WSO2 is a leading open source integration vendor that helps organizations become integration agile. It offers an API-led integration platform including API management, enterprise integration, and identity and access management. The platform uses API-first approach and supports hybrid deployments. It provides full API lifecycle management with capabilities for design, security, analytics, and monetization.
08448380779 Call Girls In Friends Colony Women Seeking Men
WSO2 for API-Driven Integration
1. WSO2 for API-Driven Integration
Johann Dilantha Nallathamby
Associate Director/Solutions Architect
2. Image Area
WSO2 is the world’s #1 open source integration
vendor, helping digital-driven organizations
become integration agile.Today, hundreds of
leading brands and thousands of global projects
execute 6 trillion transactions annually using
WSO2 integration technologies.
Visit https://wso2.com to learn more.
About WSO2
4. Start with API
management...
IDENTITY
SERVER
Secure and federated identity
For APIs and integration
60M identities managed
ENTERPRISE
INTEGRATOR
Quick, iterative integration of
any app, data, or system
6 trillion transactions / yr
Complement APIs with integration, security
and analytics to connect apps and data.
API
MANAGER
API design, creation, reuse,
governance, and analytics
20K APIs
Open Source API Management, Integration, Identity
WSO2 API-Led Integration Platform
● Identity management
● Identity federation / SSO
● Identity bridging
● API and microservices security
● Strong and adaptive Auth
● Access control
● Privacy control
● IAM and security analytics
● API analytics
● API designer
● API gateway
● API microgateway
● API publisher
● API storefront/marketplace
● API repository/registry
● ESB
● Integration designer
● Message broker
● Workflows
● Business rules
● Streaming engine
● Stream processing
● Integration analytics
5. Solutions: Telco | Open Banking | Healthcare | GDPR |
WSO2
Architecture for
Agility
WSO2
Methodology
for Agility
Cloud-Native Integration
Kubernetes | Docker | Ballerina | Cellery
IDENTITY
& ACCESS
MANAGEMENT
ENTERPRISE
INTEGRATION
API
MANAGEMENT
Hybrid Deployment
WSO2 Managed Cloud | WSO2 Hosted Cloud | On-premises
Open source, hybrid, API-led integration
Putting It Together: WSO2 Integration Agile Platform
7. Product Overview
WSO2 API Manager is a fully open source
approach to addressing any spectrum of API
lifecycle, monetization and
policy enforcement.
8. “...the only fully open source solution in
our Wave analysis, WSO2 provides
good breadth across all evaluation
criteria.”
Leader in the Forrester
Wave: API Management
Solutions, Q4 2018
12. Why APIs?
● To drive innovation and accelerate go to market process.
● As marketing channel or lead generation source.
● To acquire new customers and users.
● Expand your business with partners or resellers.
● Build audience and an ecosystem around your products.
● Integrate your services with different devices and systems.
● Sell your data to external parties.
● Extend your products or services.
14. WSO2 API Manager
Components
• API Publisher
• API Gateway / Microgateway
• API Store / developer portal
• Key Manager
• Traffic Manager
• Analytics
An open source approach for full API lifecycle
management, monetization, and policy
enforcement. Allows extensibility and
customization, ensures freedom from lock-in.
15. Gateway
Broad portfolio of API management functionality ( * = New since 2018)
Internal and External API Management
API Manager: Core Competencies
○ Policy Enablement
○ Protocol Handling
○ Transformation
○ Microgateway*
○ Mobile &
Multi-experience
○ Data & Data as a
Service
Security
○ OAuth2
○ OIDC
○ Federated ID
○ SSO
○ JWT
○ AI driven API
Security*
Analytics Cloud Native
○ Business value
reporting
○ Streaming &
event-driven
analytics
○ Real-time alerting
○ Traffic management
○ Monetization
○ Istio integration*
○ Installations -
Kubernetes,
Docker, PCF.
