Getting Started with API Management – Why It's Needed On-prem and in the Cloud

ODTUG Kscope22
June 22, 2022
9:00am CST
San Antonio 2
Getting Started with API Management
Why It’s Needed On-Prem and in the Cloud

© Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 2 of 54
@Revelation_Tech
INTRODUCTION

@Revelation_Tech
About Me
Ahmed Aboulnaga
• Master’s degree in Computer Science from George Mason University
• Recent emphasis on cloud, DevOps, middleware, security in current projects
• Oracle ACE Pro, OCE, OCA
• Author, Blogger, Presenter
• @Ahmed_Aboulnaga

@Revelation_Tech
What This Presentation Will Cover
API Concepts API Management
Concepts
API Management
Products & Services
APIs
REST
cURL
API Management
API Gateway
WSO2 API Manager
Oracle API Gateway
1 2 3
1a
1b
1c
2a
2b
3a
3b

@Revelation_Tech
APIS – A BRIEF OVERVIEW

@Revelation_Tech
What is an API?
• Application Programming Interface
• Nowadays, when APIs are mentioned, it typically refers to web APIs
• REST and SOAP web services expose application data and functionality
over the internet

@Revelation_Tech
What is an API?
• All cloud vendors provide some type of API to their services
• This allows for programmatic access to cloud services
• A basic understanding of cURL, REST, and JSON is helpful
• Most cloud providers use the REST architectural style for their APIs
Client REST API Backend System
JSON / XML
GET / POST / PUT / DELETE

@Revelation_Tech
CLIENT TOOLS – EXAMPLES OF OPTIONS

@Revelation_Tech
Sample REST Call using SoapUI
• Popular web service client
• Support SOAP and REST
• Free version available
• www.soapui.org
https://api.agify.io?name=ahmed

@Revelation_Tech
Sample SOAP Call Using SoapUI
• Includes support of functional testing, service simulation, and load testing
http://webservices.oorsprong.org/websamples.countryinfo/CountryInfoService.wso?WSDL

@Revelation_Tech
Postman
• Popular API client
• Free version available
• www.postman.com
• Numerous features that include:
‒ Create API documentation
‒ Automated testing
‒ Design and mock APIs
‒ Monitor APIs
‒ Etc.

@Revelation_Tech
cURL
• Open-source command-line tool
• Supports more than 22 different protocols
(e.g., HTTP
, HTTPS, FTP
, etc.)
• For HTTP
, supports all methods (e.g., GET,
POST, PUT, DELETE, etc.)
• Very useful for testing RESTful web services
• Other advanced tools available include
Postman, SoapUI, Oracle SQL Developer,
etc.
Example service:
https://api.weather.gov/alerts/active?area=MI

@Revelation_Tech
WALKTHROUGH OF REST

@Revelation_Tech
What is REST?
• REpresentational State Transfer
• Architectural style for distributed hypermedia system
• Proposed in 2000 by Roy Fielding in his dissertation
• Web Service implemented with REST is called RESTful web service
• REST is not a protocol like SOAP
, but rather an architectural style
• REST services typically use HTTP/HTTPS, but can be implemented with other
protocols like FTP

@Revelation_Tech
REST Architectural Considerations
Uniform interface: Easy to understand and readable results and can
be consumed by any client or programming language over basic
protocols
URI-based access: Using the same approach to a human browsing a
website where all resource are linked together
Stateless communication: Extremely scalable since no client context is
stored on the server between requests

@Revelation_Tech
REST Methods
• The HTTP protocol provides multiple methods which you can utilize for RESTful
web services
• The table maps the HTTP method to the typical REST operation
• Some firewalls may limit some HTTP methods for security reasons
HTTP Method REST Operation
GET Read
POST Create
PUT Update
DELETE Delete
OPTIONS List of available methods
HEAD Get version
PATCH Update property/attribute
Most common
in web
applications
Most common in
REST to provide
CRUD
functionality

