SEEBURGER Business Integration Suite Accelerate Business-Driven Innovation with IntegrationDownload whitepaper now
SEEBURGER Cloud Portal We provide Cloud Services to make your company more flexible and agile.
Log InSign Up
How can we help you? Rely on highly qualified support – around the clock.
Support HotlineService Portal
BIS 6.7 – Now Available! Customers using BIS 6.7 benefit from agile and scalable integration solutions for the digital shift and a variety of operating models.More about the Major Release
Jobs at SEEBURGER – Shape your future with us. The "Who is who" of the economy rely on SEEBURGER – you can trust in SEEBURGER as an employer
APIs connect applications, systems and partners in real time. From mobile apps, e-business or cloud, to on-site or point-of-sales connections, APIs enable fast, secure, easy access to data and business processes. They enable interaction between systems, applications, mobile devices and apps.
We will answer these questions: What are APIs, exactly? Why are APIs so important? What opportunities and possibilities do APIs offer? How are APIs managed? What does API Full Lifecycle Management include?
We will also introduce you to a useful API solution and answer the most frequently asked questions about APIs and API Management.
Application Programming Interfaces (APIs) integrate business processes, services, content and data. They connect partners, systems, internal teams and numerous other sources easily and securely.
APIs shape the digital world. Today there are more than 20,000 APIs listed in API online portal directories, with several hundred being added every month, and the trend is rising. In addition, only public APIs are listed in these directories. If you consider the countless APIs that are currently used internally by companies, the number 20,000 is conservative at best.
APIs enable existing application functions and data to be leveraged by other systems and applications. This means, for example, that with an API, data within a company database can be made available to other internal systems (i.e. legacy system integration). Before APIs, only isolated or locally used resources could be made available to other systems.
➞ The better a company is internally integrated and the better it connects different applications with each other through APIs, the more accurate and comprehensive the information it obtains, for example, about its customers and itself, which gives it a significant competitive edge.
In addition to internal networking, APIs can also open the door to the outside world for companies to innovate, create new business models and take advantage of their digital transformation. Many companies are already providing APIs to suppliers, customers and other partners to help them access relevant information. In addition, APIs allow this information to be directly implemented into other systems, where it can be accessed in real time. How professional API management can help you stay on top of things is explained in chapter 5 - "API management - how does it work?”.
➞ Where external partners get access to internal APIs, it is often possible to develop a business model that generates additional revenue. There are virtually no limits to the opportunities.
> to top
API is an acronym for Application Programming Interface. Application Programming Interfaces play an important role in software development. A program provides its functionality to other programs or systems via interfaces, so-called APIs. These APIs connect applications and systems with each other, open data silos, enable developers of new applications to access and reuse existing applications and data sources. They can open various functional units to the outside world and connect platforms with ecosystems. They are designed for real-time scenarios, less for mass data, and enable today's interactions between any system, application, mobile device or app.
In short, APIs as interfaces provide a standardized way for clearly defining the kind of data or functionality a system or application can provide in real-time. These quick and easy entry points to systems and applications have transformed entire business models and initiated completely new strategic business orientations.
Depending on how APIs are used, they can be categorized in three different types of APIs:
Learn all about the way APIs work in our detailed blog "What exactly is an API"
When Amazon founder Jeff Bezos proclaimed the API First strategy in his famous mandate in 2002, he was already aware that the digital future will be built on a strategy of data opening - not only internally, but also externally:
Thank you, have a nice day!
Two points of this mandate are critical to the development of APIs and the status they have achieved today:
Point 1 From now on, all teams will provide their data and functionalities via service interfaces (APIs).
Point 5 All these APIs must be designed to be externalizable - without exception. (Must be shareable with the customer or the outside world)
So Jeff Bezos first dictates to develop APIs internally, according to the company's own needs (which ensures their practicality). In the following, he orders the synergy effects with business partners to design these APIs from the start in such a way that they can also be used externally.
➞ The development of new services, business models and features is much easier in an IT landscape characterized by API interfaces. Companies are thus prepared for the future in the long term and more attractive for employees, partners and customers. However, the prerequisite for the efficient use of APIs is always professional API management.
This is THE reason why Amazon is so successful.
