20
Last Updated: Jan. 2014 Abimaran Kugathasan & Amila De Silva Extensible API Management WSO2 API Manager Team

Extensible API Management

  • Upload
    wso2

  • View
    969

  • Download
    1

Embed Size (px)

DESCRIPTION

-

Citation preview

Page 1: Extensible API Management

Last Updated: Jan. 2014

Abimaran Kugathasan & Amila De Silva

Extensible API Management

WSO2 API Manager Team

Page 2: Extensible API Management

**

About the Presenters!๏ Amila joined WSO2 in September 2012. He is a

senior software engineer in the WSO2 API Manager team. In addition to his product deve lopment e f fo r t s he has p rov ided development support and technology consulting on customer engagements, including customer QuickStart programs.

!๏ Abimaran in a Software Engineer at WSO2. Prior

to joining WSO2, Abimaran worked at hSenid Mobile Solutions as a Software Engineer where he played a key role in hSenid's Service Delivery Platform and some other products. He holds a b a c h e l o r ' s d e g r e e i n E l e c t r o n i c a n d Telecommunication Engineering from University of Peradeniya and he is a Oracle Certified Java Developer and Oracle Certified Web Component Developer.

Page 3: Extensible API Management

*

About WSO2

*

๏ Global enterprise, founded in 2005 by acknowledged leaders in XML, web services technologies, standards and open source

๏ Provides only open source platform-as-a-service for private, public and hybrid cloud deployments

๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0.

๏ Is an Active Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Foundation and W3C.

๏ Driven by Innovation

๏ Launched first open source API Management solution in 2012

๏ Launched App Factory in 2Q 2013

๏ Launched Enterprise Store and first open source Mobile solution in 4Q 2013

Page 4: Extensible API Management

**

What WSO2 delivers

Page 5: Extensible API Management

*

It’s easy to start, but then...

๏ Exposing business Assets as APIs is easy

๏ API Management platforms are a top trend

๏ With cloud, you can quickly turn your ideas into money

๏ Change is a must

๏ As the users gather new-requirements come up

๏ New features must be introduced to attract more users

๏ A business needs different support services

๏ All the services cannot be homemade

๏ Different entities have expertise on different areas

๏ Integrating with external systems paves a path to use those expertise

Page 6: Extensible API Management

*

Extension Points in API Manager

● Using Federated Authenticators ● Mediation Extension

● Modifying in/out flow to orchestrate services ● Customizing fault messages ● Changing message types

● Extending Grant types ● Extending Workflows ● Customizing Publisher/Store !!

Page 7: Extensible API Management

*

Story of Alice & DailyQuotes!

๏ Alice has a huge collection of Quotes ๏ She thinks of categorising and hosting them ๏ DailyQuotes is the hosted service

๏ She thinks of going public with this ๏ WSO2 API Manager helps her to throttle and secure API calls. ๏ App Developers register in the Store and create Apps ๏ Only a handful of developers care to Sign-up with the Store

๏ Alice consults Bob ๏ Bob finds that her FB marketing attracts lot of users into the Store ๏ But lot of users are reluctant to Signup with the Store ๏ Bob suggests to provide different login options

๏ Then Alice gets to know about Federated Authentication Support ๏ Enable SSO between API Manager and IS ๏ Use IS for different Authentication options ๏ Use JIT Provisioning to grant necessary privileges to log into Store

Page 8: Extensible API Management

*

IS as a Federation Hub

Page 9: Extensible API Management

*

Now DailyQuotes receives more hits...

๏ Alice wants to expand her Business Further

๏ Bob finds out that calls are only coming from English speaking regions

๏ If these quotes can be translated, perhaps more calls can be attracted

๏ Bob suggests Alice to translate quotes to different languages

๏ Alice doesn’t like changing existing Daily Quotes service

๏ She finds a service which can translate the Quotes for her.

