Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
INTEGRATION SUMMIT 2019
Decentralizing APIs for Agile
Businesses
Pubudu Gunatilaka
Associate Technical Lead - WSO2 Inc.
IN...
INTEGRATION SUMMIT 2019
User Story
Online Shopping Store
Product API
Order API
Inventory API
Payment API
INTEGRATION SUMMIT 2019
- High traffic
- Self contained access tokens to secure the API
- Dynamic routing for product disco...
INTEGRATION SUMMIT 2019
- Medium traffic
- Mutual TLS and OAuth 2.0 to secure the APIs
- Custom response caching requiremen...
INTEGRATION SUMMIT 2019
- Low traffic
- Basic Auth to secure the API
- Private API
- Different API mediations
Inventory API...
INTEGRATION SUMMIT 2019
Typical API Management
Story
INTEGRATION SUMMIT 2019
TRAFFIC MANAGER
API PUBLISHER
DEVELOPER PORTAL KEY MANAGER
GATEWAY
API PROVIDERS
API CONSUMERS
API...
INTEGRATION SUMMIT 2019
Usage of APIs in API Gateway
GATEWAY
INTEGRATION SUMMIT 2019
Some key concerns...
- Different resource usages
- Different Security enforcements
- Dynamic routi...
INTEGRATION SUMMIT 2019
Moving into Decentralizing
APIs
INTEGRATION SUMMIT 2019
Addressing the concerns...
GATEWAY GATEWAY GATEWAY
INTEGRATION SUMMIT 2019
Some Key Requirements for Decentralizing APIs
- API Security
- Rate limiting
- API Discovery
- Ana...
INTEGRATION SUMMIT 2019
WSO2 API Microgateway
INTEGRATION SUMMIT 2019
API Security
● Authentication
○ Security latency should be minimum
○ Security in locked down envir...
INTEGRATION SUMMIT 2019
Rate Limiting
● Throttling happens at
○ API level
○ Application level
○ Resource level
● Use of Tr...
INTEGRATION SUMMIT 2019
WSO2 API Microgateway
Developer first approach
INTEGRATION SUMMIT 2019
Developer first approach
● Skip API Publisher
● Skip Developer Portal
● Use of JWT to secure the AP...
INTEGRATION SUMMIT 2019
API Discovery
● API visibility in Developer Portal
○ Public
○ Restrict by role
● Publish API to de...
INTEGRATION SUMMIT 2019
Analytics and Traffic Monitoring
● File based analytics
data recording
● Upload data zip files
to An...
INTEGRATION SUMMIT 2019
API Monetization
● Usage based billing
○ Summarized
analytics data can
be used
INTEGRATION SUMMIT 2019
API Mediation
● Mediation at
○ API level
○ Resource level
● Mediation as function
INTEGRATION SUMMIT 2019
Deployment Patterns for
Decentralized APIs
INTEGRATION SUMMIT 2019
Hybrid API Gateway
Source: https://wso2.com/api-management/api-microgateway/
INTEGRATION SUMMIT 2019
Lockdown API Gateway
Source: https://wso2.com/api-management/api-microgateway/
INTEGRATION SUMMIT 2019
Static API Gateway
Source: https://wso2.com/api-management/api-microgateway/
INTEGRATION SUMMIT 2019
Moving to Microservice
Architecture
INTEGRATION SUMMIT 2019
Source: https://www.bmc.com/blogs/microservices-architecture/
INTEGRATION SUMMIT 2019
INTEGRATION SUMMIT 2019
Challenges with Microservices
- Secure communication between services
- Analytics, tracing and mon...
INTEGRATION SUMMIT 2019
The Solution
INTEGRATION SUMMIT 2019
Service Mesh
A service mesh is a dedicated infrastructure layer that
controls service-to-service c...
INTEGRATION SUMMIT 2019
Service Mesh
Source: https://www.nginx.com/blog/what-is-a-service-mesh/
INTEGRATION SUMMIT 2019
Istio
Source: https://istio.io/docs/concepts/what-is-istio/#architecture
INTEGRATION SUMMIT 2019
When is API Management required in a Service
Mesh
- When users need to expose microservices to out...
INTEGRATION SUMMIT 2019
WSO2 API Management for Istio, Service Mesh
Source: https://wso2.com/api-management/microservices/...
INTEGRATION SUMMIT 2019
THANK YOU
wso2.com
Upcoming SlideShare
Loading in …5
×

[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Businesses

46 views

Published on

This deck covers moving into decentralizing APIs, WSO2 API Microgateway, moving into microservices architecture, and the solution to becoming agile.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Businesses

