Skip navigation
All Places > CA API Management Community > Blog
1 2 3 4 Previous Next

CA API Management Community

59 posts

Is it true that an API implementation can be declarative? Is it real that this declarative implementation looks like executable business requirements?  Come find for yourself – in this series on Live API Creator’s Declarative Rules - spreadsheet-like expressions that react to changes in referenced data to enforce business policy. The simplicity of declaring these expressions for data integrity and data integration underlies the speed and agility rendered by Live API Creator in any API definition/implementation process.

 

Touch and feel Live API Creator’s declarative rules via plenty of practical examples and use cases implemented in this series.

 

Join us Wednesday March 6, at 12pm EST (9am PST) by clicking here to register for Session 1.

 

Join us Wednesday, March 13, at 12pm EST (9am PST) by clicking here to register for Session 2.

 

We look forward to seeing you there!

A few days ago, I talked about some of the really cool new features in CA Live API Creator 4.1 that I was particularly excited about. The Product Manager called me to task on that - not because Team Development and TeamSpaces aren't pretty awesome, but because I was pretty glib on the other marquee features - integrating messaging with RabbitMQ and JMS…ESPECIALLY since I'd also recently written a blog about integration.  And she's right - I did kinda gloss them by.  So let's fix that, and talk about why this new integration is so important.

 

First, let's talk about message queues - some of you may be familiar with them, but a quick overview.  So, I'm not a coffee drinker, but I am married, and therefore, a sherpa who's stood in lines at a certain coffee shop, ordering a venti Chocolate Covered Strawberry Frappuccino for my wife.  This is not a random statement - this is exactly what messaging queuing is all about.  I order said venti Chocolate Covered Strawberry Frappuccino and pay for it.  The cashier writes down the order and my name on the coffee cup (a message) and sets it on the counter for the barista to pick it (the queue).  Now, if I DIDN'T go to the shop at the time of day everyone (including the wife) wants their coffee, then maybe that work gets done right away.  Alas, this doesn't happen too often, and the cup joins a row of other cups (again, the message queue).  As I said, this is how enterprise messaging works - the server (the cashier above) that's creating your message hands off messages to brokers (the barista) to be processed.

With CA Live API Creator 4.1, we've added support Java Message Service (JMS) and RabbitMQ listeners to subscribe to messages in one or more queues (Kafka and MQTT listeners are already supported) .  There's quite a few messaging systems out there - so the integration of RabbitMQ and JMS into CA Live API Creator simply means that it's a better fit for the enterprise - using the coffee analogy, it means that you don't just have to have Starbucks - we've added support for Peet's, Dunkin' Donuts, Costa, and even McDonald's to the list.

 

On a related note....one of the key reasons architects are so excited about microservices is autonomy – breaking up the monolith into smaller pieces that are independently developed, deployed and scaled.  Microservices communicate with each other using… messages.  So if one is down at the moment, the others continue, and the broker ensures eventual completion.
 
That’s pretty remarkable stuff.  But the real power gets unlocked when you realize CA Live API Creator is not just about receiving / reformatting / sending messages (and APIs), but processing them as well.  Reactive Logic – spreadsheet-like business rules that are 40x more concise than code.  That’s what’s led to enthusiastic adoption by the Agile and CA Services teams, and what drives value for customers that is unique, strategic… and simple.   

CA Live API Creator 4.1 is a pretty exciting update, furthering the abiility to  ideas to outcomes - literally.  While some of the marquee features are pretty straightforward (i.e. messaging with RabbitMQ and JMS), the really cool part of the update is around enterprise development - the introduction of Team Development and TeamSpaces.  Let's take a dive into these....

