API Essentials for

Every Stakeholder

© 2017 Rogue Wave Software, Inc. All rights reserved.

Introduction Enterprise
Architecture
The Challenge
APIs, by virtue of their openness and utility, tend to touch many How does a group of IT
areas of an IT organization. As a result, API success usually means Designers Business professionals in diverse roles
devising an API strategy that will serve the diverse needs of people come to a decision regarding the
in various roles who rely on them. The right tooling for API design APIs right API tools? Figure 1 shows
and management are essential to ensure that all roles feel served by the main roles that are affected by
the API strategy. This can be as much an organizational issue as a Security Integration
the choice of API platform. Each
technical one. role faces specific demands from
internal customers. APIs are core
This paper reviews some of the key players who have a stake in API Operations
to many of the most pressing
strategy, including API designers, integration developers, API product Figure 1
workstreams for each team.
managers, operations leads, security architects and enterprise
architects. It looks at how an API platform (or platforms) can address A large organization will have an ecosystem of teams involved in trying
the distinctive needs of each role as they come to devise and to interact, cooperate and agree on an API strategy. In contrast, a
implement an API strategy. smaller will have a small group or even one person that is responsible
for managing everything related to APIs. However big the organization,
though, the selection of an API platform hinges on buy-in from decision
makers who understand the reward of implementing API as a proven
and essential business tool.

The competitive global business environment sets the context for the
selection of an API platform. To be competitive, many businesses today
are connecting with customers through systems of engagements as
enabled by APIs. Examples include new mobile apps, customer-facing
web applications and Internet of Things (IoT) systems. These all have
very fast lifecycles, as teams need to respond quickly to the demands
of their business. The APIs involved connect critical information
systems with data assets. Some systems are proprietary and legacy.
Others are brand new.

Figure 1 - The people and teams that work with APIs. Each has their own
specific needs and expectations.

© 2017 Rogue Wave Software, Inc. All rights reserved. page 2

The Solution:
Support Each Role Involved
The API strategy, as realized through an API platform, must support
each role in order to succeed. The support has to track across the
complete API lifecycle, from design to deployment. As part of the
process, the API might best be viewed as a product with its own
customer-facing characteristics. Security is non-negotiable. From
this perspective, the following sections discuss how API management
tools can realize the needed support for each role. The Akana API
Management solution serves as a reference point.

API Designer
The API designer typically recommends development tools. Given the
prominence of design as the first stage of the API lifecycle, the API
designer has significant influence over API design and development tool Figure 2 - Focus on your API Design. There is no need to be an expert on any
API Description Language specifications. We take care of that for you
choices. To design a proper API, the designer or software developer
always wants flexibility in choosing tools and the freedom from being In the Designer’s world, flexibility, creativity and ownership are
locked in to API description languages. The Akana API Management key. Akana gives designers freedom to design and document
solution makes this possible. APIs in the new graphical designer that supports markdown.
Designers can import Swagger, RAML, WSDL or WADL and
By having the API Description Language (API DL) specification
then continue editing in the graphical designer. The design
automatically generated, the designer will not have to have detailed
team then has the freedom to export Swagger, RAML, WSDL
knowledge of changing the ever changing API DL and will be able to
or WADL to use with their favorite client side or server side
concentrate on other priorities.
code generators and IDEs. Additionally, designers can manage
It is implicit that the designer focus on the API Design. Figure 2 shows the API JSON and XML models.
what this looks like in the Akana user interface. There is no need for
the designer to become an expert on any API description language
specifications. Akana will take care of that for him or her.

© 2017 Rogue Wave Software, Inc. All rights reserved. page 3

Integration Developer API Product Manager
The integration developer and development team are concerned The API Product Manager is responsible for creating a valuable
with consumable APIs with ease of use and seamless integration. product offering to match the corporate strategy. This may be
Their goals are to quickly transform SOAP to REST, as a declarative a new way of thinking about IT assets, but an API is essentially
mediation out of the box and be able to rapidly compose new API a product that can be acquired and used by customers and
services from several sources. It is essential for the integration partners. As such, it requires product management. Tactics
developer to easily be able to redact confidential data and make include managing the provisioning of services and creating a
sure that everything works in harmony. Thus, the integration clear channel of communications with developers. The product
developer will have the luxury of deploying new mediations in manager will be the hub of integration, responsible for “the
days instead of months. business of the API.” This includes generating businesses
progress reports.

