SlideShare a Scribd company logo

Evolution of API Management in the BBC

Nordic APIs, profile picture
Nordic APIs

The document outlines the evolution of API management at the BBC, emphasizing the transition from centralized to decentralized systems for enhanced scalability and reliability. Key features include end-to-end encryption, automated TLS certificate rotation, and the integration of a developer portal for improved authorization and service monitoring. Future developments aim to refine user identity processes and enhance security without relying on API keys.

Software
1 of 44
Downloaded 20 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Design Engineering+ Evolution of API Management at the
Break title to something else
Design Engineering+ Children’s Bitesize iPlayer Sounds Homepage News Sports Weather
Design Engineering+ Today’s focus is on engineering
Design Engineering+
Design Engineering+ • Autonomous agile teams • Offices across the United Kingdom and further • Distributed teams allowing for members to work in any region Teams across the UK
Design Engineering+ Service components 2000+ Daily deployments 1200+
Design Engineering+ Nathan Brock Rafal Jachimczyk Senior software engineerPrincipal software engineer BBC API Management BBC API Management
Design Engineering+ Looking back
Design Engineering+ Before API Management
Design Engineering+ • Discover • Onboard • Identify • Report Why API Management?
Design Engineering+ • Default authentication mechanism • Very secure • End-to-End encryption for data in transit • Rotation of the TLS certificates • Automated by BBC Cosmos service Mutual TLS
Design Engineering+ So, we bought an off the shelf solution
Design Engineering+ Centralised API Management
Design Engineering+ Requests 2.2 Billion Platform APIs 70+
Design Engineering+ • Simple to setup and roll out • Limited service impact • Organisation level analytics • Developer Portal out-of-the-box • GUI setup All roads lead to central
Design Engineering+ Centralised API Management
Design Engineering+ Centralised API Management
Design Engineering+ Centralised under load
Design Engineering+ Decentralising API Management
Design Engineering+ API Management Independently scalable
Design Engineering+ API Management Reliable
Design Engineering+ API Management Configurable
Design Engineering+ API Management Extensible
Design Engineering+ API Management Cost effective
Design Engineering+ Centralised API Management
Design Engineering+ Decentralising API Management
Design Engineering+ • Build in Node.js • Packaged as RPM • Published to yum repository • Delivered into the cloud • Managed and configured by API teams Proxy technology
Design Engineering+ • Developer Portal important to our future roadmap • Integration with BBC processes and authentication • Improved authorisation model • Control over internal data model BBC Developer Portal
Design Engineering+ • Added value using existing datasets • Identified internal requirement • Exposing uptime and quality of requests • Historic record of SLAs for the organisation SLA Monitoring
Design Engineering+ Looking forward
Design Engineering+ API Management On Prem
Design Engineering+ API Management On Prem
Design Engineering+ • Enable Authorisation on User level • Simplified Authorization-Code OIDC flow out of the box. • Similar deployment style to API Management proxy • Similar concepts to Google’s Identity Aware Proxy and AWS’s ALB User Identity
Design Engineering+ User Identity Humans / Time Lords
Design Engineering+ User Identity Service identity SoftwareHumans / Time Lords
Design Engineering+ • Enhance (augument) BBC’s default mTLS security • Move away from API Keys for identification • Improve service registry • Authorisation engine (ABAC) API Service Management
Design Engineering+ Would we do it again?
Design Engineering+ Continuous evolution
Design Engineering+ Before API Management
Design Engineering+ Centralised API Management
Design Engineering+ Decentralising API Management
Design Engineering+ API Management
Break title to something else

More Related Content

PPTX
API Products: Who, What, Where, When, Why, and How?
Nordic APIs
 
PPTX
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays
 
PDF
API Design Workflows
Jakub Nesetril
 
PDF
Lean Method for Building Good APIs for Business – APIOps Cycles
Nordic APIs
 
PPTX
SOA in the API World - Facades, Transactions, Stateless Services
Apigee | Google Cloud
 
PPTX
Your API Strategy: Why Boring is Best
Nordic APIs
 
PDF
API Design Collaboration
Uchit Vyas ☁
 
PDF
apidays LIVE Australia 2021 - Confessions of a Product Geek : My First API BY...
apidays
 
API Products: Who, What, Where, When, Why, and How?
Nordic APIs
 
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays
 
API Design Workflows
Jakub Nesetril
 
Lean Method for Building Good APIs for Business – APIOps Cycles
Nordic APIs
 
SOA in the API World - Facades, Transactions, Stateless Services
Apigee | Google Cloud
 