 

Team Development

When someone starts to explore CA Live API Creator, they typically are a single API developer.  But you can use CA Live API Creator in the context of multiple (concurrent) API developers. CA Live API Creator enables parallel development of client applications and business logic, since CA Live API Creator applies logic automatically to all resources.  This means that developers can work in parallel and develop code independently in your own environment, avoiding concurrency issues or overwriting code developed by other team members.   When a team is ready to check in code or update their environment with the latest changes, they simply export their APIs to the source control system (SCS).  This process can be automated using the the built-in Continuous Integration/Continuous Deployment (CI/CD) process.  Here's a great example of Team development workflow:

 

 

 

TeamSpaces

Following the team approach, when there's more than one development team, they can be grouped in CA Live API Creator, each with their own workspace of APIs.  System administrators can control access to only the APIs a team creates.  Here's an example of TeamSpace workflow:

 

I invite you to download your trial today and check out these additions to CA Live API Creator

 

I also invite you to read part 2, CA Live API Creator and Messaging.

Announcing Mobile API Gateway 4.2 and Mobile SDK 1.9

 

Broadcom’s acquisition of CA and the integration of our Security and API Management business units under the Enterprise Software Division help us further our commitment to meeting the needs of a mobile-first world, and our latest release of Mobile API Gateway underscores this.

 

We believe that mobile success is now measured on new standards: 

  • Ease of use
  • Seamless authentication
  • Secure connectivity
  • Powerful performance 

Let’s look at how Mobile API Gateway 4.2 and Mobile SDK 1.9 address each of these standards of mobile success.

 

Ease of Use

In Mobile SDK 1.7, we added support for Xamarin for iOS and Android app development, and client authentication using a JWT (JSON Web Token). In Mobile SDK 1.9, customers can now use Xamarin and JWT natively. This gives developers the flexibility to build on their preferred platforms, and deploy apps using secure authentication methods.

 

Previously, the Mobile API Gateway allowed clients to manage which devices could access applications and data. Mobile API Gateway 4.2 improves self-service and out of the box experience by letting clients add and remove devices using nicknames (device metadata).

 

Seamless Authentication

For mobile users, passwords are easily forgotten, lengthy, and an impediment to a seamless user experience. Authentication methods like biometrics were created so users can quickly log into a device or app. But when switching between devices, users are again slowed by additional authentication requirements. Proximity Login is the answer and is now supported in Mobile API Gateway 4.2.

 

Proximity Login allows a user to log into an app on one device, and then use that device to log into the same or additional applications on another device.

 

Take a mobile banking scenario. You log into your banking app with your username and password. Then, in the branch location, you visit a terminal and attempt to log into the browser. Rather than re-entering your username and password, the browser provides a QR code that you scan with your mobile phone. Now you are authenticated on both the app and the browser.  Click on this link to see an example of Proximity Login in action.

 

Our Mobile API Gateway integrates with FIDO, enabling a triangle of trust between users, apps, and devices that results in secure and seamless authentication. With Mobile SDK 1.9, we now support Single Sign-On (SSO) between apps and widgets to make this user experience even more seamless. 

 

Back to our banking example, with SSO between apps and widgets, banks can quickly display non-private info without opening the app. For example, last balance, news, or alerts that the user can access with a swipe from the home screen.

 

Secure Connectivity

Mobile API Gateway 4.2 makes the management of MQTT connections simpler. MQTT protocols provide a way to aggregate information from many sources, combine data, and deliver it to multiple platforms as needed. MQTT is especially common in IoT scenarios.

 

Our customers are already deploying MQTT connections to create powerful end-user experiences. For example, Eurosport developed a new, interactive cycling experience built on mobile apps and connectivity. With this release, we have extended our MQTT support to include secure connectivity and protocol translation, allowing you to develop and power connected digital experiences at scale.

 

Powerful Performance 

Finally, Mobile API Gateway 4.2 and Mobile SDK 1.9 include performance improvements to ensure app functionality and reduce latency. 60% of mobile users delete an app or abandon a website after one attempt if there was a performance problem. The app experience is everything.

 

We continue to refine our Mobile API Gateway and Mobile SDK to ensure you can deliver five-star apps to your customers.   For more information, click on the following link to learn more about Mobile API Gateway.