○ Monitoring with
Prometheus /
Grafana*
○ Improved CI/CD*
Portal/Store
○ API Marketplaces
○ Monetization
hooks / partners
○ Flexible
theme-based
architecture
○ Registry and
versioning model
Multiple plug-points and extensibility | Open source projects | Flexible deployment options
17. Gateways - API Runtime options
● Multiple Gateway options
○ MicroGW : Immutable, container native, ideal for greenfield projects
○ Regular : Robust, API driven, ideal for brownfield projects
○ Both use the same management plane
○ Both can be used together in the same deployment
● Hybrid option: Gateways close to services, Mgt. plane on cloud
● Both can scale without management plane
● Gateways are identity provider agnostic -> Can work with any key manager
as long as trust is established and a signed token is used
18. • Can scale with or without Key
Manager
• Supports SOAP and WebSocket
based APIs in addition to REST
• Automatic SOAP to REST
conversion
• Config driven mediation support
Standard Gateway
Gateway
Key
Manager
Traffic
Manager
<RES
T>
<SOA
P>
<WebSock
et>
HTTP
HTTP
HTTP
HTTP
JMS
HTTP
19. ● Designed to scale
○ Self-validating tokens
○ Localized rate limiting
○ Offline analytics
○ Immutable
○ Stateless
● Ideal to be deployed in a locked-down env such as DMZ
● Native support for Docker/K8S
● Private Jet Gateway for microservices
● First-class support for lifecycle management across environments
WSO2 API Microgateway
23. Key Manager and Traffic Manager
● Scalable and flexible authentication and
authorization policy enforcement based on
OAuth2.0 and other protocols.
● Integration with third party authorization
services
● Supports a wide range of application types
such as mobile, web, SPA, wearable
devices, biometrics, etc
● Social integration for login via social
networks and other IDPs.
● Rate limits used for billing and metering
purposes
● Fair usage policy enforcements
● Rate limits based on user privilege,
location, device type, etc.
● Rate limits for target services
Security Rate Limiting
24. Security - Standard OAuth2.0
Gateway
Request Access
Token (with
scopes)
Provide Opaque Token
Client Application sends Token
to Gateway
Validate Token
1 2
3
4
25. Security - Signed JWT
Client Application sends Signed
JWT to Gateways
Gateway
Gateway
Request
Access Token
(with scopes)
Provide Signed
JWT
1 2
3
3
4
4
26. Authorization & Introspection
● Secure Token Service can be replaced with any 3rd party product
● External Identity Providers can also be used or federated into for authentication
27. AI Driven API Security
Data & Application Attacks
Advanced Persistent Threats, Data exfiltration, Deletion
DoS & DDoS Attacks
DDoS API Attack, Login service DDoS Attack, Botnet attacking API
Login Attacks
Stolen tokens or cookies, Credential stuffing, fuzzing
Message Security
JSON/XML threat protection, SQL Injection, XS, Schema validation,
Encryption & signature, Redaction, AV scanning
Access Control
Authentication, Authorization, Token Translation
Rate Limiting
Client Throttling, Provider Throttling, Quotas
Network Privacy
SSL/TLS
</>
PingIntelligence
for APIs
28. Additional API Security Capabilities
Bot Detection
JSON Schema Validation
API Keys and Basic Auth support
29. Traffic Manager
● Real-time decision making based on event history
● Differentiated services
● API Monetization support
● Protection for internal and external environments from rogue clients
<Request Event>
GatewayGateway
Traffic Manager
Message Broker
Policy Designer
<Throttle Event> <Throttle Event>
< Policy>
30. Rate-limiting policies are built into the microgateway runtime
Microgateway - Localized Rate Limiting
Microgateway
OrdersProducts
Apply 1000 req/min on
Products microservice
Apply 500 req/min on
Orders microservice
31. Microgateway - Global Rate Limiting
• API deployed on multiple gateways
• Centralised counter required to keep track of
access
• The microgateway submits local counters to
the central Traffic Manager asynchronously.
