SlideShare a Scribd company logo
API Management within a Microservices
Architecture
Nadeesha Gamage
Senior Lead Solutions Engineer
WSO2 At-A-Glance
2
$25m Sales in
2017
53% YoY
growth
450+
Customers,
175 New
Customers in
2017
Open
Source
Founded 2005,
Backed by
Cisco and Toba
Capital
Colombo
London
Mountain View, CA
New York, NY
São Paulo
Sydney
500+
Employees
(300 Engineers)
3
#1
6th
Open Source Integration Vendor
Largest Apache Committer
Largest Open Source Vendor
5th
WSO2: Helping Digitally Driven Organizations
Become Integration Agile
OPEN TECHNOLOGY FOR AGILE DIGITAL BUSINESS
4
Build internal and
external developer
ecosystems with an
API marketplace.
Manage identity,
security, and
privacy across
your digital
business.
Create real-time, intelligent,
actionable business insights
and data products.
Platform enable your digital
business with “micro-services”
and “micro-integrations”.
All WSO2 PRODUCTS ARE
5
WSO2 PRODUCTS
Seamlessly Integrated
Comprehensive platform
Go to market faster
Flexible
Deploy on-premises, public or private
cloud, or hybrid environment
Easily migrate between on-premises and
in the cloud
100% Open source
Quickly build POC
Affordably scale out to production
systems
Backed by world class team
More than a decade of experience
helping companies realize digital
transformation goals
The WSO2 Subscription
Get the most from your WSO2 product with enterprise-grade services:
Open
source
technology
WSO2
Subscription
Options:
- WSO2 managed cloud
- Consulting services
- Managed services
6
WSO2 Training and Certification
Training material free online; learn at your own pace
7
WSO2 Provides
Certification a verifiable way to present skills to team, employers, customers, partners.
Standard training (onsite and online)
Customized training (on-site) in-depth, personalized training for your specific need
ANALYSTS SAY
8
“Strong Performer for Hybrid
Integration”
- The Forrester Wave™: Hybrid Integration for
Enterprises, Q4 2016 report, published November 18,
2016
“Leader in API Management
Solutions”
- The Forrester Wave™: API Management Solutions, Q4
2018 report, published November 1, 2018.
“Visionary”
- Gartner Cool Vendors in Internet of Things Analytics,
2016 report, published May 11, 2016.
“Strong Performer for Big Data
Streaming Analytics”
- The Forrester Wave™: Big Data Streaming Analytics,
Q1 2016 report1, published March 30, 2016.
- Gartner Magic Quadrant for Full Life Cycle API
Management, published October 27, 2016
“Cool Vendor”
Worldwide Customer Presence
9
Flagship Customers
Across every industry and geography
Financial Healthcare Governments Education Telecom Retail TechnologyTransport
10
Agenda
● APIs, the digital connector
● Microservices Architecture
● WSO2 API Manager
● Introduction to WSO2 API Microgateway
● Demo on WSO2 API Manager and Microgateway
● API Microgateway deployment patterns
11
It Is The Age Of The Consumer
12
Source: Forrester Research
API - “The Digital Connector”
API - “The Digital Connector”
● APIs are the interfaces that allows various
services to expose their functionality for
consumption.
● Enables platform independent, language
neutral way of integration.
● Enables Digital Transformation.
Digital
Transformation is all
about creating a
“Digital Experience”
for your customers
Why is it needed to manage APIs?
○ Open API access to consumers
○ Easy API discoverability
○ Protecting APIs
■ Securing for unauthorized access
■ Fine grained access control
■ Throttling
○ Metering and Monitoring
○ Monetization
○ Manage lifecycle and versioning
Monolithic vs Microservices
17
http://www.rafaelhart.com/2018/03/18/monolith-or-microservices.html
Monolithic Applications
Monolithic Application (continued)
● Despite modularity, application is packaged as
a single monolith
● Packaging depends on the language
○ .war, .jar or directory structure
● Simple to test and deploy
● If simple, what is the issue?
○ Simple and easy only at the beginning
Problems with Monolithic applications
● Increasingly difficult to make code changes
Disrupts agile development
● Overtime, no single developer will understand the entire
code. Changes will be error prone
● CI/CD would become painful
● Scaling would be difficult
● An issue in one component could potentially bring down the
entire application
● Stuck with a single language
Microservices Architecture (MSA)
Microservices Architecture pattern
● An application written as small interconnected services,
each implementing distinct functionality
● Self contained, maintains its own datastores
● Each service may expose a REST API, a transactions
require interaction with multiple service.
● Services may also use other Inter-process-
communication methods to interact, such as queue etc.
Advantages with MSA
● Faster and focused development
● Easy deployment and thus easy CI/CD
● Demand based scalability and flexibility
● Reduced downtime due to modularity
● Reduce time to market for new features and
capabilities.
API Management Within a Microservices Architecture
Drawback of MSA
● Inherent complexity of distribution of systems
○ Handling transactions (partial failures)
● Multiple databases
● Need for advanced technology (service mesh,
service discovery, circuit breaker, container
orchestration etc)
Does MSA need API Management?
● Common misconception that Microservices
Architecture eliminates the need of API
Management.
● Rather it augments and works collaboratively
● Don’t we need control on what we expose as a
REST API in microservices?
● Its not a good practice to allow apps to directly
consume microservice
What API Management brings to MSA
● Control API access and security
● API portal and discoverability
● Monitoring usage
● API documentation and testing before adoption
● Versioning and lifecycle management
Traditional Gateway vs Gateway for MSA
Microservices with an API Gateway
● API Microgateway for service
- Deploying Gateway closer to the microservice
API Gateways
MicroservicesProducts Orders
● API Microgateway for each client
- The same API interface exposed to 3 types of Gateways. Each
optimized for the client type it serves.
Products
Orders
MobileWebPublic
Microservices with an API Gateway
WSO2 API Manager
Design, create, publish and manage APIs to
unlock the true value of your digital assets
34
WSO2 API Manager
35
Componentized
36
WSO2 API Manager
● Available as a single
downloadable package
● Available as a cloud / SaaS
solution
● Flexible deployment choices
● High performance gateway
● API governance, marketplace
solution
37
Cloud First or Start On-Prem
● Multi-tenanted, shared
everything
● WSO2 Hosted and managed
● Pay as you go
● Multi-region availability
● VPN tunnel to private DC
● Guaranteed uptime
● Limited options in customizing
● Hybrid Cloud
● Privately hosted
● WSO2 managed
● Upgrades, patches installation
● Guaranteed uptime
● Full flexibility in customization
● Better control
● Self hosted
● Self managed
● Full flexibility
● Dev-ops learning curve
● Self managed upgrades
