Deploying Axway API Gateway to secure public APIs, while enabling a low cost-to-serve Headquarters Warwick, UK Industry Energy Challenge needed a secure means of exposing APIs publicly and securely in order to roll out apps quickly, keep its own costs low, and build a customer base that relies on self-service. Axway 5 Suite Solution Axway API Gateway Benefits Security and authentication for APIs that are exposed publicly, but fully secured by the Axway platform High performance and scalability to support a massive rise in transaction volume Rapid time to market for new features, by developing and exposing APIs quickly, for competitive differentiation Process optimization, ensuring that every API is available for both internal and trusted third-party use Agile and Innovative Driving change in the energy industry The largest independent energy supplier in the UK with one million connected accounts, is the UK s fastest growing energy company, with a ten-fold increase in customers in less than three years. Agile and innovative, is driving change in the energy industry, challenging the Big Six incumbents with a business model that features very low energy rates for customers. Switching Energy Providers Getting a better deal with In an ambitious initiative, the UK government has moved to open up the British energy market, introducing competition to break the stranglehold of the Big Six incumbent energy suppliers. Under the new regulations, new energy suppliers have emerged, and consumers are free to switch energy providers to get a better deal. One of the first companies to jump into the fray was, a gas and electricity supplier, whose growth depends on convincing customers to switch to their service. To build its customer base, has to keep its own costs very low, and pass on those savings to consumers. This low cost-to-serve business model depends on highly automated, efficient systems, and on encouraging customer self-service. www.axway.com 1
Exposing APIs Publicly Ensuring security and authentication As a young company, had the advantage of a clean slate: it was not weighed down by a cumbersome IT infrastructure, like the Big Six. Instead, could seek out best-of-breed solutions and build efficient systems from scratch. A key objective was to obtain a secure means of exposing APIs publicly. We needed to engage with third parties to build applications, B2B platforms and innovative solutions that access customer data in a secure and audited manner, said Keith Sterling, Head of Software at. For us, the critical issues were security and authentication, said Sterling. We needed a well-trusted, secure platform where we could expose APIs publicly, while limiting access to APIs by individual third parties, and controlling the activity of each API, based on the credentials we received. The platform would not only be used to expose APIs to third parties, but also to interact with customers through s website and mobile apps, where customers would control their accounts. This aligns with the company s business model, which promotes customer self-service. As a low-cost provider, we do everything possible to encourage customers to self-serve, so we can reduce our cost-to-serve, and pass on those savings to the customer, said Sterling. Choosing Axway API Gateway Impressive speed and performance started evaluating API gateways about two years ago. We considered building the solution in-house, and we looked at a variety of vendors, including Vordel, said Sterling, referring to the company acquired by Axway. At the time, Vordel was a very small company, very innovative, very entrepreneurial, and we were trying to get a new product out the door quickly. Vordel aligned with that. We were also very impressed with the Vordel gateway itself, particularly its speed and performance, said Sterling. It did everything on our checklist: it was a secure, high-performance, authenticated API gateway. It met our entire feature set. As for the build-versus-buy decision, he continued, we did the math, and it was clear the buy decision was the right choice. 2 www.axway.com
Managing Interactions with the Outside World Business processes enabled by the Axway Solution At, the Axway API Gateway governs: Interactions with customers, through the website and mobile apps. Our customer care platform handles anything a customer typically does with his energy account, said Sterling. The customer can view his profile and usage history, set up direct debits, submit meter readings and so on. We also give customers a detailed analysis of their energy use, to help them reduce their consumption. Interactions with developers who build apps. Our mobile app was initially developed by a third party using our API, before we brought it in-house for further work, said Sterling. Now it s the #1 energy app in Google and Amazon stores, and #2 in the Apple Store. That s our rating against all other energy suppliers including the Big Six. Interactions with trusted partners, including switching sites and other third-party sites. Given s plans to automate the provisioning of data to switching sites, this area of activity will grow. Rolling Out the Platform