SlideShare a Scribd company logo

Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager

WSO2
WSO2
Technology
1 of 32
Download to read offline
lean . enterprise . middleware Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager Chris Haddad Technology evangelism, strategy, and roadmaps Follow me @cobiacomm on Twitter Read more about our API Story at blog.cobia.net/cobiacomm http://wso2.com/products/api-manager © WSO2 2011. Not for redistribution. Commercial in Confidence.
WSO2 Carbon Enterprise Middleware Platform *
Business APIs “APIs provide a way to make resources available for internal and external partners to access information and services.”
APIs All the Way…
API Architecture An API is a business capability delivered over the Internet to internal or external consumers • Network accessible function • Available using standard web protocols • With well-defined interfaces • Designed for access by third-parties A Managed API is: • Actively advertised and subscribe-able • Exhibits high Quality of Service (QoS) • Available with Service Level Agreements (SLAs) • Secured, authenticated, authorized and protected • Monitored and monetized with analytics
Resources • Addressable Resources: • Every “object” on your network should have a unique ID. • An important aspect is that each “object” or resource has its own specific URI where it can be addressed • A Uniform, Constrained Interface. • When applying REST over HTTP, stick to the methods provided by the protocol • GET, POST, PUT, and DELETE. • These should be used properly • GET should have no side effects or change on state • PUT should update the resource “in-place” • The content-type of the resource should be useful and meaningful
REST is full of subtleties • Method Safety • GET, HEAD, OPTIONS, TRACE will not modify anything • Idempotency • PUT, DELETE, GET, HEAD can be repeated and the side-effects remain the same • Caching • Correct use of Last-Modified and ETag headers • Content-negotiation
The benefits of a well-designed REST app • Bookmarkability • Each URI really points to a unique entity • Every entity can be referenced • Multiple representations are powerful • Allowing one view of a resource for users and one for systems makes application development simpler and more logical • Having well defined links • Does improve the semantic richness of an application • By comparison WSDL is very flat and doesn’t show the links between operations and services
Hypertext as the Engine of Application State Resources are identified by URIs ↓ Clients communicate with resources via requests using a standard set of methods ↓ Requests and responses contain resource representations in formats identified by media types ↓ Responses contain URIs that link to further resources
Heavy weight Governance
The REST Way
How to be successful?
Business Design of the APIs • Know the consumer • Who will use the APIs (both developers and final end-user)? • What type of applications will use the APIs? • What business assets will be delivered? • Maintain Operational Control • What Quality of Service is expected? • Who can access the assets? • Remember Usability and Monetization • How will the API expose business assets? • How will you demonstrate business value via direct revenue, chargeback, or showback?
API Challenges Often difficult to offer your business capabilities as an API • Potential consumers do not trust API stability, reliability, availability, or performance • Providers have scalability concerns and lack an ability to manage consumption • Security risks prevent publishing and offering open access • Difficult to manage requirements from multiple consumers and coordinate release schedule • Inability to configure API per consumer • Business return requires API metering usage rates, and billing
Use of Registries in RestFul Architecture • Registry/Repository Aspects: • Structured Organization of Data • Dependencies – Dependency Analysis • Versioning of Assets (WADL/WSDL, Schema, Policies) • Extensible meta-model (especially your custom configurations) • Custom Properties/Meta-information • Integration/Governance Aspects: • Impact, Notification, and Change Management • Broader Lifecycle Integration • API-access to resources • Endpoint discovery
Building an Approval Model: SCXML • State Chart XML: State Machine Notation for Control Abstraction • An OASIS Standard • Embedded Apache Commons SCXML library • GUI/Tooling • IBM Rational Software Architect • SCXMLgui • WSO2 Carbon Studio – Future
API Governance Roadmap • Design Time Governance • Run-time Operational Governance
API Design Time Governance Roadmap REST Design Contract Review • Stateless • Resource-oriented URL Convention • Xlinks • Security
API Design Time Governance Roadmap Consumer / Subscriber Relationships • API Manager • Promotes available APIs • Tracks subscriptions
API Design Time Governance Roadmap API Versioning • REST URL convention • API Payload versioning • Associating API to Service
Operational Governance 21
Operational Governance 22
Operational Governance 23
Operational Governance 24
Operational Governance 25
Operational Governance 26
Operational Governance 27
Operational Governance 28
Operational Governance 29
Operational Governance 30
Follow us: http://twitter.com/#!/wso2 Follow us: Contact us: http://twitter.com/#!/wso2 http://wso2.com/contact/
lean . enterprise . middleware