http://wso2.com/api-management/cloud/
https://docs.wso2.com/display/ManagedCl
oud/WSO2+Managed+Cloud+Documenta
tion
Creating an API
Designing or Publicizing an API
38
39
● Start with an existing endpoint/contract or design and prototype a new API
● Exposing SOAP services (convert to REST or as a passthrough)
● Exposing streaming APIs (Websocket endpoints)
Creating APIs
40
● API Design - Over the wizard & with swagger
Creating APIs
41
● Point to a production backend or prototype at the gateway
Managed or prototyped
Publishing an API
Enforcing Security and SLAs
42
43
● Protecting for applications and users
● Controlling access and entitlement with scope
● Multi-Tier subscription model
Protecting APIs
44
Protecting APIs
45
Authorization & Introspection
46
● Encapsulate the client application
● Associates OAuth2 keys
● Support different integration
patterns for application security
through OAuth grant types
● Pre-generated access tokens for
testing
Client Application
47
● Tier based simple model
○ Application developer selects the tier at app registration
○ Each tier is tied to a policy that describe the quota
○ Tiers can be applied at the application, API or at the API resource level
● Advance rule based models
○ Policies containing IP conditions, message attribute based conditions,
transport header based conditions
○ Complex real time pattern based conditions
Traffic Management
48
Traffic Management
49
Traffic Manager Architecture
50
● Manage stages of an API
● Manage associated states
● Create a new version from an
existing
● Audit changes to lifecycle
states
● Support for custom lifecycles
API Lifecycle Management
Consuming an API
The developer portal / marketplace
51
52
● Searchable (with context) - by name, tag,
description, author etc.
● Social features: tagging, commenting,
rating
● Minimalistic forum
● Themeable: change color, logo, view
● Configure alerts for application developers
● Application based API analytics
● OAuth2 application management
● API Monetization
The Developer Portal
Monitoring an API
Analytics and Insight
53
54
● Analytics dashboard on API stats
○ API Usage / Response
times / Backend latency /
Geo-location etc
● Stats on Applications for
application owners (subscribers)
● Stats on subscriptions
API Analytics: Batch
55
● Leverages real-time analytics streaming engine
● Used for various alerting use-cases
○ Fraudulent access token usage
○ Keeping API developers alerted on backend performance issues
○ Alerting on SLA violations
○ Alerting on tier crossing for subscriptions
● Detect trends
● Detect API call sequences that needs to be blocked
● Detect non-usage scenarios
API Analytics: Realtime
56
API Analytics: Architecture
The API Manager Runtime
Processing Flow and Extensibility
57
58
API Gateway
59
● Message manipulation,
transformation and enrichment
● WSO2 developer studio based
tooling
● Wizard based mediation policy
application
Message mediation
60
API Gateway Performance
WSO2 API Manager all in one simple deployment performance
H/W config: 4 core cpu with 8GB memory / c4.xlarge ec2 equivalent
Extensibility & Enhancements
61
62
● API gateway handlers
○ Security handlers
○ Analytics handlers
● OAuth custom grant types
○ SAML extension grant type
○ NTLM / Kerberos
○ JWT extension grant
Extensibility & Enhancements
63
● OAuth scope handlers
○ Role based scope validation
○ XACML based scope validation
● Mediation extensions
○ Message transformation
○ Routing to backends
○ Payload validation
● Lifecycle extension
○ Executor plugin for lifecycle stages / transitions
Extensibility & Enhancements
API Microgateway
64
Introducing the WSO2 API Microgateway
● Designed to scale.
○ Immutable
○ Self validating tokens
○ Localized rate limiting
○ Offline analytics
● Native support for Docker/K8S.
● Dedicated gateway for microservices.
● First class support for lifecycle management across
environments.
● Low resource requirement (2 core, 256 MB RAM).
Characteristic of WSO2 API Microgateway
● Ability to execute in isolation without connection to other
components; key manager, traffic manager etc.
● Ability to manage a subset of APIs, instead of all.
● Offers a proxy that is capable of performing security validation,
in-memory (local) throttling and operational analytics.
● Immutability.
Microgateway Overview
Microgateway Toolkit
Microgateway
Runtime
Request
API
Definitions
Download API
Definitions
(JSON)
Generate Microgateway
Runtime
Microgateway Security - JWT/JWS
Microgateway Products
Orders
Request
Access
Token (with
scopes)
Provide
Signed
JWT
1
2
3
3
Microgateway
4
4
Client Application
sends Signed JWT
to Microgateways
Microgateway Security - Standard OAuth2.0
Request
Access
Token (with
scopes)
Provide
Opaque
Token
1
2
3
Microgateway
4
Client Application sends
Token to Microgateway
Validate
Token
Microgateway - Localized Rate Limiting
Rate limiting policies are burnt into the microgateway runtime
Microgateway
Products Orders
Apply 1000
req/min on
Products
microservic
e
Apply 500
req/min on
Orders
microservic
e
Microgateway - Offline Analytics
Microgateway
Microgateway
Accumulate data in files
and upload offline
Microgateway - Native Support for Docker/K8S
Microgateway Toolkit
Request
API
Definitions
Download
API
Definitions
(JSON)
Microgateway VM
Microgateway
Docker
Microgateway K8S
Provide relevant arguments in
build phase for desired output
Microgateway - Cross Environment Lifecycle Mgt
Microgateway VM
Microgateway
Microgateway
Staging
Prod
Products
Products
gateway -e
ProductsAPI.v1.prod.endpoint.0="http://staging.apis.wso2.com/products"
gateway -e ProductsAPI.v1.prod.endpoint.0="http://apis.wso2.com/products"
API Gateway vs Microgateway
Feature API Gateway Microgateway
Self contained token based authentication No Yes
OAuth 2.0 token based authentication Yes Yes
Mediation extension support(in/out sequences) Yes No
Response Caching(GET and HEAD methods) Yes Yes
Javascript based mediation logic Yes No
Analytics support Yes Yes
Logging and monitoring support Yes Yes
When to use API Microgateway
● Run in lockdown or offline mode
● Cater to unusual traffic patterns of APIs (run in private
jet mode)
● Scaling a subset of APIs.
● When consumers and services reside in the same
network and a gateway is required in close proximity to
reduce latency.
● Running the gateway in sidecar mode.
When to use the traditional API gateway
● When there is requirement to throttle API calls based
on counters across all gateway nodes.
● Run API gateway as centralized gateway. Handle
requests for many different APIs and different backend
servers.
● Traditional SOAP architecture which requires Gateway
to perform mediations, orchestrations.
Demo
API Microgateway
deployment patterns in MSA
79
Centralized API Gateway
Shared Cluster of API Gateways to Handle the Internal and External Load
80
Private Jet API Gateway
Dedicated API Gateways to Each Microservice or a Group of Microservices
81
Sidecar API Gateway
API Gateway alongside Microservices - Service Mesh Architecture
THANK YOU
wso2.com

