Creating Secure, Manageable Shared Services With APIs

This customer is a £17 billion UK-based retail chain that operates more than 1,000 stores across Asia and Europe. They are now in the early stages of a multi-year IT transformation program. By year five, they expect to save £500 million a year from the effects of the program. The company is implementing SAP across all of their brands. Part of the program involves bolstering the company’s digital enterprise capabilities and building out mobile and web solutions. The transformation program calls for a single view of product and supply chain data. Currently, the company does not have this capability.

Akana Helps With…

Real-Time System Monitoring

Scalability of API-Based Integrations

Enhanced Security and Regulatory Compliance

The Challenge: Creating Secure, Manageable Shared Services With APIs

The transformation program calls for group-wide integration. The goal is to simplify integration between applications and data across the entire enterprise. APIs are the key to achieving this goal. To make APIs work effectively, the IT department devised what it calls the “Group API Framework.” The Group API Framework includes a Shared Service concept. In this approach, any IT asset that is API-enabled can be available as a shared service, open to use by virtually any other system in the company.

For example, if Division A wants to see transactions from Division B’s supply chain application, it can access the app as a Shared Service. The Shared Service approach confers many broad benefits on the IT organization while raising a number of API security and management challenges. Any IT asset exposed as a Shared Service through an API must be secured against improper use. The company needed to control access to APIs carefully in order to ensure security but also to stay on top of load levels.

In an organization as large and spread out as this company, it was possible that excessive demand on an API Shared Service would cause the IT asset to overheat and lose performance, or even fail. In parallel, they wanted to make sure that the API and app development workflows would run as efficiently as possible. APIs and Shared Services can speed up app development. It becomes easier to build applications that integrate needed functionality through APIs rather than developing them from scratch.

New development modalities such as DevOps and microservices could be implemented as well under the new Shared Services model. However, if the APIs involved were not managed well, there could be chaos or at least a undesirable level of inefficiency.

Solution: API Management

The IT management team recognized early on in the transformation program that the company needed an API Management solution if they wanted to realize their vision of Shared Services through the Group API Framework. After reviewing several proposals, they selected the Software-as-a-Service (SaaS) version of the Akana API Gateway. They chose Akana partly based on the company’s credibility and API management track record with comparable large enterprises.

The Akana API Gateway solution streamlines management, deployment, development, and operation of APIs. It enhances security and regulatory compliance through authentication, authorization and audit capabilities. It provides central definition and management of security, routing, orchestration, mediation, auditing, threat protection and other operational governance policies across multiple instances. The Gateway enables enterprises to standardize API and service delivery with high security, performance and availability.

The API Gateway provides real-time system monitoring. With the Gateway, the user can access web-based dashboards to get real-time visibility into service and API performance, dependencies and alert status. A powerful alert functionality keeps administrators aware of API operating conditions. It is possible to leverage alerts within compositions to control message routing, enforce SLAs or perform other runtime activities. An analytics dashboard, combined with out-of-the-box reports, gives users visibility into the performance of APIs and services from different perspectives, including department, partner, application contract API/service or operation.

The company liked the Akana API Gateway’s ability to execute policy hierarchy. Because the company manages hundreds of services and APIs, they often need to change policies in ways that affect various services and APIs in different ways. The Gateway’s extensive security features ensure privacy of data in flight and at rest. The Gateway prevents Denial of Service (DoS) attacks, malformed messages or excessive XML/JSON depth and breadth. It can detect and prevent SQL, JavaScript or XPath/ XQuery injection attacks. The Gateway features a content firewall that protects against malicious content such as viruses in attachments. It can validate message content, including XML and JSON data structure, form and query parameters.

Benefits: Efficient, Scalable APIs for IT Transformation

The Gateway makes it possible for the company to develop and provision APIs for Shared Services securely and reliably. They can now create and manage APIs efficiently. The Gateway makes it possible to scale API-based integrations easily as well. It enables them to standardize API and service delivery with high security, performance and availability. Specific benefits for the IT transformation program include:

  • Faster app development with API support for DevOPs and Continuous Integration (CI) and Continuous Delivery (CD) of code.
  • Easy deployment of API Portals for their multiple operating units.
  • Flexibility to define and manage APIs, creating APIs with multiple interfaces using different standards like REST/XML, REST/JSON and SOAP with no extra development effort.
  • The ability to leverage existing SOAP assets with bi-directional protocol transformation. The Gateway enables the company to convert existing SOAP or Plain-old-XML (POX) over MQ or JMS services into RESTful APIs with XML and/or JSON content.

Next Steps

The customer is now implementing the Akana SaaS API Gateway in the UK and Ireland. It will then deploy in other operating countries over the next two years. See for yourself how Akana can help with your scalability.

Start Free Trial