Providers of large, electronically controlled machines are now able to centrally monitor machine data using APIs. Each machine is connected to the system via its own APIs and transmits various data at regular intervals. Possible malfunctions and wear are detected at an early stage, maintenance can be provided, and spare parts ordered or exchanged when needed. In conjunction with an API-based infrastructure, this data can be directly networked with the ERP system, inventory, employees, etc., providing multiple opportunities for new efficiencies.
However, the scope of APIs goes beyond machine data. In fact, there are literally no limits to the possible applications. From sensors on a highway, to shipping containers to a cargo bay, data is transmitted via APIs to communicate with stops on a supply chain. Intelligent household appliances can be controlled via applications, desktops can be woven into a communicating IT infrastructure, and external partners can be connected and integrated into your partner portal, all via APIs.
The boundaries of APIs are shifting, and creating new opportunities in the digital age.
There are literally no limits to the possible uses of APIs. Be it machine data, sensors on the motorway, containers in shipping or railway trains, they can all transfer data and communicate with the outside world via APIs. Intelligent household appliances can be controlled via applications, desktops can be woven into a communicating IT infrastructure, and external partners can be connected and integrated via APIs. The universe of APIs pushes boundaries and creates new possibilities in the age of digitalization.
Yet, how is it possible that all this data can be collected and used from different sources, via different connections and in different formats? The cue is API integration.
In the context of APIs, API integration refers to the translation process for which the interface is responsible. It enables connected functional units to communicate with each other. The target structure of adjacent functional units and data units can differ greatly, which can make mediation difficult. In addition, outgoing responses must also be transmitted in the appropriate format.
All these translation tasks are handled by API integration.
Another factor is the fact that an API does not necessarily have to be associated with only one functional unit. Depending on the scenario and the structure of the infrastructure, it is necessary that the request of an API must be resolved into various request types on different backend systems. Since the respective backend systems can communicate in different ways, multidimensional API integration is necessary to finally provide a unified response.
Learn more in our blog: "What is API Integration" and discover the challenges associated with API integration and how they can be met.
API management is the process of managing, regulating, securing and monitoring APIs in a secure and protected environment. It enables you to control the increasing number of internal and external APIs used or provided by an organization. Professional API management addresses the needs of all API stakeholders - API publishers, API developers, App developers and API consumers.
API Publisher: The company (or department) that provides APIs for others. It is also responsible for administering the APIs and monitoring daily API usage.
API Developer: The person responsible for developing one or more APIs
App-Developer: He uses the API provided and maintained by the API Publisher, which the API Developer has developed, and integrates it into his App, respectively he develops his App based on the provided API. In this way, he creates an additional benefit to be provided by his App using the API.
API Consumer: Use an API without integrating it into an App developed for it. This means, for example, that a marketing department uses a Facebook API to analyse reactions in social media to specific actions. It does this with individual, irregular requests to the API provided, as needed.
API management is the core element serving all stakeholders, directly or indirectly. APIs need to be managed and monitored accordingly.
Why API Management: Unmanaged APIs are not secure and cannot be reused efficiently. Their acceptance rate is low. If not properly managed, they put a service-based infrastructure of systems and applications at risk because they are not protected. In summary, APIs, if unmanaged, are the primary cause of business vulnerability and ultimately result in high costs. Our API management infographic illustrates the benefits of managed APIs compared to unmanaged APIs.
API management is the solution to avert this threat to the company!
Learn more about the tasks of API management, how it can be part of the API infrastructure and all the challenges in our detailed blog: What is API management?
No Digital Transformation Without API Management, No API Management Without API Integration
Download E3zine.com Article
The more APIs an organization provides and the larger the addressed and actual user base, the better it helps to manage APIs with Full Life Cycle Management. It provides a holistic view for managing all APIs.
The entire process from the design and release of an API to the end is called the API Life Cycle. This API Life Cycle has to be managed, documented, and this documentation needs to be made available to all API stakeholders who use the APIs.
After explaining in detail what API integration and API management is all about, API Full Life Cycle Management is the management and control of APIs throughout their entire life cycle. It is therefore to be understood as a maxim of the API management approach. In order to address this challenge in a professional and future-oriented manner, there are various providers on the market. In October 2019 SEEBURGER AG was listed in the Gartner Magic Quadrant for Full Life Cycle API Management.