Recommended

API Branding Strategy
API Branding StrategyAPI Branding Strategy
API Branding Strategy
WSO2
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
WSO2
 
Understanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyUnderstanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and Technology
WSO2
 
Building Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of CollaborationBuilding Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of Collaboration
WSO2
 
Why WSO2 for Digital Transformation
Why WSO2 for Digital TransformationWhy WSO2 for Digital Transformation
Why WSO2 for Digital Transformation
WSO2
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with docker
Docker, Inc.
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 Stratos
WSO2
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
WSO2
 

Recommended

API Branding Strategy
API Branding StrategyAPI Branding Strategy
API Branding Strategy
WSO2
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
WSO2
 
Understanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyUnderstanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and Technology
WSO2
 
Building Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of CollaborationBuilding Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of Collaboration
WSO2
 
Why WSO2 for Digital Transformation
Why WSO2 for Digital TransformationWhy WSO2 for Digital Transformation
Why WSO2 for Digital Transformation
WSO2
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with docker
Docker, Inc.
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 Stratos
WSO2
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
WSO2
 
WSO2 & AAA Ohio Automobile Club
WSO2 & AAA Ohio Automobile ClubWSO2 & AAA Ohio Automobile Club
WSO2 & AAA Ohio Automobile Club
WSO2
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connect
Kellton Tech Solutions Ltd
 
Partner Webinar: Why Is Open Source the Smartest Choice for Hybrid Integration?
Partner Webinar: Why Is Open Source the Smartest Choice for Hybrid Integration?Partner Webinar: Why Is Open Source the Smartest Choice for Hybrid Integration?
Partner Webinar: Why Is Open Source the Smartest Choice for Hybrid Integration?
WSO2
 
Solving born mobile generation challenges with WSO2 Enterprise Mobile Platform
Solving born mobile generation challenges with WSO2 Enterprise Mobile PlatformSolving born mobile generation challenges with WSO2 Enterprise Mobile Platform
Solving born mobile generation challenges with WSO2 Enterprise Mobile Platform
WSO2
 
Architecting the Digital Enterprise
Architecting the Digital Enterprise Architecting the Digital Enterprise
Architecting the Digital Enterprise
WSO2
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
WSO2
 
Open Banking - Moving Banks Beyond the Norm
Open Banking - Moving Banks Beyond the NormOpen Banking - Moving Banks Beyond the Norm
Open Banking - Moving Banks Beyond the Norm
WSO2
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
WSO2
 
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2
 
How to Effectively Build Web APIs for Microservices
How to Effectively Build Web APIs for Microservices How to Effectively Build Web APIs for Microservices
How to Effectively Build Web APIs for Microservices
WSO2
 
Role of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyRole of API Management in an API led Digital Economy
Role of API Management in an API led Digital Economy
WSO2
 
WSO2 Cloud Platform: Vision and Roadmap
WSO2 Cloud Platform: Vision and RoadmapWSO2 Cloud Platform: Vision and Roadmap
WSO2 Cloud Platform: Vision and Roadmap
WSO2
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterprise
Guru Lakshmeekar B
 
Which APIs? which business models - A real-world guide for African banks.
Which APIs? which business models - A real-world guide for African banks.Which APIs? which business models - A real-world guide for African banks.
Which APIs? which business models - A real-world guide for African banks.
WSO2
 
