Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to Build, Manage, and Promote APIs


Published on

Published in: Technology, Business
  • Be the first to comment

How to Build, Manage, and Promote APIs

  1. 1. lean . enterprise . middlewareWSO2 API Management Platform Chris Haddad VP, Technology Evangelism Paul Fremantle, CTO and Co-Founder Asanka Abeysinghe Director, Solutions Architecture © WSO2 2011. Not for redistribution. Commercial in Confidence.
  2. 2. Business APIs“APIs provide a way to make resources available for internal and external partners to access information and services.”
  3. 3. API ArchitectureAn API is a business capability delivered over the Internet to internal or external consumers • Network accessible function • Available using standard web protocols • With well-defined interfaces • Designed for access by third-partiesA Managed API is: • Actively advertised and subscribe-able • Exhibits high Quality of Service (QoS) • Available with Service Level Agreements (SLAs) • Secured, authenticated, authorized and protected • Monitored and monetized with analytics
  4. 4. A note on our development process• WSO2 uses an agile, iterative development process • v1.0 is a Minimum Viable Product • • Just enough features to allow a subset of users to deploy the system in production• Each further release is aimed at meeting specific user requirements• Not everything we say today may end up in v1.0 • You can follow progress on • And by joining the Beta programme (details at the end)
  5. 5. WSO2 API Management Platform
  6. 6. API Store Features
  7. 7. API Publisher Features
  8. 8. API Management Platform Details• Full support for web protocols: • JSON/HTTP(S), REST interactions • SOAP/HTTP(S), XML/HTTP(S) • Non-blocking high-performance HTTP transport handles 000s of concurrent connections• API Key Management based on OAuth2 • Get Key (with or without asynchronous approval process) • Renew Key • Revoke Key• Monitoring and analytics • Latency, Response Time, Failures vs Success, Total Transactions, Transactions by API Key • By user specified time period as well as over the last 1m, 5m, 10m, 1hr, 4hr, 8hr, 24hr periods
  9. 9. API Key Use Case
  10. 10. Understanding the flow• API Publisher adds API into API Manager • [Optionally provides sandbox endpoint]• API Governance / Admin approves publish• …• API Consumer finds API• API Consumer subscribes to API Key • [optional approval process]• OAuth2 Bearer Key issued • [optionally issue both production and sandbox keys]• …• API Consumer application makes a call • API Key is validated • API Key metadata is used to identify: • Throttling / Rate limiting policy • Sandbox / Production endpoint • Event is metered/monitored against the API, Key, IP address, etc
  11. 11. OAuth• “An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.”• Designed to solve the “LinkedIn/Facebook/GMail” problem• “Valet Key”•
  12. 12. Adding Security with BasicAuth/OAuth
  13. 13. OAuth 2• What’s wrong with OAuth 1? • Crypto requirements are too onerous • Requires special client side OAuth code• OAuth 2 Bearer Tokens • A simple secret token carried over SSL • Allows OAuth2 keys to be used with CURL and common clients• OAuth2 Bearer Tokens = API Keys • A token that identifies the application calling the API • Separate from the user who creates it • Limited scope to calling one or more APIs • Can be revoked/renewed without requiring a password change for the user • Hence can be embedded in application code• OAuth2 is not yet final, but is stable and implemented • From the perspective of the API client, no “OAuth2” specific code is required • Completely implemented by the API Manager
  14. 14. Improvements to the core mediation engine• The“Gateway” component of the AM is based on our core mediation framework from the ESB• For API Management there are some key improvements: • API model • Rate Limiting per Key • Passthru performance
  15. 15. APIs and Resources
  16. 16. API Syntax <api name="AccountManagementAPI" context="/am"> <resource methods="GET" uri-template="/accounts/{accountId}" inSequence="GetAccountIn" outSequence="GetAccountOut"/> <resource methods="PUT" uri-template="/accounts/{accountId}” inSequence="UpdateAccountIn" outSequence="UpdateAccountOut"/></api>Note that this syntax / model is internal to the API Manager and theaverage user will not need to know this. Advanced use cases can takeadvantage
  17. 17. ESB Passthru Latency compared to previous models
  18. 18. Scalable Deployment Architecture
  19. 19. Scalable Analytics Deployment
  20. 20. Demo Use Cases
  21. 21. Roadmap Summary Q2 2012 Q3 2012 (Planned) (Projected)• API Publishing: • Integration with 3rd party Key Management • Documentation/Samples/SDK/Links to Systems external docs • Integration with 3rd party repositories such as GITHub • Tagging • Role-based views for usage reports • Track consumers by API • User self-registration • View Statistics by API • OAuth2 / OpenID based login• API Subscribing • Additional Collaboration Features • Search - Rate - TryIt - API Lifecycle • Monetization Management - Recommend - Post a review• API Versioning• Manage N APIs via the application concept• OAuth2 based Key Management• Throttling/SLA Limits per API• Integration with BAM for API Statistics• Skinnable UI
  22. 22. Product Timelines• WSO2 API Management Platform (WSO2 AMP) • v1.0 Alpha – April 2012 • v1.0 Beta – May 2012* • v1.0 Gold – July 2012 • v1.5 Gold - September 2012 • v2.0 Gold - December 2012 * We are actively looking for alpha/beta customers to provide insight and validate the product design
  23. 23. Beta Programme manager/
  24. 24. Questions? 24
  25. 25. Follow us:!/wso2 Follow us:Contact us:!/wso2