More Related Content

What's hot

Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-Premise
Araf Karsh Hamid
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
Apigee | Google Cloud
 
Microservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesMicroservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web Services
Amazon Web Services
 
Monitor every app, in every stage, with free and open Elastic APM
Monitor every app, in every stage, with free and open Elastic APMMonitor every app, in every stage, with free and open Elastic APM
Monitor every app, in every stage, with free and open Elastic APM
Elasticsearch
 
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
Amazon Web Services
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product Demo
Apigee | Google Cloud
 
Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SRE
Araf Karsh Hamid
 
Observability at Scale
Observability at Scale Observability at Scale
Observability at Scale
Knoldus Inc.
 
Understand your system like never before with OpenTelemetry, Grafana, and Pro...
Understand your system like never before with OpenTelemetry, Grafana, and Pro...Understand your system like never before with OpenTelemetry, Grafana, and Pro...
Understand your system like never before with OpenTelemetry, Grafana, and Pro...
LibbySchulze
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API Management
Apigee | Google Cloud
 
Guide to an API-first Strategy
Guide to an API-first StrategyGuide to an API-first Strategy
Guide to an API-first Strategy
Kellton Tech Solutions Ltd
 
Observability
ObservabilityObservability
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy Introduction
Doug Gregory
 
[WSO2 Summit EMEA 2020] Building an Interactive API Marketplace
[WSO2 Summit EMEA 2020] Building an Interactive API Marketplace[WSO2 Summit EMEA 2020] Building an Interactive API Marketplace
[WSO2 Summit EMEA 2020] Building an Interactive API Marketplace
WSO2
 
Kubernetes #2 monitoring
Kubernetes #2   monitoring Kubernetes #2   monitoring
Kubernetes #2 monitoring
Terry Cho
 
API Governance
API Governance API Governance
API Governance
Sunil Kuchipudi
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the Enterprise
Apigee | Google Cloud
 