• The Traffic Manager accumulates the
counters and notifies the gateways
whenever traffic should be rate limited.
Microgateway Microgateway
Traffic Manager
Microgateway
33. API Publisher
● Design, mock and document
REST and SOAP APIs.
● Create new versions of APIs
● Gain API usage insights for operational
purposes
● Import API definitions
● Apply policies for security, rate limits and
message transformations.
The Portal for API Designers and Product Managers.
● Validate and publish APIs for public
discovery and consumption.
● The central point for managing the API’s
Lifecycle.
● Monetize APIs through business plans.
● Gain API usage insights for business
purposes.
Designers Product Managers
35. API Publisher
● Start with an existing endpoint/contract or design and prototype a new API
● Exposing SOAP services (convert to REST or as a passthrough)
● Expose an API with GraphQL support
● Exposing streaming APIs (Websocket endpoints)
36. ● API Design - Over the wizard & with Swagger
API Creation
37. Managed or Prototyped
● Point to a production backend, point at mock backend or prototype at gateway
38. ● Manage stages of an API
● Manage associated states
● Create a new version from an existing
● Audit changes to lifecycle states
● Support for custom lifecycles
API Lifecycle Management
39. Developer Portal
The Application Developer Portal known as the API Store.
● ReactJS based ready to be used Dev portal available out-of-the-box.
● Discover, test and subscribe to APIs
● Search through APIs and their documentation
● Rate, comment and participate on discussion forums of the portal
● Try out the API SDKs for faster go-to-market of applications.
● Brand the developer portal to suit your needs
● Manage the lifecycle of applications across environments
● Integrate with third party authorization servers
40. Productization of APIs
API Products
• Select operations from different APIs and bundle together as a product
• Use different operations of the same API in different products
• Monetize the product APIs targeted at different groups
41. GraphQL Support
● First class support for Graphql APIs
○ Create a Graphql API by importing an SDL schema
○ Identify Graphql APIs automatically in the portals
○ Display operation list instead of resources
○ Display SDL schema instead of open API definition
○ Download option for SDL schema
○ Search option to Graphql type APIs ( type: GRAPHQL)
● Operational Level Security, Authorization and Rate limiting
42. API Monetization
Integration with Billing Engines
• Out of the box integration with Stripe
• Ability to integrate with any other
billing engines
43. Why CI/CD for APIs?
● Rapid development and deployment of APIs
● Less human interruptions
● Fast delivery to end users
● Time saving and efficiency gain
● Automated process provides greater management flexibility
● Detect issues earlier
44. Challenges in CI/CD for APIs?
● Organizations are maintaining multiple deployment environments
● APIs associate with multiple policies and configurations
● Environment specific (endpoints) configurations
● Interference with multiple development teams
45. Environment Specific Configurations
● APIs contain environment specific configurations
● Part of configuration is changing between environments
● Environment specific configurations include
○ Backend endpoints
○ Credentials of backend services
○ Certificates of endpoints
○ Endpoint timeout settings
○ Gateway environments
48. Kubernetes Operator
• Making APIs first class citizens in Kubernetes
• Automatic deployment into Microgateway
• Policies can automatically be applied to the API created
• Security and Throttling policies can be applied, tracing, logging and analytics can
automatically enabled through the swagger
• API created can be pushed to the management plane
kubectl add api -n Stocks --from-file="/path/to/stocks/swagger.yaml"
apictl import-api -f Stocks -e k8s
49. Istio Integration
• Helps exposing microservices deployed on Istio to be managed as APIs.
• Provides an API portal for microservices.
• Allows managing the state of microservices via an API lifecycle.
• Provides end-user authentication and authorization for microservices deployed on Istio.
• Provides business insights for service requests via API portals.
