Webinar combining WSO2 API Manager with WSO2 BAM for billing in the energy industry
WSO2 API Manager 2.0 - Overview
-
Upload
edgar-silva -
Category
Technology
-
view
193 -
download
7
Transcript of WSO2 API Manager 2.0 - Overview
![Page 1: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/1.jpg)
WSO2 API Manager 2.0.0Overview
![Page 2: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/2.jpg)
Agenda
o Introduction
o Creating APIs
o Protecting APIs
o APIs Lifecycles
o Developer Portal
o Testing APIs
o API Gateway
o Deployment
o API Analytics
![Page 3: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/3.jpg)
Introduction
![Page 4: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/4.jpg)
APIs for Business Innovation
o API - Business capability offered via a digital channel
o Open internally and/or externally
o Monitored
o In some cases, monetized
o Fuel for rapid innovation, development of new apps
Image: thinkpublic/photopin cc
Image: thinkpublic/photopin cc
![Page 5: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/5.jpg)
API Management Platform
![Page 6: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/6.jpg)
WSO2 API Manager
o The only complete, 100% open source API Management solution
o A cleanly integrated system supporting API publishing, lifecycle management, developer portal, access control and analytics
o Backed by high performance gateway
o A single node supports more than 100 million requests/day
o eBay handles up to 4.6 billion requests per day at peak times (Cyber Monday)
![Page 7: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/7.jpg)
WSO2 API Manager cont.
o Includes Social enablement such as ratings and tagging
o Supports single-sign on with Facebook, GoogleApps, etc.
o Named a Strong Performer in this space by Forrester in 2014 and 2015
o Best API Design across all vendors
o Best Solution Cost for on-premise solution
o Extremely Satisfied customers
o Available on-premise, as managed deployment and as SaaS application (API Cloud)
![Page 8: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/8.jpg)
Competitive Advantage
o API Management is part of a complete platform
o Integration
o Security (Identity Management, Federated Identity)
o API Analytics
o Open Architecture
o Custom security tokens and grant types
o Custom store/developer’s portal user interface
o Custom user’s repositories
o Custom transports to back-end
o Available on-premise, as managed offering, as SaaS offering - Same code everywhere
![Page 9: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/9.jpg)
Competitive Advantage cont.
o Scalable Architecture
o Each component (Gateway, Dev Portal, Admin Portal, Key Server) can be deployed and scaled separately
o Over 5000 TPS for a single node
o Business Model
o Subscriptions only for production systems - Makes cost very competitive
o Pricing is adapted to small, medium and enterprises customers
o Cost linked to instances, not to machine power
o No community vs. enterprise distinction
![Page 10: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/10.jpg)
Typical Use Cases
o Expose APIs for internal consumption
o Manage APIs used in internal applications
o Internal Monetization
o Control Access to Cloud Services - Manage and secure access from internal applications to cloud services (e.g. SalesForce and Google Apps)
o APIs for public consumption
o Extend your business through APIs
o Integrate with partners and customers
![Page 11: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/11.jpg)
API Manager Components
![Page 12: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/12.jpg)
Creating APIs
![Page 13: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/13.jpg)
Getting Started
o For REST - Start from existing API definition (Swagger 2.0) or start from scratch
o For SOAP - Start from WSDL and generate default mapping and definition
![Page 14: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/14.jpg)
REST API Editing
o Basic editor to create the API structure
![Page 15: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/15.jpg)
REST API Editing cont.
o Swagger editor (YAML-based) for advanced editing, configuration, etc.
![Page 16: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/16.jpg)
API Documentation
![Page 17: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/17.jpg)
Protecting APIs
![Page 18: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/18.jpg)
API Access Tokens
o OAuth2 standard compliant
o Supports multiple Grant Typeso SAML, IWA/NTLMo Client credentials, Implicit,
Password
o Pre-generated Access Token - Mostly used for testing
o On-demand Access Token - Generated via API call to the Gateway, using any of the supported Grant Types
o Tokens can be refreshed/revoked via API calls as well
![Page 19: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/19.jpg)
Pluggable OAuth Authorization Server
o OAuth token management is by default done with WSO2’s Key Server (based on WSO2’s Identity Server)
o Can be replaced by third-party authorization server, capable of creating, refreshing, validating, revoking OAuth tokens
![Page 20: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/20.jpg)
Limiting Access to API Resources
o Achieved through OAuth scopes - Scope defines what can be accessed by a token
o How to request a token
grant_type=password&username=john&password=john123&scope=news_read news_write
![Page 21: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/21.jpg)
Throttling & Rate Limiting
o Throttling o Regulates API traffico Makes APIs and applications available to consumers at different
service levelso Secures APIs against security attacks (e.g. DoS attacks)
o Throttling is controlled through tiers-based policies - A tier is defined by a time duration and a maximum no of requests during that duration
o Tiers can be applied at application, API and API resource levels
![Page 22: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/22.jpg)
Throttling & Rate Limiting cont.