Best pratices reliability & scalability on Azure
Best pratices reliability & scalability on AzureBest pratices reliability & scalability on Azure
Best pratices reliability & scalability on Azure
Alex Danvy
 
Application Performance Monitoring (APM)
Application Performance Monitoring (APM)Application Performance Monitoring (APM)
Application Performance Monitoring (APM)
Site24x7
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
Apigee | Google Cloud
 

What's hot (20)

Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-Premise
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
 
Microservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesMicroservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web Services
 
Monitor every app, in every stage, with free and open Elastic APM
Monitor every app, in every stage, with free and open Elastic APMMonitor every app, in every stage, with free and open Elastic APM
Monitor every app, in every stage, with free and open Elastic APM
 
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product Demo
 
Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SRE
 
Observability at Scale
Observability at Scale Observability at Scale
Observability at Scale
 
Understand your system like never before with OpenTelemetry, Grafana, and Pro...
Understand your system like never before with OpenTelemetry, Grafana, and Pro...Understand your system like never before with OpenTelemetry, Grafana, and Pro...
Understand your system like never before with OpenTelemetry, Grafana, and Pro...
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API Management
 
Guide to an API-first Strategy
Guide to an API-first StrategyGuide to an API-first Strategy
Guide to an API-first Strategy
 
Observability
ObservabilityObservability
Observability
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy Introduction
 
[WSO2 Summit EMEA 2020] Building an Interactive API Marketplace
[WSO2 Summit EMEA 2020] Building an Interactive API Marketplace[WSO2 Summit EMEA 2020] Building an Interactive API Marketplace
[WSO2 Summit EMEA 2020] Building an Interactive API Marketplace
 
Kubernetes #2 monitoring
Kubernetes #2   monitoring Kubernetes #2   monitoring
Kubernetes #2 monitoring
 
API Governance
API Governance API Governance
API Governance
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the Enterprise
 
Best pratices reliability & scalability on Azure
Best pratices reliability & scalability on AzureBest pratices reliability & scalability on Azure
Best pratices reliability & scalability on Azure
 
Application Performance Monitoring (APM)
Application Performance Monitoring (APM)Application Performance Monitoring (APM)
Application Performance Monitoring (APM)
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
 

Similar to API Management Within a Microservices Architecture

WSO2 User Group Bangalore Meetup
WSO2 User Group Bangalore MeetupWSO2 User Group Bangalore Meetup
WSO2 User Group Bangalore Meetup
WSO2
 
WSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2- OSC Korea - Accelerating Digital Businesses with APIsWSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
WSO2
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven Integration
WSO2
 
[Workshop] Managing the API lifecycle with Open Source Technologies
[Workshop] Managing the API lifecycle with Open Source Technologies[Workshop] Managing the API lifecycle with Open Source Technologies
[Workshop] Managing the API lifecycle with Open Source Technologies
WSO2
 
[WSO2 Integration Summit Bern 2019] Transforming Your Business through APIs
[WSO2 Integration Summit Bern 2019] Transforming Your Business through APIs[WSO2 Integration Summit Bern 2019] Transforming Your Business through APIs
[WSO2 Integration Summit Bern 2019] Transforming Your Business through APIs
WSO2
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIs
Nirmal Fernando
 
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
WSO2
 
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays
 
WSO2 Workshop Sydney 2016 - APIs
WSO2 Workshop Sydney 2016 - APIsWSO2 Workshop Sydney 2016 - APIs
WSO2 Workshop Sydney 2016 - APIs
Dassana Wijesekara
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
WSO2
 
Six Steps To Build A Successful API
Six Steps To Build A Successful APISix Steps To Build A Successful API
Six Steps To Build A Successful API
Chris Haddad
 
Six Steps to Build Successful APIs
Six Steps to Build Successful APIsSix Steps to Build Successful APIs
Six Steps to Build Successful APIs
WSO2
 
João Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIsJoão Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIs
DevCamp Campinas
 
apidays LIVE India 2022_Migrating from monolith to microservices.pdf
apidays LIVE India 2022_Migrating from monolith to microservices.pdfapidays LIVE India 2022_Migrating from monolith to microservices.pdf
apidays LIVE India 2022_Migrating from monolith to microservices.pdf
apidays
 
Digital Transformation for Karnataka Bank Through API-led Integration
Digital Transformation for Karnataka Bank Through API-led IntegrationDigital Transformation for Karnataka Bank Through API-led Integration
Digital Transformation for Karnataka Bank Through API-led Integration
WSO2
 
[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture
WSO2
 
Manchester MuleSoft Meetup #8 - 28 Sept.pptx
Manchester MuleSoft Meetup #8 - 28 Sept.pptxManchester MuleSoft Meetup #8 - 28 Sept.pptx
Manchester MuleSoft Meetup #8 - 28 Sept.pptx
Akshata Sawant
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
Yenlo
 
[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management
[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management
[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management
WSO2
 

Similar to API Management Within a Microservices Architecture (20)

WSO2 User Group Bangalore Meetup
WSO2 User Group Bangalore MeetupWSO2 User Group Bangalore Meetup
WSO2 User Group Bangalore Meetup
 
WSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2- OSC Korea - Accelerating Digital Businesses with APIsWSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2- OSC Korea - Accelerating Digital Businesses with APIs
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven Integration
 