• API Gateway can replace the Istio
51. API Manager: Deployment Options
Our aim - all customers hybrid or cloud by 2021
API Cloud WSO2 Managed Cloud Private On-Premises
● Multi-tenant, shared-everything
● WSO2-hosted and managed
● Pay-as-you-go
● Multi-region availability
● VPN tunnel to private DC
● Guaranteed uptime
● Limited customization options
● Privately hosted
● WSO2 managed
● Upgrades, patches, installation
● Guaranteed uptime
● Full flexibility in customization
● Better control
● Deployed on IaaS of your choice
● Self-hosted
● Self-managed
● Full flexibility
● DevOps learning curve
● Self-managed upgrades
Hybrid API Management
● Gateway can be deployed in any containerised environment
● Multiple deployment options including on-prem/cloud, cloud/cloud
Cloud Availability Regions: us-east-1 (North Virginia), us-west-2 (Oregon), ap-southeast-2 (Sydney), eu-central-1 (Frankfurt), eu-west-1 (Ireland), and sa-east-1 (Brazil).
52. Deployment Patterns
● North deployment on Cloud
● Multi-tenanted and centrally managed
● Gateways deployed on premise
● A deployment at each business-unit
● Decentralized or Centralized API
Management
53. Deployment Patterns
● North deployment on Cloud
● Multi-tenanted and centrally managed
● South deployments are on-premise
● A deployment at each business-unit
● Decentralized or Centralized API
Management
54. Deployment Patterns
• Microgateways deployed in DMZ handle
external API requests
• Regular gateways in the LAN handle
internal API requests
• Gateway chaining a possibility between
DMZ and LAN
• A single Management Plane for both
Microgateways and Regular gateways
• Gateways can scale independently of the
Control Plane
56. Future of API Management
The two aspects of API Management in the future
• API Management in Microservices and Cloud Native Space
• Business of APIs
57. Future of API Management
The two aspects of API Management in the future
• API Management in Microservices and Cloud Native Space
“API management will natively become part of Microservices
frameworks”
• Business of APIs
“There will be more innovations on value additions and monetization
aspects of APIs”
58. Future of API Management
WSO2’s future API strategy considers both these
aspects equally important. We will continue to innovate
in both these areas.
Our vision is to bring the best-of the world Hybrid
experience of these two areas to our users
59. API Manager
● API categorisations (in addition to tags)
● Federated API Marketplaces.
● First-class integration with observability tools
such as Prometheus.
● First class support for federated apps (login
with Facebook, Google).
● Istio integration v2.0.
Microgateway
● Microgateway toolkit (compiler) as a service
● Mutable microgateway runtimes
● Private jet microgateways that are directly
deployable from the control plane (API Manager)
● Serverless enablement of microgateways with
KNative
● Composable microgateways for app developers
to deploy “application gateways”
● Self-tuning capability to cater to APIs of different
scale
Near-Term Mid-Term Future
WSO2 API-M Product Roadmap
API Manager
● Direct integration of the API Gateway with
AWS Lambda.
● Integration with 42curnch for API security best
practices and API spec governance.
● Enhanced API analytics with better
visualization and drill downs.
Microgateway
● gRPC and Web Socket support
● Fully self-serviced microgateway with simplified
UX.
● Microgateway for Spring Boot Microservices.
● Heterogeneous control plane support to generate
microgateways from public hosted open API
definitions
● Pluggable authentication schemes
● Globally shareable policies through Policy-Hub
● Support for virtual hosts
● Integration with Consul for service discovery
API Manager and Microgateway
● Extending support for dynamic (third-party)
gateways.
● Dynamic registration of microgateways on API
Manager
● Support for serverless API gateways
● Personalization of APIs for API consumers, which
can be deployed on personal API gateways
(private-jet)
● API gateways for event-driven microservices
communications
● In-process sidecar API gateway for Ballerina
● Additional defenses for attack vectors, such as via
machine learning and honeypots
● Control plane support with xDS APIs
● Microgateway as the edge gateway (ingress
gateway) in Kubernetes
● Heterogeneous request/response transformation
support
● Built-in billing