Case Study: Alaska Airlines - Secure Mobile API Publishing by Layer7Tech


More Info
									  Alaska Airlines
  Enabling Air Travel Innovation via APIs

                                      Alaska Airlines is part of Seattle-based Alaska Air Group, Inc., a holding company that
  Alaska Air Group by
                                      also includes Horizon Air. As the seventh-largest US-based carrier, Alaska Airlines flies
     the Numbers
                                      to 90 destinations in three countries, and also code-shares with a wide range of other
• $3.8B in revenue (2010)             airline partners.
• 7th-largest US airline              Over the past 79 years, Alaska Airlines has grown from a small regional airline to a
• >23M passengers annually            national carrier, and along the way has become a leading recipient of awards from a
                                      wide range of consumer publications and industry bodies, including JD Power, Conde
• >90 destinations in NA
                                      Naste, the Freddie Awards, and more.
• #1 in airline customer
  satisfaction for the last 4 years But with Alaska Airlines chasing the big players in the US national airline market – and
                                    lacking the marketing budget of a United, Delta or US Air – they needed a way to
• >12,500 employees
                                    disproportionately impact the market. To that end, Alaska Airlines has become a
      leader in electronic innovations, being one of the first airlines to introduce personal, handheld entertainment
      devices for travelers (digEplayer), as well as being the first to pioneer online check-in back in 2005.

      The Business Challenge
      Alaska Airlines was also one of the first airlines to offer an iPhone application that allowed travelers to check in and
      access their mobile boarding pass from the convenience of their cell phone. But, while innovative, the application
      was limited in functionality and had poor usability, essentially just providing a more cramped version of the
      “screen-scraped” information found on Alaska Air’s Web site.

      To get to the next level, Alaska Airlines kicked off their “Innovation at the Edge” initiative with the goal of exposing
      their applications and data to internal developers, as well as select external partners via APIs in order to stimulate
      the creation of mobile applications that would provide significant value-add for their travelers, employees, cargo
      customers, and other stakeholders. Alaska Airlines has a great deal of experience with Service Oriented
      Architectures (SOA), and has been building Web services for the better part of the last decade. But exposing these
      services as APIs to third parties – services that generate revenue for Alaska Airlines on a day to-day basis – was not
      a step to be taken lightly. They needed to ensure their APIs wouldn’t be compromised, either by deliberate attack
      or by inadvertent usage.

      Enter Layer 7
      Alaska Airlines knew they required some kind of an API proxy that would act as a security and management device
      to not only gate incoming requests, but also regulate those requests to ensure their backend services wouldn’t be
      overwhelmed by third party calls. After an extensive POC, they chose Layer 7 Technologies’ Gateways for ease of
      use and the ability to automate the migration of APIs between development/test, QA and production
      environments, which was key when working with third-party partners who employed agile development
      processes. They were also impressed with the flexibility of the Gateway, purchasing it for a single project, but
      eventually implementing a total of five projects ranging from a Facebook implementation (FlyingSocial with
      Alaska Airlines) to baggage and cargo tracking applications.

      Essentially, the Layer 7 Gateway abstracts Alaska Airlines’ information services (such as flight schedules,
      reservations, cargo, baggage, and more) and exposes them as APIs to internal and third party developers who can
      incorporate the services’ functionality and data within the applications they build for handheld devices, online
      portals or commercial Web sites. Layer 7 Gateways are deployed in Alaska Airlines’ DMZ, where they perform
      actions on every API request originating from a third-party developer, such as authentication, rate limiting, quota
Alaska Airlines Case Study

enforcement and other traffic shaping functions to ensure backend services remain available. Layer 7 also caches
travel data pulled from backend reservation systems in order to minimize access costs.

The Solution
In August 2011, travelers began downloading the updated Alaska Airlines app for the iPhone from the iTunes App
Store (the Android-based application is due later this year). The completely redesigned application takes advantage
of the new API-based approach, delivering a Web 2.0 look and feel that streamlines how travelers check in and
access their mobile boarding pass, get flight status/details; select/change seats; and track their mileage plan.

When a traveler uses the application, they’re prompted to log in to their Alaska Airlines account. The Layer 7
Gateway performs authentication and authorization against the local LDAP, and routes the request to the
appropriate service while recording the hit against the API so Alaska Airlines can track usage to determine which
applications are most popular, and which APIs should be invested in going forward. If the request requires flight
information, the service employs the Layer 7 Gateway to query internal flight status services and cache the results
so that future requests can minimize response time and decrease costs associated with querying backend systems.

The API-based approach has allowed Alaska Airlines employees and partners to quickly create other innovative
applications that work in a similar way to the iPhone application, including:
•   FlyingSocial with Alaska Airlines – Facebook users can directly access Alaska Airlines travel offers of cheap
    fares for traveling to wherever their remote friends are located
•   Alaska Mobile Track – Alaska Air Cargo customers can send in a text message of their shipping number and
    receive a text message reply that shows where their package is en route
•   Baggage Handling – Ground crews can better expedite the loading and unloading of baggage from flights,
    decreasing baggage handling times and speeding travelers on their way

The Results
With the Layer 7 Gateway in place, Alaska Airlines can now securely expose their APIs to potentially hundreds or
even thousands of third party developers whose applications are dramatically expanding Alaska Airlines’ market
reach. The Gateway tracks API usage by application facilitating the understanding of where to invest going forward.
And by caching results for travelers’ flight information, Alaska Airlines can reduce their backend network costs.

The API-based approach has already proven itself, fostering innovative applications that get to market sooner than
traditional approaches, thereby giving Alaska Airlines a leg up on the competition in the US air travel market.

          Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
          trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.   2

To top