[Workshop] Managing the API lifecycle with Open Source Technologies
[Workshop] Managing the API lifecycle with Open Source Technologies[Workshop] Managing the API lifecycle with Open Source Technologies
[Workshop] Managing the API lifecycle with Open Source Technologies
 
[WSO2 Integration Summit Bern 2019] Transforming Your Business through APIs
[WSO2 Integration Summit Bern 2019] Transforming Your Business through APIs[WSO2 Integration Summit Bern 2019] Transforming Your Business through APIs
[WSO2 Integration Summit Bern 2019] Transforming Your Business through APIs
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIs
 
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
 
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
 
WSO2 Workshop Sydney 2016 - APIs
WSO2 Workshop Sydney 2016 - APIsWSO2 Workshop Sydney 2016 - APIs
WSO2 Workshop Sydney 2016 - APIs
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Six Steps To Build A Successful API
Six Steps To Build A Successful APISix Steps To Build A Successful API
Six Steps To Build A Successful API
 
Six Steps to Build Successful APIs
Six Steps to Build Successful APIsSix Steps to Build Successful APIs
Six Steps to Build Successful APIs
 
João Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIsJoão Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIs
 
apidays LIVE India 2022_Migrating from monolith to microservices.pdf
apidays LIVE India 2022_Migrating from monolith to microservices.pdfapidays LIVE India 2022_Migrating from monolith to microservices.pdf
apidays LIVE India 2022_Migrating from monolith to microservices.pdf
 
Digital Transformation for Karnataka Bank Through API-led Integration
Digital Transformation for Karnataka Bank Through API-led IntegrationDigital Transformation for Karnataka Bank Through API-led Integration
Digital Transformation for Karnataka Bank Through API-led Integration
 
[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture
 
Manchester MuleSoft Meetup #8 - 28 Sept.pptx
Manchester MuleSoft Meetup #8 - 28 Sept.pptxManchester MuleSoft Meetup #8 - 28 Sept.pptx
Manchester MuleSoft Meetup #8 - 28 Sept.pptx
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - API and Cell-based Ar...
 
[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management
[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management
[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management
 

Recently uploaded

Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
aslasdfmkhan4750
 
To Avoid Mistakes When Using Online Attendance Sheets
To Avoid Mistakes When Using Online Attendance SheetsTo Avoid Mistakes When Using Online Attendance Sheets
To Avoid Mistakes When Using Online Attendance Sheets
Task Tracker
 
welcome to presentation on Google Apps
welcome to   presentation on Google Appswelcome to   presentation on Google Apps
welcome to presentation on Google Apps
AsifKarimJim
 
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdfIoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
mohitd6
 
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptxWired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
SimonedeGijt
 
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
3610stuck
 
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docxComprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Aardwolf Security
 
ERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in CoimbatoreERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in Coimbatore
Nextskill Technologies
 
11 Top Cross Browser Testing Tools to Know About.pdf
11 Top Cross Browser Testing Tools to Know About.pdf11 Top Cross Browser Testing Tools to Know About.pdf
11 Top Cross Browser Testing Tools to Know About.pdf
kalichargn70th171
 
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
87tomato
 
The Ultimate Guide to Phone Spy Apps: Everything You Need to Know
The Ultimate Guide to Phone Spy Apps: Everything You Need to KnowThe Ultimate Guide to Phone Spy Apps: Everything You Need to Know
The Ultimate Guide to Phone Spy Apps: Everything You Need to Know
onemonitarsoftware
 
Top Chinese Government-backed APT Groups
Top Chinese Government-backed APT GroupsTop Chinese Government-backed APT Groups
Top Chinese Government-backed APT Groups
SOCRadar
 
Il Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazioneIl Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazione
confluent
 
Mobile App Development Company in Noida - Drona Infotech.
Mobile App Development Company in Noida - Drona Infotech.Mobile App Development Company in Noida - Drona Infotech.
Mobile App Development Company in Noida - Drona Infotech.
Mobile App Development Company in Noida - Drona Infotech
 
Vip Girls Call ServiCe Hyderabad 0000000000 Pooja Best High Class Hyderabad A...
Vip Girls Call ServiCe Hyderabad 0000000000 Pooja Best High Class Hyderabad A...Vip Girls Call ServiCe Hyderabad 0000000000 Pooja Best High Class Hyderabad A...
Vip Girls Call ServiCe Hyderabad 0000000000 Pooja Best High Class Hyderabad A...
ashiklo9823
 
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
Srinivas Dukka
 
Artificial intelligence in customer services or chatbots
Artificial intelligence  in customer services or chatbotsArtificial intelligence  in customer services or chatbots
Artificial intelligence in customer services or chatbots
kayash1656
 
TEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with YouTEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with You
marcofolio
 
Blockchain in Agricultural Traceability Use Cases in 2024.pdf
Blockchain in Agricultural Traceability Use Cases in 2024.pdfBlockchain in Agricultural Traceability Use Cases in 2024.pdf
Blockchain in Agricultural Traceability Use Cases in 2024.pdf
Natsoft Corporation
 
Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …
908dutch
 

Recently uploaded (20)

Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
 
To Avoid Mistakes When Using Online Attendance Sheets
To Avoid Mistakes When Using Online Attendance SheetsTo Avoid Mistakes When Using Online Attendance Sheets
To Avoid Mistakes When Using Online Attendance Sheets
 
welcome to presentation on Google Apps
welcome to   presentation on Google Appswelcome to   presentation on Google Apps
welcome to presentation on Google Apps
 
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdfIoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
 
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptxWired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
 
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
 
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docxComprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
 
ERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in CoimbatoreERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in Coimbatore
 
11 Top Cross Browser Testing Tools to Know About.pdf
11 Top Cross Browser Testing Tools to Know About.pdf11 Top Cross Browser Testing Tools to Know About.pdf
11 Top Cross Browser Testing Tools to Know About.pdf
 
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
 
The Ultimate Guide to Phone Spy Apps: Everything You Need to Know
The Ultimate Guide to Phone Spy Apps: Everything You Need to KnowThe Ultimate Guide to Phone Spy Apps: Everything You Need to Know
The Ultimate Guide to Phone Spy Apps: Everything You Need to Know
 
Top Chinese Government-backed APT Groups
Top Chinese Government-backed APT GroupsTop Chinese Government-backed APT Groups
Top Chinese Government-backed APT Groups
 
Il Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazioneIl Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazione
 
Mobile App Development Company in Noida - Drona Infotech.
Mobile App Development Company in Noida - Drona Infotech.Mobile App Development Company in Noida - Drona Infotech.
Mobile App Development Company in Noida - Drona Infotech.
 
Vip Girls Call ServiCe Hyderabad 0000000000 Pooja Best High Class Hyderabad A...
Vip Girls Call ServiCe Hyderabad 0000000000 Pooja Best High Class Hyderabad A...Vip Girls Call ServiCe Hyderabad 0000000000 Pooja Best High Class Hyderabad A...
Vip Girls Call ServiCe Hyderabad 0000000000 Pooja Best High Class Hyderabad A...
 
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
 
Artificial intelligence in customer services or chatbots
Artificial intelligence  in customer services or chatbotsArtificial intelligence  in customer services or chatbots
Artificial intelligence in customer services or chatbots
 
TEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with YouTEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with You
 
Blockchain in Agricultural Traceability Use Cases in 2024.pdf
Blockchain in Agricultural Traceability Use Cases in 2024.pdfBlockchain in Agricultural Traceability Use Cases in 2024.pdf
Blockchain in Agricultural Traceability Use Cases in 2024.pdf
 
Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …
 

API Management Within a Microservices Architecture

  • 1. API Management within a Microservices Architecture Nadeesha Gamage Senior Lead Solutions Engineer
  • 2. WSO2 At-A-Glance 2 $25m Sales in 2017 53% YoY growth 450+ Customers, 175 New Customers in 2017 Open Source Founded 2005, Backed by Cisco and Toba Capital Colombo London Mountain View, CA New York, NY São Paulo Sydney 500+ Employees (300 Engineers)
  • 3. 3 #1 6th Open Source Integration Vendor Largest Apache Committer Largest Open Source Vendor 5th WSO2: Helping Digitally Driven Organizations Become Integration Agile
  • 4. OPEN TECHNOLOGY FOR AGILE DIGITAL BUSINESS 4 Build internal and external developer ecosystems with an API marketplace. Manage identity, security, and privacy across your digital business. Create real-time, intelligent, actionable business insights and data products. Platform enable your digital business with “micro-services” and “micro-integrations”.
  • 5. All WSO2 PRODUCTS ARE 5 WSO2 PRODUCTS Seamlessly Integrated Comprehensive platform Go to market faster Flexible Deploy on-premises, public or private cloud, or hybrid environment Easily migrate between on-premises and in the cloud 100% Open source Quickly build POC Affordably scale out to production systems Backed by world class team More than a decade of experience helping companies realize digital transformation goals
  • 6. The WSO2 Subscription Get the most from your WSO2 product with enterprise-grade services: Open source technology WSO2 Subscription Options: - WSO2 managed cloud - Consulting services - Managed services 6
  • 7. WSO2 Training and Certification Training material free online; learn at your own pace 7 WSO2 Provides Certification a verifiable way to present skills to team, employers, customers, partners. Standard training (onsite and online) Customized training (on-site) in-depth, personalized training for your specific need
  • 8. ANALYSTS SAY 8 “Strong Performer for Hybrid Integration” - The Forrester Wave™: Hybrid Integration for Enterprises, Q4 2016 report, published November 18, 2016 “Leader in API Management Solutions” - The Forrester Wave™: API Management Solutions, Q4 2018 report, published November 1, 2018. “Visionary” - Gartner Cool Vendors in Internet of Things Analytics, 2016 report, published May 11, 2016. “Strong Performer for Big Data Streaming Analytics” - The Forrester Wave™: Big Data Streaming Analytics, Q1 2016 report1, published March 30, 2016. - Gartner Magic Quadrant for Full Life Cycle API Management, published October 27, 2016 “Cool Vendor”
  • 10. Flagship Customers Across every industry and geography Financial Healthcare Governments Education Telecom Retail TechnologyTransport 10
  • 11. Agenda ● APIs, the digital connector ● Microservices Architecture ● WSO2 API Manager ● Introduction to WSO2 API Microgateway ● Demo on WSO2 API Manager and Microgateway ● API Microgateway deployment patterns 11
  • 12. It Is The Age Of The Consumer 12 Source: Forrester Research
  • 13. API - “The Digital Connector”
  • 14. API - “The Digital Connector” ● APIs are the interfaces that allows various services to expose their functionality for consumption. ● Enables platform independent, language neutral way of integration. ● Enables Digital Transformation.
  • 15. Digital Transformation is all about creating a “Digital Experience” for your customers
  • 16. Why is it needed to manage APIs? ○ Open API access to consumers ○ Easy API discoverability ○ Protecting APIs ■ Securing for unauthorized access ■ Fine grained access control ■ Throttling ○ Metering and Monitoring ○ Monetization ○ Manage lifecycle and versioning
  • 20. Monolithic Application (continued) ● Despite modularity, application is packaged as a single monolith ● Packaging depends on the language ○ .war, .jar or directory structure ● Simple to test and deploy ● If simple, what is the issue? ○ Simple and easy only at the beginning
  • 21. Problems with Monolithic applications ● Increasingly difficult to make code changes Disrupts agile development ● Overtime, no single developer will understand the entire code. Changes will be error prone ● CI/CD would become painful ● Scaling would be difficult ● An issue in one component could potentially bring down the entire application ● Stuck with a single language
  • 23. Microservices Architecture pattern ● An application written as small interconnected services, each implementing distinct functionality ● Self contained, maintains its own datastores ● Each service may expose a REST API, a transactions require interaction with multiple service. ● Services may also use other Inter-process- communication methods to interact, such as queue etc.
  • 24. Advantages with MSA ● Faster and focused development ● Easy deployment and thus easy CI/CD ● Demand based scalability and flexibility ● Reduced downtime due to modularity ● Reduce time to market for new features and capabilities.
  • 26. Drawback of MSA ● Inherent complexity of distribution of systems ○ Handling transactions (partial failures) ● Multiple databases ● Need for advanced technology (service mesh, service discovery, circuit breaker, container orchestration etc)
  • 27. Does MSA need API Management? ● Common misconception that Microservices Architecture eliminates the need of API Management. ● Rather it augments and works collaboratively ● Don’t we need control on what we expose as a REST API in microservices? ● Its not a good practice to allow apps to directly consume microservice
  • 28. What API Management brings to MSA ● Control API access and security ● API portal and discoverability ● Monitoring usage ● API documentation and testing before adoption ● Versioning and lifecycle management
  • 29. Traditional Gateway vs Gateway for MSA
  • 30. Microservices with an API Gateway ● API Microgateway for service - Deploying Gateway closer to the microservice API Gateways MicroservicesProducts Orders
  • 31. ● API Microgateway for each client - The same API interface exposed to 3 types of Gateways. Each optimized for the client type it serves. Products Orders MobileWebPublic Microservices with an API Gateway
  • 32. WSO2 API Manager Design, create, publish and manage APIs to unlock the true value of your digital assets
  • 35. 36 WSO2 API Manager ● Available as a single downloadable package ● Available as a cloud / SaaS solution ● Flexible deployment choices ● High performance gateway ● API governance, marketplace solution
  • 36. 37 Cloud First or Start On-Prem ● Multi-tenanted, shared everything ● WSO2 Hosted and managed ● Pay as you go ● Multi-region availability ● VPN tunnel to private DC ● Guaranteed uptime ● Limited options in customizing ● Hybrid Cloud ● Privately hosted ● WSO2 managed ● Upgrades, patches installation ● Guaranteed uptime ● Full flexibility in customization ● Better control ● Self hosted ● Self managed ● Full flexibility ● Dev-ops learning curve ● Self managed upgrades http://wso2.com/api-management/cloud/ https://docs.wso2.com/display/ManagedCl oud/WSO2+Managed+Cloud+Documenta tion
