you so much for joining us today.
...

Akshata Sawant

Developer Advocate @ MuleSoft

Akshata Sawant's LinkedIn account Akshata Sawant's twitter account



Awesome tech events for

Priority access to all content

Video hallway track

Community chat

Exclusive promotions and giveaways