Figure 3 – Rapid delivery for integration developers - deploy

new mediations in days, not months

Integration developers are provided with security policy mediation,

to mediate between REST APIs, using OAuth to a SOAP service
with sophisticated WS-Security Policies. Integration has the power
of orchestration by creating APIs from scratch by integrating
multiple services together. While orchestrating several APIs
together, the integration developer can leverage the slit and join
Figure 4 - Have a complete global view over your API business with operational,
functionally that enables APIs to be executed simultaneously consumer, and business analytics
in separate threads to improve performance. Another benefit is
the ability to transform and map content from one object type
to another with both declarative (XML<> JSON) and prescriptive
(XSL-T, FreeMarker). Finally, Integration has the ability to decide on
how to script; to write and deploy code in Python, Beanshell, Java,
or JavaScript to augment policies or orchestrations.

© 2017 Rogue Wave Software, Inc. All rights reserved. page 4

The API readily offers production tools for the API product manager to 5 Content Filtering

create a community experience for each consumer segment. This includes 6 Rate Limiting

internal and external partners. The Product Manager will have the power to
1 Authentication & Authorization

streamline partner onboarding to launch the first transaction in a matter of

days and not months. 3 Message Security

The product manager is given the following capabilities to streamline the

process:

• Socialize through configurable developer tools 2 App Key Validation/Licensing

4 Threat Protection
• Document APIs with auto generated Swagger docs and add addition
supporting documents and media
Developers
• Monetize with licenses and SLAs

• Provision app keys and secrets with configurable workflow

Figure 5 - Reduce risks by consistently applying and managing security policies
across all of your services and APIs
• Test with the inline Swagger documentation testing tool complete
with security

• Client code generation enabler through exporting of the appropriate Security Architect
API Description Language for APIs
Security. The word itself evokes layers of reaction. The security
• Search and filter across all artifacts in the developer portal with full architect needs every assurance that integrating external
index capabilities systems will be secure. He or she usually wants to proactively
monitor all the latest threats and have up-to-date threat
• Groups to enable API segmentation protections, not only of internal data but also of outside threats.
The API provider must build in vital security mechanisms and
• Boards for new requirement requests, defects, and community support
expertise to protect the client.

© 2017 Rogue Wave Software, Inc. All rights reserved. page 5

For the security architect to be comfortable with current real-
time API security standards, there must be integration with Operations Lead
legacy standards and the power to quickly respond to potential
The operations lead is concerned
bad actors and system hacks. The security architect needs to
with protecting backend services.
think of the complete channel from the client all the way through
Operations will also be concerned
to the backend systems. The API Management vendor should
with enforcing service level
be a partner in API Security managing the complete channel,
agreements, SLAs, (set by the
keeping the security architect up to date in this very fast paced
product manager). Priorities will
environment.
include being able to scale globally
A common challenge exists where a client may not have one and being ableto manage and
dedicated cyber security employee. There is usually a team drawn
monitor the distributed
from various parts of an organization with security being just one
environment. Operations will find
piece of professional tasks and responsibilities. This should be Figure 6 - Configurable Traffic Shaping for your
tangible benefits in shaping traffic API operations lead - Shape traffic through
taken into account when presenting enterprise API as the next configurable policies and have it immediately take
through configurable policies and
logical step for companies aware that they must keep evolving in effect once applied to your APIs; receive alerts
having it immediately take effect when SLA policies are nearing their thresholds.
the ever-changing tech world.
once applied to their APIs.

Operations will establish, monitor, alert and enforce multiple service

level agreements and will receive critical and actionable alerts
when SLA policies are nearing their threshold. The API Operations
Lead can shape traffic through configurable policies and have it
immediately take effect. Once applied to the APIs, policies can have
the power of throttling by controlling just how much traffic each App
can send to an API with throughput, bandwidth and concurrency
policies for each App.

