API Management has often been an example of “Rogue IT”, used by line-of-business and to manage their Web APIs. These Web APIs are often tactical in nature, servicing a particular mobile app or a specific partner integration. As such, API Management most of the time is found outside of Enterprise IT. So how can API Management become Enterprise API Management? The answer lies in tying API Management into enterprise Identity Management, into existing network monitoring and alerting, and tying API metrics into other enterprise metrics gathering. We discuss at particular customer case studies in which API Management is brought from being tactical to being strategic for the enterprise.
Enterprise API adoption has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. This talk focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question – and you need to deal with it quite carefully to identify and isolate the tradeoffs.
Security is not an afterthought. It has to be an integral part of any development project – so as for APIs. API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. The talk will elaborate how to build an ecosystem for API security around OAuth 2.0, OpenID Connect, UMA, SAML, SCIM and XACML.