Your API Strategy: Why Boring is Best
Nordic APIs
 
API Design Collaboration
Uchit Vyas ☁
 
apidays LIVE Australia 2021 - Confessions of a Product Geek : My First API BY...
apidays
 

What's hot (20)

PDF
Dependency Down, Flexibility Up – The Benefits of API-First Development
Nordic APIs
 
PPTX
APIs in the Enterprise -Lessons Learned
Apigee | Google Cloud
 
PPT
Why APIs are Different Than Integration
Apigee | Google Cloud
 
PPTX
API Design Best Practices & Tech Talk : API Craft Meetup @ Apigee
Anil Sagar
 
PPTX
API First: Going Beyond SOA, ESBs, and Integration
Apigee | Google Cloud
 
PDF
INTERFACE, by apidays - API Design is where culture and tech meet each other...
apidays
 
PPTX
What It Takes to Build API Integrations
Nordic APIs
 
PDF
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
PDF
Developer Support Models: Calibrating Service Level to Commitment
Nordic APIs
 
PDF
Redefine Omni-Channel Retailing - Harness the Power of APIs
Apigee | Google Cloud
 
PDF
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Nordic APIs
 
PDF
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
Open API Initiative (OAI)
 
PPTX
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Nordic APIs
 
PPTX
Public API
Amir Zuker
 
PPT
Modernizing an Existing SOA-based Architecture with APIs
Apigee | Google Cloud
 
PPTX
Api-First service design
Stefaan Ponnet
 
PPTX
Transition from SOA to APIs for the App Economy - Bending the Spoon
Apigee | Google Cloud
 
PDF
INTERFACE, by apidays - Low code APIs that don't break by Zdenek Nemec, Supe...
apidays
 
PDF
Rest api best practices – comprehensive handbook
Katy Slemon
 
PDF
apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays
 
Dependency Down, Flexibility Up – The Benefits of API-First Development
Nordic APIs
 
APIs in the Enterprise -Lessons Learned
Apigee | Google Cloud
 
Why APIs are Different Than Integration
Apigee | Google Cloud
 
API Design Best Practices & Tech Talk : API Craft Meetup @ Apigee
Anil Sagar
 
API First: Going Beyond SOA, ESBs, and Integration
Apigee | Google Cloud
 
INTERFACE, by apidays - API Design is where culture and tech meet each other...
apidays
 
What It Takes to Build API Integrations
Nordic APIs
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
Developer Support Models: Calibrating Service Level to Commitment
Nordic APIs
 
Redefine Omni-Channel Retailing - Harness the Power of APIs
Apigee | Google Cloud
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Nordic APIs
 
9 Months and Counting with Jeff Borek of IBM OpenAPI Meetup 2016 09 15
Open API Initiative (OAI)
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Nordic APIs
 
Public API
Amir Zuker
 
Modernizing an Existing SOA-based Architecture with APIs
Apigee | Google Cloud
 
Api-First service design
Stefaan Ponnet
 
Transition from SOA to APIs for the App Economy - Bending the Spoon
Apigee | Google Cloud
 
INTERFACE, by apidays - Low code APIs that don't break by Zdenek Nemec, Supe...
apidays
 
Rest api best practices – comprehensive handbook
Katy Slemon
 
apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays
 
Ad

Similar to Evolution of API Management in the BBC (20)

PDF
Forge - DevCon 2016: Drawings! Drawings! Everywhere!
Autodesk
 
PDF
Migrate the Mission Critical Application to AWS Cloud
Shuen-Huei Guan
 
PDF
Microservices
darkofabijan
 
PDF
Forge - DevCon 2016: Extend BIM 360 Docs with the Issues Service API
Autodesk
 
PPTX
Mind Like Water with CICD
Anant Corporation
 
PPTX
JasperReports IO: Reporting and data visualization in a world of cloud, micro...
TIBCO Jaspersoft
 
PDF
Industrial IoT on Azure
Ivo Andreev
 
PDF
TejaSoft Code Audit Case Studies
Raja Nagendra Kumar
 
PDF
Tracking and business intelligence
Sebastian Schleicher
 
PDF
7450A - CRONOS helping ENGIE adopting Private Cloud with Bluemix Local System
Hendrik van Run
 
PPTX
Het Microsoft Integratie Platform – Welk model past u het beste? (Steef Jan W...
Codit
 