o At subscription time, API users can choose tiers they can subscribe to - This default behavior can be overridden through usage of workflows
o Throttling policies encompasses:o Standard usage quotas of total subscriptions and resourceso Rate limiting based complex, extensible and dynamic rules,
scenarios and events
o Complex throttling policies (with transport headers, IP addresses, etc.) can be created on the fly
o Facilitates blacklisting users/applications abusing rate limits
![Page 23: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/23.jpg)
Throttling & Rate Limiting cont.
![Page 24: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/24.jpg)
JWT Token Creation
o Using JSON Web Tokens (JWT) o Lightweighto Can be signedo Easy to parse and consumeo Standard
o JWT Structure {token info}.{claims list}.{signature}
o Base-64 or Base64 URL Encoded
o Contents of JWT are configurable
![Page 25: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/25.jpg)
API Lifecycles
![Page 26: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/26.jpg)
API Lifecycle Management
o Create new APIs from existing versions
o Deploy multiple versions in parallel
o Deprecate versions to remove them from store
o Retire them to un-deploy from gateway
o Keeps audit of lifecycle changes
o Supports custom lifecycles leveraging WSO2 Governance Registry
![Page 27: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/27.jpg)
Developer Portal
![Page 28: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/28.jpg)
Discover APIs
o Users can search APIs by name, provider, version number, context, description, meta-data from docs, etc.
o Tags to easily find all APIs related to a same domain
o Notifications on new API versions
![Page 29: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/29.jpg)
Social Features
o Share with fellow developers via social media or mail
o Embed API link into blogs, Tweets, etc.
![Page 30: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/30.jpg)
Forums
o Rich editor embedded within interface
o Forums are searchable and indexed
![Page 31: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/31.jpg)
Customization
o All API store functionality available through REST API
o Customization through CSS, HTML5, JavaScript
![Page 32: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/32.jpg)
Monetization
o Configurable payment schemes to monetize API usage
o Monetization rules are associated to Tiers
o Supports Free, Paid, Freemium models
o Usually coupled with 3rd party invoice/payment plans software (such as Zuora)
![Page 33: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/33.jpg)
Testing APIs
![Page 34: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/34.jpg)
Embedded API Console
o Part of Swagger tooling suiteo Integrates token access for fast testingo Gives direct access to Swagger definition of APIo Support Swagger schemas for predefined values
![Page 35: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/35.jpg)
Testing via ReadyAPI’s SOAP UI
![Page 36: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/36.jpg)
API Gateway
![Page 37: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/37.jpg)
API Gateway Processing Workflow
![Page 38: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/38.jpg)
Message Transformation and Mediation
o Custom mediation flows can be created by a developer and just engaged by API Creator
o Mediations flows can be created using Developer Studio and directly published to API Managero Full power of WSO2 ESB mediation languageo Graphical and Source view
o Mediations flows are tenant-specific (not visible/usable across tenants)
![Page 39: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/39.jpg)
Workflows
o Provides extension point to engage custom workflow o Default sample implementation leverages WSO2 Business Process
Server but a simple Java-based implementation or another BPM engine can also be used
o Supports redirecting to third-party entities
o Available for user self-sign up, API subscription and application creation
![Page 40: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/40.jpg)
Deployment
![Page 41: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/41.jpg)
Component Deployment
o Out-of-the-box, all components are packaged togethero They can also be deployed separately in an HA scenario –
Active/Active, Active/Passive
![Page 42: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/42.jpg)
Component Deployment cont.
