The 10 Question Framework for High Performance, Secure IBM i APIs
The 10 Question Framework for High Performance, Secure IBM i APIs
A recent report by Rapid concluded that 64% of small companies used up to 10 internal APIs and 40% of large companies used up to 250 or more internal APIs in 2022. And the trend is growing in 2023. The explosion of the API economy is making it increasingly difficult to compete without a robust API strategy for both providing API access to your applications and data, and for using APIs to add capabilities to your systems.
IBM i users are finding that creating, using, and protecting APIs involves much more than simply creating an HTTP endpoint for accessing programs and data. APIs as a doorway to your systems can be complex to design and implement. They must make your systems easy to access while protecting your valuable data and applications from attacks.
This webinar will focus on how to create real-world, production ready APIs that provide rich function while protecting your systems from harm. You will leave with a 10-question design framework that allows you to:
- Build High Performance APIs
- Access APIs From Your IBM i Applications
- Comprehensively Secure Your APIs
- Manage and Monitor Your APIs
All right, everyone. It’s the top of the hour. Let’s get started. Thanks for joining us today. And the reason we’re here is in today’s digital age, application programming interfaces or APIs, as they’re known to become an integral part of modern software development. APIs enable different applications to communicate with each other seamlessly and provide a standardized way for developers to access both data and services. However, building APIs can be a complex and challenging process, particularly when working with the IBM i. There are some things that you need to consider in particular when doing that. And that’s why we’ve developed a 10 question framework to guide you through the IBM i API development process. In this webinar, we’re going to walk you through the 10 questions you need to ask when developing an API for IBM i. We will touch on topics such as security, performance, scalability, and we’ll provide practical advice and real world examples to help you build robust and reliable APIs. Now, whether you’re a seasoned developer or you’re new to IBM i API development, this webinar will provide you with valuable, actionable tips to help you streamline your development process. We’ve put together an API planning worksheet that walks you through the 10 question framework. Dan’s going to go over in just a minute. And if you’re new to building modern APIs, the last page, page three of the worksheet provides links to free training videos on key technologies that you’ll need to learn as you continue in your API development journey. We’re going to send out an email about this afterwards, but you can download the worksheet now if you’d like to at eradani.com/apiworksheet. So all lowercase, all one word eradani.com/apiworksheet. Now, I encourage you to ask questions as you think of them so you don’t forget them. We are going to do a Q&A period at the end and answer those. If we run out of time, we will, of course, follow up on email with you and try to answer the question the best we can. You can ask questions by clicking on the Q&A button in the Zoom toolbar. I’m pointing down, but that’s where my toolbar is. Yours might be up or on the side. But if you go to the Zoom toolbar, there’s a Q&A button that lets you type in your questions at any time. And now I’d like to introduce you to Dan Maggett. Many of you already know Dan. Dan is a co-founder and CEO of Eradani and has been a key figure in the IBM i landscape for many years. Many of you may know Dan as the former CEO of Aldon, the company that provided the IBM i change management software many of you have used and you might still be using today. So, Dan, let’s do a quick sound check. Are you there? I am here. Can you hear me and can you see the slide? Yes and yes. That’s great. Excellent. So, I’m now going to turn it over to you and let you go through the 10-question framework for high-performance secure IBM i APIs.
Terrific. Thanks, Mike. And for those of you who have been in webinars that I’ve done before, as Mike said, I’m going to walk you through things, probably an understatement. I’m probably going to run you through this. I have a tendency to go fast and talk fast. So, yes, indeed, we are recording this webinar. So, if you want to go back and review things, you’ll be able to go view the recording later on. We’ll also be sending you a copy of the slides that you can review. So, with that, let’s go ahead and get into it. So, why are we doing this webinar? Why do you want to invest an hour of your time in what we’re going to be talking about today? And the reason we decided to do this webinar is we’re getting a lot of questions. These are coming in to us on a daily basis because we’re involved in this whole API enablement thing. We’re getting questions from IBM i users like, gee, I want to API enable my IBM i, but how do I get started? What is it that I need to know and what is it that I need to do? Or we’ve been hearing this more and more recently. My business partner says that in order to participate in the supply chain, I have to support their API strategy and their APIs are very complicated. How do I get started with using those? Or I’m setting up APIs around my IBM i, but people are now starting to access my database tables and I can’t reorganize files. I can’t reboot the machine. I can’t do things because there are these connections going into my system that I’m not in control of. So, how do I control those? And of course, everybody is hearing about the potential dangers of putting up APIs. You’re opening a doorway to your system. How do I keep my IBM i safe? You know, there was just a couple of weeks ago, one of the major, major products that IBM i users use was found to have some vulnerabilities that had to be closed up because they were exposing IBM i users. So, how do you keep the system safe? How do I ensure I can handle the volume? You know, once you put an API out there and you let people know it’s available, you might find that your customers want to use it and they start to hit you with lots and lots of API calls. So, how do I manage the volume and ensure I’m providing appropriate response? Another thing we’ve been hearing from customers is I want to replace my batch-based EDI system with an online real-time API system. How do I do that? And how do I do it if I have to still translate those EDI documents? And then maybe I’m receiving very complex payloads in JSON. You know, I go out