api centric enterprises

API Centric Enterprises

Sumedha Rubasinghe, WSO2July, 2013

● Providing the only complete open source componentized cloud platform

● Dedicated to removing all the stumbling blocks to enterprise agility

● Enabling you to focus on business logic and business value● Recognized by leading analyst firms as visionaries and leaders● Gartner cites WSO2 as visionaries in all 3 categories of

application infrastructure● Forrester places WSO2 in top 2 for API Management● Global corporation with offices in USA, UK & Sri Lanka● 200+ employees and growing● Business model of selling comprehensive support &

maintenance for our products

About WSO2

150 globally positioned customers

API Centric Enterprises..

Information Systems in Enterprises..

Internal Integration

Internal Upgrades

Partner Integration

Business Expansions

You're not the only one ...

Business APIs - why?

Source : http://www.slideshare.net/jmusser/j-musser-apibizmodels2013

You're not alone..

Source : http://blog.programmableweb.com/2011/05/25/who-belongs-to-the-api-billionaires-club/

You're not alone..

Source : http://blog.programmableweb.com/2011/05/25/who-belongs-to-the-api-billionaires-club/

Challenges

● How to create API centric business?○ Why?○ For whom?

● Authentication & Authorization○ Subscription Management○ Access Provisioning

● How to control access?○ Throttling

● Monitoring & SLA

Challenges

● Revenue Generation○ Stat collection○ Billing Model

● Selling your APIs○ Advertising○ Store○ Subscription Tiers

● Deployment○ Fail safe○ Scalable

● many more..

An API Management Solution will help to overcome/manage these challenges.

API Management using WSO2 Platform

WSO2 Platform

WSO2 API Manager

● Part of award winning WSO2 Carbon Platform● API Publishing, API Store, Gateway, Statistics

collection

● Apache2 Licensed● Only Open Source API Management Platform● Utilizes proven WSO2 Components

○ WSO2 Enterprise Service Bus○ WSO2 Identity Server○ WSO2 Governance Registry

Key ComponentsKey Components

API lifecycle begins ..

● Production ready backend implementation● Create API

○ API Design○ Life cycle (created,published, blocked,...)

● Documentation, Samples● Publish APIs

API Publisher

● Starting point of API creation● Control API Lifecycle● Manage API meta data● Documentation

○ Supporting documents○ API documentation (Swagger support)

● Versioning● Subscription Management● API Visibility Management

API Publisher

● Configuring Throttle settings● Resource level authorization● Extensions

○ Custom API definition

API Store

● Store of published APIs● Enterprise API Store

○ Visibility : internal, partner, external

● Password controlled access● Self-sign up

○ Authorization flow (coming up)

● Support for multiple user stores● Theming Support● Powered by data APIs

○ write your own store○ Ability to integrate with existing portal

API Store

● Single Sign On (SSO) - existing enterprise portals● http://store.apicultur.com

API Gateway

● API calls go through API Gateway● Runtime actions(via handlers):

○ Token validation○ Statistics collection○ Throttling checks

● API traffic routing● Extensions

○ Custom runtime actions○ Custom routing logic○ Mediation, enrichment○ API gateway = WSO2 ESB Core + handlers

API Centric Enterprises - How WSO2 API Manager can help?

Building API Centric Enterprises

● Identify the need○ Answer the why question○ Figure out

■ Audience■ Business Model

Building API Centric Enterprises

● Protocol Style○ REST

■ Per resource path authorization scheme● eg:

○ GET /books/1.0.0/list - application token○ POST /books/1.0.0/purchase - user token

● Same API (books), different token types

Building API Centric Enterprises

● Data Formats○ JSON, XML○ Message Relaying

■ Virtual any data format in message body■ Not reading message body content■ Faster message delivery

Building API Centric Enterprises

● Supported backends○ OOB functionality for SOAP & REST○ Through extensions:

■ eg:● Sending to a JMS endpoint● Write to a file (VFS transport)● Custom connectors

Building API Centric Enterprises

● API Traffic Routing○ OOB Support

■ Two endpoints : Production & Sandbox○ Through extensions:

■ Message header based routing■ Body based routing■ User Profile based routing■ Load balanced routing (default: round robin)■ Failover endpoint routing■ many more..

