Vinay Kumar is an Oracle ACE, Enterprise Architect, and co-author of a book on Oracle WebCenter Portal. He will present on Oracle API platform introduction, including the evolution of API management, extending SOA with API management, API management architecture and components, configuring API policies, APIMATIC for developer experience, API Fortress, best practices and benefits, and a demo. The Oracle API platform provides full lifecycle management of APIs from design to decommissioning. It is built on REST principles and supports integration with popular API tools. Key components include the management console, developer portal, API gateway, and API design tool APIARY.

1. Vinay Kumar, ORACLE ACE
@vinaykuma201
SPOUG18-Madrid
1

2. 2
• O RACL E ACE
• Enterp ris e Arch itect
• Co -Au th or of B ook “ B egin n in g Oracle
Web Center portal 12c”
• O racle certified p ro fes s io n al
• B lo g ger-http ://w w w.tech artifact. com/b logs
• So ftware Con s u ltant
• https://med ium.com/@ vinaykuma201

3. 3
• Oracle API platform introduction
• Evolution of API management
• Extension of SOA with API management
• API management Architecture.
• API management components
• Configure the APIs policies.
• APIMATIC – developer experience
• API Fortress
• API Management best pratices & benefits
• Demo

4. 4
Oracle API platform

5. 5

6. API management platform
6
• API Security - The process of publishing, promoting,
and overseeing APIs in a secure, scalable
environment. Securing API and setting up the
permission around that.
• Developer/Partner management - Ensuring that
developers and partners are productive. Dashboard
for developer and partners to explore APIs and
consume it.
• API administration console- Managing, securing, and
mediating your API traffic. Dashboard for API
manager to control , secure, adding policy and user
management.
• Scalable - Allowing an organization to grow their
API program to meet increasing demands
• Monetization capabilities - Enabling the
monetization of APIs.
API management is about the planning, design, implementation, testing, publication, operation, consumption, maintenance, versioning and
retirement of APIs. It involves use of a developers' portal to target, market to and govern communities of developers who embed the APIs, as well as
runtime management, estimation of API value and analytics.

7. API management platform
7
Governance -
1. Tracking the life-cycle of each API from inception to sun-setting .
2. tracking the API Consumers and subscriptions (relationships)to APIs utilized
3. the API Security Model employed and the details of managing it
4. defines the API interface standards used for creating APIs (an organization's standards for usage of
something like Swagger) in the organization
5. gathering statistics of both the Developer Portal and API Gateway usage
6. utilization-based billing
7. API versioning
8. JSON (or XML) Schema versioning for input and output data structures
9. tracking of routing information

8. API economy requirements
8

9. API management platform Domain
9

10. Oracle API platform Introduction
10
• Oracle API management platform provides full life cycle management in a easiest way
i.e. from API design , implementation, continuous integration , operation,
decommissioning and promotions etc.
• Platform itself built using REST principles. All components and features supports via
REST APIs.
• The platform is modular, hybrid, and highly customizable.
• Supports to integrate with popular tools for REST API economy
• Fits well with Existing or new greenfield technology stack.
• Fully aligned with Microservices Architecture.
• Gateway as a Service (GaaS).

11. Evolution of API management platform
11
Legacy Architecture Monolithic Architecture Modern Architecture

12. Evolution of API management platform
12
API GW / Platform
ESB
BPM/BPEL

13. Understand the differences in ESB & APIs
13
Features SOA/ESB APIs & Apps
Core goal Enable Internal developers and systems to connect, while
complying with IT department standards.
Enable developers, either external or internal, to build nifty,
compelling apps, and allow users to run them.
Network Low-latency, trusted. High-latency, untrusted. (Mobile wireless network)
Development Style Deliberate, structured, governed by process. Rapid, iterative, experimental.
Connected
Platform
High-powered server Any connected device
Data Contract Formal, strict. Flexible, dynamic
Data Format XML, JMS, SOAP, EDI, possibly many others. JSON and XML.
Authentication and
Authorization
Internal mechanisms, LDAP Internet standards including OAuth.
Analytics Limited use, secondary importance. primary importance
Data Format XML, JMS, SOAP, EDI, possibly many others JSON and XML

14. Oracle API platform Architecture
14

15. Understanding Oracle API CS components
Management Console: This is the place to manage APIs, gateway, user management, security
and configuration and policies. This should be role-based application where roles and
permissions can be managed.
Developer Interface console: A web-based application where developers can search and
subscribe to APIs. This is where all of the API documentation can found and where application
keys are provided after a subscription to an API takes place.
API Gateway: These are the heart of the platform. They enforce/apply the different API policies
to the managed endpoints. These can deployed on premise and cloud infrastructure as well
depending on the use case. For the initial start, it is recommend putting an API Gateway to close
to the enterprise integration layer. The gateway needs to be resilient, performant and highly
available as the APIs will be critical components of the consumer’s digital strategy.
API Design: This provides API First design capabilities and enables document driven API design
approach. This should support global standards of API documentation, i.e. Swagger, API
Blueprint, Open API etc.
Management Portal
Developer Portal
API Gateway
APIARY

16. API First Design- APIARY: Powerful API design Stack
As the importance of API’s increases, more
responsbility lies on those who build and
manage the APIs
Apiary solves fundamental task of API
design & development , by meeting all the
increase expectations and also streamlining
the business process of how work get done.