and do a Google call and from Google Maps, I get these complex JSON payloads. How do I get the data I need out of that complex JSON? And then, again, how do I make this easy? Is there a way to make this easier? Something you can do to help me make this easy? And, you know, when we talk to people about this sort of easy thing, a lot of times when people think about API creation, they think about, you know, gee, I can right-click on, you know, go into IBM i, you know, RDI, right-click on a file and say generate an API endpoint. You get an HTTP endpoint for a table or you get an HTTP endpoint for a program. And that’s something, you know, if I can show you here, if I’m in Eradani Connect, so what I’ve just done is I’ve moved over to the Eradani Connect workbench and everything you see I’m going to do here, you can actually do from the command line if you want to. But I can say, gee, I want to create an API endpoint and I’ve got a table out here. So over here, I’ve got on my IBM i and I’ve got a little table out here that’s got four records in it. It’s got, you know, some customer information, you know, their ID, amount due. So it’s a little table on my IBM i. And say, gee, I’d like to create an API to access that table. And if I go over here to my browser, I can go in and say, well, let me go out to that table. So I’ve got a, you know, a route out to that. So if I hit that right now, it’s going to come back and say, wait, there’s nothing there. There’s no API there. So what I’m going to do is I’m going to just create one. So I can go in here and say, OK, I want to go out and I want to create an inbound API. And an inbound API, we say inbound API, we mean an API that you’re standing up around something on your IBM i. So you’re saying I want to create access to a table or I want to create access to a program. So all I need to do is come in here and say, I want to give it an endpoint. We’ll call it customers and it’s a get and it’s going to be a query. And we’re just going to do a real simple one here to select everything from that table, from DMAGED.customers. And I’m going to just call this customers all. So that’s my the API I’m going to create. And so that’s basically all I do as I go in and I fill in the form. So here’s what I want to do. I hit generate and it’s now generating the code to call that API. So down here, I can watch it as it’s generating the code. So it’s generating all of the routing code, all the security code, everything is being generated now for me. And so now I’m going to go ahead and compile that. So it’s finished generating the code. I’m going to build the code. So over here, I can watch it. It’s actually building the code now for me. And now it’s finished building the code. Now I’m going to start up my API server. And I’m going to go back over to my browser and refresh it. And so now I get that data. So it’s pulled back the data and it’s gone out and queried the IBM i. It’s gotten data back in IBM i format and it’s turned it into JSON data.
So let’s talk about use cases and values. So the first thing you start with is this. And it’s really interesting. I actually keyed into chat DPT. I said, what are the 10 things you need to think about when creating APIs? And it came up with basically the same list that I have here. And the first thing it says is you need to know what are the use cases. Why are you doing this? And I had a really interesting conversation with an IT director at a transportation company. And she said to me, when I was talking to her about APIs, she said, look, we’re not just simply trying to create connections. We are trying to transform our business. We want the IBM i to play in the greater ecosystem of all the different platforms that we have and that our partners have so that we don’t look like an outlier. We want to be an active participant in that environment. We also want to be able to recruit the next generation of developers by using the latest technologies and APIs allow us to integrate new technology with our IBM i. We want to be able to change the perception of our company that we look like a leading edge modern company. We want to be able to get our enhancements, our product features out faster. And we want to be able to use things like open source to do that. We want to be able to do more of our transaction processing in the API layer because that will speed up the process and reduce the load on our IBM i. And we want to be able to connect with partner organizations so we can we can generate new channels for revenue. So it’s not just connecting things. It is actually transforming how we do business in our IT environment and in our general business environment. So when you look at the use case, what are you trying to do? Are you trying to generate more revenue, find new sources of revenue? Are you trying to improve customer service by being more responsive and providing a better user experience? Are you trying to automate business processes and reduce cost and speed transaction processing? So what are the things that you’re trying to do in creating these APIs? And this is just I’ve got a couple of examples here of real customer situations, things that customers have done. This was an API enablement project with an insurance company where they had a real estate company call them and say, hey, we we’d really like to be able to give customers a real time insurance quote for a property when they’re looking at properties on our website. Can you make that happen? Is it? Well, you know, if you send us information about the property, we can send you back a quote. And so what they did is they API enabled their quoting process on the IBM i so that the real estate company could send an address. The problem was that they couldn’t generate a quote with just an address. They actually needed the latitude and longitude of that property. So they had the inbound API where they API enabled the quoting process. But then the IBM i had to go make a call out to Google Maps. So it had to get an API called the Google Maps to get the latitude and longitude. Once it got the latitude and longitude, they actually then had to make a call out to FEMA because they needed some FEMA data in order to do a quote. That information came back to the IBM i. The quoting process then ran on the IBM i. And then they returned Jason data to the web browser so that it could display the actual insurance quote. And they had to do all of that in sub two second response time. So they had to give the user very, very fast response. So people weren’t sitting there waiting for the response. So they’ve got inbound APIs and they’ve got outbound calls to API. So both things are