I'm here to give you an exciting update - CA API Gateway 9.4 is now available!  The product team has packed quite a bit into this release (I'll share that in just a moment).  For the last few releases, we've really been focusing on three themes to make our platform a better fit for most enterprises:

  • Gateway as a platform:  enabling Enterprise Architects to build new and powerful solutions to resolve sophisticated and often complex enterprise technology problems, to build extensible platform, and opening up APIs to enable new applications
  • Developer Efficiency:  helping Developers shorten time to market, be more productive, and easier to debug and troubleshoot the solutions that they're building
  • Ops Excellence:  lowering the total cost of ownership (TCO) of our platform, helping enterprises manage their gateways more efficiently, and providing the tools and interfaces that enable IT Ops to manage and maintain solutions that fit their standards and practices.

CA API Gateway 9.4 touches all three of these themes, providing a new deployment model, integrations, and hardware updates.  Let's take a look:

 

  • AWS Integration Solution Kit: As I mentioned last September, we added an Integration Solution Kit to CA API Gateway, with support for new assertions, specifically around Lambda and S3.  This was a downloadable solution kit, but is now included with this release.
  • Kubernetes Support:  Also mentioned last September, we added the ability to load CA API Gateway on Kubernetes (supported on AWS, Azure, OpenShift, Cloud Foundry, and VMWare), making our platform available on a very large, rapidly growing ecosystem.  This functionality is now built into this release.
  • Execute JavaScript Assertions:  This feature allows API Developers to add custom functionality into their policies in a relatively simple manner - by writing JavaScript - something they're already familiar with. While the Gateway is already a very functionally rich development environment, there are still occasions when that functionality simply isn't enough.  So we've enabled API Developers to code that functionality using a popular, widely-used programming language, and have enabled that code to interact with the rest of the Gateway policy language without having to develop custom assertions in Java.
  • Stateless API Gateway Deployment Model:  We've enabled users to utilize off-box service metrics and externalize the state of the Gateway.  This enables the modern deployment model (see Kubernetes and AWS Integration above) and also allows integration into the CI/CD pipeline.  Customers can now send service metrics data to a datastore of their choice and use the analytical tools that they've standardized on.
  • Hardware Updates:  Finally, for those customers that require CA API Gateway on a hardened appliance, we've update to new Oracle hardware (Oracle Server X7-2) and have added support for a new higher performance Thales HSM (Thales NetConnect XC).

 

We think is is a pretty impressive update to CA API Gateway, and look forward to continuing to bring you new features to better deliver on our themes above.

oakbi01

Gain W(5) API Visibility

Posted by oakbi01 Employee Oct 23, 2018

A few weeks ago, I asked a simple question - are your APIs snails or supersonic?  Actually, the question I <<should>> have asked is....do you KNOW if your APIs are snails or supersonic?  Let's face it - you want to know before your customer let's you know....because the way they'll let you know is by finding another solution.

 

So how DO you know?  Precision API Monitoring is a powerful tool from CA that provides:

  • Proactive identification, contextualization and triage of all application performance issues with API-oriented root causes, reducing overall Mean Time to Repair (MTTR)
  • Detailed visualization and tracing of all transactions traversing the API Gateway, across  all services, with correlation to all related back end systems
  • Collaboration across development, engineering and integration teams to optimize API  design, implementation and adaptation, along with necessary policy compliance

 

To learn more about Precision API Monitoring, I'd like to invite you to an upcoming webcast, Gain W(5) Visibilitytaking place October 24th at 9am (PST)).  Brian Whitmarsh, Sr. Director, Product Management for CA Technologies Agile Operations Business Unit, will be discussing API monitoring in depth, and showcase Precision API Monitoring, an API monitoring solution that's tightly integrated with CA API Management

Last month, I talked about being proactive with API monitoring, as even one API down, out of the hundreds in an app can create a negative user experience.  The conversation was all about API monitoring for downtime.  But what about API performance?  An API can be up and running, but still be causing users headaches.  "Hidden" API fails like internal latency, response time, back-end performance and overall throughput - these all impact the end user, and ultimately can cost you, as in todays app economy, it's far too easy to simply stop using one app and finding another that does the same thing.

