This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Use cases for Usergrid

Posted on 02-22-2016 05:04 PM
kkleva
New Member
Reply posted on --/--/---- --:-- AM

I'd like to run by a few considerations when considering BaaS for providing a /user/search API.

1. User data is often known to be the a crown jewel of the app. How can one ensure a safe and most of all secure environment customers feel confident using?

2. How can API proxy developers guarantee the APP developers, target system owners and customer all have the proper visibility and control of their information in 'your' data?

3. What sort of ways can we entice App developers to consume our interface instead of always relying on the system of record?

Thoughts welcome

Solved Solved
1 1 405
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
Reply posted on --/--/---- --:-- AM

Great question and I am sure there will be many thoughts and opinions around this,

In the interest of discussion just wanted to clarify the roles/personas you mentioned in your question

> user == customer

> user data == customer data

> API Proxy developer == API developer == API provider

> App developer == API consumer

> Target system owner == backends(?) == owner of System of Records(?)

"A user uses the app built by the App developer using the APIs built by the API developer using the target system"

-----------------------------

Now my thoughts - there are 3 high level items you bring up

1 - functional capability

you want to build a /user/search API, so from a functional standpoint the platform you chose should fulfill those requirements. This is a sweet spot for Baas and we have few customers use Baas to do similar functionality

2 - ease of consumption

the easiest way, if not the only way, to entice app developers to consume this interface instead of going to SOR directly is to make the consumption really really easy! its easier said than done! - it's not just resources, verbs and oauth, but also how you onboard app developers, get access to your APIs, how will they get their credentials, how do you manage roles for apps, app developers, how do you manage lifecycle of the devs etc..

Baas does provide a nice easy to use API, but you also need API management part of Edge to handle the other things mentioned above to make consumption really really easy!

3 - security

a) protect access to data

Baas does support authentication and authorization to protect access to data, this could be good enough for many applications. You could also use Edge API Management to support fine grained authorization, you could also do delegated authentication to your existing Identity providers - so user data is in baas, while the credentials or still in your IDPs

b) role based access control

"APP developers, target system owners and customer all have the proper visibility and control of their information in 'your' data" - this is the sweet spot for Edge API Management

c) safe and secure environment

I think what you are referring to is much more than just the API security what we talked above - it depends on several factors including deployment model, operational processes, ssl termination, data encryption etc.. Edge [baas+api management] is proven safe and secure, battle-tested by hundreds of customers both in our managed cloud as well as private cloud deployments [in customer's datacenters]

In Summary,

Baas is great for building secure API/App capabilities (backends?)

Baas + Edge enables easier consumption with fine grained acces control for those capabilities

Thanks,

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
Reply posted on --/--/---- --:-- AM

Great question and I am sure there will be many thoughts and opinions around this,

In the interest of discussion just wanted to clarify the roles/personas you mentioned in your question

> user == customer

> user data == customer data

> API Proxy developer == API developer == API provider

> App developer == API consumer

> Target system owner == backends(?) == owner of System of Records(?)

"A user uses the app built by the App developer using the APIs built by the API developer using the target system"

-----------------------------

Now my thoughts - there are 3 high level items you bring up

1 - functional capability

you want to build a /user/search API, so from a functional standpoint the platform you chose should fulfill those requirements. This is a sweet spot for Baas and we have few customers use Baas to do similar functionality

2 - ease of consumption

the easiest way, if not the only way, to entice app developers to consume this interface instead of going to SOR directly is to make the consumption really really easy! its easier said than done! - it's not just resources, verbs and oauth, but also how you onboard app developers, get access to your APIs, how will they get their credentials, how do you manage roles for apps, app developers, how do you manage lifecycle of the devs etc..

Baas does provide a nice easy to use API, but you also need API management part of Edge to handle the other things mentioned above to make consumption really really easy!

3 - security

a) protect access to data

Baas does support authentication and authorization to protect access to data, this could be good enough for many applications. You could also use Edge API Management to support fine grained authorization, you could also do delegated authentication to your existing Identity providers - so user data is in baas, while the credentials or still in your IDPs

b) role based access control

"APP developers, target system owners and customer all have the proper visibility and control of their information in 'your' data" - this is the sweet spot for Edge API Management

c) safe and secure environment

I think what you are referring to is much more than just the API security what we talked above - it depends on several factors including deployment model, operational processes, ssl termination, data encryption etc.. Edge [baas+api management] is proven safe and secure, battle-tested by hundreds of customers both in our managed cloud as well as private cloud deployments [in customer's datacenters]

In Summary,

Baas is great for building secure API/App capabilities (backends?)

Baas + Edge enables easier consumption with fine grained acces control for those capabilities

Thanks,

Jump to Solution