Getting Started with API Management

1. MICHIGAN ORACLE USERS SUMMIT 2022 WEDNESDAY OCTOBER 26,2022 2:20PM @W210A GETTING STARTED WITH API MANAGEMENT PRESENTER NAME: AHMED ABOULNAGA PRESENTERTITLE: TECHNICAL DIRECTOR

2. TABLE OF CONTENTS Introduction 3 APIs – A Brief Overview 6 ClientTools – Examples of Options 9 Walkthrough of REST 14 What is API Management? 21 API Gateways – HowThey Fit in API Management 25 WSO2 API Manager 29 OracleAPI Gateway (cloud) 37 FinalThoughts 51

3. INTRODUCTION

4. ABOUT ME Ahmed Aboulnaga  Master’s degree in Computer Science from George Mason University  Recent emphasis on cloud,DevOps,middleware,security in current projects  OracleACE Pro, OCE, OCA  Author, Blogger,Presenter  @Ahmed_Aboulnaga

5. WHAT THIS PRESENTATION WILL COVER API Concepts API Management Concepts API Management Products & Services APIs REST cURL API Management API Gateway WSO2 API Manager Oracle API Gateway 1 2 3 1a 1b 1c 2a 2b 3a 3b

6. APIS A BRIEF OVERVIEW

7. WHAT IS AN API?  Application Programming Interface  Nowadays, when APIs are mentioned,it typically refers to web APIs  REST and SOAP web services expose application data and functionality over the internet

8. WHAT IS AN API?  All cloud vendors provide some type of API to their services  This allows for programmatic access to cloud services  A basic understanding of cURL, REST, and JSON is helpful  Most cloud providers use the REST architectural style for their APIs Client REST API Backend System JSON / XML GET / POST / PUT / DELETE

9. CLIENT TOOLS EXAMPLES OF OPTIONS

10. SAMPLE REST CALL USING SOAPUI https://api.agify.io?name=ahmed  Popular web service client  Support SOAP and REST www.soapui.org  Free version available

11. SAMPLE SOAP CALL USING SOAPUI http://webservices.oorsprong.org/websamples.countryinfo/CountryInfoService.wso?WSDL  Includes support of functional testing, service simulation,and load testing

12. POSTMAN  PopularAPI client  Free version available www.postman.com  Numerous features that include: ‒ Create API documentation ‒ Automated testing ‒ Design and mock APIs ‒ Monitor APIs ‒ Etc.

13. CURL  Open-source command-line tool  Supports more than 22 different protocols (e.g., HTTP,HTTPS,FTP,etc.)  For HTTP,supports all methods (e.g., GET, POST, PUT,DELETE, etc.)  Very useful for testing RESTful web services  Other advanced tools available include Postman, SoapUI,Oracle SQL Developer,etc.  Example service: https://api.weather.gov/alerts/active?area=MI

14. WALKTHROUGH OF REST

15. WHAT IS REST?  REpresentational StateTransfer  Architectural style for distributed hypermedia system  Proposed in 2000 by Roy Fielding in his dissertation  Web Service implemented with REST is called RESTful web service  REST is not a protocol like SOAP. It is rather an architectural style  REST services typically use HTTP/HTTPS, but can be implemented with other protocols like FTP

16. REST ARCHITECTURAL CONSIDERATIONS Uniform interface: Easy to understand and readable results and can be consumed by any client or programming language over basic protocols. URI-based access: Using the same approach to a human browsing a website where all resource are linked together. Stateless communication: Extremely scalable since no client context is stored on the server between requests.

17. REST METHODS  The HTTP protocol provides multiple methods which you can utilize for RESTful web services  The table maps the HTTP method to the typical REST operation  Some firewalls may limit some HTTP methods for security reasons HTTP Method REST Operation GET Read POST Create PUT Update DELETE Delete OPTIONS List of available methods HEAD Get version PATCH Update property/attribute Most common in web applications Most common in REST to provide CRUD functionality

