Extending  &  Customizing  API  Manager  

Joseph  Fonseka  Senior  Technical  Lead  

WSO2    

Advantage.  

WSO2  API  Manager  offer  a  unique  value  by  leIng  you  customise  and  to  extend  on  its  features.    

API  Manager  Components  

Key Manager

Gateway

Store

Publisher

What  are  the  Extension  Points  ?  

Mediation

Source APIs

Branding

Business  Process  

Security

Media=on    

Media=on  Sequence  

Media=on  Sequence  

Media=on  Sequence  You  can  upload  custom  sequences  to  the  registry  and  aMach  them  to  In,  Out  and  Fault  flows  of  an  API.  

API  Handler  Chain  

Handlers  in  API  Manager  

Handler  Template  

•  <AM_HOME>/repository/resources/api_templates/velocity_template.xml    

Extending  Security  

•  API  manager  use  OAuth  2  as  the  authorizaWon  protocol.  You  can  extend  on  it  and  implement  custom  grant  type.  

 •  Or  you  can  replace  the  exisWng  

AuthenWcaWon  handler  with  one  of  your  own.  

   

Custom  Grant  Type  

•  Primary  Grant  Types  Authoriza*on  Code  Implicit  Resource  Owner  Creden*als  Refresh  Token  Client  Creden*als  

 •  Extension  Grant  Types  

Saml  2.0  Bearer  NTLM  Grant  

 

OAuth  -­‐  Defining  an  Extension  Grant  Type  

/**    *  Handles  the  Password  Grant  Type  of  the  OAuth  2.0  specifica*on.  Resource  owner  sends  his    *  creden*als  in  the  token  request  which  is  validated  against  the  corresponding  user  store.    *  Grant  Type  :  password    */  public  class  PasswordGrantHandler  extends  AbstractAuthoriza-onGrantHandler  {            @Override          public  boolean  validateGrant(OAuthTokenReqMessageContext  tokReqMsgCtx)                          throws  IdenWtyOAuth2ExcepWon  {      

OAuth  -­‐  Defining  an  Extension  Grant  Type  

<AM_HOME>/repository/conf/idenWty.xml    <SupportedGrantTypes> <SupportedGrantType>

<GrantTypeName>custom_grant</GrantTypeName> <GrantTypeHandlerImplClass>

org.wso2.oauth.CustomGrantHandler </GrantTypeHandlerImplClass>

</SupportedGrantType> <SupportedGrantTypes>

   

Custom  Authen=ca=on  Handler  

Business  Process  

•  User  Sign-­‐up  hMps://docs.wso2.org/display/AM170/Workflow%3A+User+Signup  

•  ApplicaWon  CreaWon  hMps://docs.wso2.org/display/AM170/Workflow%3A+ApplicaWon+CreaWon  

•  API  SubscripWon  hMps://docs.wso2.org/display/AM170/Workflow%3A+API+SubscripWon  

•  ApplicaWon  RegistraWon  (Token  GeneraWon)          hMps://docs.wso2.org/display/AM170/Workflow%3A+ApplicaWon+RegistraWon  

     

Business  Process  

Business  Process  

•  Customizing  the  Business  Process  When  you  are  happy  with  the  Data  Formats  and  need  to  change    only  the  business  flow.    

•  Customizing  the  Workflow  Executor  When  you  need  to  change  workflow  logic  When  you  need  to  change  the  Data  Formats  

Branding  

•  API  Store  comes  with  a  completely  customisable  theme.  

•  You  can  change  branding  just  by  customizing  bit  of  CSS.  

•  Or  you  can  completely  revamp  the  structure  of  the  Store  ApplicaWon.  

•  Store  app  is  located  in  <apim>/repository/deployment/server/jaggeryapps    

Customizing  Store  Theme  

•  Store  app  is  located  in  <apim>/repository/deployment/server/jaggeryapps      

•  You  can  find  the  themes  of  the  store  app  in  store/site/themes  

•  Theme  consist  of  jaggery  templates,  css  and  client  side  javascript.  

Customizing  Store  Theme  

•  Store  app  is  located  in  <apim>/repository/deployment/server/jaggeryapps      

•  You  can  find  the  themes  of  the  store  app  in  store/site/themes  

•  Theme  consist  of  jaggery  templates,  css  and  client  side  javascript.  

Customizing  Store  Theme  

•  Duplicate  the  theme  and  change  the  templates  and  css  file.    

•  Create  a  sub  theme  to  override  template  and  css  files  of  the  parent  theme.  

Customizing  Store  Theme  

•  To  apply  a  theme  change  the  theme  in  site.json    

 

Customizing  Store  Theme  

Customizing  Store  Theme  

Each  Tenant  gets  its  own  Theme  

•  Admin  dashboard  allows  you  to  upload  theme  for  a  tenant.    

 

APIs  

•  We  have  a  set  of  APIs  exposed  in  Store  and  Publisher  apps  which  can  be  used  to  publish  and  subscribe  to  APIs  

 •  We  are  working  on  a  complete  RESTful  API  

for  API  Manager.    http://hevayo.github.io/restful-apim/#/  

 

Source  

Can  be  found  on        The  code  is  divided  to  two  repos.  

1.  wso2/carbon-apimgt 2.  wso2/product-apim

1.  First clone & build wso2/carbon-apimgt. mvn clean install

1.  Then clone & build wso2/product-apim.  

mvn clean install

1.  Once  the  build  is  completed  pack  can  be  found  at  

“product-­‐apim/modules/distribuWon/product/target/”  

How  to  Build    

1.  If you add something new you can send a PR.

2.  Report  issues  and  bugs  at  hMps://wso2.org/jira  

1.  Subscribe  to  our  mailing  lists  to  get  help  and  take  part  in  architecture  discussions    

     dev@wso2.org

architecture@wso2.org

Community  

Thank  You