17. Apiary : API life cycle
• Building great APIs is all about effective collaboration.
• App developers, testers, architects, product managers,
clients, and partners all bring unique perspectives to
the design of your APIs.
• To be successful, your team needs to make sure every
stakeholder has a say

18. Apiary : Core components/toolset
• Apairy Editor.
• Documentation
• API Inspector (API debugger)
• Apairy Tests.
• GitHub Sync
• Mock Server

19. API platform - Management Portal

20. API platform - Management Portal
– API Catalog – Inventory of APIs that you offer
– API Testing & Monitoring – Test API Interfaces and Functionality (Via API Fortress)
– Deployment Management – Centrally manage availability of APIs across all Gateways
– API Governance – Ensure consistency with style-guides and track changes with history service
– Plan/Subscription Management – Manage who uses your APIs, and to what degree
– Operational Analytics – Understand who is using your API, how, and if they are encountering issues
– User Roles & Grants - Control access to your APIs with instance specific grants.
– Publish APIs to Developer Portal.
– Create application and assign plan to the application.
• Gateway
– Runtime Policies – Top security and traffic management runtime policies out of the box
– Configuration gateway setting.
– Managing the gateways.
https://<LB_IP>/apiplatform

21. API platform - Developer Portal

22. API platform - Developer Portal
– Developer Portal is a simple catalog that collects and provides information about published APIs
– Registering and managing the applications.
– Discovering and subscribing the APIs.
– Customizable portal.
– Discovering & entitling the plans.
– Applications analytics.
https://<LB_IP>/developers

23. API platform - Gateway
• A Logical Gateway
- is a JSON object that defines what its registered nodes should look like. It stored the metadata of
the gateway.
- It stores endpoints, policies, routing rules and traffic management.
- Configuration can inherited to physical gateways.
- One to one mapping of logical to physical gateway
• Physical (runtime) Gateway
- Physical gateway nodes that are used by consumers at runtime to access the API endpoints,
no runtime traffic from API consumers needs to interact with the API Platform Cloud Service
itself.
- All required configuration is passed from the cloud service logical nodes to the physical nodes
as a JSON object.
- Polling between logical and physical gateway. Default 2 mins.
- Can be run onpremise as well in the cloud.

24. API platform - Gateway

25. API platform – Logical Gateway properties files

26. API platform – Gateway setting

27. API platform - Policies
Policies are kind of rules in request/response flow to secure, throttle, route, manipulate, or log
requests .
• Applying OAuth 2.0 Policies
• Applying Key Validation Policies
• Applying Basic Authentication Policies
• Applying IP Filter Validation Policies
• Applying CORS Policies
Security:
• Applying Header Field Filtering Policies
• Applying Interface Filtering Policies
• Applying Redaction Policies
• Applying Header Validation Policies
• Applying Request Payload Validation
Policies
• Applying Method Mapping Policies
• Applying REST to SOAP Policies
Interface Management
• Applying Header-Based Routing
Policies
• Applying Gateway-Based Routing
Policies
• Applying Application-Based Routing
Policies
• Applying Resource-Based Routing
Policies
Traffic Management
• Applying API Throttling–Delay Policies
• Applying Application Rate Limiting
Policies
• Applying API Rate Limiting Policies
Routing
• Applying Service Callout 2.0 Policies
• Applying Logging Policies
• Applying Groovy Script Policies
Others
Custom policies

28. API platform - Policies

29. Developer Experience - APIMATIC
• Inbuilt in API platform cloud service
• SDK generation
• Reactive code samples
• Test cases
• Package publishing
• OAuth login flow

30. APIMATIC extend APIARY’s experience

31. APIMATIC supports SDK Generation
Generate Client Libraries in 10 Languages - Define your API and APIMATIC will generate SDKs in languages of your
choice.
Generate Language Specific Documentation - APIMatic will produce tailored tutorials and detailed usage
instructions for each SDK you generate.
SDK testing - Build test cases and APIMATIC will generate the test code in the same language as the SDK.
Code samples for SDKs - APIMATIC will produce reactive code samples for the SDKs you generate. You can play with
the code samples straight away on the Live API console.
Integrate into your CI/CD pipeline - Use APIMATIC public APIs to generate SDKs and update developer portal as
soon as your API description changes.
Convert API Specifications - Bring your API Description file and convert it into 15 different formats.
Deploy SDKs - Deploy your SDKs on Github or publish them as packages on your favourite package manager.

32. APIMATIC integration in APIP
Coming SoonAPIMatic

33. API Fortress Integration
• Out of box integrationto management portal for :
– link projects
– seetests
– run tests
– view results
• OAuth login flow
• TestDesignin APIFortress
• TryDreddaswellforHTTPAPItesting.

34. Best Practices in API Management
• Design First
– Prototype with mock service
– Collaborate with consumers
• Test Driven Development
– Establish a contract
– Build to contract with CI/CD
• Protocols
– REST interface, JSON data
– Open API (Swagger 2.0) docs
– OAuth 2.0 Based Security
• Backward Breaking Versioning
– Evolve API version to contract
– New “Version” with new contract
• Micro Gateways & Micro Services
– Size vs Quantity
• Centralized Management
– Across multi-cloud and on-premises
• Developer Empowerment
• System APIs & Presentation APIs
– API per system or API per consumer?

35. Top benefits of using an API management platform
• Service Abstraction
- Standardized security model
- Shape the APIs interface
- Absract on top of backend service
• Analytics & Audit
- Rate Limit
- Validations
- Throttling
• Service Protection
- Consumption behaviour
- Error source and distribution
- Transaction details
- Revenu on consumption data
• Monitization
- Plan based access control
- Self service registration
• Customer/partner onboarding & management

36. 36
Demo

37. 37

38. Neal Creative | click & Learn moreNeal Creative ©
THANK YOU
Vinay Kumar
@Vinaykuma201
mail2vinayku@gmail.com
www.techartifact.com/blogs