API Management

I currently work for a customer that wants to expose its "services" to partners and other external consumers. They do not want to build websites themselves anymore, but instead have the services published and used by partners. So how can this be done?

Always curious and looking for good solutions i started to think about this.
I saw one of the following options:

  1. Just expose the (web)services through a web gateway and use http basic authentication over SSL for security
  2. Make REST adapters and expose those 


However soon i also discovered:
  • Consumers have to be managed. You have to manage the client credentials. For a few consumers this is doable, but for a couple of hundred or thousands this can be cumbersome
  • Consumers have to find the services somewhere. What is the functionality of those services? Is it soap or REST based?
  • Consumers want to test the services within a sandbox before actually using them
  • As a service provider you have to manage the life cycle of those services. You can not just make a service obsolete, because clients may still use that version
  • As a service provider you do not know how many times the service is used. You may want to throttle the usage, based on i.e. the clients or the services.
  • The services may also be used internally (SOA based services) and these services may be different. Internal maybe may use more data than external. How do you handle this?
  • As a service provider you want to expose services using different technical interfaces. For example through REST, soap or maybe even JMS. So you need (data) transformation functionality.

Functional components

The more i read about it, the more i came to the conclusion that API Management might be a good solution for this company. Such a platform (or product) comes with basically the following functional components:

  • Portal Configurator
    As a service provider you publish the APIs (services) and the documentation.
  • API Configurator
    Within the API Configurator you can define the exposed services and the integration with your backends.
  • Traffic Configurator
    Here you can define and monitor the security policies of your APIs.
  • Developer Portal
    Here the clients of your APIs can search for APIs and test them within a sandbox environment. Here the consumers can subscribe for APIs as well.
  • Traffic Manager
    All API calls run through a API gateway to canalize the traffic. Here the API keys are checked against the policies. May this user actually use this API.

Product selection

The next step in the process is to actually select a product. Because the API Management products are fairly new, this selection can not be based on my personal experience with one of the products. I did two things:
* Read a lot about API Management on the internet
* Talked to other people with more practical experience with products

So what to look for when selecting a product. This depends of course on the functionality you would like to have and the priority and weight of those requirements.
You can think of:
  • Which API Keys must be supported (i.e. OAuth, http basic authentication, certificates)
  • What are the backend systems you have to integrate with
  • Do you need manual and or automatic approval of API subscriptions
  • Do you want a sandbox environment for consumers
  • Which API interfaces do you want to be supported (i.e. REST/XML/JSON/Soap/JMS)
  • Which search features of the developer portal do you want
  • What governance supported? Multiple versions of the API
  • etc
You must also think about non-functional requirements, like
  • Costs
  • Is the community of the (freeware) product active or not
  • Do you have local support available
  • How is the documentation of the product
  • Do you want a local and or cloud version of the product
  • How mature is the product

Some products:
  • Layer7
  • Apigee
  • Mashery
  • WSO2
  • Azure API Management
  • IBM
  • SOA Software

Example: WSO2

Let me first say that i do favor WSO2 perse, but it is an open source product that is already very mature with its API Management product. It has more components that can be integrated as separate components. So whatever you want to use, you can plug in.



OpenText Innovation Days 2014 in Eindhoven

Yesterday i visited the OpenText Innovation Days in Eindhoven. This event was held in the Evoluon, which in the early days was an exhibition hall for future products. This was the first place where i ever listened to a CD. Nowadays it is a nice conference place.

The event was all about data / content / information in other words Enterprise Information Management (EIM). This is understandable because there is where OpenText is at its best, but due to some recent acquisitions they have a nice complete portfolio now to help customers innovate and be agile.

Project RedOxygen

OpenText has done a lot of acquisitions lately and the project RedOxygen is integrating all these produkts, so that consistent and integrated suites are developed. This leads to the fact that all suites will have the same look-and-feel eventually. The suites can integrate easier with each other. For example with the AppWorks component suites are accessible through a RESTfull API. 


OpenText has a number of Suites that helps bringing the right information to the right person at the right time to the device wanted by the users. These are the:
  • Content Suite
    For storing your documents and govern your documents and data
  • Experience Suite
    This is a suite for marketing functionality, so that marketing is done at the right time, to the right channels in a fast and agile way.
  • Discovery Suite
    This suite lets you find your data more easily searching several sources.
  • Information exchange Suite
    For echanging information through different channels.
  • Process Suite
    This is the suite that brings it all together using BPM, Case Management, Cloud and integration.
As my interest was mainly in process suite, i attended most of the process suite breakout sessions.

Process Suite 10.5 launched

On the 19th March the OpenText Process Suite is officially launched during the OpenText Innovation Days.
As described in one of my previous blogs the suite contains a couple of new components compared to Cordys 4.3 (Note that all OpenText Suites have the same version number now).