  1. 1. INTEGRATION SUMMIT 2019 Decentralizing APIs for Agile Businesses Pubudu Gunatilaka Associate Technical Lead - WSO2 Inc. INTEGRATION
  2. 2. INTEGRATION SUMMIT 2019 User Story Online Shopping Store Product API Order API Inventory API Payment API
  3. 3. INTEGRATION SUMMIT 2019 - High traffic - Self contained access tokens to secure the API - Dynamic routing for product discovery - Custom response caching requirements - API Shaping to minimize mobile bandwidth usage - Additional API gateway for internal users Product API GATEWAY
  4. 4. INTEGRATION SUMMIT 2019 - Medium traffic - Mutual TLS and OAuth 2.0 to secure the APIs - Custom response caching requirements - Different API mediations Order API Payment API GATEWAY
  5. 5. INTEGRATION SUMMIT 2019 - Low traffic - Basic Auth to secure the API - Private API - Different API mediations Inventory API GATEWAY
  6. 6. INTEGRATION SUMMIT 2019 Typical API Management Story
  7. 7. INTEGRATION SUMMIT 2019 TRAFFIC MANAGER API PUBLISHER DEVELOPER PORTAL KEY MANAGER GATEWAY API PROVIDERS API CONSUMERS API CONSUMERS Publish API Push to Store Publish throttling policies Update gateway Access token generation request Key Validation API Invocation SERVICE IMPL Subscribe to API
  8. 8. INTEGRATION SUMMIT 2019 Usage of APIs in API Gateway GATEWAY
  9. 9. INTEGRATION SUMMIT 2019 Some key concerns... - Different resource usages - Different Security enforcements - Dynamic routing - API mediation and transformation - API Shaping - Response Caching - Private vs Public APIs - API Gateway per department/unit
  10. 10. INTEGRATION SUMMIT 2019 Moving into Decentralizing APIs
  11. 11. INTEGRATION SUMMIT 2019 Addressing the concerns... GATEWAY GATEWAY GATEWAY
  12. 12. INTEGRATION SUMMIT 2019 Some Key Requirements for Decentralizing APIs - API Security - Rate limiting - API Discovery - Analytics & Traffic Monitoring - API Monetization - API Mediation
  13. 13. INTEGRATION SUMMIT 2019 WSO2 API Microgateway
  14. 14. INTEGRATION SUMMIT 2019 API Security ● Authentication ○ Security latency should be minimum ○ Security in locked down environments ○ Use of Self contained access tokens ● Authorization ○ Scope validation ○ API subscription validation ○ Other fine grained access controls
  15. 15. INTEGRATION SUMMIT 2019 Rate Limiting ● Throttling happens at ○ API level ○ Application level ○ Resource level ● Use of Traffic Manager
  16. 16. INTEGRATION SUMMIT 2019 WSO2 API Microgateway Developer first approach
  17. 17. INTEGRATION SUMMIT 2019 Developer first approach ● Skip API Publisher ● Skip Developer Portal ● Use of JWT to secure the API API MICROGATEWAY Swagger
  18. 18. INTEGRATION SUMMIT 2019 API Discovery ● API visibility in Developer Portal ○ Public ○ Restrict by role ● Publish API to developer portal from API Microgateway
  19. 19. INTEGRATION SUMMIT 2019 Analytics and Traffic Monitoring ● File based analytics data recording ● Upload data zip files to Analytics servers ● Summarize analytics data in Analytics servers
  20. 20. INTEGRATION SUMMIT 2019 API Monetization ● Usage based billing ○ Summarized analytics data can be used
  21. 21. INTEGRATION SUMMIT 2019 API Mediation ● Mediation at ○ API level ○ Resource level ● Mediation as function
  22. 22. INTEGRATION SUMMIT 2019 Deployment Patterns for Decentralized APIs
  23. 23. INTEGRATION SUMMIT 2019 Hybrid API Gateway Source: https://wso2.com/api-management/api-microgateway/
  24. 24. INTEGRATION SUMMIT 2019 Lockdown API Gateway Source: https://wso2.com/api-management/api-microgateway/
  25. 25. INTEGRATION SUMMIT 2019 Static API Gateway Source: https://wso2.com/api-management/api-microgateway/
  26. 26. INTEGRATION SUMMIT 2019 Moving to Microservice Architecture
  27. 27. INTEGRATION SUMMIT 2019 Source: https://www.bmc.com/blogs/microservices-architecture/
  28. 28. INTEGRATION SUMMIT 2019
  29. 29. INTEGRATION SUMMIT 2019 Challenges with Microservices - Secure communication between services - Analytics, tracing and monitoring - Disaggregation of architecture increases the number of endpoints - Communication among these endpoints will be a key challenge - Service discovery - Network resiliency - End to end authentication
  30. 30. INTEGRATION SUMMIT 2019 The Solution
  31. 31. INTEGRATION SUMMIT 2019 Service Mesh A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. It provides a method in which separate parts of an application can communicate with each other. source:techtarget.com
  32. 32. INTEGRATION SUMMIT 2019 Service Mesh Source: https://www.nginx.com/blog/what-is-a-service-mesh/
  33. 33. INTEGRATION SUMMIT 2019 Istio Source: https://istio.io/docs/concepts/what-is-istio/#architecture
  34. 34. INTEGRATION SUMMIT 2019 When is API Management required in a Service Mesh - When users need to expose microservices to outside in a secured and a controlled manner - When fine grained security should be enforced on APIs exposed - When stats need to be collected on API usage for monetization and billing - When it is required to offer a marketplace for APIs for easy discovery and adoption
  35. 35. INTEGRATION SUMMIT 2019 WSO2 API Management for Istio, Service Mesh Source: https://wso2.com/api-management/microservices/istio/
  36. 36. INTEGRATION SUMMIT 2019 THANK YOU wso2.com

×