Common use case scenarios which the Axiomatics Professional Services Organization (PSO) frequently encounters are customer portals in various shapes and flavors. A common denominator in successful deployments is a structured and efficient approach to API management.
As companies and government agencies strive to offer citizens, customers or partners a rich set of online services to interact with the organization’s information management systems, the number of entry points to sensitive core IT systems becomes overwhelming. Transaction processing may still run on robust mainframes which have been providing value for decades already. Yet, end-users never interact with these systems directly. Between the back-end and the presentation layer that renders whatever end-users see on their laptops, mobiles or tablets, there are multiple layers of services, message queues and gateways that intercept, route and transform the information flow.
These multiple layers of deployed software represent considerable investments in an organization’s legacy infrastructure. Whenever a new or changed service is planned, efficient reuse of such past investments becomes a crucial consideration both from a technical perspective and with regards to ROI.
Increasing traffic throughput and adding new destinations is challenging in IT infrastructures and can be compared to urban planning. Our PSO staff has encountered IT environments that opperate about as efficiently as rush hour traffic in cities like Brussels, Mexico City or Istanbul.
Well-performing architectures manage to make optimal use of legacy infrastructure while ensuring traffic is routed efficiently when new services are introduced. The US retailer Walmart has in recent years announced the availability of Application Programming Interfaces (APIs) that developers can use to consume services provided by their legacy back-ends. Rather than adapting the complexity and multitude of interfaces that their many legacy systems present, they’ve created one new API layer using modern lightweight technologies. This new “proxy” API presents a uniform API layer for a wealth of back-end servers. Developers can build their services with modern web-based techniques whereas the API layer “speaks” many different languages with its back-ends. This is an example of a strong trend in current IT organizations: present your data in well-designed APIs that client programs of customers and partners can consume. (Eran Hammer, Sr. Architect at Walmart, presents the Walmart node.js initiative in this video: https://nodejs.org/video/).
Another trend is the popularity of API Gateways, components placed in front of other services to manage APIs from a central point. API Gateways offer traffic routing, analysis, rate limiting, transformation of data, access control and many other types of services, and become an efficient central point of management and control. Successful API management initiatives often involve the deployment of an API Gateway product, such as the Axway API Gateway (formerly Vordel), the CA API Gateway (formerly Layer 7), IBM DataPower, Intel Expressway or similar products.
From an access control perspective, the API management layer, whether implemented by means of API Gateway products or through the introduction of in-house developed interfaces, offer ideal hooks. The API management layer is a central junction where you efficiently can introduce policy-driven access control. Axiomatics offers integrations with API Gateways as well as Software Developer Kits (SDKs) to use in custom-built API layers.
With these components, Axiomatics implements Attribute Based Access Control (ABAC) for corporate access control policies maintained at a central point. If you’re interested in how this works from a technical perspective, please continue to this related technical blog.