PPTX
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
Tokyo Azure Meetup
 
PPTX
ABC Company Presentation
ABC-GROEP.BE
 
PPTX
The new Azure App Service Architecture
João Pedro Martins
 
PDF
Katpro Technologies- SharePoint Portfolio
Katpro Technologies Pvt Ltd
 
PPTX
Media streaming architecture Introduction
DAEBUM LEE
 
PPTX
Keynote speech
BizTalk360
 
PDF
DevOpsCon 2015 - DevOps in Mobile Games
Andreas Katzig
 
PDF
Forge - DevCon 2016: Implementing Rich Applications in the Browser
Autodesk
 
PPTX
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
Nikolai Blackie
 
Forge - DevCon 2016: Drawings! Drawings! Everywhere!
Autodesk
 
Migrate the Mission Critical Application to AWS Cloud
Shuen-Huei Guan
 
Microservices
darkofabijan
 
Forge - DevCon 2016: Extend BIM 360 Docs with the Issues Service API
Autodesk
 
Mind Like Water with CICD
Anant Corporation
 
JasperReports IO: Reporting and data visualization in a world of cloud, micro...
TIBCO Jaspersoft
 
Industrial IoT on Azure
Ivo Andreev
 
TejaSoft Code Audit Case Studies
Raja Nagendra Kumar
 
Tracking and business intelligence
Sebastian Schleicher
 
7450A - CRONOS helping ENGIE adopting Private Cloud with Bluemix Local System
Hendrik van Run
 
Het Microsoft Integratie Platform – Welk model past u het beste? (Steef Jan W...
Codit
 
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
Tokyo Azure Meetup
 
ABC Company Presentation
ABC-GROEP.BE
 
The new Azure App Service Architecture
João Pedro Martins
 
Katpro Technologies- SharePoint Portfolio
Katpro Technologies Pvt Ltd
 
Media streaming architecture Introduction
DAEBUM LEE
 
Keynote speech
BizTalk360
 
DevOpsCon 2015 - DevOps in Mobile Games
Andreas Katzig
 
Forge - DevCon 2016: Implementing Rich Applications in the Browser
Autodesk
 
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
Nikolai Blackie
 
Ad

More from Nordic APIs (20)

PPTX
How to Choose the Right API Platform - We Have the Tool You Need! - Mikkel Iv...
Nordic APIs
 
PPTX
Bulletproof Backend Architecture: Building Adaptive Services with Self-Descri...
Nordic APIs
 
PDF
Implementing Zero Trust Security in API Gateway with Cilium - Pubudu Gunatila...
Nordic APIs
 
PPTX
Event-Driven Architecture the Cloud-Native Way - Manuel Ottlik, HDI Global SE
Nordic APIs
 
PPTX
Navigating the Post-OpenAPI Era with Innovative API Design Frameworks - Danie...
Nordic APIs
 
PDF
Using Typespec for Open Finance Standards - Chris Wood, Ozone API
Nordic APIs
 
PPTX
Schema-first API Design Using Typespec - Cailin Smith, Microsoft
Nordic APIs
 
PPTX
Avoiding APIpocalypse; API Resiliency Testing FTW! - Naresh Jain, Xnsio
Nordic APIs
 
PPTX
How to Build an Integration Platform with Open Source - Magnus Hedner, Benify
Nordic APIs
 
PPTX
API Design First in Practise – An Experience Report - Hari Krishnan, Specmatic
Nordic APIs
 
PPTX
The Right Kind of API – How To Choose Appropriate API Protocols and Data Form...
Nordic APIs
 
PPTX
Why Frequent API Hackathons Are Key to Product Market Feedback and Go-to-Mark...
Nordic APIs
 
PPTX
Maximizing API Management Efficiency: The Power of Shifting Down with APIOps ...
Nordic APIs
 
PPTX
APIs Vs Events - Bala Bairapaka, Sandvik AB
Nordic APIs
 
PPTX
GraphQL in the Post-Hype Era - Daniel Hervas, Reckon Digital
Nordic APIs
 
PPTX
From Good API Design to Secure Design - Axel Grosse, 42Crunch
Nordic APIs
 
PPTX
API Revolution in IoT: How Platform Engineering Streamlines API Development -...
Nordic APIs
 
PPTX
Unlocking the ROI of API Platforms: What Success Actually Looks Like - Budhad...
Nordic APIs
 
PDF
Increase Your Productivity with No-Code GraphQL Mocking - Hugo Guerrero, Red Hat
Nordic APIs
 
PPTX
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Theodo ...
Nordic APIs
 
How to Choose the Right API Platform - We Have the Tool You Need! - Mikkel Iv...
Nordic APIs
 
Bulletproof Backend Architecture: Building Adaptive Services with Self-Descri...
Nordic APIs
 
Implementing Zero Trust Security in API Gateway with Cilium - Pubudu Gunatila...
Nordic APIs
 
Event-Driven Architecture the Cloud-Native Way - Manuel Ottlik, HDI Global SE
Nordic APIs
 