Building API Centric Enterprises

● Mediation Flow○ OOB Support

■ Request Flow● Accept the incoming message● Perform token validation, throttling checks, statistics collection● Dispatch to endpoint (Production | Sandbox)

■ Response Flow● Receive response from backend● Statistics collection● Dispatch to API invoker

■ Faulty Message Flow● If an error occurred while communicating with backend

Building API Centric Enterprises

● Mediation Flow○ Through extensions:

■ Supports any mediation flow supported by WSO2 Enterprise Service Bus

Building API Centric Enterprises

● Connecting to existing User Stores○ OOB Support

■ LDAP■ Active Directory■ Built-in RDBMS schema■ Connecting to multiple user stores simultaneously

● Internal User Store● External User Store

Building API Centric Enterprises

● Access Controlling the APIs○ OOB Support

■ OAuth2 based token support■ Standard endpoints for token

● obtaining/refreshing/revoking

■ Token Management capabilities■ Per API invocation statistics collection■ Token linked to user profile

○ Through extensions:■ Ability to plugin custom authentication,

authorizations through handlers

Building API Centric Enterprises

● Information passing to backend systems○ Backend systems tend to have their own AnA logic○ OOB Support

■ Token is linked to a user profile■ Obtain details of the user■ Send to backend using a JWT (JSON Web Token)

Building API Centric Enterprises

● API Statistics○ OOB support

■ Statistics collection per invocation■ Request/Response/Faulty flows■ Default support for storing in WSO2 BAM

● WSO2 BAM features an embedded Cassandra storage● Analyze/store using Apache Hive● Reporting on top of analyzed data

○ Through extensions■ Pump data into different storage■ Collect data @ different pointcuts

API Statistics

API Statistics

● Data Collection (Agents)● Data Transfer● Data Storage

○ scalable

● Post Processing○ Data Summarization○ Change of storage○ Analytics

Building API Centric Enterprises

● App Developer Support○ Documentation on how Application Developers should

use API Store

○ http://docs.wso2.org/wiki/dashboard.action○ http://docs.wso2.

org/wiki/display/AM140/WSO2+API+Manager+Documentation

Building API Centric Enterprises

● API Versioning Support○ Version - part of endpoint URI

■ eg: GET books/1.0.1/list

Building API Centric Enterprises

● Throttling Support○ OOB support

■ Built-in throttling policies■ Stored in Registry done using XML

○ Through extensions■ define your own throttling policies

Building API Centric Enterprises

● API Store - Custom Theming○ Different enterprises have their own themes○ Existing portals○ OOB Support

■ 3 built-in sample themes■ Ability to override

○ Through extensions■ Powered by backend data APIs (JSON, UT)■ Write your custom API Store

https://store.apicultur.com

Building API Centric Enterprises

● Deployment Models○ API Characteristics

■ Access Patterns■ API domain

○ Volatile access load■ Sudden spikes■ Periodic spikes

○ Scalable deployment■ Hosting Cost vs Benefit■ Cost of scaling■ IaaS

Summary

● Having a Business API is considered a strategic advantage

● Enterprises are moving toward API centric● WSO2 API Manager is part of WSO2’s Carbon

Middleware Platform

● WSO2 API Manager consists of many enterprise ready features to convert your enterprise into an API Centric one.

Engage with WSO2

•Helping you get the most out of your deployments

•From project evaluation and inception to development and

going into production, WSO2 is your partner in ensuring 100%

project success

Response Caching

● Time sensitivity / value of data● Frequency of access● Geographical distribution