Some new exciting components are:

  • AppWorks
    This lets you integrate more easily with the other suites of OpenText from within your workflows, BPMs or case management
  • OpenText Process Intelligence
    It adds more BI possibilities within the suite and extended BAM features. 
  • Process Component Library
    To give you a quick start with developing you can use a lot of ready-to-use components right out-of-the box.
  • Case Management Application
    This is a ready-to-use application that sits on top of Cordys, thats gives you a full blown application, that only needs high level configuration.
  • Process Experience
    This is the HTML5 unified interface to give Cordys a more flashy look-and-feel. In the past the UI (XForms) of Cordys was one of the weakest features. A transition has been made to make the UIs HTML5. CAF and XForms is still also used but in the future this will all be migrated to HTML5.
  • BPM Everywhere
    This component gives you the Social and Mobile features that can be integrated within your processes. Hope to see more on this soon.
The whole suite can be retrieved under 1 license (excluding Process Intelligence). There are also some add-ons: Process Intelligence, ProVision and Capture Center. The Cloud Provisioning (CCP) is separately licensed (just like currently is the case).


Ciber also was sponsor and can help in EIM solutions.



Mobile is Hot ! But be aware ...

I see it in a lot of projects but also I see that it is handled just like testing in the beginning: "oh we estimate some extra days and we also go Mobile !"

Of course this is not the case, it can be a project on its own.
There are a lot of choices to be made, some of them are:

  • Which mobile platforms do we have to support?
  • What are the performance requirements?
  • Do we want to develop once, run anywhere?
  • Do we want to use native functions of the mobile OS?
What I also see, is that more and more BPM/Integration platforms are going to support it.
But then again the Mobile experience is somewhat different than the Browser (and Desktop) experience.
So depending on the requirements of the Mobile App, the platform can suffice or not.

I will shortly describe some platform examples.

OpenText Assure

This is a BPM platform that supports Mobile. However the UIs are running within the browser app of the mobile device. The advantage is that it is developed once, and runs on the desktop and iOS, Windows and Android mobile devices. The consequence is that no native functions can be used.

OpenText Process Suite

This is a BPM platform that supports mobile application development. The following picture gives an architectural overview.

The architecture uses some open source frameworks to implement mobile apps.

Oracle ADF Mobile

Oracle Fusion has extended its Fusion stack with ADF Mobile. This framework is also based on open source frameworks.

Tibco Silver Mobile

This is a development platform to develop mobile apps. It adheres to the principle develop once, run anywhere.


Windows has several development environments for mobile development. Windows has a Windows Phone SDK and also introduced a web based development environment: Windows Phone App Studio.
Of course these tools are all for the Windows Phone.


The development of Mobile apps must not be taken lightly and must sometimes be seen as a separate project. Most of the platforms in the field have separate development environments for it and can be developed as separate apps next to the normal UIs.


Book review: Continuous Delivery and DevOps: A Quickstart Guide


I wanted to know more about DevOps because I agree with the fact that we need to coorporate more and remove the barriers between departments. In the end I was a little disappointed by this book. It gives some high level tools and techniques but it could be much more ...

In my opinion a change would be that someone from Operations will really participate within the project team and looks at it from an operation point of view. This way also these requirements will be taken into account and the system will be more easy to operate.
However there were also some interesting chapters so lets review.


The book contains 7 chapters:
  1. Evolution of a Software House
  2. No pain, No gain
  3. Plan of Attack
  4. Tools and Technical Approaches
  5. Culture and Behaviors
  6. Hurdles to Look Out For
  7. Measuring Success and Remaining Successful

Chapter 1 - Evolution of a Software House

As the name already suggests, this chapter is about the evolution of a software house. First it is a small company with no hierarchy and everybody knows each other. This makes communication easy and the releases of the software are coming fast. It is fun to work within such companies. But then it begins to grow and processes are needed. This is the beginning of a slow working company.

Chapter 2 - No pain, no gain

This is a chapter about organizational change. Investigate what is going wrong. It discusses some tools and techniques how to investigate the organization.
In my opinion not really about DevOps but more on change management.

Chapter 3 - Plan of Attack

This is again a change management chapter in which is explained how to communicate a new way of working. Setting the goal and visions and communicating this within your organization.

Chapter 4 - Tools and Technical approaches

This is an interesting chapter about the tools and techniques you can use to implement DevOps. To name a few:
  • Source control tools
  • Code reviews
  • Continuous Integration
  • Small increments
  • Test Driven Development
  • Automatic builds and testing
  • Architecturing the solution (loose coupling)
  • Provisioning
But then again these are just the tools and techniques development should already been using, when developing quality software. 

Chapter 5 - Culture and Behaviors

This is a chapter about the soft side of DevOps. It discusses about:
  • Openness
  • Building trust
  • Collaboration
  • Rewarding good behavior
  • Transparency

Chapter 6 - Hurdles to Look Out For

A chapter about change management and about some theoretical change curve theory.

Chapter 7 - Measuring Success and Remaining Successful

This chapter discusses some tools to measure. To name a few:
  • Code Coverage
  • Code complexity
  • Commit rates
  • Unused Code
  • Coding rules
  • System monitoring
So also the things I would normally recommend.


The book was easy to read, but a lot about change management. Don't get me wrong, this is very important but there are other books about this subject. There were however some interesting chapters.
Some eye-openers within the book for me:
  • DevOps has impact on many departments: marketing, planning, development, operations, sales and HR.
  • DevOps = Working Together, DevOps != Getting developers do the operations tasks
  • Monitor the progress of the DevOps project