api centric enterprises
TRANSCRIPT
API Centric Enterprises
Sumedha Rubasinghe, WSO2July, 2013
● Providing the only complete open source componentized cloud platform
● Dedicated to removing all the stumbling blocks to enterprise agility
● Enabling you to focus on business logic and business value● Recognized by leading analyst firms as visionaries and leaders● Gartner cites WSO2 as visionaries in all 3 categories of
application infrastructure● Forrester places WSO2 in top 2 for API Management● Global corporation with offices in USA, UK & Sri Lanka● 200+ employees and growing● Business model of selling comprehensive support &
maintenance for our products
About WSO2
150 globally positioned customers
API Centric Enterprises..
Information Systems in Enterprises..
Internal Integration
Internal Upgrades
Partner Integration
Business Expansions
You're not the only one ...
Business APIs - why?
Source : http://www.slideshare.net/jmusser/j-musser-apibizmodels2013
You're not alone..
Source : http://blog.programmableweb.com/2011/05/25/who-belongs-to-the-api-billionaires-club/
You're not alone..
Source : http://blog.programmableweb.com/2011/05/25/who-belongs-to-the-api-billionaires-club/
Challenges
● How to create API centric business?○ Why?○ For whom?
● Authentication & Authorization○ Subscription Management○ Access Provisioning
● How to control access?○ Throttling
● Monitoring & SLA
Challenges
● Revenue Generation○ Stat collection○ Billing Model
● Selling your APIs○ Advertising○ Store○ Subscription Tiers
● Deployment○ Fail safe○ Scalable
● many more..
An API Management Solution will help to overcome/manage these challenges.
API Management using WSO2 Platform
WSO2 Platform
WSO2 API Manager
● Part of award winning WSO2 Carbon Platform● API Publishing, API Store, Gateway, Statistics
collection
● Apache2 Licensed● Only Open Source API Management Platform● Utilizes proven WSO2 Components
○ WSO2 Enterprise Service Bus○ WSO2 Identity Server○ WSO2 Governance Registry
Key ComponentsKey Components
API lifecycle begins ..
● Production ready backend implementation● Create API
○ API Design○ Life cycle (created,published, blocked,...)
● Documentation, Samples● Publish APIs
API Publisher
● Starting point of API creation● Control API Lifecycle● Manage API meta data● Documentation
○ Supporting documents○ API documentation (Swagger support)
● Versioning● Subscription Management● API Visibility Management
API Publisher
● Configuring Throttle settings● Resource level authorization● Extensions
○ Custom API definition
API Store
● Store of published APIs● Enterprise API Store
○ Visibility : internal, partner, external
● Password controlled access● Self-sign up
○ Authorization flow (coming up)
● Support for multiple user stores● Theming Support● Powered by data APIs
○ write your own store○ Ability to integrate with existing portal
API Store
● Single Sign On (SSO) - existing enterprise portals● http://store.apicultur.com
API Gateway
● API calls go through API Gateway● Runtime actions(via handlers):
○ Token validation○ Statistics collection○ Throttling checks
● API traffic routing● Extensions
○ Custom runtime actions○ Custom routing logic○ Mediation, enrichment○ API gateway = WSO2 ESB Core + handlers
API Centric Enterprises - How WSO2 API Manager can help?
Building API Centric Enterprises
● Identify the need○ Answer the why question○ Figure out
■ Audience■ Business Model
Building API Centric Enterprises
● Protocol Style○ REST
■ Per resource path authorization scheme● eg:
○ GET /books/1.0.0/list - application token○ POST /books/1.0.0/purchase - user token
● Same API (books), different token types
Building API Centric Enterprises
● Data Formats○ JSON, XML○ Message Relaying
■ Virtual any data format in message body■ Not reading message body content■ Faster message delivery
Building API Centric Enterprises
● Supported backends○ OOB functionality for SOAP & REST○ Through extensions:
■ eg:● Sending to a JMS endpoint● Write to a file (VFS transport)● Custom connectors
Building API Centric Enterprises
● API Traffic Routing○ OOB Support
■ Two endpoints : Production & Sandbox○ Through extensions:
■ Message header based routing■ Body based routing■ User Profile based routing■ Load balanced routing (default: round robin)■ Failover endpoint routing■ many more..