@Revelation_Tech
Resources
• Requests are sent to resources (i.e., URLs)
• Each resource represents an object which identified by a noun (e.g., employee, etc.)
• Each resource has a unique URL
• When performing a POST (create) or PUT (update), you must pass additional values
Resource HTTP Method REST Output
https://hostname/hr/employee GET Retrieve a list of all employees
https://hostname/hr/employee/12 GET Retrieve details for employee #12
https://hostname/hr/employee POST Create a new employee
https://hostname/hr/employee/12 PUT Update employee #12
https://hostname/hr/employee/12 DELETE Delete employee #12
https://hostname/hr/employee/12/address GET Retrieve address for employee #12

@Revelation_Tech
HTTP Response Codes
• HTTP response codes determine the overall response of the REST invocation
HTTP Code Status Description
2XX (200, 201, 204) OK Data was received and operation was performed
3XX (301, 302) Redirect Request redirected to another URL
4XX (403, 404) Client Error Resource not available to client
5XX (500) Server Error Server error

@Revelation_Tech
What is JSON?
• JavaScript Object Notation
• Pronounced “Jason”
• An object surrounded by { }
• An array or ordered list
• REST can support both JSON and XML
• Less verbose than XML, but lacks metadata support
//JSON Object
{
"employee": {
"id": 12,
"name": "Kobe",
"location": "USA"
}
}
//JSON Array
{
"employees": [
{
"id": 12,
"name": "Kobe",
"location": "USA"
},
{
"id": 13,
"name": "Jordan",
"location": "Canada"
},
{
"id": 14,
"name": "Barkley",
"location": "USA"
}
]
}

@Revelation_Tech
WHAT IS API MANAGEMENT?

@Revelation_Tech
Industry Definition of “API Management”
“Organizations are implementing strategies to manage APIs so
they can respond to rapid changes in customer demands”
“Gives enterprises greater flexibility when reusing the
functionality of API integrations and helps save time and money
without trading off security”
“Modernize legacy applications, move to the cloud, create new
products, integrate with Salesforce and SAP, and much more”
“Accelerate innovation in today’s rapidly changing marketplace”

@Revelation_Tech
What is API Management?
• Unified API Management Solution
• For public and private APIs
• Centralizing control (e.g., access
control)
• Rate limiting and usage policies
• Analytics
• Monetization
https://www.altexsoft.com/blog/api-management/

@Revelation_Tech
API Management Tools – A Gartner Definition
• What does a comprehensive API Management tool consist of?
‒ Supports all stages of the API lifecycle, namely: planning and design, implementation and
testing, deployment and exploitation, and versioning and retirement
‒ Some vendors of API Management solutions specialize only in subsets of the API lifecycle,
such as API gateways and testing, while others focus on the entire lifecycle
• Comprehensive API management tools typically include support in the following:
https://medium.com/transparent-data-eng/best-api-management-tools-2021-c03344dbd63b
Functional Area Description
Developer Portal
Self-service, fully unified catalog of APIs in which you can enable and manage the ecosystems of
developers who create and use APIs
API Gateway Management of the runtime environment, monitoring of security and API usage
Policy Management & Analytics Security configuration, mediation, and analysis of actual use of APIs
API Design & Development Toolkit for designing and creating APIs and integrating APIs on existing systems
API Testing From basic mock tests to advanced functional, performance, and security tests

@Revelation_Tech
API GATEWAYS – THEIR ROLE IN API MANAGEMENT

@Revelation_Tech
What is an API Gateway?
• Sits between a client and a collection of backend services
• Acts as a reverse proxy to accept all API calls, aggregate the various services required to
fulfill them, and return the appropriate result
• Handles common tasks such as user authentication, rate limiting, and statistics
• When should you use an API Gateway?
‒ To provide a single, unified API entry point across
‒ To protect your APIs from overuse and abuse (using authentication and rate limiting)
‒ To understand how people use your APIs (using analytics and monitoring)
‒ To monetize APIs
‒ In a microservices architecture (a single request could require calls to dozens of distinct applications)

@Revelation_Tech
Challenges
• Web services are the primary mechanism for applications and systems
to interoperate, communicate, and exchange data messaging
• Web services are the foundation for system-to-system communication
• Many organizations have unmanaged, insecure, and direct access by
developers to backend web services
?
Number of web services
(i.e., APIs)
?
Type of web service
security deployed
?
Usage, SLA, and
reuse metrics
PROBLEMS
Web App Java
Web Service Fusion Apps
Web Service Salesforce Web Service PayPal
Web App Java Web App Java