[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management
WSO2
 
Role of integration in Digital Transformation
Role of integration in Digital TransformationRole of integration in Digital Transformation
Role of integration in Digital Transformation
WSO2
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management Demystified
Manmohan Gupta
 
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraConfronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking Era
Akana
 
Building Business Platforms Using an API Driven Marketplace
Building Business Platforms Using an API Driven MarketplaceBuilding Business Platforms Using an API Driven Marketplace
Building Business Platforms Using an API Driven Marketplace
WSO2
 
Best Practices for API Management
Best Practices for API Management Best Practices for API Management
Best Practices for API Management
WSO2
 
WSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and Roadmap
WSO2
 
Role of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EIRole of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EI
WSO2
 

More Related Content

What's hot

WSO2 & AAA Ohio Automobile Club
WSO2 & AAA Ohio Automobile ClubWSO2 & AAA Ohio Automobile Club
WSO2 & AAA Ohio Automobile Club
WSO2
 
Solving born mobile generation challenges with WSO2 Enterprise Mobile Platform
Solving born mobile generation challenges with WSO2 Enterprise Mobile PlatformSolving born mobile generation challenges with WSO2 Enterprise Mobile Platform
Solving born mobile generation challenges with WSO2 Enterprise Mobile Platform
WSO2
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
WSO2
 
Open Banking - Moving Banks Beyond the Norm
Open Banking - Moving Banks Beyond the NormOpen Banking - Moving Banks Beyond the Norm
Open Banking - Moving Banks Beyond the Norm
WSO2
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
WSO2
 
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2
 
Building Business Platforms Using an API Driven Marketplace
Building Business Platforms Using an API Driven MarketplaceBuilding Business Platforms Using an API Driven Marketplace
Building Business Platforms Using an API Driven Marketplace
WSO2
 

What's hot (20)

WSO2 & AAA Ohio Automobile Club
WSO2 & AAA Ohio Automobile ClubWSO2 & AAA Ohio Automobile Club
WSO2 & AAA Ohio Automobile Club
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connect
 
Partner Webinar: Why Is Open Source the Smartest Choice for Hybrid Integration?
Partner Webinar: Why Is Open Source the Smartest Choice for Hybrid Integration?Partner Webinar: Why Is Open Source the Smartest Choice for Hybrid Integration?
Partner Webinar: Why Is Open Source the Smartest Choice for Hybrid Integration?
 
Solving born mobile generation challenges with WSO2 Enterprise Mobile Platform
Solving born mobile generation challenges with WSO2 Enterprise Mobile PlatformSolving born mobile generation challenges with WSO2 Enterprise Mobile Platform
Solving born mobile generation challenges with WSO2 Enterprise Mobile Platform
 
Architecting the Digital Enterprise
Architecting the Digital Enterprise Architecting the Digital Enterprise
Architecting the Digital Enterprise
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
 
Open Banking - Moving Banks Beyond the Norm
Open Banking - Moving Banks Beyond the NormOpen Banking - Moving Banks Beyond the Norm
Open Banking - Moving Banks Beyond the Norm
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
 
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
 
How to Effectively Build Web APIs for Microservices
How to Effectively Build Web APIs for Microservices How to Effectively Build Web APIs for Microservices
How to Effectively Build Web APIs for Microservices
 
Role of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyRole of API Management in an API led Digital Economy
Role of API Management in an API led Digital Economy
 
WSO2 Cloud Platform: Vision and Roadmap
WSO2 Cloud Platform: Vision and RoadmapWSO2 Cloud Platform: Vision and Roadmap
WSO2 Cloud Platform: Vision and Roadmap
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterprise
 
Which APIs? which business models - A real-world guide for African banks.
Which APIs? which business models - A real-world guide for African banks.Which APIs? which business models - A real-world guide for African banks.
Which APIs? which business models - A real-world guide for African banks.
 
