Role of REST Vs. Web Services &     Enterprise Integration        Hiranya Jayathilaka               Associate Technical Le...
A Word About WSO2• Founded in 2005 by acknowledged leaders in XML, Web Services  technologies & standards and open source....
What is REST?• REpresentational State Transfer• Lightweight, client-server architecture• Interactions are based on the tra...
Richardson Maturity ModelLevel 3: Hypermedia Controls• Hyper text as the engine of application stateLevel 2: HTTP Verbs• M...
An Example…• Learning Management System for a college• A number of fundamental concepts  – Student  – Course  – Teacher• I...
The “Student” Resource State•   Name•   Age•   Registration number•   GPA•   Date of birth•   Contact information
State Representation - XML
State Representation - JSON
Representational State Transfer• Clients and servers interact with each other by  exchanging  – Resource state representat...
HTTP Based RESTful Interactions
REST Today!• Developers and architects realize the power of  REST and appreciate its lightweight nature• Lots of tools, li...
Nothing But REST?• Most organizations have already invested  heavily in IT and have adopted countless  technologies  – Leg...
REST in Peace, SOAP?• Not in our wildest dreams  – New WS-* standards introduced frequently  – Many developer friendly too...
“Hang in There SOAP”
Moral of the Story…• Replacing existing technologies is not easy• Every technology has its own strengths and  weaknesses  ...
Coexistence over Conquest• RESTful applications should play nice with  other technologies• Need powerful integration mecha...
Key to Success• Organizations that have realized the value of  “coexistence over conquest” have reaped  fruitful results  ...
Good Times for Developers!• Adding REST support to an existing enterprise  architecture creates many interesting problems ...
Developing RESTful Applications• Can be done with any web development  technology  – HTML, PHP, ASP, CGI…• Servlets and JS...
Integrating RESTful Applications
Exposing Existing Services Over REST• Use the tried and tested  gateway pattern            Consumers• Lock down all the  i...
WSO2 ESB as an API Gateway
REST APIs in WSO2 ESB
Basic Features of an API Gateway• Transport switching• Message transformation and content  negotiation• Lightweight orches...
Security• More exposure = More vulnerabilities• Access to critical business applications must  be secured at API gateway l...
API Security Enforcement in WSO2 ESB
A Simple Security Architecture
A More Comprehensive Approach with            API Keys
API Store Front
Managing System Load• RESTful applications are usually lightweight and  fast – But your backend services may be not• Track...
Throttling Support in WSO2 ESB
Throttle by SLA
Caching• Another very effective way of reducing the  overhead on backend services  – Cache as many responses as possible i...
Caching Support in WSO2 ESB
API Provisioning• REST integration is not a one-off activity. Once  adopted you will be doing it for the ‘rest’ of  your w...
API Provisioning in WSO2 ESB
API Provisioning in WSO2 API Manager
Monitoring & Usage Tracking• Log and record all accesses to your exposed  RESTful interfaces at the API gateway  – Both va...
What to Do with Collected Data?• Periodic audits• Dashboards and reports  – For both API providers and API consumers• Capa...
Monitoring WSO2 ESB
WSO2 API Manager with BAM
WSO2 API Manager with BAM
API Monetization• Turning inbound API calls into cash• Prevent third parties from making profits out of  your APIs - Preve...
Your Business as a Service    App         App         App          App      PaaS for Managed Third Party Apps             ...
Summary• What is REST?• REST vs. SOAP and other technologies• Exposing existing systems over REST – API  gateway pattern• ...
Resources• REST and API management with WSO2 ESB (Webinar):  http://www.youtube.com/watch?v=YNfa88-DWQU• ESB Tipcs & Trick...
Selected Customers
WSO2 Engagement Model•   QuickStart•   Development support•   Development services•   Production support•   Turnkey soluti...
