How to Build, Manage, and Promote APIs
 

Like this? Share it with your network

Share

How to Build, Manage, and Promote APIs

on

  • 3,753 views

 

Statistics

Views

Total Views
3,753
Views on SlideShare
2,151
Embed Views
1,602

Actions

Likes
2
Downloads
80
Comments
0

3 Embeds 1,602

http://wso2.org 1273
http://wso2.com 328
https://si0.twimg.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

How to Build, Manage, and Promote APIs Presentation Transcript

  • 1. lean . enterprise . middlewareWSO2 API Management Platform Chris Haddad VP, Technology Evangelism Paul Fremantle, CTO and Co-Founder Asanka Abeysinghe Director, Solutions Architecture © WSO2 2011. Not for redistribution. Commercial in Confidence.
  • 2. Business APIs“APIs provide a way to make resources available for internal and external partners to access information and services.”
  • 3. API ArchitectureAn API is a business capability delivered over the Internet to internal or external consumers • Network accessible function • Available using standard web protocols • With well-defined interfaces • Designed for access by third-partiesA Managed API is: • Actively advertised and subscribe-able • Exhibits high Quality of Service (QoS) • Available with Service Level Agreements (SLAs) • Secured, authenticated, authorized and protected • Monitored and monetized with analytics
  • 4. A note on our development process• WSO2 uses an agile, iterative development process • v1.0 is a Minimum Viable Product • http://en.wikipedia.org/wiki/Minimum_viable_product • Just enough features to allow a subset of users to deploy the system in production• Each further release is aimed at meeting specific user requirements• Not everything we say today may end up in v1.0 • You can follow progress on dev@wso2.org • And by joining the Beta programme (details at the end)
  • 5. WSO2 API Management Platform
  • 6. API Store Features
  • 7. API Publisher Features
  • 8. API Management Platform Details• Full support for web protocols: • JSON/HTTP(S), REST interactions • SOAP/HTTP(S), XML/HTTP(S) • Non-blocking high-performance HTTP transport handles 000s of concurrent connections• API Key Management based on OAuth2 • Get Key (with or without asynchronous approval process) • Renew Key • Revoke Key• Monitoring and analytics • Latency, Response Time, Failures vs Success, Total Transactions, Transactions by API Key • By user specified time period as well as over the last 1m, 5m, 10m, 1hr, 4hr, 8hr, 24hr periods
  • 9. API Key Use Case
  • 10. Understanding the flow• API Publisher adds API into API Manager • [Optionally provides sandbox endpoint]• API Governance / Admin approves publish• …• API Consumer finds API• API Consumer subscribes to API Key • [optional approval process]• OAuth2 Bearer Key issued • [optionally issue both production and sandbox keys]• …• API Consumer application makes a call • API Key is validated • API Key metadata is used to identify: • Throttling / Rate limiting policy • Sandbox / Production endpoint • Event is metered/monitored against the API, Key, IP address, etc
  • 11. OAuth• “An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.”• Designed to solve the “LinkedIn/Facebook/GMail” problem• “Valet Key”• http://tools.ietf.org/wg/oauth/
  • 12. Adding Security with BasicAuth/OAuth
  • 13. OAuth 2• What’s wrong with OAuth 1? • Crypto requirements are too onerous • Requires special client side OAuth code• OAuth 2 Bearer Tokens • A simple secret token carried over SSL • Allows OAuth2 keys to be used with CURL and common clients• OAuth2 Bearer Tokens = API Keys • A token that identifies the application calling the API • Separate from the user who creates it • Limited scope to calling one or more APIs • Can be revoked/renewed without requiring a password change for the user • Hence can be embedded in application code• OAuth2 is not yet final, but is stable and implemented • From the perspective of the API client, no “OAuth2” specific code is required • Completely implemented by the API Manager
  • 14. Improvements to the core mediation engine• The“Gateway” component of the AM is based on our core mediation framework from the ESB• For API Management there are some key improvements: • API model • Rate Limiting per Key • Passthru performance
  • 15. APIs and Resources
  • 16. API Syntax <api name="AccountManagementAPI" context="/am"> <resource methods="GET" uri-template="/accounts/{accountId}" inSequence="GetAccountIn" outSequence="GetAccountOut"/> <resource methods="PUT" uri-template="/accounts/{accountId}” inSequence="UpdateAccountIn" outSequence="UpdateAccountOut"/></api>Note that this syntax / model is internal to the API Manager and theaverage user will not need to know this. Advanced use cases can takeadvantage
  • 17. ESB Passthru Latency compared to previous models
  • 18. Scalable Deployment Architecture
  • 19. Scalable Analytics Deployment
  • 20. Demo Use Cases
  • 21. Roadmap Summary Q2 2012 Q3 2012 (Planned) (Projected)• API Publishing: • Integration with 3rd party Key Management • Documentation/Samples/SDK/Links to Systems external docs • Integration with 3rd party repositories such as GITHub • Tagging • Role-based views for usage reports • Track consumers by API • User self-registration • View Statistics by API • OAuth2 / OpenID based login• API Subscribing • Additional Collaboration Features • Search - Rate - TryIt - API Lifecycle • Monetization Management - Recommend - Post a review• API Versioning• Manage N APIs via the application concept• OAuth2 based Key Management• Throttling/SLA Limits per API• Integration with BAM for API Statistics• Skinnable UI
  • 22. Product Timelines• WSO2 API Management Platform (WSO2 AMP) • v1.0 Alpha – April 2012 • v1.0 Beta – May 2012* • v1.0 Gold – July 2012 • v1.5 Gold - September 2012 • v2.0 Gold - December 2012 * We are actively looking for alpha/beta customers to provide insight and validate the product design
  • 23. Beta Programme http://wso2.com/products/api- manager/
  • 24. Questions? http://www.flickr.com/photos/oberazzi/ 24
  • 25. Follow us: http://twitter.com/#!/wso2 Follow us:Contact us: http://twitter.com/#!/wso2http://wso2.com/contact/