18. RESOURCES  Requests are sent to resources (i.e., URLs)  Each resource represents an object which identified by a noun (e.g., employee,etc.)  Each resource has a unique URL  When performing a POST (create) or PUT (update),you must pass additional values Resource HTTP Method REST Output https://hostname/hr/employee GET Retrieve a list of all employees https://hostname/hr/employee/12 GET Retrieve details for employee #12 https://hostname/hr/employee POST Create a new employee https://hostname/hr/employee/12 PUT Update employee #12 https://hostname/hr/employee/12 DELETE Delete employee #12 https://hostname/hr/employee/12/address GET Retrieve address for employee #12

19. HTTP RESPONSE CODES  HTTP response codes determine the overall response of the REST invocation HTTP Code Status Description 2XX (200,201,204) OK Data was received and operation was performed 3XX (301,302) Redirect Request redirected to another URL 4XX (403,404) Client Error Resource not available to client 5XX (500) Server Error Server error

20. JSON  JavaScript Object Notation  Pronounced“Jason”  An object surrounded by { }  An array or ordered list  REST can support both JSON and XML  Less verbose than XML, but lacks metadata support //JSON Object { "employee": { "id": 12, "name": "Kobe", "location": "USA" } } //JSON Array { "employees": [ { "id": 12, "name": "Kobe", "location": "USA" }, { "id": 13, "name": "Jordan", "location": "Canada" }, { "id": 14, "name": "Barkley", "location": "USA" } ] }

21. WHAT IS API MANAGEMENT?

22. INDUSTRY DEFINITION OF “API MANAGEMENT” “Organizations are implementing strategies to manage APIs so they can respond to rapid changes in customer demands” “Gives enterprises greater flexibility when reusing the functionality of API integrations and helps save time and money without trading off security” “Modernize legacy applications,move to the cloud, create new products,integrate with Salesforce and SAP, and much more” “Accelerate innovation in today’s rapidly changing marketplace”

23. WHAT IS API MANAGEMENT?  Unified API Management Solution  For public and privateAPIs  Centralizing control (e.g., access control)  Rate limiting and usage policies  Analytics  Monetization https://www.altexsoft.com/blog/api-management/

24. API MANAGEMENT TOOLS – A GARTNER DEFINITION  What does a comprehensiveAPI Management tool consist of? ‒ Supports all stages of the API lifecycle,namely: planning and design, implementation and testing, deployment and exploitation, and versioning and retirement ‒ Some vendors of API Management solutions specialize only in subsets of the API lifecycle, such as API gateways and testing, while others focus on the entire lifecycle  ComprehensiveAPI management tools typically include support in the following: https://medium.com/transparent-data-eng/best-api-management-tools-2021-c03344dbd63b FunctionalArea Description Developer Portal Self-service,fully unified catalog of APIs in which you can enable and manage the ecosystems of developers who create and use APIs API Gateway Management of the runtime environment,monitoring of security and API usage Policy Management & Analytics Security configuration,mediation,and analysis of actual use of APIs API Design & Development Toolkit for designing and creatingAPIs and integratingAPIs on existing systems APITesting From basic mock tests to advanced functional,performance,and security tests

25. API GATEWAYS HOW THEY FIT IN API MANAGEMENT

26. WHAT IS AN API GATEWAY?  Sits between a client and a collection of backend services  Acts as a reverse proxy to accept all API calls, aggregate the various services required to fulfill them, and return the appropriate result  Handles common tasks such as user authentication,rate limiting, and statistics  When should you use an API Gateway? ‒ To provide a single,unifiedAPI entry point across ‒ To protect your APIs from overuse and abuse (using authentication and rate limiting) ‒ To understand how people use your APIs (using analytics and monitoring) ‒ To monetizeAPIs ‒ In a microservices architecture (a single request could require calls to dozens of distinct applications)

27. CHALLENGES  Web services are the primary mechanism for applications and systems to interoperate,communicate,and exchange data messaging  Web services are the foundation for system-to-system communication  Many organizations have unmanaged,insecure,and direct access by developers to backend web services ? Number of web services (i.e., APIs) ? Type of web service security deployed ? Usage, SLA, and reuse metrics PROBLEMS Web App Java Web Service Fusion Apps Web Service Salesforce Web Service PayPal Web App Java Web App Java

