5. API developer
permission:
[Internal/creator]
Team Lead
permission:
[Internal/publisher]
API status
[created]
API status
[published]
5
Application developer
permission:
[Internal/subscriber]
Devportal
WSO2 APIM
Publisher Portal
Action:
● API State Change
Approval
Manager
WSO2 APIM-Developer
Portal
Actions:
● User Sign Up
● Application Creation/
Registration/Deletion
● Subscription
Creation/Update/Deletion
● Subscription Tier update
6. Purpose of using workflows in business scenarios
6
1. Limit actions: To specify the conditions under which certain steps can be performed.
The reserved action is used to verify whether an action is allowed or not, in the current
context, before executing.
Ex: Allowing an application registration for live environment only, or in the sandbox
environment only. Commonly use for authorization requirements.
2. Extend behavior: To initiate an action internally when something else happens,
or to extend what happens as part of another action.
Ex: When a subscriber subscribes to an API, an email with that notification should be sent
for the required person as additional action.
8. Benefits of Workflows in WSO2 API Manager
● In-built approval workflow process for API lifecycle management
● In-built approval workflow process for API consumption
● Extensions are possible for a number of processes and flows
● No technology lock-in
● No vendor lock-in
8
10. Available workflows in WSO2 API Manager
● Simple Workflow Process
Workflow processes are completed without any approval flow.
10
11. Available workflows in WSO2 API Manager
● Approval Workflow Process
(API Manager 3.2.0 and later)
1. API lifecycle state change
2. User self signup
3. Application creation
4. Subscription Creation
5. Subscription tier update
6. Application key generation
11
13. API Lifecycle State Change Workflow
● Control the change of API state
● Available default API lifecycle states
○
13
14. API Lifecycle State Change Workflow
14
Publisher portal
Admin portal
Api publisher user publish
the API
Validate the request and
approve/reject
Send the API state
change request to
admin user
Admin user
API Developer
15. API Lifecycle State Change Workflow
● Enable ApprovalWorkflowExecutor at registry workflow-extensions.xml
● Define what status required to be controlled
15
<APIStateChange
executor="org.wso2.carbon.apimgt.impl.workflow.APIStateChangeApprovalWorkflowExecutor">
<Property name="stateList">Created:Publish,Published:Block</Property>
</APIStateChange>
17. User Self Signup Workflow
● Control external user registration
17
Developer portal
Admin portal
Self Sign up with
minimum required details
Validates the request and
approve/reject
Send the user
registration request
to admin user
Admin user
External user
Login once approved
18. User Self Signup Workflow
● Enable UserSignUpApprovalWorkflowExecutor at registry workflow-extensions.xml
● Unauthorized-access page will be shown until approve the user registration by admin
privileged user
18
<UserSignUp
executor="org.wso2.carbon.apimgt.impl.workflow.UserSignUpApprovalWorkflowExecutor"/>
20. Application Creation Approval Workflow
● Control the creation of the applications
20
Developer portal
Admin portal
Application user login to
portal and create an
Application
Send the app
creation request
to admin user
Validates the app
creation request and
approve/reject Admin user
App Developer
21. Application Creation Approval Workflow
● It requires for,
⦿ Review the application information by a specific reviewer.
⦿ The application creation would be offered as a paid service.
⦿ The application creation should be allowed only to users who are in a specific role.
● Enable ApplicationCreationApprovalWorkflowExecutor at registry
workflow-extensions.xml
21
<ApplicationCreation
executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationCreationApprovalWorkflowExecutor">
23. API Subscription Creation workflow
● Control the creation of the subscriptions for different tier options
23
Developer portal
Admin portal
Application developer create
new subscription with APIs
Validate the request and
approve/reject
Send the subscription
process request to
admin user
Admin user
App Developer
24. API Subscription Creation workflow
● API subscription is in the OnHold state until it gets approved.
● Enable SubscriptionCreationApprovalWorkflowExecutor at registry
workflow-extensions.xml
24
<SubscriptionCreation
executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationApprovalWorkflowExecutor"/>
25. API Subscription Tier update Workflow
● Control the tiers of API subscriptions
25
Developer portal
Admin portal
Application developer change
the existing subscription tier
Validate the request and
approve/reject
Send the tier
change request to
admin user
Admin user
App Developer
26. API Subscription Tier update Workflow
● Enable SubscriptionUpdateApprovalWorkflowExecutor at registry
workflow-extensions.xml
●
● The subscription status is in TIER_UPDATE_PENDING state until it gets approved at
admin portal
26
<SubscriptionUpdate
executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionUpdateApprovalWorkflowExecutor"/>
28. Application Key Generation Workflow
● Control the key generation in sandbox and production
28
Developer portal
Admin portal
Application developer
register the app to receive
keys
Validate the request and
approve/reject
Send the tier
change request to
admin user
Admin user
App Developer
29. Application Key Generation Workflow
● Workflow requires when,
⦾ Only issue sandbox keys until testing is complete.
⦾ Restrict untrusted applications from creating production keys
⦾ Make API subscribers go through an approval process
● Enable ApplicationRegistrationApprovalWorkflowExecutor at registry
workflow-extensions.xml for both production and sandbox environment.
29
<ProductionApplicationRegistration
executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationApprovalWorkflowExecutor"
/>
<SandboxApplicationRegistration
executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationApprovalWorkflowExecutor"
/>
31. 1. Applying approval workflow executors for API Management
Use Case 1 : abc.com organization needs to get the approval from their Admin user for
each api lifecycle management of publish and blocked states, and subscription
creation
● Users in abc.com organization
1. Tom : API developer
2. Shane: Application developer
3. Admin
31
32. 2. Applying custom workflow executor for API Management
Apply custom workflow for application creation in WSO2 API Manager configured via
Activiti (open-source BPMN workflow engine)
● Users in WSO2 API Manager
1. Workflowuser with workflowRole - A user to create of Oauth App w to generate the access
token to invoke the /update-workflow-status API
2. Jane - A user for logging into the dev portal in order to trigger a application creation task
● Users in Activiti
1. apiuser - A user in Activiti to invoke the Activiti rest APIs
2. admin - A user to view pending tasks and approve or reject
32