3. Finding the Path Ronnie Mitra, Director of API Design, CA
Technologies API Case Study Gala Coral Interactive Chirag Desai,
Head of Sportsbook Delivery, Gala Coral Interactive API Tools in
Action Stuart Smith, API Solution Specialist, Smart421
4. Finding the Path: API Design and Implementation Tips That
Enable Success Ronnie Mitra, Director of API Design, CA
Technologies @mitraman
5. For the content of Ronnies slides, please refer to separate
file on slideshare at: http://ow.ly/OYKpz
6. API Case Study Gala Coral Interactive Chirag Desai, Head of
Sportsbook Delivery, Gala Coral Interactive @gala_coral
7. Coral API Presentation June 2015
8. Betting has evolved.. 9
9. Gala Coral Group Who are we? 10 The fastest growing online
sports betting and gaming operation in Europe covering UK and
Italy: 22% share of the Retail betting market 5% share of the
online market Turnover of 1.243 billion in FY14 Over 1,800 Coral
Betting shops in the UK 870 Eurobet outlets in Italy Coral.co.uk
Galabingo.com Eurobet.it Coral Connect Multi Channel
10. API Management Architecture 11 Key business drivers: Single
customer wallet Same experience via multiple-channels High rate of
business change driven by global sporting calendar Support for
multiple external 3rd parties 5 core sets of APIs to be exposed:
Account management Authentication Payment Bet placement Bet
history
11. Integration with the Racing Post 12 The Racing Post
Establishing in 1986, the Racing Post is the UKs number 1 Horse
Racing daily paper, delivering all the news and information that a
racing enthusiast needs. This news source now allows customers to
bet with established operators via the Racing Post site utilising a
Remote Betslip. The Problem: With betslip integrations already
completed with our competitors, GCI began a project to integrate
with the Racing Post so that our customers could also bet via this
remote betslip. The Challenge: With our multi platform, single
wallet solution, we have a scenario where the customers funds (i.e.
Wallet) is in one system, and the betting opportunities are in
another. This necessitates third parties to use APIs from both
systems in their integrations on a server to server model. However,
the Racing Post integration required a client to server
integration. The Solution: We needed to find an API management tool
that would allow Racing Post to integrate against a single common
API that abstracted the core functionality that they required from
the multiple underlying APIs.
12. Why CA API Management? 13 We reviewed a number of vendor
products, and chose the CA API Gateway product for a number of key
reasons: Confidence The product is well known and has been
previously used within the industry Once deployed, we wanted to
retain the option to make changes using internal or external
resources (this was not the case with some other vendor offerings,
so would have been potentially exposed to dependency on external
professional services Plus all the other things we wanted Cost
effective Licencing and support model/cost Well supported product
and supplier/integrator base Centralised management of all our
internal Playtech & OpenBet API Single access point for
authentication and management of all API developers. Elimination of
rogue usage of APIs Allow developers to benefit from a single
repository of APIs and associated information Maintain PCI
compliance Outcome - A single Coral API - secure, documented and
consistent that wraps the current OpenBet and Playtech APIs for
third parties who want to integrate into the Coral platform.
13. Timeline 14 Began April 2014 - with a timeline to complete
supplier selection, scoping, build/installation and deployment by
mid May 2014 Target - product live in time for that years Epsom
Derby in early June CA recommended to engage with Smart421 Smart421
delivered the initial Coral API release in under a month: From
initial conversations, through to initial scoping and onsite
presence in Gibraltar Build, integration and deployment to 3 non
production and 1 production environments Including liaising with
OpenBet and Playtech to unit test/validate the new policies
Integration documentation provided to the Racing Post to enable
their delivery work Scope Phase 1 of the project involved the build
of a simple API that would allow a customer to do the following Log
In/Log Out Retrieve a customers wallet balance Validate and place a
bet Retrieve a customers bet history
16. What happened next what did we learn? 17 Phase 1 of the
Coral API was delivered in mid May 2014 as planned with a Phase 2
of extended functionality delivered in August. 2014. The API itself
began to deliver immediate benefit in allowing us to quickly start
integrations with third parties and build our own proof of concept
applications. This has led to a significant functional increases in
the capability of the API Working with Smart421 allows Coral to
undertake this work in a controlled and cost effective manner.