28. BENEFITS OF AN API GATEWAY  Introduce a gateway to virtualize and abstract all backend web services  Provides a consistent mechanism to secure and track web services Benefits ▪ Increase security through modern and standardized implementation of API security for all LANL web services ▪ Avoid open/direct access to backend services ▪ Centralized catalog of published APIs ▪ Maximum investment through service reuse ▪ Threat/bot/DDOS detection Web App Java Web Service Fusion Apps Web Service Salesforce Web Service PayPal Gateway

29. WSO2 API MANAGER

30. WSO2 API MANAGER  WSO2 API ManagerVersion 4.1.0  Open-source,enterprise-gradeAPI management for on-premises,cloud, and hybrid architectures  Provides gateway capabilities wso2.com/api-management

31. WSO2 API MANAGER – CREATING AN API

32. WSO2 API MANAGER – CONFIGURINGAN API

33. WSO2 API MANAGER – API CATALOG

34. WSO2 API MANAGER – OVERVIEW OF API

35. WSO2 API MANAGER – TESTINGTHE APIWITH CURL

36. WSO2 API MANAGER – TESTINGTHE APIWITH SOAPUI

37. ORACLE API GATEWAY (CLOUD)

38. ORACLE API GATEWAY  Not to be confused with the legacy, on-prem Oracle API Gateway product  Cloud-based service to publish APIs with private endpoints that are accessible internally  Integrated with Oracle Cloud Infrastructure Identity and Access Management (IAM)  Expose APIs with public IP addresses to accept internet traffic  Support transformation, CORS, authentication/authorization, and request limiting  Highly availability  Single consolidated API endpoint https://docs.oracle.com/en-us/iaas/Content/APIGateway/Concepts/apigatewayoverview.htm https://docs.oracle.com/en-us/iaas/Content/APIGateway/home.htm

39. ORACLE API GATEWAY – COST

40. ORACLE API GATEWAY – TUTORIAL https://www.oracle.com/webfolder/technetwork/tutorials/infographics/oci_apigw_gs_quickview/apigw_quickview_top/apigw_quickview/index.html

41. ORACLE API GATEWAY – LOCATION IN CONSOLE

42. ORACLE API GATEWAY – CREATE A GATEWAY

43. ORACLE API GATEWAY – CREATE A DEPLOYMENT

44. ORACLE API GATEWAY – CREATE A DEPLOYMENT

45. ORACLE API GATEWAY – GATEWAY SERVICE DETAILS

46. ORACLE API GATEWAY – FIRST ATTEMPT AT CALLING API

47. ORACLE API GATEWAY – ENABLE ACCESS AND EXECUTION LOGGING

48. ORACLE API GATEWAY – ADD 443 INBOUNDTO FIREWALL

49. ORACLE API GATEWAY – USINGTHE CORRECT URL CONTEXT

50. ORACLE API GATEWAY – CALLINGTHE ORIGINAL UNAUTHENTICATED SERVICE

51. FINALTHOUGHTS

52. GARTNER MAGIC QUADRANT FOR FULL LIFECYCLE API MANAGEMENT Leaders:  Google Apigee  Mulesoft  IBM  Axway  Software AG  Kong  Microsoft

53. WHERE API GATEWAYS FIT IN THE OVERALL ARCHITECTURE

54. GETTING STARTED WITH ORACLE API GATEWAY https://docs.oracle.com/en-us/iaas/Content/APIGateway/home.htm

55. RECAP Concepts  API  REST  JSON ClientTools  SoapUI  Postman  cURL Solutions  API Management  API Gateway Products & Services  WSO2 API Manager  OracleAPI Gateway

56. www.mous.us THANKYOU SAVE THE DATE • ASCEND CONFERENCE 2023 June 11-14,2023 Caribe Royale Resort Orlando,Florida https://ascendusersconference.com • MOUS 2023 October 25, 2023 Schoolcraft College -VisTaTech Center, 18600 Haggerty Rd, Livonia,MI https://www.mous.us

57. www.mous.us THANKYOU SURVEYS • Session Surveys Please complete the session survey for this session. The survey will be provided to each attendee.

Getting Started with API Management

You are reading a preview.

Check these out next

Getting Started with API Management

More Related Content

Similar to Getting Started with API Management (20)

More from Revelation Technologies (20)

Recently uploaded (20)