2. 2
About
the
Presenter
๏ Samisa
Abeysinghe
VP
Delivery
samisa@wso2.com
๏ Samisa
Abeysinghe,
Vice
President
of
Delivery
joined
the
company
in
September
2005.
Prior
to
the
current
role,
Samisa
used
to
be
VP
of
Engineering
and
managed
the
development
of
WSO2
Carbon
based
product
plaJorm.
3. 3
About
WSO2
๏ Global
enterprise,
founded
in
2005
by
acknowledged
leaders
in
XML,
web
services
technologies,
standards
and
open
source
๏ Provides
only
open
source
plaJorm-‐as-‐a-‐service
for
private,
public
and
hybrid
cloud
deployments
๏ All
WSO2
products
are
100%
open
source
and
released
under
the
Apache
License
Version
2.0.
๏ Is
an
Ac've
Member
of
OASIS,
Cloud
Security
Alliance,
OSGi
Alliance,
AMQP
Working
Group,
OpenID
Founda'on
and
W3C.
๏ Driven
by
Innova'on
๏ Launched
first
open
source
API
Management
solu'on
in
2012
๏ Launched
App
Factory
in
2Q
2013
๏ Launched
Enterprise
Store
and
first
open
source
Mobile
solu'on
in
4Q
2013
6. 6
Managing
APIs
๏ An
API
is
a
business
capability
delivered
over
the
Internet
to
internal
or
external
consumers
๏ Network
accessible
func'on
๏ Available
using
standard
web
protocols
๏ With
well-‐defined
interfaces
๏ Designed
for
access
by
third-‐par'es
๏ A
Managed
API
is:
๏ Ac'vely
adver'sed
and
subscribe-‐able
๏ Available
with
SLAs
๏ Secured,
authen'cated,
authorized
and
protected
๏ Monitored
and
mone'zed
with
analy'cs
8. Adopt
Integra'on
Best
Prac'ces
From
SOA
lessons
learned,
best
prac4ces
roles
• Creator
• Builds,
manages,
and
versions
API
• Understand
business
and
technical
requirements
• Cares
about
usage
and
scaling
• Seeks
feedback,
ra5ngs,
usage
• Publisher
• Publishes,
Promotes
and
encourages
consumers
to
adopt
APIs
• Determines
usage
pa`erns
and
how
to
best
mone'ze
asset
• Monitors
and
secures
• Consumer
• Understands
the
interface
defini'on
• Subscribes
and
connects
applica'on
to
API
• Monitors
own
usage
and
cost
basis
• Provides
feedback
and
ra'ngs
9. Communica'on:
Key
to
Dev
team
success
Teams
re-‐build
rather
than
re-‐use
• APIs
proliferate
(100s
of
APIs)
and
are
minimally
re-‐used
• Minimal
communica'on
and
coordina'on
• Who
is
consuming
API?
• Who
is
wri'ng
re-‐usable
APIs?
• Prevalent
SOA
An'-‐pa`erns
• Not
Invented
Here
(NIH)
• Tight
Coupling
and
Build
again
• Shared
API
invisibility
• Teams
do
not
know
about
API
• Non-‐func'onal
and
func'onal
requirements
are
not
well
documented
• Teams
can
not
easily
map
API
to
needed
business
capability
10. 10
WSO2 API
Management
Platform
WSO2 s
API
Management
Vision
๏ Create
APIs
๏ WSO2
Applica'on
Server,
Data
Services
Server
and
ESB
๏ Find
and
subscribe/buy
APIs
๏ API
Store
and
Governance
๏ Manage,
secure
and
protect
APIs
๏ API
Management
and
Gateway
๏ Monitor
and
Mone'ze
APIs
๏ API
Monitoring
and
Analy'cs
๏ Develop,
host
and
run
API-‐based
applica'ons
in
a
PlaJorm-‐
as-‐a-‐Service
๏ WSO2
Stratos
and
Cloud
Development
PlaJorm
๏ API
Cloud
12. 12
API
Ecosystem
Model
From SOA lessons learned, best practices roles
๏ API
Creator
๏ Builds,
manages,
and
versions
API
๏ Understand
business
and
technical
requirements
๏ Cares
about
usage
and
scaling
๏ Seeks
feedback,
ra'ngs,
usage
๏ API
Publisher
๏ Publishes,
Promotes
and
encourages
consumers
to
adopt
APIs
๏ Determines
usage
pa`erns
and
how
to
best
mone'ze
asset
๏ Monitors
and
secures
๏ API
Consumer
๏ Understands
the
interface
defini'on
๏ Subscribes
and
connects
applica'on
to
API
๏ Monitors
own
usage
and
cost
basis
๏ Provides
feedback
and
ra'ngs
18. 18
Collabora've
Store
๏ Ability
to
create
mul'ple
domains
(tenants)
within
the
same
API
Manager
instance
๏ Each
domain
can
have
their
own
store
or
publish
APIs
to
a
central
store
-‐
This
is
transparent
to
the
consumers.