Navigating the Post-OpenAPI Era with Innovative API Design Frameworks - Danie...
Nordic APIs
 
Using Typespec for Open Finance Standards - Chris Wood, Ozone API
Nordic APIs
 
Schema-first API Design Using Typespec - Cailin Smith, Microsoft
Nordic APIs
 
Avoiding APIpocalypse; API Resiliency Testing FTW! - Naresh Jain, Xnsio
Nordic APIs
 
How to Build an Integration Platform with Open Source - Magnus Hedner, Benify
Nordic APIs
 
API Design First in Practise – An Experience Report - Hari Krishnan, Specmatic
Nordic APIs
 
The Right Kind of API – How To Choose Appropriate API Protocols and Data Form...
Nordic APIs
 
Why Frequent API Hackathons Are Key to Product Market Feedback and Go-to-Mark...
Nordic APIs
 
Maximizing API Management Efficiency: The Power of Shifting Down with APIOps ...
Nordic APIs
 
APIs Vs Events - Bala Bairapaka, Sandvik AB
Nordic APIs
 
GraphQL in the Post-Hype Era - Daniel Hervas, Reckon Digital
Nordic APIs
 
From Good API Design to Secure Design - Axel Grosse, 42Crunch
Nordic APIs
 
API Revolution in IoT: How Platform Engineering Streamlines API Development -...
Nordic APIs
 
Unlocking the ROI of API Platforms: What Success Actually Looks Like - Budhad...
Nordic APIs
 
Increase Your Productivity with No-Code GraphQL Mocking - Hugo Guerrero, Red Hat
Nordic APIs
 
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Theodo ...
Nordic APIs
 

Recently uploaded (20)

PPTX
Presentation about Database and Database Administrator
abhishekchauhan86963
 
PDF
An Experience-Based Look at AI Lead Generation Pricing, Features & B2B Results
Thomas albart
 
PDF
Applitools Platform Pulse: What's New and What's Coming - July 2025
Applitools
 
PPTX
Role Of Python In Programing Language.pptx
jaykoshti048
 
PPTX
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
PPTX
classification of computer and basic part of digital computer
ravisinghrajpurohit3
 
PDF
49784907924775488180_LRN2959_Data_Pump_23ai.pdf
Abilash868456
 
PDF
Exploring AI Agents in Process Industries
amoreira6
 
PDF
advancepresentationskillshdhdhhdhdhdhhfhf
jasmenrojas249
 
PDF
Protecting the Digital World Cyber Securit
dnthakkar16
 
PDF
MiniTool Power Data Recovery Crack New Pre Activated Version Latest 2025
imang66g
 
PDF
New Download FL Studio Crack Full Version [Latest 2025]
imang66g
 
PPT
Activate_Methodology_Summary presentatio
annapureddyn
 
PPTX
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
PPTX
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
PPTX
slidesgo-unlocking-the-code-the-dynamic-dance-of-variables-and-constants-2024...
kr2589474
 
PDF
49785682629390197565_LRN3014_Migrating_the_Beast.pdf
Abilash868456
 
PDF
ChatPharo: an Open Architecture for Understanding How to Talk Live to LLMs
ESUG
 
PDF
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
PPTX
Can You Build Dashboards Using Open Source Visualization Tool.pptx
Varsha Nayak
 
Presentation about Database and Database Administrator
abhishekchauhan86963
 
An Experience-Based Look at AI Lead Generation Pricing, Features & B2B Results
Thomas albart
 
Applitools Platform Pulse: What's New and What's Coming - July 2025
Applitools
 
Role Of Python In Programing Language.pptx
jaykoshti048
 
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
classification of computer and basic part of digital computer
ravisinghrajpurohit3
 
49784907924775488180_LRN2959_Data_Pump_23ai.pdf
Abilash868456
 
Exploring AI Agents in Process Industries
amoreira6
 
advancepresentationskillshdhdhhdhdhdhhfhf
jasmenrojas249
 
Protecting the Digital World Cyber Securit
dnthakkar16
 
MiniTool Power Data Recovery Crack New Pre Activated Version Latest 2025
imang66g
 
New Download FL Studio Crack Full Version [Latest 2025]
imang66g
 
Activate_Methodology_Summary presentatio
annapureddyn
 
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
slidesgo-unlocking-the-code-the-dynamic-dance-of-variables-and-constants-2024...
kr2589474
 
49785682629390197565_LRN3014_Migrating_the_Beast.pdf
Abilash868456
 
ChatPharo: an Open Architecture for Understanding How to Talk Live to LLMs
ESUG
 
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
Can You Build Dashboards Using Open Source Visualization Tool.pptx
Varsha Nayak
 

Evolution of API Management in the BBC