VIEWS: 2 PAGES: 2 POSTED ON: 4/4/2012
Enabling air travel innovation via APIs Alaska Airlines, part of Alaska Air Group, is the seventh-largest US-based airline. To compete with the big players in the US national airline market, the company has positioned itself at the leading edge of electronic innovations – it was one of the first carriers to introduce personal, handheld entertainment devices and online check-in.
Alaska Airlines Enabling Air Travel Innovation via APIs Alaska Airlines is part of Seattle-based Alaska Air Group, Inc., a holding company that Alaska Air Group by also includes Horizon Air. As the seventh-largest US-based carrier, Alaska Airlines flies the Numbers to 90 destinations in three countries, and also code-shares with a wide range of other • $3.8B in revenue (2010) airline partners. • 7th-largest US airline Over the past 79 years, Alaska Airlines has grown from a small regional airline to a • >23M passengers annually national carrier, and along the way has become a leading recipient of awards from a wide range of consumer publications and industry bodies, including JD Power, Conde • >90 destinations in NA Naste, the Freddie Awards, and more. • #1 in airline customer satisfaction for the last 4 years But with Alaska Airlines chasing the big players in the US national airline market – and lacking the marketing budget of a United, Delta or US Air – they needed a way to • >12,500 employees disproportionately impact the market. To that end, Alaska Airlines has become a leader in electronic innovations, being one of the first airlines to introduce personal, handheld entertainment devices for travelers (digEplayer), as well as being the first to pioneer online check-in back in 2005. The Business Challenge Alaska Airlines was also one of the first airlines to offer an iPhone application that allowed travelers to check in and access their mobile boarding pass from the convenience of their cell phone. But, while innovative, the application was limited in functionality and had poor usability, essentially just providing a more cramped version of the “screen-scraped” information found on Alaska Air’s Web site. To get to the next level, Alaska Airlines kicked off their “Innovation at the Edge” initiative with the goal of exposing their applications and data to internal developers, as well as select external partners via APIs in order to stimulate the creation of mobile applications that would provide significant value-add for their travelers, employees, cargo customers, and other stakeholders. Alaska Airlines has a great deal of experience with Service Oriented Architectures (SOA), and has been building Web services for the better part of the last decade. But exposing these services as APIs to third parties – services that generate revenue for Alaska Airlines on a day to-day basis – was not a step to be taken lightly. They needed to ensure their APIs wouldn’t be compromised, either by deliberate attack or by inadvertent usage. Enter Layer 7 Alaska Airlines knew they required some kind of an API proxy that would act as a security and management device to not only gate incoming requests, but also regulate those requests to ensure their backend services wouldn’t be overwhelmed by third party calls. After an extensive POC, they chose Layer 7 Technologies’ Gateways for ease of use and the ability to automate the migration of APIs between development/test, QA and production environments, which was key when working with third-party partners who employed agile development processes. They were also impressed with the flexibility of the Gateway, purchasing it for a single project, but TM eventually implementing a total of five projects ranging from a Facebook implementation (FlyingSocial with Alaska Airlines) to baggage and cargo tracking applications. Essentially, the Layer 7 Gateway abstracts Alaska Airlines’ information services (such as flight schedules, reservations, cargo, baggage, and more) and exposes them as APIs to internal and third party developers who can incorporate the services’ functionality and data within the applications they build for handheld devices, online portals or commercial Web sites. Layer 7 Gateways are deployed in Alaska Airlines’ DMZ, where they perform actions on every API request originating from a third-party developer, such as authentication, rate limiting, quota Alaska Airlines Case Study enforcement and other traffic shaping functions to ensure backend services remain available. Layer 7 also caches travel data pulled from backend reservation systems in order to minimize access costs. The Solution In August 2011, travelers began downloading the updated Alaska Airlines app for the iPhone from the iTunes App Store (the Android-based application is due later this year). The completely redesigned application takes advantage of the new API-based approach, delivering a Web 2.0 look and feel that streamlines how travelers check in and access their mobile boarding pass, get flight status/details; select/change seats; and track their mileage plan. When a traveler uses the application, they’re prompted to log in to their Alaska Airlines account. The Layer 7 Gateway performs authentication and authorization against the local LDAP, and routes the request to the appropriate service while recording the hit against the API so Alaska Airlines can track usage to determine which applications are most popular, and which APIs should be invested in going forward. If the request requires flight information, the service employs the Layer 7 Gateway to query internal flight status services and cache the results so that future requests can minimize response time and decrease costs associated with querying backend systems. The API-based approach has allowed Alaska Airlines employees and partners to quickly create other innovative applications that work in a similar way to the iPhone application, including: TM • FlyingSocial with Alaska Airlines – Facebook users can directly access Alaska Airlines travel offers of cheap fares for traveling to wherever their remote friends are located • Alaska Mobile Track – Alaska Air Cargo customers can send in a text message of their shipping number and receive a text message reply that shows where their package is en route • Baggage Handling – Ground crews can better expedite the loading and unloading of baggage from flights, decreasing baggage handling times and speeding travelers on their way The Results With the Layer 7 Gateway in place, Alaska Airlines can now securely expose their APIs to potentially hundreds or even thousands of third party developers whose applications are dramatically expanding Alaska Airlines’ market reach. The Gateway tracks API usage by application facilitating the understanding of where to invest going forward. And by caching results for travelers’ flight information, Alaska Airlines can reduce their backend network costs. The API-based approach has already proven itself, fostering innovative applications that get to market sooner than traditional approaches, thereby giving Alaska Airlines a leg up on the competition in the US air travel market. Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 2
Pages to are hidden for
"Case Study: Alaska Airlines - Secure Mobile API Publishing"Please download to view full document