๏ Instead changing the Backend she can use this service to translate Quotes

๏ Then she reads about Mediation Extensions

๏ Using the Mediation extension the translate Service is called

๏ The response is modified before it’s sent to the client.

Page 10: Extensible API Management

*

Use of Mediation Extensions...

๏ Change incoming/outgoing messages ๏ Change the format of a request/response ๏ Location based dispatching ๏ Customise Error messages. ๏ Service Orchestration

Page 11: Extensible API Management

*

Now comes more Apps…

๏ Life goes by, everyone is happy using DailyQuotes service ๏ There are many Apps written using DailyQuotes API ๏ Users have to obtain a token before invoking the API ๏ They have to use username password or an online identity to obtain

a token ๏ Then a major Telecom provider contacts Alice

๏ They are going to develop an app using DailyQuotes ๏ But the App uses SIM no (MSISDN) rather than username ๏ They need to exchange a token for the MSISDN

๏ They can provide a service to validate authenticity of an MSISDN ๏ Alice tries to find a grant type that she can use for this ๏ None of the existing four grant types match this requirement as it

is. ๏ Then she gets to know about writing new grant types.

Page 12: Extensible API Management

*

Flow of Password grant type

Page 13: Extensible API Management

*

Flow of the Extended Grant Type...

Page 14: Extensible API Management

*

Workflow Extensions๏ Can be used for API Governance, Auditing, etc ๏ Workflows can be configured for Application

Creation, Registration, Subscription, User SignUp ๏ As Alice business got expanded, she wants to make

money out her API ๏ She wrote a custom workflow extension, which

allows only paid clients to invoke her API

Page 15: Extensible API Management

*

Workflow Extensions…

Page 16: Extensible API Management

*

Workflow Extensions…๏ User of the API should pay in advance to use Alice’s API ๏ Alice’s Workflow will check whether user had paid for her API subscriptions ๏ In future Alice will extend this future to direct a payment gateway and user

can pay through that payment gateway ๏ Extend public abstract class WorkflowExecutor class, each workflow executor

should extends this class ๏ Subscription Workflow web service Executor

SubscriptionCreationWSWorkflowExecutor ๏ Override following methods ๏ public void execute(WorkflowDTO workflowDTO) - handle logic of the

workflow ๏ public void complete(WorkflowDTO workflowDTO) - handle workflow

completion logic ๏ public abstract String getWorkflowType() - return type of workflow, ex

AM_SUBSCRIPTION_CREATION ๏ public List<WorkflowDTO> getWorkflowDetails(String workflowStatus) - used

to get workflow details

Page 17: Extensible API Management

*

!!<WorkFlowExtensions> <!--SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationSimpleWorkflowExecutor"/--> <SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationWSWorkflowExecutor"> <Property name="serviceEndpoint">http://localhost:9765/services/SubscriptionApprovalWorkFlowProcess/</Property> <Property name="username">admin</Property> <Property name="password">admin</Property> <Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</Property> </SubscriptionCreation> </WorkFlowExtensions> !๏Different Tenants can add their own tenant specific workflows ๏You can add WSO2 Business Process Server as external workflow

executor as well ๏For more, check our documentation https://docs.wso2.com/

display/AM170/Adding+Workflow+Extensions

Workflow Extensions…

Page 18: Extensible API Management

*

Store and Publisher API! !๏ Want to write a custom API Publisher and Store ๏ Store has following REST APIS

‣ Login/Logout ‣ User SignUp ‣ Get All APIs ‣ Published APIs by an Application ‣ Add/Update/Get/Remove Application ‣ Add/List/Remove Subscription ‣ Add API Comment

!๏ Publisher has following REST APIS

‣ Login/Logout ‣ Add/Update APIs ‣ Get/Remove/Copy APIs ‣ Change API status ‣ Add/Update/Remove API Documentation

๏ For more details https://docs.wso2.com/display/AM170/Published+APIs

Page 19: Extensible API Management

**

Business Model

Page 20: Extensible API Management

Contact us !