๏ Typical
Use
Cases:
๏ Segmen'ng
the
publishers
by
business
unit
or
partner
and
restric'ng
edi'ng
rights
by
domain
๏ Create
an
API
marketplace
:
one-‐stop
store
for
domain
APIs.
20. 20
API
Store:
APIs
Visibility
๏ At
publish
'me,
an
API
can
be
marked
as
Public
or
Restricted
๏ If
Restricted
by
Roles
๏ 1
or
more
roles
need
to
be
specified.
๏ If
Restricted
by
Domain
๏ APIs
are
only
visible
to
specific
domain(s).
๏ Public
APIs
are
shown
to
all,
Restricted
are
only
visible
when
you
log-‐in
and
have
the
required
role
or
logged
in
to
required
domain.
23. Programing
Model
๏ Client
apps
(Web,
Mobile
etc)
to
call
the
API
๏ Those
calls
to
be
authen'cated
using
access
tokens
23
24. 24
API
Access
Tokens
๏ OAuth2
standard
compliant
๏ Pre-‐generated
Access
Token:
can
be
used
from
an
applica'on,
to
iden'fy
the
applica'on
itself
๏ On-‐demand
Access
Token:
generated
via
API
call,
using
Consumer
Key
and
Consumer
Secret
-‐
Iden'fies
the
end
user
of
an
applica'on
(web
applica'ons,
mobile
applica'ons)
27. 27
Shared
Access
Token
1. Project
manager
or
owner
subscribe
for
the
APIs
by
login
into
the
API
Store.
2. API
Store
provides
a
access-‐token,
consumer-‐key,
consumer-‐secret.
๏ in
development
use
the
access-‐token
for
sandbox
environment.
3. Project
manager
shares
the
access-‐token
with
the
app-‐
developers.
4. App-‐developers
use
the
access-‐token
to
invoke
the
apis.
5. Project
manager
redistribute
new
access-‐token
when
it
expires
or
set
it
to
never
expire.
29. 29
Unique
Access
Token
1. Project
manager
or
owner
subscribe
for
the
APIs
by
login
into
the
API
Store.
2. API
Store
provides
a
access-‐token,
consumer-‐key,
consumer-‐secret
3. Project
manager
share
the
consumer-‐key,
consumer-‐secret
with
app-‐
developers.
4. Each
app-‐developer
request
for
a
access-‐token
using
base64
encoded
value
of
consumer-‐key:consumer-‐secret
and
his/her
creden'als
(stored
in
system
user-‐store)
using
system
api
/token.
๏ app-‐developers
can
request
for
a
access-‐token
using
a
valid
consumer-‐key,
consumer-‐secret
and
ac've
user
account
in
the
system
user-‐store
5. API
Gateway
return
a
access-‐token.
6. App-‐developers
invoke
the
APIs
using
their
own
access-‐token,
renew
the
access-‐token
when
required.
30. Call
to
Ac'on
๏ WSO2
API
Manager
:
h`p://wso2.com/products/api-‐manager/
30