Key milestones, key figures s web platform was launched in Fall 2013, while the mobile platform followed early in 2014. Already, the company has established one million gas or electricity accounts, serving 650,000 individuals, and enjoys impressive rates of growth: Customer numbers have doubled every year for the past three years, and continue to show massive growth, driving a significant increase in the volume of transactions across the gateway The mobile platform is growing 18% month by month, as measured by number of transactions Every week, there are 250,000 distinct sessions, where customers log on to carry out activity. Each session involves between 2 and 10 transactions, or API calls. This means there are between half a million and 4 million API calls per week, i.e., transactions across the Axway API Gateway. We re not having any issues with scaling, said Sterling. The Axway solution has proven itself way beyond those numbers for us. We re confident the platform will scale easily as we head from 1 million accounts to 2 million to 3 million and beyond. Smart metering is another area showing rapid growth. With 40,000 smart meter connections and growing, has been taking the lead, driving major initiatives in response to the UK government requirement that all households have smart meters by 2020. I definitely see potential for Axway to play a key role in security provisioning for our connection to the government s centrally managed smart metering platform, said Sterling. www.axway.com 3
Security and authentication are critical for us. Our APIs are publicly available, but they are secured by the Axway API Gateway. We know we can control access and we can control behavior. That s of enormous value to us. Keith Sterling Head of Software A Powerful Platform A strong security model to govern the flow of data Today, we have a very powerful platform with 30 to 40 separate APIs, said Sterling. The APIs we expose to third parties are exactly those we use for internal development so we know how they work. We can expose all APIs to an individual, or only a subset of them. We can control the activity of any given API, based on the credentials coming through. Our primary security model is based on API keys, continued Sterling. We also use the inbuilt OAuth capability to provide credential management, together with Axway policy management, to control information that might be returned directly, or might need to be manipulated before it s returned. For developers, everything is out there, said Sterling. People can come and see what we do; they can start thinking about the types of applications they can build. But they can t do anything until they have the appropriate API key. That s the beauty of Axway. Security and Scalability Benefits of the Axway solution The Axway solution provides an array of benefits for, including: Security: For us, security and authentication are critical, said Sterling. Our APIs are publicly available, but they are secured by the Axway API Gateway. We know we can control access and we can control behavior. That s of enormous value to us. Performance and scalability: We ve seen our numbers increasing sharply we ve been doubling our customer base every 12 months and Axway is not a blocker of scale for us, said Sterling. Rapid time to market: The Axway API Gateway gives us tremendous agility, said Sterling. We can get APIs out and exposed very quickly, and bring new features to market. It s a competitive differentiator for us. Process optimization: Every API that is created and exposed is available both for internal development at and for use by trusted third parties, provided they are supplied a key. That s technical innovation, and business innovation, too, said Sterling. 4 www.axway.com
Looking Ahead An ambitious roadmap has an ambitious road map to support and extend its growth. Key initiatives that rely on Axway API Gateway include: Deploying a midata app for UK consumers. Launched by the UK Department of Energy, the midata initiative is designed to automate the process of comparing energy suppliers. With midata, a consumer who wants comparison data will log on to a trusted site; the site will then automatically access his personal data and return the comparison information. At, we re helping drive the use of the midata platform, said Sterling. The Axway API Gateway is a trouble-free, fault-free platform that takes away the pain of exposing and managing APIs. It s a key component for us to maintain a low cost-to-serve and grow our business. Keith Sterling Head of Software Developing KPI management capabilities. We starting to use the Axway platform to take a much more granular view of what the APIs are doing, said Sterling. We want to make sure we can expose APIs within x milliseconds, and provide availability of 3 or 4 9 s. For us, the Axway API Gateway is a trouble-free, fault-free platform that takes away the pain of exposing and managing APIs, said Sterling. It s a key component for us to maintain a low cost-to-serve and grow our business. For more information, visit www.axway.com Copyright Axway 2015. All rights reserved. www.axway.com 5 SS_FIRST_UTILITY_AXW_EN_030215