Mashery Solution Overview
Click a link in the table below to view the corresponding section:
The Mashery solution developed out of the insight that every provider of an API has a need for a common set of operational and business channel management functionality. Mashery is in the business of abstracting, defining, implementing and refining this common need, the result being the Mashery Service. This allows you, the API provider, to do what you do best, i.e. focus your resources on your core value API while Mashery takes care of the distribution part of your new business channel.
The Mashery Solution
The Mashery solution is comprised of the following parts that work together to give your channel partners (developers/applications) a unified experience:
A new Mashery customer is provisioned what we call a Mashery-powered developer portal. A developer portal is a site that:
- Is hosted by Mashery
- Is "Skinned" to conform to your branding
- Has an integrated blog designed for news and update announcements and subsequent discussion
- Has an integrated forum designed to allow developers to communicate with each other directly
- Has an integrated wiki designed to allow developers to add their own content to the portal
- Has a documentation presentation engine where all your API docs are made available to developers
- Has the ability to integrate any web pages of your choosing
- Is CNAME'd from a URL of your choosing so that as far as your developers are aware, the portal is owned and operated by you (which is true except that it lives on our servers)
- Enables developers to register for access to your API
- Enables developers to get support on issues surrounding their use of your API
This portal is an example of a Mashery-powered developer portal. Not all the functionality is being used here because the primary purpose of this portal is slightly different than a portal used to centralize interaction with developers of an API. At Mashery, we make a point of drinking our own champagne because we believe it is an important factor in making sure the evolution of our solution is centered around the real world needs of our customers.
To see what some of our current customers are doing with Mashery-powered developer portals, check out:
More examples can be found at: http://developer.mashery.com/apis
The Mashery proxy is our patent pending software that sits between your developers and your API. The proxy intercepts all calls to your API, does some Mashery magic, passes the call on to your API, intercepts the response, does some more Mashery magic and sends the response back to the caller. The proxy is the mechanism for applying the business rules of your choosing to your new API channel. Some features of the proxy include:
- Dynamically log call and response data to feed into the reporting system (see below)
- Apply throttling rules to API usage down to the method and user level e.g. I want developer X to only be able to call method Y, Z times a period (second/minute/hour/day/etc.) (Individual developer method limiting coming soon)
- Protect against malicious attacks to your API
- Dynamically load balance calls to your API
- Apply translation logic to the data flow to make disparate APIs seem like they have a common interface design
- Seamlessly handle new versions of an API without affecting existing applications
- Apply caching to reduce overhead on backend API
- Use various CDNs (content distribution network) to increase response regardless of geographical location of caller
- Apply various security layers e.g. filtering by IP
- 24/7/365 monitoring of API accessibility with immediate notification when an outage is detected
The dashboard is a web-based application that your channel manager will use to:
- View the extensive reports that are automatically generated based on the channel traffic. The reports slice and dice the channel traffic in multiple ways. This allows your channel manager to view the traffic from the point of view of developers, methods, call volume etc.
- Manage the content of your Mashery-powered developer portal
- Manage the call volume parameters of your API
- Manage the users of your API
- Configure your proxy
As described above, the Mashery proxy, among the many functions that it serves, collects a huge amount of information about every call, who made it, where it came from, how long it took and much much more. This is then stored and manipulated to enable your channel manager, using the dashboard, to dynamically have strong visibility into the API flow. While the dashboard reports are adequate for the needs of the vast majority of customers, some customers have unique reporting requirements. In an effort to respond to this situation Mashery Engineers are getting ready to rollout the first Mashery API (!) which will provide Mashery customers with access to their entire datastore of log data collected by Mashery on their behalf.
Developer Technical Support
As developers begin to code against your API, it is essential that they have access to a support mechanism. The Mashery solution has been architected from the ground up to enable easy integration of the Mashery-powered solution with multiple off the shelf support solutions. To date, integration with Salesforce.com is in place and other integrations will occur as the situation arises. This approach easily allows the Mashery solution to integrate with diverse support environments and the result from the developer's perspective is a single destination, the Mashery-powered developer portal, with single signon, for all their API technical needs.
Early on in the conception of the Mashery solution, it was recognized that there is a diverse set of mechanisms available, and in use, to gain access to an API. Rather than dictate the mechanism, Mashery instead decided to design the system to accommodate not only the diversity of the type of crendentials used, but also the mechanism used to decide issuance in the first place.
Examples of the types of credentials in use today to access APIs include:
- Simple username/password
- Username/password/shared secret
- Integration with TypeKey
- Integration with SAML
- Integration with OAuth
- 24 character random
- Username/password to log on initially and subsequent use of a session token
Examples of the mechanisms in use today to issue credentials include:
- Mashery issues credentials according to an algorithm designed by you, the API provider
- Mashery issues credentials received from querying an API handled by you, the API provider
- Mashery informs you, the API provider, of the need to issue a set of credentials which are then issued by you
- Mashery issues credentials from a batch of pre-determined credentials from you, the API provider
Monitoring of API Uptime
Mashery adds every new customer to the Mashery monitoring service. Every API in the system is monitored on a 24/7/365 basis on an agreed frequency. The default frequency is every five minutes. If an outage is uncovered a Mashery support representative will immediately alert you, the API provider, in a manner that has been agreed by both parties.
Direct Monetization of Your API Channel
Whether or not you are currently directly monetizing your API channel today, we've got you covered. Once again this is an area where there are a diverse set of billing schemes and systems in operation today. The Mashery solution is designed to accommodate this diversity with a plug-in architecture for billing. The two most popular billing systems in use today by Mashery customers are Paypal and Amazon Payment services.
Getting Up and Running with Mashery
Regardless of whether you are about to rollout a new API or have an existing API, the average time for a new API to be up and running in the Mashery solution is one to four weeks.