@Revelation_Tech
Benefits of an API Gateway
• Introduce a gateway to virtualize and abstract all backend web
services
• Provides a consistent mechanism to secure and track web
services
Benefits
▪ Increase security through
modern and standardized
implementation of API security
for all LANL web services
▪ Avoid open/direct access to
backend services
▪ Centralized catalog of published
APIs
▪ Maximum investment through
service reuse
▪ Threat/bot/DDOS detection
Web App Java
Web Service Fusion Apps
Web Service Salesforce Web Service PayPal
Gateway

@Revelation_Tech
WSO2 API MANAGEMENT

@Revelation_Tech
WSO2 API Manager
• WSO2 API Manager Version 4.1.0
• Open-source, enterprise-grade API management for on-premises, cloud, and
hybrid architectures
• Provides gateway capabilities
• wso2.com/api-management

@Revelation_Tech
WSO2 API Manager – Creating an API

@Revelation_Tech
WSO2 API Manager – Configuring an API

@Revelation_Tech
WSO2 API Manager – API Catalog

@Revelation_Tech
WSO2 API Manager – Overview of API

@Revelation_Tech
WSO2 API Manager – Testing the API with cURL
34

@Revelation_Tech
WSO2 API Manager – Testing the API with SoapUI

@Revelation_Tech
ORACLE API GATEWAY (CLOUD)

@Revelation_Tech
Oracle API Gateway
• Not to be confused with the legacy, on-prem Oracle API Gateway product
• Cloud-based service to publish APIs with private endpoints that are accessible internally
• Integrated with Oracle Cloud Infrastructure Identity and Access Management (IAM)
• Expose APIs with public IP addresses to accept internet traffic
• Support transformation, CORS, authentication/authorization, and request limiting
• Highly availability
• Single consolidated API endpoint
https://docs.oracle.com/en-us/iaas/Content/APIGateway/Concepts/apigatewayoverview.htm
https://docs.oracle.com/en-us/iaas/Content/APIGateway/home.htm

@Revelation_Tech
Oracle API Gateway – Cost

@Revelation_Tech
Oracle API Gateway – Tutorial
https://www.oracle.com/webfolder/technetwork/tutorials/infographics/oci_apigw_gs_quickview/apigw_quickview_top/apigw_quickview/index.html

@Revelation_Tech
Oracle API Gateway – Location in Console

@Revelation_Tech
Oracle API Gateway – Create a Gateway

@Revelation_Tech
Oracle API Gateway – Create a Deployment

@Revelation_Tech
Oracle API Gateway – Gateway Service Details

@Revelation_Tech
Oracle API Gateway – First Attempt at Calling API

@Revelation_Tech
Oracle API Gateway – Enable Access & Execution Logging

@Revelation_Tech
Oracle API Gateway – Add 443 Inbound to Firewall

@Revelation_Tech
Oracle API Gateway – Using the Correct URL Context

@Revelation_Tech
Oracle API Gateway – Calling the Original Service

@Revelation_Tech
FINAL THOUGHTS

@Revelation_Tech
Gartner Magic Quadrant: Full Lifecycle API Management
Leaders:
• Google Apigee
• Mulesoft
• IBM
• Axway
• Software AG
• Kong
• Microsoft

@Revelation_Tech
Where API Gateways Fit in the Overall Architecture

@Revelation_Tech
Getting Started with Oracle API Gateway
https://docs.oracle.com/en-us/iaas/Content/APIGateway/home.htm

@Revelation_Tech
Recap
Client Tools
• SoapUI
• Postman
• cURL
Solutions
• API Management
• API Gateway
Products & Services
• WSO2 API Manager
• Oracle API Gateway
Concepts
• API
• REST
• JSON

@Revelation_Tech

Getting Started with API Management – Why It's Needed On-prem and in the Cloud

More Related Content

Similar to Getting Started with API Management – Why It's Needed On-prem and in the Cloud

More from Revelation Technologies

Recently uploaded

Getting Started with API Management – Why It's Needed On-prem and in the Cloud