Amplify Platform

Q&A session on "API Management" at the Axway EMEA Partner Summit

You will find below an extract of the key topics we discussed with partners at the roundtable I animated at the Axway EMEA Partner Summit. Before going further, I would like to thank everyone who attended this session, I appreciated very much the pleasant interaction we had.
API_Management_round_table1


question1Are APIs restricted to the HTTP Protocol?
=> They are not, there have been APIs available for the past few decades to interact with existing systems and chips. But we are considering here Web APIs—both SOAP and mainly REST APIs—that provide an easy way for (web) application developers to call services over HTTP. Web APIs have become the new de-facto integration standard for digital projects.

Crossing the bridge between internal IT and the public Web is often complex due to the diversity of exchange formats and identity systems that were acquired over the years—most of the time over the past decades. Web APIs help bridging this gap.


question2Are REST APIs the only driver for Web integration today?
=> REST APIs are not the only driver today; for mobile, for example, there are important topics to consider such as push notifications, media storage, key-value pair storage…. And to execute processes within the company and implement a microservice architecture, messaging systems like JMS or MQ Series are extremely important. It’s crucial for companies to use technologies that can provide those mechanisms and that’s what the Axway API Gateway and Appcelerator Arrow do.


question3Which additional value does Axway API Management Plus solution provide?
=> By combining the Appcelerator Arrow and Axway API Management solutions, Axway offers a streamlined experience between the front-end developer and the back-end developer. The front-end developer can easily consume APIs he needs via a developer portal; those APIs have been created, secured and published by back-end developers into this same portal using an API Manager admin interface.

APIs can be created in different ways: either out of existing data sources and cloud apps or out of legacy internal systems and applications. Every scenario requires a different approach that Axway opinionated frameworks can help with.


question4 How to position API Management compared to the combined use of an AIM and a Web firewall?
=>Web firewalls are mainly aimed at securing web pages and web forms rendered by a Web server. Very often a security breach leads to security patches for the Web site but companies often forget to update security for APIs and this makes them become the weakest point. Axway API Gateway is a Policy Enforcement Point that enforces security both at the network (DDoS attacks) and the application level (parameter injection, content threats) thanks to an embedded API firewalling engine.


question5What about 2-factor authentication?
=> Axway API Gateway can integrate with two-factor authentication systems thanks to policies.


question6What about fine-grained authorization?
=> Axway API Gateway can integrate with IAMs (Identity Access Management) of the market. In case of need for a fine-grained authorization based on specific attributes that are not available in the identity systems – such as age, region, time of the day … we can combine our product with our partner solution Axiomatics that implement those specific authentication schemes. Axway recently implemented such a fine-grained authorization project at the Danish Defense. To learn more about how this works, please check out our Axiomatics Axway solution webinar


question7What does Axway have to offer regarding the data privacy act?
=> Lots of customers are under the gun. Axway API Management is compliant to data privacy laws by enforcing data encryption and message signature. Regarding the data storage, we are following the certifications processes of our customer governments. We can implement mechanisms to fetch and send the data where needed without storing it at unauthorized places.


question8What about the Mobile SDK. Will there be a bundled offering for a Mobile gateway?
=> The Appcelerator solution allows us to do a lot of things regarding mobile, this is a full MBaaS solution and this can also help developers create APIs for microservice architectures.


question9When to start to think of an API Management project?
=> When your APIs start to multiply and you get into an “API Spaghetti” syndrome. Or when you have new partners asking you to connect with their APIs instead of files or XML messages. New mobile apps might also require stronger security at the back-end level and an API Management solution will provide both the security needed and the reuse of APIs for further projects.


question2Why is the ROI so quick for an API Gateway project?
=> There are often lots of silos in the IT department. This is why it is important for project teams to follow compliance security checks… If you multiply the number of projects by the time it takes to make those checks, it results in a massive amount of time. By delegating the security policies and the identity mediation to the API Gateway, the development teams don’t need to bother any longer on security and can reduce by 90% the time needed to deploy their projects.


question1As large governance projects are becoming more and more important, how do I choose between ETL, ESB, API Management technologies …
=> We don’t encourage our customers choosing between those technologies because they have different usages. ESB is used to connecting internal applications together through multiple adapters and exposing the services via SOAP Web Services. They were not designed for exposing these data to external channels. API Management solutions, on the other hand, were initially designed to secure the traffic at the edge— including mobile, Cloud, partner messages. ESB is there to stay, but we think that they will go away in the long term and will be replaced by lighter API-based integration. API-based technology is the future, it costs so much less and we already start seeing some customers moving away from large infrastructure.


question3 How do we manage the changes within the organization when exposing data with APIs?
=> APIs are both an interface and a contract. You cannot change their contract easily because applications using them might be impacted. We usually manage by adapting the endpoint policies: the interface remains the same but the policies can be modified with our Policy Studio IDE to adjust to the changes of the external systems. If you absolutely need to change the API contract, you need to proceed to proper versioning management.


question4How does Axway intend to promote APIs for PSD2 regulation in banks?
=> With the new Payment Service Directive PSD2, banks must expose their payment services to external companies such as fintechs or other payment providers in order to foster innovation in Financial Services. Deadline is around 2018. Axway helps banks go through such as transformation and secure the APIs to access their payment services. To know more, please check out how Axway helps banks with PSD2.


question9What is in the upcoming release of Axway API Management?
=> We are announcing very interesting features such as Team development for DevOps, an improved architecture to leverage Cassandra cache and WebSockets, a better interface with Swagger and RAML and an Online Axway API Management trial available through axway.com

Learn more about AMPLIFY API Management here.