In summary, API Full Lifecycle Management handles the administration and organisation of the various phases in the life of an API. According to Gartner, the 5 phases of the API lifecycle are:
The API Full Life Cycle Management therefore accompanies an API from design and delivery to enhancement or deactivation. More details can be found in our blog: What is API Full Lifecycle Management.
API Integration and API Management for API Provision and Consumption
The previous sections described the individual components in the universe of APIs and their functions. Finally, we address the questions of how these individual elements are connected as a whole and how you as an organization can best use them for your purposes.
The SEEBURGER BIS API Solution is a comprehensive solution to support API-based integration. It covers the entire API lifecycle, from creation, implementation, publishing to use, and supports API protection, API usage monitoring, and identity and access rights management.
The SEEBURGER BIS API Solution includes the following components:
In order to establish a functioning API infrastructure that meets all requirements and is optimally positioned for the future, both building blocks are required:
OSRAM connects multiple systems via API Management and API Integration to Salesforce and has successfully completed the first phase of its Next Generation Sales project.
Companies that want to integrate APIs into their corporate strategy should therefore establish a clear structure from the beginning. Typically, companies start with a few APIs that are easy to manage. The amount of APIs often grows rapidly, making it more and more difficult to maintain control. The number of systems and people involved can also increase quickly, pushing unstructured solutions to their limits.
What does this mean for you?
Consuming or deploying APIs is only one step in a much larger process. Whether you want to use APIs as the foundation for a new business model, centralize internal data, or make everyday work easier for employees with a clear App, you can do it.
To target an API solution for your business, you need an experienced partner. SEEBURGER offers an API management solution that enables you to master APIs for maximum results.
Access Management enables access control to individual APIs. It controls who has access to which API gateway or API portal and what individual users are allowed to do.
An Application Programming Interface (API) is an interface or communication protocol between different parts of a computer program intended to simplify the implementation and maintenance of software. An API may be for a web-based system, operating system, database system, piece of hardware, or software library.
In an API catalog, API publishers manage the API lifecycle, maintain API documentation and control the visibility of their APIs. App developers use an API catalog to browse and subscribe to APIs and to obtain access to API documentation and lifecycle information.
API consumers use provided APIs. They are identifiable within the API gateway but may not be further assigned to business units or organizational units.
API developers work within the API management area. Unlike an API publisher, developers do not provide and configure the API, but are responsible for implementation and integration of APIs into the backend.
API integration is the implementation of services which facade backend systems by providing APIs. Backend integration is supported by a broad range of adapters for different types of interfaces and applications. This includes multiple backend-systems, complex integrations or ‘heavy lifting’, as well as protocol- and content- handling.
API management is a set of processes that distribute, control and analyse APIs. API management includes provisioning of all API information, the API lifecycle and API security, as well as performance measurement and documentation.
BIS API Manager is SEEBURGER’s application for managing APIs.
API portal is part of SEEBURGER BIS API Management. API portal is the platform for configuring and monitoring API proxies running on the API gateway. The API portal is used by both API providers who want to provide APIs giving access to backend services, and app developers who want to use APIs.
An API proxy is an interface to consumers who want to use backend services. Within the proxy, API policies are executed.
The API publisher provides the API, configures it with policies and manages the API lifecycle.
An app is a virtual representation consuming one or more APIs for a specific business use case. Apps can be mobile apps, web apps or business processes.
The app developer is responsible for developing apps that consume APIs.
A data transmission technique that does not require the sender and the receiver to be synchronized in their schedule.
Authentication is used to ensure that people or apps accessing APIs actually have the identity they claim to have. The most common authentication is basic authentication. Identity is secured by a user name and password. Authentication answers the question: who are you?
Authorization follows authentication. Authorization checks whether the identity has the necessary rights for the desired activity. Authorization answers the question: what are you allowed to do?
The bearer token is used for authentication and can represent an access token. The token, which is a cryptic string, is sent with the request to a resource server and contains the necessary information. As an example, bearer tokens are used in OAuth2.0.
Caching is used to provide frequently used data in a fast and resource-conserving way. It provides increased performance and quick availability, since the data does not have to be generated every time it is requested, or extracted from slow system sections.