 

So how can you take API monitoring to the next level?  In addition to up-time, ideally you'd want:

  • Detailed insight into APIs and microservices, including metrics
  • Real-time, in-depth visibility into critical API and microservice performance data, including transaction tracing
  • Detailed monitoring of the apps performance

Sure, your API gateway provides tremendous insights into APIs, but lacks the depth of analysis and the related impact of performance on critical business services.  And while Runscope is an incredible tool (and SO easy to get started with), it also lacks the same depth of analysis and related impact.

 

What you really need is Precision API Monitoring - a solution from CA that provides:

  • Proactive identification, contextualization and triage of all application performance issues with API-oriented root causes, reducing overall Mean Time to Repair (MTTR)
  • Detailed visualization and tracing of all transactions traversing the API Gateway, across  all services, with correlation to all related back end systems
  • Collaboration across development, engineering and integration teams to optimize API  design, implementation and adaptation, along with necessary policy compliance

 

To learn more about Precision API Monitoring, I'd like to invite you to an upcoming webcast, Gain W(5) Visibilitytaking place October 24th at 9am (PST)).  Brian Whitmarsh, Sr. Director, Product Management for CA Technologies Agile Operations Business Unit, will be discussing API monitoring in depth, and showcase Precision API Monitoring, an API monitoring solution that's tightly integrated with CA API Management.

oakbi01

An API Fail Can Ruin Your Day

Posted by oakbi01 Employee Sep 25, 2018

A few days ago, I talked about the value of knowing what your APIs are doing. Today, I wanted to use a TOTALLY hypothetical example (that happened to me) on an API fail.

 

I use a video streaming company.  Pretty cool company, got their start in DVD rentals.  They switched to a microservice architecture a few years back, meaning the service essentially never goes down.  Essentially.  But let's walk back a couple of years ago.  My wife is sitting next to me, and decides to watch an episode of one of the series she follows.  She logs into said video streaming company on her iPad, pulls up the episode, and proceeds to tear up over what's happening in this particular series.  Being a caveman, I decided to watch something else.  I pulled out my trusty Nexus 10, and pulled up the app to the same video streaming company, and pulled up a very very different episode of a very different series.  But....when I selected the episode, nothing happened.  While the site was up and running, and the microservices were doing their job...essentially....there was an API failing somewhere in the chain, but only for Nexus 10 users.  Meaning, my wife could tear up, and I could...well, read a book.  

 

With API monitoring, this fail may still have happened, but an administrator would have been notified immediately, and the outage would have lasted seconds instead of hours.  And while hypothetical (cough), one could imagine if this kind of fail had happened in a banking transaction....a retail transaction....or even an insurance transaction.  API monitoring should be considered mandatory for mission critical apps, no question.

 

  I'd like to invite you to an upcoming webcast, One bad API(L) Can Ruin the Entire User Experience, taking place tomorrow (September 26th at 9am (PST)).  Brian Whitmarsh, Sr. Director, Product Management for CA Technologies Agile Operations Business Unit, will be discussing API monitoring in depth, and showcase Runscope, an API monitoring solution that's tightly integrated with CA API Management.

 

I look forward to seeing you there!

Many of you are API Owners/Product Managers, and know how to design, create, and test effective APIs.  And if you're exposing them through a portal to developers, you've almost certainly created great documentation (the best motivator in the world - if you don't, you get hounded by developers on "why does it do this when I do that" types of questions).  But once your APIs are in the wild, is designing and testing APIs enough?  What really happens when no one is watching?  What happens when an API fails?

