My API Management talk's slides at JBCNConf 2016: Exploring API management and apiman; with an open source twist, and a hint of microservices. Interacting with, developing, and deploying RESTful APIs forms a key part of many modern applications; this is especially true of microservices architectures. However, there are also an increasing number of ancillary requirements that need fulfilling, amongst which are: - Security; such as authentication and authorisation - Request tracking; for metrics, logging, and billing - Access limits; such as rate limiting and quotas - Service registry, discovery, user management, custom logic, ... As developers it's clearly preferable to focus on perfecting the business logic of our applications rather than spending time focussing on the common and prone-to-change requirements found in every of our applications. Centralising these functions enables us not only to reduce time spent in development and maintenance, but also reduces the surface area for bugs and inconsistencies. API Management endeavours to solve these problems.In this talk, we'll explore API management broadly, then dive into the specifics of apiman: a free and open source API management solution. Examining both design time and runtime aspects, we'll examine benefits, detractions and technical approaches taken to achieve a flexible, scalable and high-performance solution.

1. OPEN SOURCE
API MANAGEMENT
MARC SAVY (@MARCSAVY)
APIMAN CORE DEVELOPER
@APIMAN_IO APIMAN.IO
1

2. TRADITIONAL APPROACH
AN E XTRE ME LY ( OVER)SIMPLIFIED VIEW
2

3. IN REALITY
3

4. MORE GENERALLY
4

5. API MANAGEMENT?
Centralise common API functionality
Security
Rate Limiting
Caching
Control access to APIs
Metrics, Billing, Audit, ...
5

6. EXTRACTING COMMON
FUNCTIONALITY
6

7. API MANAGEMENT &
MICROSERVICES
Registry of APIs
API discovery
API descriptions (e.g. Swagger, ...)
API contracts
Collection of metrics/statistics
Central management of common API functionality
(e.g. security, billing, ...).
7

8. API MANAGEMENT &
MICROSERVICES
Handling of heterogeneous services
Natural barrier between inside and outside world
Determine service value
8

9. APIMAN ARCHITECTURE
API MANAGER
Publish, configure & manage APIs
Discover and consume APIs
User management; metric visualisations; audit, etc.
​Anything you can do via UI you can do via API
Almost everything is pluggable (if you want)
9

10. Sits between the REST client and server
Proxies requests to back-end APIs
Contains a subset of configuration from the API Manager
Applies configured Policies to API requests at runtime
​Scales independently of manager. Focus on performance
Pluggable components for things like shared state
Async by design, but works on traditional platforms
APIMAN ARCHITECTURE
API GATEWAY
10

11. APIMAN ARCHITECTURE
1 ... N
11

12. WHAT CAN POLICIES DO?
PERM IT AND DENY ( FI LTE R)
12

13. WHAT CAN POLICIES DO?
MODIFY HEAD ERS & PAYLOAD (MUTATE)
13

14. POLICY CHAIN
APPLY AS MANY POLICIES AS NEEDED
14

15. POLICY CHAIN
ANY PO L ICY CAN TERMINAT E OR
SHO RTCUT THE CONVE RSAT ION
15

16. CUSTOM POLICY PLUGINS
EXTEND APIMAN' S FU NCT IONALITY
Add arbitrary new functionality via code (Java)
​Equally as powerful as inbuilt policies
Simple plugin format, encapsulates design-time
and runtime aspects.
UI via JSON schema
Easy testing with JUnit and deployment via Maven
Good number in the community already!
16

17. APIMAN COMPONENTS
AL M OST EVERYTH ING IS PLUGGABLE
Multiple implementations in community, or provide
your own to meet your needs. E.g:
Shared state, rate-limiting, LDAP, caching, ...
Registries
Metrics
Connectors
Logging
17

18. DEMO!
18