1. Abimaran Kugathasan & Amila De Silva
Last Updated: Jan. 2014
Extensible API
Management
WSO2 API Manager Team
2. *
About the Presenters
!
๏ Amila joined WSO2 in September 2012. He is a
senior software engineer in the WSO2 API
Manager team. In addition to his product
development effor t s he has provided
development support and technology consulting
on customer engagements, including customer
QuickStart programs.
!
๏ Abimaran in a Software Engineer at WSO2. Prior
to joining WSO2, Abimaran worked at hSenid
Mobile Solutions as a Software Engineer where he
played a key role in hSenid's Service Delivery
Platform and some other products. He holds a
bachelor ' s degree i n El e c t r o n i c and
Telecommunication Engineering from University
of Peradeniya and he is a Oracle Certified Java
Developer and Oracle Certified Web Component
Developer.
3. *
About WSO2
๏ Global enterprise, founded in
2005 by acknowledged leaders
in XML, web services
technologies, standards and
open source
๏ Provides only open source
platform-as-a-service for
private, public and hybrid cloud
deployments
๏ All WSO2 products are 100%
open source and released under
the Apache License Version 2.0.
๏ Is an Active Member of OASIS,
Cloud Security Alliance, OSGi
Alliance, AMQP Working Group,
OpenID Foundation and W3C.
๏ Driven by Innovation
๏ Launched first open source API
Management solution in 2012
๏ Launched App Factory in 2Q
2013
๏ Launched Enterprise Store and
first open source Mobile
solution in 4Q 2013
5. *
It’s easy to start, but then...
๏ Exposing business Assets as APIs is easy
๏ API Management platforms are a top trend
๏ With cloud, you can quickly turn your ideas into money
๏ Change is a must
๏ As the users gather new-requirements come up
๏ New features must be introduced to attract more users
๏ A business needs different support services
๏ All the services cannot be homemade
๏ Different entities have expertise on different areas
๏ Integrating with external systems paves a path to use those expertise
6. *
Extension Points in API Manager
● Using Federated Authenticators
● Mediation Extension
● Modifying in/out flow to orchestrate services
● Customizing fault messages
● Changing message types
● Extending Grant types
● Extending Workflows
● Customizing Publisher/Store
!
!
7. *
Story of Alice & DailyQuotes
!
๏ Alice has a huge collection of Quotes
๏ She thinks of categorising and hosting them
๏ DailyQuotes is the hosted service
๏ She thinks of going public with this
๏ WSO2 API Manager helps her to throttle and secure API calls.
๏ App Developers register in the Store and create Apps
๏ Only a handful of developers care to Sign-up with the Store
๏ Alice consults Bob
๏ Bob finds that her FB marketing attracts lot of users into the Store
๏ But lot of users are reluctant to Signup with the Store
๏ Bob suggests to provide different login options
๏ Then Alice gets to know about Federated Authentication Support
๏ Enable SSO between API Manager and IS
๏ Use IS for different Authentication options
๏ Use JIT Provisioning to grant necessary privileges to log into Store
9. *
Now DailyQuotes receives more hits...
๏ Alice wants to expand her Business Further
๏ Bob finds out that calls are only coming from English speaking regions
๏ If these quotes can be translated, perhaps more calls can be attracted
๏ Bob suggests Alice to translate quotes to different languages
๏ Alice doesn’t like changing existing Daily Quotes service
๏ She finds a service which can translate the Quotes for her.
๏ Instead changing the Backend she can use this service to translate Quotes
๏ Then she reads about Mediation Extensions
๏ Using the Mediation extension the translate Service is called
๏ The response is modified before it’s sent to the client.
10. *
Use of Mediation Extensions...
๏ Change incoming/outgoing messages
๏ Change the format of a request/response
๏ Location based dispatching
๏ Customise Error messages.
๏ Service Orchestration
11. *
Now comes more Apps…
๏ Life goes by, everyone is happy using DailyQuotes service
๏ There are many Apps written using DailyQuotes API
๏ Users have to obtain a token before invoking the API
๏ They have to use username password or an online identity to obtain
a token
๏ Then a major Telecom provider contacts Alice
๏ They are going to develop an app using DailyQuotes
๏ But the App uses SIM no (MSISDN) rather than username
๏ They need to exchange a token for the MSISDN
๏ They can provide a service to validate authenticity of an
MSISDN
๏ Alice tries to find a grant type that she can use for this
๏ None of the existing four grant types match this requirement as it
is.
๏ Then she gets to know about writing new grant types.
14. *
Workflow Extensions
๏ Can be used for API Governance, Auditing, etc
๏ Workflows can be configured for Application
Creation, Registration, Subscription, User SignUp
๏ As Alice business got expanded, she wants to make
money out her API
๏ She wrote a custom workflow extension, which
allows only paid clients to invoke her API
16. *
Workflow Extensions…
๏ User of the API should pay in advance to use Alice’s API
๏ Alice’s Workflow will check whether user had paid for her API subscriptions
๏ In future Alice will extend this future to direct a payment gateway and user
can pay through that payment gateway
๏ Extend public abstract class WorkflowExecutor class, each workflow executor
should extends this class
๏ Subscription Workflow web service Executor
SubscriptionCreationWSWorkflowExecutor
๏ Override following methods
๏ public void execute(WorkflowDTO workflowDTO) - handle logic of the
workflow
๏ public void complete(WorkflowDTO workflowDTO) - handle workflow
completion logic
๏ public abstract String getWorkflowType() - return type of workflow, ex
AM_SUBSCRIPTION_CREATION
๏ public List<WorkflowDTO> getWorkflowDetails(String workflowStatus) - used
to get workflow details
17. Workflow Extensions…
*
!!
<WorkFlowExtensions>
<!--SubscriptionCreation
executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationSimpleWorkflowExecutor"/-->
<SubscriptionCreation
executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationWSWorkflowExecutor">
<Property name="serviceEndpoint">http://localhost:9765/services/
SubscriptionApprovalWorkFlowProcess/</Property>
<Property name="username">admin</Property>
<Property name="password">admin</Property>
<Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</
Property>
</SubscriptionCreation>
</WorkFlowExtensions>
!๏
Different Tenants can add their own tenant specific workflows
๏You can add WSO2 Business Process Server as external workflow
executor as well
๏For more, check our documentation https://docs.wso2.com/
display/AM170/Adding+Workflow+Extensions
18. *
Store and Publisher API
! !
๏ Want to write a custom API Publisher and Store
๏ Store has following REST APIS
‣ Login/Logout
‣ User SignUp
‣ Get All APIs
‣ Published APIs by an Application
‣ Add/Update/Get/Remove Application
‣ Add/List/Remove Subscription
‣ Add API Comment
!
๏ Publisher has following REST APIS
‣ Login/Logout
‣ Add/Update APIs
‣ Get/Remove/Copy APIs
‣ Change API status
‣ Add/Update/Remove API Documentation
๏ For more details https://docs.wso2.com/display/AM170/Published+APIs