![Page 43: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/43.jpg)
Multi-tenancy
o Creation of multiple domains (tenants)
o Each domain can have their own store or publish APIs to a central store - This is transparent to consumers
o Typical Use Cases
o Segmenting publishers by business unit or partner and restricting editing rights by domain
o Create an API marketplace - one-stop store for domain APIs
o API Cloud heavily leverages this functionality
![Page 44: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/44.jpg)
Recommended Deployment: API Facade Pattern
o API Gateway acts as simple reverse proxy, enforcing policies and collecting monitoring information
o Specific security checks/protection at edge of the network
o Invalid requests are stopped at the edge of the network
o Clear separation of concern between layers
o The mediation and API management layers scale independently
o You can combine the Façade and Mediation layers (if required) and run as a single architecture layer
![Page 45: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/45.jpg)
WSO2 Platform Deployment Options
o Stand-alone serverso Private clouds:
e.g. Stratos, Kuberneteso Public Clouds:
e.g. AWSo Hybrid deployments
o Dedicated hosting of any WSO2-based solutions
o WSO2 operations team is managing the deployment and keeps it running
o 99.99% uptime SLAo Any AWS region of choiceo Can be VPNed to local networko Includes monitoring, backups,
patching, updates
o Shared public cloud,o Currently available for application
and API hosting (hosted API Manager and App Factory),
o Preset multitenant deployment in AWS US East run by WSO2,
o Month-to-month credit card payment
![Page 46: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/46.jpg)
API Analytics
![Page 47: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/47.jpg)
Analytics
o WSO2 API Manager out-of-the-box supports Google Analytics and WSO2 Analytics
![Page 48: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/48.jpg)
Importance of API Management & Analytics Combinationo Build confidence in the API model
o Understand your customer - Not just the developer but also the end-user of APIs
o Helps manage services and versions - Understand when deprecated services can be retired
o Be notified when abnormal events take place
o Plan better
o Monitor the growth of aggregated API traffic
o Monitor the growth of specific apps
![Page 49: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/49.jpg)
WSO2 Analytics Platform
![Page 50: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/50.jpg)
WSO2 Analytics Platform cont.
o Out-of-the- box reports covering all aspects of
o Subscriber behavior
o API usage
o Performance
o Can publish your own events from any API and build your own dashboards
![Page 51: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/51.jpg)
Reports for API Creators & Publishers
o Stats on APIs o Published APIs Over Time
o API Usage
o API Response Times
o API Last Access Times
o Usage by Resource Path
o Usage by Destination
o API Usage Comparison
o API Throttled Requests
o Faulty Invocations
o API Latency
o API Usage Across Geo
Locations
o API Usage Across User Agent
o Stats on Applicationso App Throttled Requests
o Applications Created Over Time
o Stats on Subscriptionso API Subscriptions
o Developer Signups Over Time
o Subscriptions Created Over
Time
![Page 52: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/52.jpg)
Reports for API Creators & Publishers cont.
![Page 53: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/53.jpg)
Reports for API Subscribers
o API Usage per Application
o Top Users per Application
o API Usage from Resource Path per Application
o Faulty Invocation per Application
![Page 54: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/54.jpg)
Real-time API Behavior Analysis
o Leverages real-time analytics streaming engineo Detects fraudulent token usage - Indication of lost tokens via alerts on
abnormal token renewals and unseen source IP access (abrupt changes to geo-location)
o Supports API product managers to provide better customer serviceo Alerts when API response time is outside normal parameters, indicating a
potential SLA breacho Alerts when apps/users are throttled out for hitting the current subscription
tier - potential opportunity to proactively propose a tier upgrade or to adjust SLAs
o Detect when APIs are not used as expected
o Identifies erratic behavior and supports capacity planningo Alerts when a sudden spike/drop in the request count in a given duration for
an API resource – Possible indication of a system problemo Determining trends in increased response times – Indication of potential
issues with APIs or backend system capacity
![Page 55: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/55.jpg)
Why Real-time Analytics for APIs ?
o Blacklist & whitelist verifications in real time
o Detect trends
o Detect incoherencies in trends
o Detect API calls sequences that you don’t want to allow
o Detect non-usage scenarios ( raise alerts on poor usage of a
certain API)
![Page 56: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/56.jpg)
Example – Real-time Fraud Detection
![Page 57: WSO2 API Manager 2.0 - Overview](https://reader034.fdocuments.in/reader034/viewer/2022042600/587219bb1a28ab3f188b6efb/html5/thumbnails/57.jpg)
Log Analysis
o Log Analysis through reports on low-level system operations:o Log events - Overall statistics of the types of log events created in a given
time periodo Application errors - Breakdown of error log events based on exception
category and error messageo Artifact deployment stats - Number of artifacts deployed in a given durationo Login failures - No of failed login attempts in a given durationo No of API failureso Access token-related issues
o Ability to view live log events on per-tenant basis