Building API Centric Enterprises
● Mediation Flow○ OOB Support
■ Request Flow● Accept the incoming message● Perform token validation, throttling checks, statistics collection● Dispatch to endpoint (Production | Sandbox)
■ Response Flow● Receive response from backend● Statistics collection● Dispatch to API invoker
■ Faulty Message Flow● If an error occurred while communicating with backend
Building API Centric Enterprises
● Mediation Flow○ Through extensions:
■ Supports any mediation flow supported by WSO2 Enterprise Service Bus
Building API Centric Enterprises
● Connecting to existing User Stores○ OOB Support
■ LDAP■ Active Directory■ Built-in RDBMS schema■ Connecting to multiple user stores simultaneously
● Internal User Store● External User Store
Building API Centric Enterprises
● Access Controlling the APIs○ OOB Support
■ OAuth2 based token support■ Standard endpoints for token
● obtaining/refreshing/revoking
■ Token Management capabilities■ Per API invocation statistics collection■ Token linked to user profile
○ Through extensions:■ Ability to plugin custom authentication,
authorizations through handlers
Building API Centric Enterprises
● Information passing to backend systems○ Backend systems tend to have their own AnA logic○ OOB Support
■ Token is linked to a user profile■ Obtain details of the user■ Send to backend using a JWT (JSON Web Token)
Building API Centric Enterprises
● API Statistics○ OOB support
■ Statistics collection per invocation■ Request/Response/Faulty flows■ Default support for storing in WSO2 BAM
● WSO2 BAM features an embedded Cassandra storage● Analyze/store using Apache Hive● Reporting on top of analyzed data
○ Through extensions■ Pump data into different storage■ Collect data @ different pointcuts
API Statistics
API Statistics
● Data Collection (Agents)● Data Transfer● Data Storage
○ scalable
● Post Processing○ Data Summarization○ Change of storage○ Analytics
Building API Centric Enterprises
● App Developer Support○ Documentation on how Application Developers should
use API Store
○ http://docs.wso2.org/wiki/dashboard.action○ http://docs.wso2.
org/wiki/display/AM140/WSO2+API+Manager+Documentation
Building API Centric Enterprises
● API Versioning Support○ Version - part of endpoint URI
■ eg: GET books/1.0.1/list
Building API Centric Enterprises
● Throttling Support○ OOB support
■ Built-in throttling policies■ Stored in Registry done using XML
○ Through extensions■ define your own throttling policies
Building API Centric Enterprises
● API Store - Custom Theming○ Different enterprises have their own themes○ Existing portals○ OOB Support
■ 3 built-in sample themes■ Ability to override
○ Through extensions■ Powered by backend data APIs (JSON, UT)■ Write your custom API Store
https://store.apicultur.com
Building API Centric Enterprises
● Deployment Models○ API Characteristics
■ Access Patterns■ API domain
○ Volatile access load■ Sudden spikes■ Periodic spikes
○ Scalable deployment■ Hosting Cost vs Benefit■ Cost of scaling■ IaaS
Summary
● Having a Business API is considered a strategic advantage
● Enterprises are moving toward API centric● WSO2 API Manager is part of WSO2’s Carbon
Middleware Platform
● WSO2 API Manager consists of many enterprise ready features to convert your enterprise into an API Centric one.
Engage with WSO2
•Helping you get the most out of your deployments
•From project evaluation and inception to development and
going into production, WSO2 is your partner in ensuring 100%
project success
Response Caching
● Time sensitivity / value of data● Frequency of access● Geographical distribution