Thank You
Upcoming SlideShare
Loading in …5
×

Role of Rest vs. Web Services and EI

2,281 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,281
On SlideShare
0
From Embeds
0
Number of Embeds
610
Actions
Shares
0
Downloads
70
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Role of Rest vs. Web Services and EI

  1. 1. Role of REST Vs. Web Services & Enterprise Integration Hiranya Jayathilaka Associate Technical Lead PMC Member (Integration Technologies)
  2. 2. A Word About WSO2• Founded in 2005 by acknowledged leaders in XML, Web Services technologies & standards and open source. Primary contributors to Apache Web Services projects started in 2001.• Producing entire middleware platform 100% open source under the Apache license.• Business model is to sell comprehensive support & maintenance for our products.• Technology OEM’d by IBM, Progress, Software AG, Alcatel, EMC and CA.• Venture funded by Intel Capital and Quest Software• Global corporation with offices in Palo Alto (USA), Portsmouth (UK) and Colombo (Sri Lanka).• 150+ employees and growing.
  3. 3. What is REST?• REpresentational State Transfer• Lightweight, client-server architecture• Interactions are based on the transfer of resource state representations• Systems exchange state representations and perform application state transitions• Mostly implemented using HTTP
  4. 4. Richardson Maturity ModelLevel 3: Hypermedia Controls• Hyper text as the engine of application stateLevel 2: HTTP Verbs• Many URIs, each supporting multiple HTTP methodsLevel 1: Resources• Many URIs, one HTTP methodLevel 0: XML Over HTTP• One URI, one HTTP method
  5. 5. An Example…• Learning Management System for a college• A number of fundamental concepts – Student – Course – Teacher• In a RESTful design these concepts are likely to become the ‘resources’ managed by the LMS
  6. 6. The “Student” Resource State• Name• Age• Registration number• GPA• Date of birth• Contact information
  7. 7. State Representation - XML
  8. 8. State Representation - JSON
  9. 9. Representational State Transfer• Clients and servers interact with each other by exchanging – Resource state representations – Other control information• Applications are state machines – Exchange of resource state representations and control information can result in application state transitions
  10. 10. HTTP Based RESTful Interactions
  11. 11. REST Today!• Developers and architects realize the power of REST and appreciate its lightweight nature• Lots of tools, libraries and frameworks to make RESTful development easier• Well suited for modern IT trends – Mobile apps – Rich web applications – Social media
  12. 12. Nothing But REST?• Most organizations have already invested heavily in IT and have adopted countless technologies – Legacy systems – J2EE, .NET, LAMP – CORBA, DCOM, RPC, SOAP – … and much more• Replacing these existing systems is risky and ridiculously expensive
  13. 13. REST in Peace, SOAP?• Not in our wildest dreams – New WS-* standards introduced frequently – Many developer friendly tools and frameworks – Comprehensive and highly interoperable platform – Sponsorship of many large scale software vendors• SOAP, WSDL, WS-*, BPEL – They are all here to stay (at least for the foreseeable future) – REST will continue to be dominant in the public web API space
  14. 14. “Hang in There SOAP”
  15. 15. Moral of the Story…• Replacing existing technologies is not easy• Every technology has its own strengths and weaknesses – Despite its arcane terminology, the structured description capabilities of the WSDL standard is being praised even by hard-core fans of REST – No technology can be designated “universally superior”
  16. 16. Coexistence over Conquest• RESTful applications should play nice with other technologies• Need powerful integration mechanisms between REST and other technologies (most notably SOAP)• Design applications in a manner so that the weaknesses of one technology is complemented by the strengths of another – Best of both worlds scenario
  17. 17. Key to Success• Organizations that have realized the value of “coexistence over conquest” have reaped fruitful results – Amazon – eBay – Google• Opens up the business for all types of developers and clients – Breaks down barriers for technology adoption
  18. 18. Good Times for Developers!• Adding REST support to an existing enterprise architecture creates many interesting problems and lucrative opportunities for developers – Developing RESTful applications – Integrating REST applications with the ‘rest’ – Exposing existing services over REST – Security – Provisioning – Monitoring and usage tracking• “Developers are the new king makers” – James Governor