  • 37. Creating an API Designing or Publicizing an API 38
  • 38. 39 ● Start with an existing endpoint/contract or design and prototype a new API ● Exposing SOAP services (convert to REST or as a passthrough) ● Exposing streaming APIs (Websocket endpoints) Creating APIs
  • 39. 40 ● API Design - Over the wizard & with swagger Creating APIs
  • 40. 41 ● Point to a production backend or prototype at the gateway Managed or prototyped
  • 41. Publishing an API Enforcing Security and SLAs 42
  • 42. 43 ● Protecting for applications and users ● Controlling access and entitlement with scope ● Multi-Tier subscription model Protecting APIs
  • 45. 46 ● Encapsulate the client application ● Associates OAuth2 keys ● Support different integration patterns for application security through OAuth grant types ● Pre-generated access tokens for testing Client Application
  • 46. 47 ● Tier based simple model ○ Application developer selects the tier at app registration ○ Each tier is tied to a policy that describe the quota ○ Tiers can be applied at the application, API or at the API resource level ● Advance rule based models ○ Policies containing IP conditions, message attribute based conditions, transport header based conditions ○ Complex real time pattern based conditions Traffic Management
  • 49. 50 ● Manage stages of an API ● Manage associated states ● Create a new version from an existing ● Audit changes to lifecycle states ● Support for custom lifecycles API Lifecycle Management
  • 50. Consuming an API The developer portal / marketplace 51
  • 51. 52 ● Searchable (with context) - by name, tag, description, author etc. ● Social features: tagging, commenting, rating ● Minimalistic forum ● Themeable: change color, logo, view ● Configure alerts for application developers ● Application based API analytics ● OAuth2 application management ● API Monetization The Developer Portal
  • 52. Monitoring an API Analytics and Insight 53
  • 53. 54 ● Analytics dashboard on API stats ○ API Usage / Response times / Backend latency / Geo-location etc ● Stats on Applications for application owners (subscribers) ● Stats on subscriptions API Analytics: Batch
  • 54. 55 ● Leverages real-time analytics streaming engine ● Used for various alerting use-cases ○ Fraudulent access token usage ○ Keeping API developers alerted on backend performance issues ○ Alerting on SLA violations ○ Alerting on tier crossing for subscriptions ● Detect trends ● Detect API call sequences that needs to be blocked ● Detect non-usage scenarios API Analytics: Realtime
  • 56. The API Manager Runtime Processing Flow and Extensibility 57
  • 58. 59 ● Message manipulation, transformation and enrichment ● WSO2 developer studio based tooling ● Wizard based mediation policy application Message mediation
  • 59. 60 API Gateway Performance WSO2 API Manager all in one simple deployment performance H/W config: 4 core cpu with 8GB memory / c4.xlarge ec2 equivalent
  • 61. 62 ● API gateway handlers ○ Security handlers ○ Analytics handlers ● OAuth custom grant types ○ SAML extension grant type ○ NTLM / Kerberos ○ JWT extension grant Extensibility & Enhancements
  • 62. 63 ● OAuth scope handlers ○ Role based scope validation ○ XACML based scope validation ● Mediation extensions ○ Message transformation ○ Routing to backends ○ Payload validation ● Lifecycle extension ○ Executor plugin for lifecycle stages / transitions Extensibility & Enhancements
  • 64. Introducing the WSO2 API Microgateway ● Designed to scale. ○ Immutable ○ Self validating tokens ○ Localized rate limiting ○ Offline analytics ● Native support for Docker/K8S. ● Dedicated gateway for microservices. ● First class support for lifecycle management across environments. ● Low resource requirement (2 core, 256 MB RAM).
  • 65. Characteristic of WSO2 API Microgateway ● Ability to execute in isolation without connection to other components; key manager, traffic manager etc. ● Ability to manage a subset of APIs, instead of all. ● Offers a proxy that is capable of performing security validation, in-memory (local) throttling and operational analytics. ● Immutability.
  • 67. Microgateway Security - JWT/JWS Microgateway Products Orders Request Access Token (with scopes) Provide Signed JWT 1 2 3 3 Microgateway 4 4 Client Application sends Signed JWT to Microgateways
  • 68. Microgateway Security - Standard OAuth2.0 Request Access Token (with scopes) Provide Opaque Token 1 2 3 Microgateway 4 Client Application sends Token to Microgateway Validate Token
  • 69. Microgateway - Localized Rate Limiting Rate limiting policies are burnt into the microgateway runtime Microgateway Products Orders Apply 1000 req/min on Products microservic e Apply 500 req/min on Orders microservic e
  • 70. Microgateway - Offline Analytics Microgateway Microgateway Accumulate data in files and upload offline
  • 71. Microgateway - Native Support for Docker/K8S Microgateway Toolkit Request API Definitions Download API Definitions (JSON) Microgateway VM Microgateway Docker Microgateway K8S Provide relevant arguments in build phase for desired output
  • 72. Microgateway - Cross Environment Lifecycle Mgt Microgateway VM Microgateway Microgateway Staging Prod Products Products gateway -e ProductsAPI.v1.prod.endpoint.0="http://staging.apis.wso2.com/products" gateway -e ProductsAPI.v1.prod.endpoint.0="http://apis.wso2.com/products"
  • 73. API Gateway vs Microgateway Feature API Gateway Microgateway Self contained token based authentication No Yes OAuth 2.0 token based authentication Yes Yes Mediation extension support(in/out sequences) Yes No Response Caching(GET and HEAD methods) Yes Yes Javascript based mediation logic Yes No Analytics support Yes Yes Logging and monitoring support Yes Yes
  • 74. When to use API Microgateway ● Run in lockdown or offline mode ● Cater to unusual traffic patterns of APIs (run in private jet mode) ● Scaling a subset of APIs. ● When consumers and services reside in the same network and a gateway is required in close proximity to reduce latency. ● Running the gateway in sidecar mode.
  • 75. When to use the traditional API gateway ● When there is requirement to throttle API calls based on counters across all gateway nodes. ● Run API gateway as centralized gateway. Handle requests for many different APIs and different backend servers. ● Traditional SOAP architecture which requires Gateway to perform mediations, orchestrations.
  • 76. Demo
  • 78. 79 Centralized API Gateway Shared Cluster of API Gateways to Handle the Internal and External Load
  • 79. 80 Private Jet API Gateway Dedicated API Gateways to Each Microservice or a Group of Microservices
  • 80. 81 Sidecar API Gateway API Gateway alongside Microservices - Service Mesh Architecture