[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management[WSO2Con EU 2017] Cloud-Native API Management
[WSO2Con EU 2017] Cloud-Native API Management
 
Role of integration in Digital Transformation
Role of integration in Digital TransformationRole of integration in Digital Transformation
Role of integration in Digital Transformation
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management Demystified
 
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraConfronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking Era
 
Building Business Platforms Using an API Driven Marketplace
Building Business Platforms Using an API Driven MarketplaceBuilding Business Platforms Using an API Driven Marketplace
Building Business Platforms Using an API Driven Marketplace
 
Best Practices for API Management
Best Practices for API Management Best Practices for API Management
Best Practices for API Management
 

Similar to Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager

Role of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EIRole of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EI
WSO2
 
APIs and Beyond
APIs and BeyondAPIs and Beyond
APIs and Beyond
WSO2
 
How to Build, Manage, and Promote APIs
How to Build, Manage, and Promote APIsHow to Build, Manage, and Promote APIs
How to Build, Manage, and Promote APIs
WSO2
 
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
Introducing WSO2 API Manager for Mobile Applications and Rapid IntegrationIntroducing WSO2 API Manager for Mobile Applications and Rapid Integration
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
WSO2
 
Promoting Service Reuse within your Organization and Encouraging-SOA Success
Promoting Service Reuse within your Organization and Encouraging-SOA SuccessPromoting Service Reuse within your Organization and Encouraging-SOA Success
Promoting Service Reuse within your Organization and Encouraging-SOA Success
WSO2
 
Extend soa with api management Doag18
Extend soa with api management Doag18Extend soa with api management Doag18
Extend soa with api management Doag18
Vinay Kumar
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
Christian Posta
 
API’s and Micro Services 0.5
API’s and Micro Services 0.5API’s and Micro Services 0.5
API’s and Micro Services 0.5
Richard Hudson
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
Cloud Standards Customer Council
 

Similar to Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager (20)

WSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and Roadmap
 
Role of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EIRole of Rest vs. Web Services and EI
Role of Rest vs. Web Services and EI
 
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
 
APIs and Beyond
APIs and BeyondAPIs and Beyond
APIs and Beyond
 
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
 
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...
 
How to Build, Manage, and Promote APIs
How to Build, Manage, and Promote APIsHow to Build, Manage, and Promote APIs
How to Build, Manage, and Promote APIs
 
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
Introducing WSO2 API Manager for Mobile Applications and Rapid IntegrationIntroducing WSO2 API Manager for Mobile Applications and Rapid Integration
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
 
Promoting Service Reuse within your Organization and Encouraging-SOA Success
Promoting Service Reuse within your Organization and Encouraging-SOA SuccessPromoting Service Reuse within your Organization and Encouraging-SOA Success
Promoting Service Reuse within your Organization and Encouraging-SOA Success
 
Day 1 axway apim-training
Day 1 axway apim-trainingDay 1 axway apim-training
Day 1 axway apim-training
 
Extend soa with api management Doag18
Extend soa with api management Doag18Extend soa with api management Doag18
Extend soa with api management Doag18
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
 
Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture
 
API’s and Micro Services 0.5
API’s and Micro Services 0.5API’s and Micro Services 0.5
API’s and Micro Services 0.5
 
RESTful services
RESTful servicesRESTful services
RESTful services
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
 
Open Banking & Open Insurance
Open Banking & Open InsuranceOpen Banking & Open Insurance
Open Banking & Open Insurance
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
 
APIs Design - Creation - Management.pdf
APIs Design - Creation - Management.pdfAPIs Design - Creation - Management.pdf
APIs Design - Creation - Management.pdf
 

More from WSO2

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 

More from WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Recently uploaded (20)

