Upload
wso2
View
3.648
Download
3
Embed Size (px)
DESCRIPTION
Citation preview
Apply API Governance
to RESTful Service APIs
using WSO2 Governance Registry
and WSO2 API Manager
© WSO2 2011. Not for redistribution. Commercial in Confidence.
lean . enterprise . middleware
Chris Haddad Technology evangelism, strategy, and roadmaps
Follow me @cobiacomm on Twitter
Read more about our API Story at
blog.cobia.net/cobiacomm
http://wso2.com/products/api-manager
WSO2 Carbon Enterprise Middleware Platform
*
Business APIs
“APIs provide a way to make resources
available for internal and external partners
to access information and services.”
APIs All the Way…
API Architecture
An API is a business capability delivered over the Internet to
internal or external consumers • Network accessible function
• Available using standard web protocols
• With well-defined interfaces
• Designed for access by third-parties
A Managed API is: • Actively advertised and subscribe-able
• Exhibits high Quality of Service (QoS)
• Available with Service Level Agreements (SLAs)
• Secured, authenticated, authorized and protected
• Monitored and monetized with analytics
Resources
• Addressable Resources: • Every “object” on your network should have a unique ID.
• An important aspect is that each “object” or resource has its
own specific URI where it can be addressed
• A Uniform, Constrained Interface. • When applying REST over HTTP, stick to the methods
provided by the protocol • GET, POST, PUT, and DELETE.
• These should be used properly • GET should have no side effects or change on state
• PUT should update the resource “in-place”
• The content-type of the resource should be useful and
meaningful
REST is full of subtleties
• Method Safety • GET, HEAD, OPTIONS, TRACE will not modify
anything
• Idempotency • PUT, DELETE, GET, HEAD can be repeated and
the side-effects remain the same
• Caching • Correct use of Last-Modified and ETag headers
• Content-negotiation
The benefits of a well-designed REST app
• Bookmarkability • Each URI really points to a unique entity • Every entity can be referenced
• Multiple representations are powerful • Allowing one view of a resource for users and one
for systems makes application development simpler and more logical
• Having well defined links • Does improve the semantic richness of an
application • By comparison WSDL is very flat and doesn’t show
the links between operations and services
Hypertext as the Engine of Application State
Resources are identified by URIs
↓
Clients communicate with resources via requests using a
standard set of methods
↓
Requests and responses contain resource representations
in formats identified by media types
↓
Responses contain URIs that link to further resources
Heavy weight Governance
The REST Way
How to be successful?
Business Design of the APIs
• Know the consumer
• Who will use the APIs (both developers and final end-user)?
• What type of applications will use the APIs?
• What business assets will be delivered?
• Maintain Operational Control
• What Quality of Service is expected?
• Who can access the assets?
• Remember Usability and Monetization
• How will the API expose business assets?
• How will you demonstrate business value via direct revenue,
chargeback, or showback?
API Challenges
Often difficult to offer your business capabilities as an API
• Potential consumers do not trust API stability, reliability,
availability, or performance
• Providers have scalability concerns and lack an ability to
manage consumption
• Security risks prevent publishing and offering open access
• Difficult to manage requirements from multiple consumers and
coordinate release schedule
• Inability to configure API per consumer
• Business return requires API metering usage rates, and billing
Use of Registries in RestFul Architecture
• Registry/Repository Aspects: • Structured Organization of Data
• Dependencies – Dependency Analysis
• Versioning of Assets (WADL/WSDL, Schema, Policies)
• Extensible meta-model (especially your custom configurations)
• Custom Properties/Meta-information
• Integration/Governance Aspects: • Impact, Notification, and Change Management
• Broader Lifecycle Integration
• API-access to resources
• Endpoint discovery
Building an Approval Model: SCXML
• State Chart XML: State Machine Notation for Control
Abstraction
• An OASIS Standard
• Embedded Apache Commons SCXML library
• GUI/Tooling • IBM Rational Software Architect
• SCXMLgui
• WSO2 Carbon Studio – Future
API Governance Roadmap
• Design Time Governance
• Run-time Operational Governance
API Design Time Governance Roadmap
REST Design Contract Review
• Stateless
• Resource-oriented URL Convention
• Xlinks
• Security
API Design Time Governance Roadmap
Consumer / Subscriber Relationships
• API Manager • Promotes available APIs
• Tracks subscriptions
API Design Time Governance Roadmap
API Versioning
• REST URL convention
• API Payload versioning
• Associating API to Service
21
Operational Governance
22
Operational Governance
23
Operational Governance
24
Operational Governance
25
Operational Governance
26
Operational Governance
27
Operational Governance
28
Operational Governance
29
Operational Governance
30
Operational Governance
Contact us:
http://wso2.com/contact/
Follow us:
http://twitter.com/#!/wso2
Follow us:
http://twitter.com/#!/wso2
lean . enterprise . middleware