  19. 19. Developing RESTful Applications• Can be done with any web development technology – HTML, PHP, ASP, CGI…• Servlets and JSP are popular in the Java world• JAX-RS catching up fast – Apache Wink – Apache CXF – WSO2 Application Server
  20. 20. Integrating RESTful Applications
  21. 21. Exposing Existing Services Over REST• Use the tried and tested gateway pattern Consumers• Lock down all the implementation details of the backend systems behind an API gateway REST API and expose a clean Gateway REST API• Pay attention to the number and granularity Backend of exposed operations Services
  22. 22. WSO2 ESB as an API Gateway
  23. 23. REST APIs in WSO2 ESB
  24. 24. Basic Features of an API Gateway• Transport switching• Message transformation and content negotiation• Lightweight orchestration• High performance (low latency mediation)• Monitoring
  25. 25. Security• More exposure = More vulnerabilities• Access to critical business applications must be secured at API gateway level – Do all security checks as early as possible• Use HTTP friendly security mechanisms – Basic Auth – OAuth
  26. 26. API Security Enforcement in WSO2 ESB
  27. 27. A Simple Security Architecture
  28. 28. A More Comprehensive Approach with API Keys
  29. 29. API Store Front
  30. 30. Managing System Load• RESTful applications are usually lightweight and fast – But your backend services may be not• Track the usage of REST APIs at the gateway and turn down requests if the load becomes too high – If the APIs are restricted to a particular group of clients, consider implementing some IP based throttling mechanism – Use time based throttling to prevent legitimate clients from overwhelming a service
  31. 31. Throttling Support in WSO2 ESB
  32. 32. Throttle by SLA
  33. 33. Caching• Another very effective way of reducing the overhead on backend services – Cache as many responses as possible in the gateway and try to minimize calling backend services• Added benefit: Improved performance (better user experience)• Need to have proper cache invalidation mechanisms in place
  34. 34. Caching Support in WSO2 ESB
  35. 35. API Provisioning• REST integration is not a one-off activity. Once adopted you will be doing it for the ‘rest’ of your working life.• Should be able to easily add new REST APIs to the API gateway – Ideally should be a single click operation – Should not result in a downtime of existing APIs• REST API governance
  36. 36. API Provisioning in WSO2 ESB
  37. 37. API Provisioning in WSO2 API Manager
  38. 38. Monitoring & Usage Tracking• Log and record all accesses to your exposed RESTful interfaces at the API gateway – Both valid and invalid accesses – At very least have a HTTP access log• If you already have a monitoring system in place, integrate it with the API gateway – Syslogs, JMX, BAM• KPI monitoring and SLA monitoring• Tracking API usage
  39. 39. What to Do with Collected Data?• Periodic audits• Dashboards and reports – For both API providers and API consumers• Capacity planning and traffic engineering• Vulnerability detection• Marketing and promotional activities
  40. 40. Monitoring WSO2 ESB
  41. 41. WSO2 API Manager with BAM
  42. 42. WSO2 API Manager with BAM
  43. 43. API Monetization• Turning inbound API calls into cash• Prevent third parties from making profits out of your APIs - Prevent disenfranchisement• Provide a monitored sandbox environment where third parties can develop applications using your APIs – Close off or restrict access to the APIs from outside the sandbox environment – Have a robust model for reviewing, approving and publishing third party applications
  44. 44. Your Business as a Service App App App App PaaS for Managed Third Party Apps (WSO2 Stratos) API (WSO2 API Manager) Services, Processes, Applications, Data (Business IT Assets)
  45. 45. Summary• What is REST?• REST vs. SOAP and other technologies• Exposing existing systems over REST – API gateway pattern• Techniques for securing, provisioning and managing REST APIs• API monetization
  46. 46. Resources• REST and API management with WSO2 ESB (Webinar): http://www.youtube.com/watch?v=YNfa88-DWQU• ESB Tipcs & Tricks: Introduction to REST APIs (Blog): http://techfeast-hiranya.blogspot.com/2012/04/wso2-esb-tips- tricks-09-introduction-to.html• REST API samples (Documentation): http://docs.wso2.org/display/ESB403/Sample+1+Introduction+to+R EST+API• Introduction to AppFactory (Blog): http://blog.cobia.net/cobiacomm/2012/04/16/what-is-wso2- appfactory/• WSO2 API Manager beta program (Press Release): http://wso2.com/about/news/wso2-begins-recruiting-beta- customers-for-new-wso2-api-manager-product/
  47. 47. Selected Customers
  48. 48. WSO2 Engagement Model• QuickStart• Development support• Development services• Production support• Turnkey solutions – WSO2 Mobile Gateway Solution – WSO2 FIX Gateway Solution – WSO2 SAP Gateway Solution
  49. 49. Thank You

×