Operational experience CA API Gateway is very stable Once its
working (i.e. API choreography is tested), it just stays working
Smart421 providing support service, utilising their close
relationship with CA So what's next? Racing Post on iPad - launched
June 2015using the Coral API Weve only scratched the surface on the
APIs that remain to be integrated CA API Gateway is proving itself
to be an essential integration service for our third parties and
its scope will continue to grow Smart will be providing Technical
Training to the GCI infrastructure team More apps are awaiting
integration
17. Thank you! 18
18. API Tools in Action Stuart Smith, API Solution Specialist,
Smart421 @Smart421
19. Manage Developers Access to APIs Health Tracking Workflow
Performance Global Staging Developer Enrollment API Docs Forums API
Explorer RankingsQuotas Plans AnalyticsReporting Config Migration
Patch Management Policy Migration Manage Lifecycle &
Availability of API Throttling Prioritization Caching Routing
Traffic ControlTransformation Security Secure & Manage
Interface + Data Composition Authentication Single Sign OnAPI
KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access
& Credentialing to API Token Service Features of an API
Delivery & Management Platform
20. Manage Developers Access to APIs Health Tracking Workflow
Performance Global Staging Developer Enrollment API Docs Forums API
Explorer RankingsQuotas Plans AnalyticsReporting Config Migration
Patch Management Policy Migration Manage Lifecycle &
Availability of API Throttling Prioritization Caching Routing
Traffic ControlTransformation Security Secure & Manage
Interface + Data Composition Authentication Single Sign OnAPI
KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access
& Credentialing to API Token Service Features of an API
Delivery & Management Platform
21. Manage Developers Access to APIs Health Tracking Workflow
Performance Global Staging Developer Enrollment API Docs Forums API
Explorer RankingsQuotas Plans AnalyticsReporting Config Migration
Patch Management Policy Migration Manage Lifecycle &
Availability of API Throttling Prioritization Caching Routing
Traffic ControlTransformation Security Secure & Manage
Interface + Data Composition Authentication Single Sign OnAPI
KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access
& Credentialing to API Token Service Features of an API
Delivery & Management Platform
22. Manage Developers Access to APIs Health Tracking Workflow
Performance Global Staging Developer Enrollment API Docs Forums API
Explorer RankingsQuotas Plans AnalyticsReporting Config Migration
Patch Management Policy Migration Manage Lifecycle &
Availability of API Throttling Prioritization Caching Routing
Traffic ControlTransformation Security Secure & Manage
Interface + Data Composition Authentication Single Sign OnAPI
KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access
& Credentialing to API Token Service Features of an API
Delivery & Management Platform
23. Manage Developers Access to APIs Health Tracking Workflow
Performance Global Staging Developer Enrollment API Docs Forums API
Explorer RankingsQuotas Plans AnalyticsReporting Config Migration
Patch Management Policy Migration Manage Lifecycle &
Availability of API Throttling Prioritization Caching Routing
Traffic ControlTransformation Security Secure & Manage
Interface + Data Composition Authentication Single Sign OnAPI
KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access
& Credentialing to API Token Service Features of an API
Delivery & Management Platform
24. Manage Developers Access to APIs Health Tracking Workflow
Performance Global Staging Developer Enrollment API Docs Forums API
Explorer RankingsQuotas Plans AnalyticsReporting Config Migration
Patch Management Policy Migration Manage Lifecycle &
Availability of API Throttling Prioritization Caching Routing
Traffic ControlTransformation Security Secure & Manage
Interface + Data Composition Authentication Single Sign OnAPI
KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access
& Credentialing to API Token Service Features of an API
Delivery & Management Platform
25. Manage Developers Access to APIs Health Tracking Workflow
Performance Global Staging Developer Enrollment API Docs Forums API
Explorer RankingsQuotas Plans AnalyticsReporting Config Migration
Patch Management Policy Migration Manage Lifecycle &
Availability of API Throttling Prioritization Caching Routing
Traffic ControlTransformation Security Secure & Manage
Interface + Data Composition Authentication Single Sign OnAPI
KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage Access
& Credentialing to API Token Service Features of an API
Delivery & Management Platform
26. Health Tracking Workflow Performance Global Staging
Reporting Config Migration Patch Management Policy Migration Manage
Lifecycle & Availability of API Throttling Prioritization
Caching Routing Traffic ControlTransformation Security Secure &
Manage Interface + Data Composition Authentication Single Sign
OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenIDConnect Manage
Access & Credentialing to API Token Service Features of API
Management Gateway
27. Railways We want to write an app so customers can login and
get their ticket details We want to display the boarding pass on
their phone so they dont need to print it We want it to be secure
We want to be able to audit usage CIO says -
28. Railways Weve got existing SOA services that we could use
They are SOAP/XML and for internal use, so no security, not
suitable for mobile consumption Help us to make our app work ! CIO
says -
29. SOLUTION Internet Railways API Management Gateway
30. API Management Gateway Identity Provider (internal GW
provider used) SOA enterprise (mocked by GW) GET
https://192.168.0.5:8443/ticket AUTHENTICATE (username, password)
POST https://192.168.0.5:8443/internalBooking OK JSON response
(ticket info) XML response (full enterprise ticket data) Demo
Setup
31. Railways SECURITY expose over SSL/HTTPS, with HTTP Basic
Authentication to capture username, password. AUTHENTICATION use
customer existing LDAP THREAT PROTECTION CA API assertions
TRANSFORMATION SOAP/XML to REST/JSON CA API assertions THROTTLING
CA API assertions AUDITING audit to CA API database SOLUTION