Akana provides SLA reporting and enforcement by empowering

Operations to define, monitor, alert and enforce service level
agreements for each App consuming APIs. The platform gives
Operations free rein for global traffic management. This essential
segment of the business can then globally deploy API endpoints
using the Akana GTM solution to route traffic to the closet endpoint.

© 2017 Rogue Wave Software, Inc. All rights reserved. page 6

 Akana offers the enterprise architect DevOps Automation,
deeply integrating with common DevOps platforms such as
Jenkins, JIRA and GitHub. Akana provides asset relationship
visualization, determining how assets (requirements, models,
schemas, service, APIs, Apps, etc.) relate to each other, and to
fully understand the potential impact of any change.

The Akana Platform

The Akana Platform provides an end-to-end API Management
solution for designing, implementing, securing, managing,
monitoring, and publishing APIs.
Figure 7 – Scalability and deployment flexibility – choose one or more deployment zones
that fit your company’s needs. Akana enables scaling from there

Enterprise Architect
The enterprise architect is responsible for establishing the architecture
for the entire enterprise for all the API strategies. In a large enterprise,
there is a likely possibility that there may be several different API
initiatives functioning across different lines of business. With this
sort of involved environment, the enterprise architect has to feel
comfortable that the architecture in place can be scaled easily. The
interface for managing the architecture should be simple to use
regardless of how complex the architecture might be. The architect will
want enterprise API Management that can simplify their architecture
Figure 8 - How Akana Fits Into Your Existing Architecture
and reduce costs. Most importantly, the enterprise architect must
ensure the compliance and the auditability of the solution.
The platform has been broadly adopted at major enterprises,
In order to achieve control and auditability for the enterprise architect, especially in the financial sector. Four out of the 5 top US Banks
Akana provides asset version control, which is a fully customizable use the Akana platform for API management and security.
workflow for APIs, Apps and other assets. The system allows for multi-
level approvals as needed, with full decision auditing. Agility comes
from DevOps, but Akana provides the control to let the enterprise
architect know where and how fast to go, to ensure the architect is
driving business in the right direction to avoid hazards.

© 2017 Rogue Wave Software, Inc. All rights reserved. page 7

• Comprehensive API Design platform - You can use a graphical tool
to design your API from scratch or you can import API descriptor Conclusion
language of your choice. Once you have your design complete, A successful API strategy depends on how well the needs of
the platform will then automatically generate all the common API each unique set of stakeholders are addressed by API lifecycle
descriptor documents for you. processes and API management tooling. To work, an API strategy
• Security - The Akana Platform lets you secure your APIs, protecting must fit with the responsibilities and goals of API designers,
sensitive data while allowing access to authorized Apps and users. integration developers, enterprise architects, security architects,
API product managers and operations leads. Each role has
• Traffic Control - Control the flow of traffic through your APIs with a specific requirements for an API management platform. The Akana
rich set of routing and Quality of Service capabilities. API management platform is known for providing an effective
mix of capabilities and flexibility. As demonstrated in enterprise
• Seamless mediation capabilities - Create modern, well-structured deployments, Akana is able to fit the unique and demanding
APIs from legacy assets with ease. It provides declarative mediation needs of each of the major roles that influence API strategy.
out of the box and includes a comprehensive orchestration capability
where needed to create APIs from multiple backend sources.

• Turnkey Developer Portal – The developer portal provides a social

platform for API developers to design and document their APIs, and
App developers to find and consume APIs. The Akana Platform is
ideally suited to connect with different audiences.

• Powerful Analytics Engine - Built using a massively scalable,

globally distributed noSQL store that is architected to meet
international data privacy standards, click here for more information
on our analytics capabilities.

• Fully featured Lifecycle Management System – This helps ensure

that you are building the right APIs, that you are building them
correctly, and that they are meeting the needs of your business.

Rogue Wave provides software development tools, components, and platforms for
mission-critical applications. Our trusted solutions address the growing complexity
of building great software, and accelerates the value gained from applications across
the enterprise. The Rogue Wave portfolio of complementary products and services
extends the life of legacy applications, accelerates building new software, and provides
secure access across the application ecosystem. With Rogue Wave, customers improve
software quality and integrity, while shortening development cycle times.
roguewave.com

© 2017 Rogue Wave Software, Inc. All rights reserved. page 8