happening in this one business process. We had another customer, they were a manufacturer and they had a bunch of retail stores that sold their products and that retail stores would call in orders. And they had to call into their call center, which was open from eight to five, five days a week. The problem was is the stores were open on weekends and on evenings. And so they were missing out on opportunities. So the API enabled their order entry process and they were able to take orders 24/7/365. And they called us the first morning they had brought this up. They brought it up on a Saturday morning and they said in the first couple hours that we were open, we got $10,000 in new orders that we would not have gotten had we not been up and available. They would have had to go to some other supplier to get those products. So they were able to increase their revenue immediately by API enabling their system. Then this was a customer that they had an issue. They were a manufacturer and their customer said, we need to schedule our warehouse workers to be at the loading dock when the truck arrives. Can you tell us when the truck is going to be here? And the problem they had is their customer service people didn’t know where the truck was. They would have to call the transportation provider, ask where the truck was. They’d have to wait to get a response. And the whole round trip was taking about a half a day, which wasn’t very useful to their customers. So what they did is they API enabled the order system on their IBM i so a customer could go in and inquire into their active orders, see which ones were being shipped. And then they gave them a track shipment button that allowed them to hit track shipment, which then kicked off an outbound API call from their IBM i to their transportation provider, which actually in this case, interestingly enough, the transportation provider was also an IBM i user who had API enabled their system so that they could then get back the current location of the truck. So they would get the current location of the truck, do a call out to Google Maps and give the customer an actual map of here’s where the truck is right now. And this is a GTA. So they would get the information back to the customer. So now the customer had instantaneous response to their question of where is my shipment? So better customer experience and they reduced the volume of calls coming into their customer support center. And then this was a customer that wanted to use open source modules with their IBM i application. They were a payroll provider and they had all these government forms that were PDF documents and they wanted to get information from their IBM i into those PDF documents. And there was an open source module that would take IBM i data and integrate it into PDF or would take data from a database table and integrate it into these kind of electronic PDF documents. So they simply API enabled that module and they were able to send it the IBM i data and it would then integrate that data into those documents and store them on their IBM i. And then we have lots of customers. This is a really common use case where customers call us and they say, I want to add text messaging into my application. I want to be able to send text messages on events. So from the IBM i. So again, you can API enable that process so the IBM i can simply do a quick call out to an API and it can send them the phone number and this will automatically then generate text messages going out to the customers. So, or you can actually have it going the other way where text messages are sent back to you and you get data that you can integrate in your IBM i. We actually have a video on our website showing how to do this.
Great. Just packed full of great information. So you’ll have, like Dan said, you’ll have the recording, you’ll have the slide deck, and you’ll have access to the worksheet. So we’ll get that all sent out to everyone. Dan, there’s a couple of questions I think we can use the last few minutes to hit those. I think they’re good questions. Yeah, yeah, yeah. So the, so yeah, Eradani does have an API, so our Eradani Connect is an, does have embedded within an API server. So, so it is an API server that you can use for it. But there, there are lots of things it can connect to. So it can connect to a whole lot of IBM i things, but it has its own, its own server. And it’s a very lightweight, very fast server. So we don’t require things like Apache, which can be very heavyweight and it has a lot of Java code in it. So it can, it can be, it can create performance issues. So yes, it does have its own API server. We can handle, you know, any, any size JSON payloads. We have, we have multi gigabyte JSON payloads that we, we’ve had to deal with with customers so we can handle very, very, very large JSON payload. And Mike Corbo, yes, that was that. Exactly. That was your app, the, the yard management system. So I know we have some, we have some Eradani customers on the call today. I would, I would guess a few of them recognize their apps here today. And then, and yeah, and I think Josh posted to the chat, the, the Kafka session where you can go to register if you want to go see the Kafka session at the DB2 Summit. Let’s see, it looks like maybe a couple other questions have arrived since I look. Yep. So, so yes, we, so DevOps is, is not included in Eradani because we actually have customers who have lots and lots of different ways of doing change management so we can integrate with your existing change management. But we do have a DevOps module if that’s something that you’re interested in that, that Eradani provides, but it is a separate thing. And Node.js can actually, we can run, the Node.js server can run on the IBM i. It runs in the Pace environment on the IBM i, or it can run on a Windows, attached Windows or Linux or Unix server. We actually have people who are running it in the cloud because Eradani Connect is actually a Node.js application. It can be put into a Docker container and deployed as in a Kubernetes cloud. So you have a lot of choices of how to deploy it and it’s kind of up to you and you can mix and match. You can have some things on your IBM i and some things on other platforms. Fantastic. Dan, you are right on the hour, right on the mark. Perfect. Great job. Thank you everyone for attending. As we said before, everything will be sent out to you, links to all the content. If you have any questions, we’re easy to get a hold of. Dan is Dan@eradani.com. You can send it to Mike@eradani.com and I’ll get your questions to the right place. Thank you everybody for attending and have a great rest of your day.