@pzfreo #wso2

API Management WorkshopJAX London

Paul FremantleSenaka Fernando

@pzfreo #wso2

@pzfreo #wso2

Agenda

• Introductions and Welcome• API Economy and Vision• API Management Overview• API Management Exercise• Short Introduction to WSO2 Identity Server• Identity Server demonstration

@pzfreo #wso2

Open EnterpriseCredit: KuppingerCole

@pzfreo #wso2

Changing models of business

@pzfreo #wso2

Frictionless Business

• Integration with other companies and organizations• API Management• Self-signup for developers• Almost zero cost per transaction• Approaching zero time for onboarding

@pzfreo #wso2

@pzfreo #wso2

Connected Platform

@pzfreo #wso2

APIs meet SOA

8

@pzfreo #wso2

Managing APIs

o An API is a business capability delivered over the Internet to internal or external consumerso Network accessible function o Available using standard web protocolso With well-defined interfaceso Designed for access by third-parties

o A Managed API is:o Actively advertised and subscribe-ableo Available with SLAso Secured, authenticated, authorized and protectedo Monitored and monetized with analytics

9

@pzfreo #wso2

API Centric Capabilities

10

@pzfreo #wso2

API Management Space

o Create APIso WSO2 Application Server, Data Services Server and ESB, any other platform

o Find and subscribe/buy APIso API Store and Governance

o Manage, secure and protect APIso API Management and Gateway

o Monitor and Monetize APIso API Monitoring and Analytics

11

@pzfreo #wso2

Core Concepts

• Components• Users and Roles• Lifecycle Management• Publisher• Store• Gateway• Deployment• Analytics

@pzfreo #wso2

API Manager Product and Platform

13

@pzfreo #wso2

14

API Manager Components

@pzfreo #wso2

Roles

o API Creatoro Designs, Implements, manages and versions API

o Understand business and technical requirements

o Cares about usage and scaling

o Seeks feedback, ratings, usage

o API Publishero Publishes, Promotes and encourages consumers to adopt APIs

o Determines usage patterns and how to best monetize asset

o Monitors and secures

o API Consumero Understands the interface definition

o Subscribes and connects application to API

o Monitors own usage and cost basis

o Provides feedback and ratings

15

@pzfreo #wso2

API Life Cycle Management

16

@pzfreo #wso2

Publisherhttps://apimgr:9443/publisher

@pzfreo #wso2

Publisher

@pzfreo #wso2

API Store (Portal)

@pzfreo #wso2

API Store: Customization

@pzfreo #wso2

API Store: Social Features

o Share with fellow developers via social media or mailo Embed API link into blogs, Tweets, etc.

@pzfreo #wso2

Workflows

o Available for user self-sign up, API subscription and application creationo Provides extension point to engage custom workflow. Default sample implementation

leverages WSO2 Business Process Server, but other engines could be used.

@pzfreo #wso2

API Gateway Processing Flow

@pzfreo #wso2

API Access Tokenso OAuth2 standard compliant

o Supports multiple grant types o SAML, IWA/NTLM

o Client credential, Implicit, Password

o Pre-generated Access Token: can be used from an application, to identify the application itself

o On-demand Access Token: generated via API call, using Consumer Key and Consumer Secret - Identifies the end user of an application (web applications, mobile applications)

24

@pzfreo #wso2

@pzfreo #wso2

Scalable Deployment

@pzfreo #wso2

Other deployment aspects

• Support for staging and migration between environments

• Support for separate gateways for Prod and Sandbox• Support for splitting into DMZ / Intranet zones• Highly flexible architecture

@pzfreo #wso2

Analytics

o API Manager supports out of the box:o Google Analyticso WSO2 Business Activity Monitor Analytics

28

@pzfreo #wso2

Why Analytics are important

• Build confidence in the API model• Understand your customer

– Not just the developer but also the end-user

• Help manage services and versions– Understand when deprecated services can be retired

• Plan better– Monitor the growth of aggregated API traffic– Monitor the growth of specific apps

29

@pzfreo #wso2

Sample API Analytics

30

@pzfreo #wso2

Multi-Tenancy

@pzfreo #wso2

Hands on

• Use the API Publisher – As a creator and a publisher

• Sign up as a third-party developer• Subscribe to an API• Utilize production and sandbox endpoints• View analytics and usage stats• Version an API (extension)

@pzfreo #wso2

Hands on setup

• VirtualBox VM• Ultra-simple node.js backend• Pre-configured API manager and Business Activity Monitor

– Installed– Configured to work together– Setup to use hostname apimgr– Added users and roles

• A subset of the “Quick Start Guide” http://freo.me/am170-qs

@pzfreo #wso2

Identity Server and Federated Identity

@pzfreo #wso2

@pzfreo #wso2

Multi-Factor Authentication

@pzfreo #wso2

Multi-Factor Authentication

• Something you just forgot• Something you just lost• Some part of your body you just injured

@pzfreo #wso2

Tokens

@pzfreo #wso2

Federated SAML2

IdPIdP

IdPIdP

IdPIdP

IdPIdP

SPSP

SPSP

SPSP

SPSP

@pzfreo #wso2

The Enterprise Identity Bus

@pzfreo #wso2

Demo

• Quick overview of Identity Server console• Set up of Salesforce domain• Definition of the SP in IS• Demonstrate login• Show Facebook App definition• Show Facebook Configuration in IS• Change to use Facebook• Login with Facebook

@pzfreo #wso2

Salesforce setup

@pzfreo #wso2

Identity User Portal

@pzfreo #wso2

SSO and Identity Federation

@pzfreo #wso2

Identity Provisioning

@pzfreo #wso2

Identity Bus Tokens and Claims

@pzfreo #wso2

Identity BusProvisioning Bus

@pzfreo #wso2

Fine-grained Access Control

@pzfreo #wso2

@pzfreo #wso2

Carbon Combinations• Identity Server + Governance Registry• Identity Server + BAM + CEP • Identity Server + API Manager • Identity Server + App Manager • Identity Server + Business Process Server• Etc…

50

@pzfreo #wso2

App Manager Launching Q4

*

IdP (WSO2 Identity Server)

(WSO2 Business Activity Monitor)

@pzfreo #wso2

More about WSO2

• All 100% Open Source under the Apache License• A complete middleware platform• Sessions @ JAX:

– Keynote – Connecting the World (Tuesday 9am)– Understanding Real Time Event Processing through Football

• Senaka Fernando – Tuesday 11:45am– Apache Stratos: the PaaS from Apache

• Lakmal Warusawithana – Wednesday 11:30am

@pzfreo #wso2

Questions?

https://www.flickr.com/photos/-bast-