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager

  • 1. lean . enterprise . middleware Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager Chris Haddad Technology evangelism, strategy, and roadmaps Follow me @cobiacomm on Twitter Read more about our API Story at blog.cobia.net/cobiacomm http://wso2.com/products/api-manager © WSO2 2011. Not for redistribution. Commercial in Confidence.
  • 2. WSO2 Carbon Enterprise Middleware Platform *
  • 3. Business APIs “APIs provide a way to make resources available for internal and external partners to access information and services.”
  • 4. APIs All the Way…
  • 5. API Architecture An API is a business capability delivered over the Internet to internal or external consumers • Network accessible function • Available using standard web protocols • With well-defined interfaces • Designed for access by third-parties A Managed API is: • Actively advertised and subscribe-able • Exhibits high Quality of Service (QoS) • Available with Service Level Agreements (SLAs) • Secured, authenticated, authorized and protected • Monitored and monetized with analytics
  • 6. Resources • Addressable Resources: • Every “object” on your network should have a unique ID. • An important aspect is that each “object” or resource has its own specific URI where it can be addressed • A Uniform, Constrained Interface. • When applying REST over HTTP, stick to the methods provided by the protocol • GET, POST, PUT, and DELETE. • These should be used properly • GET should have no side effects or change on state • PUT should update the resource “in-place” • The content-type of the resource should be useful and meaningful
  • 7. REST is full of subtleties • Method Safety • GET, HEAD, OPTIONS, TRACE will not modify anything • Idempotency • PUT, DELETE, GET, HEAD can be repeated and the side-effects remain the same • Caching • Correct use of Last-Modified and ETag headers • Content-negotiation
  • 8. The benefits of a well-designed REST app • Bookmarkability • Each URI really points to a unique entity • Every entity can be referenced • Multiple representations are powerful • Allowing one view of a resource for users and one for systems makes application development simpler and more logical • Having well defined links • Does improve the semantic richness of an application • By comparison WSDL is very flat and doesn’t show the links between operations and services
  • 9. Hypertext as the Engine of Application State Resources are identified by URIs ↓ Clients communicate with resources via requests using a standard set of methods ↓ Requests and responses contain resource representations in formats identified by media types ↓ Responses contain URIs that link to further resources
  • 12. How to be successful?
  • 13. Business Design of the APIs • Know the consumer • Who will use the APIs (both developers and final end-user)? • What type of applications will use the APIs? • What business assets will be delivered? • Maintain Operational Control • What Quality of Service is expected? • Who can access the assets? • Remember Usability and Monetization • How will the API expose business assets? • How will you demonstrate business value via direct revenue, chargeback, or showback?
  • 14. API Challenges Often difficult to offer your business capabilities as an API • Potential consumers do not trust API stability, reliability, availability, or performance • Providers have scalability concerns and lack an ability to manage consumption • Security risks prevent publishing and offering open access • Difficult to manage requirements from multiple consumers and coordinate release schedule • Inability to configure API per consumer • Business return requires API metering usage rates, and billing
  • 15. Use of Registries in RestFul Architecture • Registry/Repository Aspects: • Structured Organization of Data • Dependencies – Dependency Analysis • Versioning of Assets (WADL/WSDL, Schema, Policies) • Extensible meta-model (especially your custom configurations) • Custom Properties/Meta-information • Integration/Governance Aspects: • Impact, Notification, and Change Management • Broader Lifecycle Integration • API-access to resources • Endpoint discovery
  • 16. Building an Approval Model: SCXML • State Chart XML: State Machine Notation for Control Abstraction • An OASIS Standard • Embedded Apache Commons SCXML library • GUI/Tooling • IBM Rational Software Architect • SCXMLgui • WSO2 Carbon Studio – Future
  • 17. API Governance Roadmap • Design Time Governance • Run-time Operational Governance
  • 18. API Design Time Governance Roadmap REST Design Contract Review • Stateless • Resource-oriented URL Convention • Xlinks • Security
  • 19. API Design Time Governance Roadmap Consumer / Subscriber Relationships • API Manager • Promotes available APIs • Tracks subscriptions
  • 20. API Design Time Governance Roadmap API Versioning • REST URL convention • API Payload versioning • Associating API to Service
  • 31. Follow us: http://twitter.com/#!/wso2 Follow us: Contact us: http://twitter.com/#!/wso2 http://wso2.com/contact/
  • 32. lean . enterprise . middleware