Post on 16-Jul-2015
transcript
Last Updated: Jan. 2014
Abimaran Kugathasan & Amila De Silva
Extensible API Management
WSO2 API Manager Team
**
About the Presenters!๏ Amila joined WSO2 in September 2012. He is a
senior software engineer in the WSO2 API Manager team. In addition to his product deve lopment e f fo r t s he has p rov ided development support and technology consulting on customer engagements, including customer QuickStart programs.
!๏ Abimaran in a Software Engineer at WSO2. Prior
to joining WSO2, Abimaran worked at hSenid Mobile Solutions as a Software Engineer where he played a key role in hSenid's Service Delivery Platform and some other products. He holds a b a c h e l o r ' s d e g r e e i n E l e c t r o n i c a n d Telecommunication Engineering from University of Peradeniya and he is a Oracle Certified Java Developer and Oracle Certified Web Component Developer.
*
About WSO2
*
๏ Global enterprise, founded in 2005 by acknowledged leaders in XML, web services technologies, standards and open source
๏ Provides only open source platform-as-a-service for private, public and hybrid cloud deployments
๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0.
๏ Is an Active Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Foundation and W3C.
๏ Driven by Innovation
๏ Launched first open source API Management solution in 2012
๏ Launched App Factory in 2Q 2013
๏ Launched Enterprise Store and first open source Mobile solution in 4Q 2013
*
It’s easy to start, but then...
๏ Exposing business Assets as APIs is easy
๏ API Management platforms are a top trend
๏ With cloud, you can quickly turn your ideas into money
๏ Change is a must
๏ As the users gather new-requirements come up
๏ New features must be introduced to attract more users
๏ A business needs different support services
๏ All the services cannot be homemade
๏ Different entities have expertise on different areas
๏ Integrating with external systems paves a path to use those expertise
*
Extension Points in API Manager
● Using Federated Authenticators ● Mediation Extension
● Modifying in/out flow to orchestrate services ● Customizing fault messages ● Changing message types
● Extending Grant types ● Extending Workflows ● Customizing Publisher/Store !!
*
Story of Alice & DailyQuotes!
๏ Alice has a huge collection of Quotes ๏ She thinks of categorising and hosting them ๏ DailyQuotes is the hosted service
๏ She thinks of going public with this ๏ WSO2 API Manager helps her to throttle and secure API calls. ๏ App Developers register in the Store and create Apps ๏ Only a handful of developers care to Sign-up with the Store
๏ Alice consults Bob ๏ Bob finds that her FB marketing attracts lot of users into the Store ๏ But lot of users are reluctant to Signup with the Store ๏ Bob suggests to provide different login options
๏ Then Alice gets to know about Federated Authentication Support ๏ Enable SSO between API Manager and IS ๏ Use IS for different Authentication options ๏ Use JIT Provisioning to grant necessary privileges to log into Store
*
Now DailyQuotes receives more hits...
๏ Alice wants to expand her Business Further
๏ Bob finds out that calls are only coming from English speaking regions
๏ If these quotes can be translated, perhaps more calls can be attracted
๏ Bob suggests Alice to translate quotes to different languages
๏ Alice doesn’t like changing existing Daily Quotes service
๏ She finds a service which can translate the Quotes for her.
๏ Instead changing the Backend she can use this service to translate Quotes
๏ Then she reads about Mediation Extensions
๏ Using the Mediation extension the translate Service is called
๏ The response is modified before it’s sent to the client.
*
Use of Mediation Extensions...
๏ Change incoming/outgoing messages ๏ Change the format of a request/response ๏ Location based dispatching ๏ Customise Error messages. ๏ Service Orchestration
*
Now comes more Apps…
๏ Life goes by, everyone is happy using DailyQuotes service ๏ There are many Apps written using DailyQuotes API ๏ Users have to obtain a token before invoking the API ๏ They have to use username password or an online identity to obtain
a token ๏ Then a major Telecom provider contacts Alice
๏ They are going to develop an app using DailyQuotes ๏ But the App uses SIM no (MSISDN) rather than username ๏ They need to exchange a token for the MSISDN
๏ They can provide a service to validate authenticity of an MSISDN ๏ Alice tries to find a grant type that she can use for this ๏ None of the existing four grant types match this requirement as it
is. ๏ Then she gets to know about writing new grant types.
*
Workflow Extensions๏ Can be used for API Governance, Auditing, etc ๏ Workflows can be configured for Application
Creation, Registration, Subscription, User SignUp ๏ As Alice business got expanded, she wants to make
money out her API ๏ She wrote a custom workflow extension, which
allows only paid clients to invoke her API
*
Workflow Extensions…๏ User of the API should pay in advance to use Alice’s API ๏ Alice’s Workflow will check whether user had paid for her API subscriptions ๏ In future Alice will extend this future to direct a payment gateway and user
can pay through that payment gateway ๏ Extend public abstract class WorkflowExecutor class, each workflow executor
should extends this class ๏ Subscription Workflow web service Executor
SubscriptionCreationWSWorkflowExecutor ๏ Override following methods ๏ public void execute(WorkflowDTO workflowDTO) - handle logic of the
workflow ๏ public void complete(WorkflowDTO workflowDTO) - handle workflow
completion logic ๏ public abstract String getWorkflowType() - return type of workflow, ex
AM_SUBSCRIPTION_CREATION ๏ public List<WorkflowDTO> getWorkflowDetails(String workflowStatus) - used
to get workflow details
*
!!<WorkFlowExtensions> <!--SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationSimpleWorkflowExecutor"/--> <SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationWSWorkflowExecutor"> <Property name="serviceEndpoint">http://localhost:9765/services/SubscriptionApprovalWorkFlowProcess/</Property> <Property name="username">admin</Property> <Property name="password">admin</Property> <Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</Property> </SubscriptionCreation> </WorkFlowExtensions> !๏Different Tenants can add their own tenant specific workflows ๏You can add WSO2 Business Process Server as external workflow
executor as well ๏For more, check our documentation https://docs.wso2.com/
display/AM170/Adding+Workflow+Extensions
Workflow Extensions…
*
Store and Publisher API! !๏ Want to write a custom API Publisher and Store ๏ Store has following REST APIS
‣ Login/Logout ‣ User SignUp ‣ Get All APIs ‣ Published APIs by an Application ‣ Add/Update/Get/Remove Application ‣ Add/List/Remove Subscription ‣ Add API Comment
!๏ Publisher has following REST APIS
‣ Login/Logout ‣ Add/Update APIs ‣ Get/Remove/Copy APIs ‣ Change API status ‣ Add/Update/Remove API Documentation
๏ For more details https://docs.wso2.com/display/AM170/Published+APIs