 

First, the API fails, then the applications relying on the API fails which impacts user experience. Search for “API outage” on twitter and you’ll see a stream of discussions happening every day from small to large organizations that are suffering from an API outage – people will be vocal when the experience doesn’t meet their expectations. Next, your DevOps team will scramble to find root cause and eventually isolate the issue to the API, but by then the damage has been done. Your brand reputation may be tarnished and it can directly impact your revenue. 


Most applications now have hundreds of APIs making remediation time consuming.  When even one API is down, so is your business.

 

I would recommend that you catch API failures before your customers do.  You should know when 3rd party APIs go down and how they affect app performance, and ensure SLAs are being met. And you definitely should ensure that APIs are returning the right data.

 

API monitoring is the most effective way to address this.  I'd like to invite you to an upcoming webcast, One bad API(L) Can Ruin the Entire User Experience, taking place September 26th at 9am (PST).  Brian Whitmarsh, Sr. Director, Product Management for CA Technologies Agile Operations Business Unit, will be discussing API monitoring in depth, and showcase Runscope, an API monitoring solution that's tightly integrated with CA API Management.

Following at the heels of my blog on AWS Integration with CA API Management, I have another great piece of news - CA API Gateway 9.3 is now supported on Kubernetes!

 

For the one or two of you thinking "huh"?  Kubernetes is an open-source platform for managing containerized workloads and services.  It handles both declarative configuration and automation, and it widely available.  You can learn more about Kubernetes here.

 

By officially supporting Kubernetes, users of CA API Gateway and its Docker container form factor will be able to scale and orchestrate the Gateway in the same manner that they manage their other container applications, and take advantage of the growing community and ecosystem of Kubernetes expertise and tools.  You can read our documentation on CA API Gateway and Kubernetes support here.

 

For those of you who totally grok the above, and are salivating to move your 9.3 implementation to Kubernetes, and want to know what kind of hoops you have to jump through?  Absolutely none.  You're good to go!

I wanted to share some information - hot off the press!  Many of you use CA API Gateway 9.3.  And many of you also happen to use Lambda.  Wouldn't it be killer if they were integrated?  Now they are!  AWS Integration Assertions are available immediately off the CA Support Site.  When you log on, if you have entitlements to 9.3 Gateway, you will see it in the list of downloadable components (under “CA API Gateway Enterprise MULTI-PLATFORM”).

 

Why do want this?  Some users need to integrate disparate backend services, including cloud services that are running in AWS.  Once installed on your gateway, you will have new assertions that will enable your gateway to call serverless AWS Lambda functions and Simple Cloud Storage Service (S3).

This means that you can develop APIs that integrate with a wide range of backend services, including those that are running on AWS.  For example, from within policy, Gateway users will be able to invoke AWS Lambda Functions, and get/put data from S3. 

 

To learn more about how it works, the documentation is available here.  I hope this new integration helps with your digital transformation efforts!

oakbi01

CA Live API Creator v5.0 GA

Posted by oakbi01 Employee Aug 29, 2018

"The new phone book's here!  The new phone book's here!" 

 

Ok....perhaps I'm dating myself with the above quote (Steve Martin's "The Jerk") - but that's really what it feels like.  CA Live API Creator v5.0 is now GA!    This is a pretty cool release, with updates for for DevOps, teams, databases, and interfaces.  Let's get right down to it.

 

  • Simplified DevOps and team development: Enhancements that enable Live API Creator
    • to store API metadata in a file based admin repository, also leading the product to a DB less architecture
    • to integrate API data with source control systems easing team collaboration
    • to seamlessly migrate API data across dev/QA/prod environments
  • Extensible data source framework: A framework that enables creating a data source connector for SQL or NoSQL
  • databases that Live API Creator does not connect to out of the box.
  • MongoDB data source provider: A connector for MongoDB data source
  • HTTP-based authentication provider: Ability to authenticate your API requests by way of a third-party authentication provider integrated with Live API Creator via HTTP.
  • Data Explorer enhancements: The enhancements make the Data Explorer interface more configurable. These include the ability to set the maximum number of columns to display data in the Form, the ability to start it in insert mode, and security enhancements.
  • User experience enhancements:
    • Simplified integration with CA API Gateway using the HTTP authentication provider
    • External Logging Enhancements
    • Learning Center Updates
  • And much more…

For more information about the new feature set, see the Release Notes.