Content validation checks the syntax in the payload within APIs to detect vulnerabilities like mass assignment or injection attacks.
The developer portal is part of the API portal within SEEBURGER’s API Manager App. It is the entry point for app developers and consumers. For app developers, it provides app management with which they can maintain app-specific settings and apply for API keys. The API consumer and app developer can browse the catalog, request and receive detailed information about the API.
Via endpoints, APIs access required resources. Endpoints represent the access point on a server or system with a specific URL.
BIS API Gateway is part of SEEBURGER BIS API Management. It is the platform for hosting and executing API proxies. When backend services are simple, the API gateway can connect to them directly. When there is more complexity involved, BIS API integration is required for mediation. The API gateway is also used as a line of defense against the outside world.
JSON Web Token (JWT) is an authorization token consisting of three components. The header specifies the encryption or signature procedure, as well as the type of JWT. The payload consists of any number of key/value pairs. Both components are encoded (e.g. Base64). The third component, the signature, is also encoded. The token is transmitted either as request-parameter or in the header and looks like this: Header.Payload.Signature
The lifecycle describes the different phases an API goes through, from planning to versioning and retirement. Depending on the form of presentation, there can be any number of phases, but the content is always the same:
Source: Gartner Inc.
Mediation is the connection between the inner and outer world and the transformation of formats. This can be anything from simple JSON, to XML mappings, to complex transformations with business logic. Simple mediation topics are handled within the gateway, but as soon as complexity or business logic is added, API integration is required.
The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection.
Policies provide rules for the gateway. These rules define the behavior of, or access to an API. The policies are used to manage APIs. Policy management is required for the administration, creation and activation of single or multiple policies.
SEEBURGER’s Publisher Portal is part of the API portal within the API Manager app. Here the API publisher can manage the lifecycle of APIs and configure the rules.
Quotas regulate the use of APIs and limit the number of possible requests. Quotas are expressed in requests per time, with time being calculated in seconds, minutes, hours, days, etc. Quotas are used by businesses and are often used in conjunction with monetization.
Request and response refers to the inquiry to an API and the answer that is sent. Request and response has nothing to do with how the answer is returned - they have to be defined and then follow a given pattern or rule.
REST stands for Representational State Transfer. REST and SOAP (see below) are the two programming paradigms. REST APIs are based on this architectural design: interaction occurs via HTTP methods such as POST, GET, PUT, DELET.
Security protects the API, the API Gateway and the entire system backend. Security is, for example, provided through access permissions, and must meet format and content regulations.
SOAP stands for Simple Object Access Protocol. SOAP and REST are the two programming paradigms. A SOAP package consists of three aspects: SOAP-Envelope, SOAP-Header and SOAP-Body.
Similar to quotas and throttling, spike arrest regulates API access rate. Spike Arrest is used to protect against peak loads and a large number of accesses in a short time period. Spike Arrest is based on averages. For example: 10 calls in 10 seconds means that every second only one call may be executed (calls/time).
With streaming APIs, a connection is established and maintained rather than open and closed for a certain period of time. With these permanently open connections, data is either streamed continuously or as it becomes available.
Swagger is an interface definition language and is used to describe API interfaces, usually for REST APIs. APIs can be created based on Swagger data, in JSON or YAML.
Real- time communication between two systems without a break-down of the connection.
Throttling is a way to regulate usage of APIs by consumers during a given period. Throttling can be defined at the application level and API level.
Tokens are used for authentication and authorization. Tokens are encrypted strings that contain authentication and authorization information. Tokens can be stored and reused and have various life spans depending on the methods and settings used.
The number and frequency of API and API gateway usage must be regulated from both economic and safety-critical points of view. Both throttling and quotas are traffic management methods.
The web application firewall is a part of the protection architecture and provides functions to protect the API gateway, the entire API management architecture and individual APIs.
Like Swagger, Web Service Description Language (WSDL) is used to describe API functionality and is based on XML. With WSDL 2.0 it is possible to describe REST APIs, but is more commonly used for SOAP APIs.
Extensible Markup Language (XML), like JSON, is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.
(06-03-2020 © SEEBURGER AG. This listing does not claim to be complete.)
Are you interested in our API Integration Solution?
Let our API Integration experts guide you
Thank you for your message
We appreciate your interest in SEEBURGER.