 

I also invite you to attend a replay of our webinar titled: Enterprise Class APIs for Digital Business Speed and Agility, where the presenters actually built a working system from scratch in 20 minutes, as well gave a peek at the brand new CA Live API Creator v5.0.

 

If you can't wait to get started, visit our Trials page to download your CA Live API Creator trial today!

oakbi01

Working Software NOW

Posted by oakbi01 Employee Aug 27, 2018

Last week, I talked about some of the business constraints that enterprises must deal with as they modernize their application architectures, and that APIs are the glue that ties applications back to services.  This week, I wanted to talk about the problem that lies underneath - the app architecture and the logic.  You've got data handling issues - let's be real - your database doesn't know what the modern endpoint (your phone or tablet) is, and the two certainly don't know how to talk to each other, much less integrate.  And the business logic is paramount to design correctly.

 

And that's the beauty of CA Live API Creator.  It was designed to not just enable, but automate the architecture and the logic.  Building on the Agile concept of Working Software as the basis of collaboration and integration, we can create it NOW.  Using the App First model, you can just paint your app, and the system creates your UI, multi-table database, and even a default API.

 

Next, as we automate the server side logic with both point and click APIs and spreadsheet-like logic and security.  And underneath the API and logic automation is architecture automation, addressing both your service logic  (routes, controllers, data types, exception handling, etc) and your data handling (SQL connections, ORM, filtering, sorting, pagination, etc).

 

Sounds like quite the statement.  Want to see Working Software NOW?  I'd like to remind you about an upcoming webinar on August 29th, at 9am pst (noon eastern) discussing CA Live API Creator 5.0, where you'll see Renu Motwani, Product Manager, and her team build a working system from scratch in 20 minutes, as well as a peek at the brand new v5.0.  Click here to register - I hope to see you there!

As I mentioned last week, APIs are the glue that ties applications to back end services.  But let's step back and talk about those apps.  As business modernize their application architecture, app dev teams learn a few hard constraints exist:

  • in this modern world, changing business needs require rapid development and scaling of services
  • repetitive app development and maintenance tasks are error-prone and time-consuming, adding to project costs
  • advanced database and integration skills are scarce and expensive
  • coders don't want to code security into their applications

Declarative business rules, agile development, and elastic scalability with built-in RBAC can easily address these constraints - and CA Live API Creator is a fantastic tool for dev teams to utilize as they go through the modernization of their architecture.  

 

What that in mind, I'd like to remind you about an upcoming webinar on August 29th, at 9am pst (noon eastern) discussing CA Live API Creator 5.0, where you'll see Renu Motwani, Product Manager, and her team build a working system from scratch in 20 minutes, as well as a peek at the brand new v5.0.  Click here to register - I hope to see you there!

APIs are the glue that ties applications to back end systems, services, and data.  They've been around since programming began, but in the last few years have become quite strategic, especially for mobile - thus driving API Management.  But....they can be cumbersome to develop....ask any API Manager/Owner.

 

What if you can easily create APIs from a visual interface, regardless of your coding style?  And what if you can design these APIs to do things - rather than write the typical code to make those APIs do things?  Declarative rules allow you to do exactly that - and the end result is enabling you to create solutions that deliver strategic business value in minutes, rather than days, weeks, or months.

 

I'd like to invite you to an upcoming webinar on August 29th, at 9am pst (noon eastern) discussing CA Live API Creator 5.0, where you'll see Renu Motwani, Product Manager, and her team build a working system from scratch in 20 minutes, as well as a peek at the brand new v5.0.  Click here to register - I hope to see you there!