SlideShare a Scribd company logo

API Management with wicked.haufe.io

Download as PPTX, PDF
Haufe-Lexware GmbH & Co KG
Haufe-Lexware GmbH & Co KG

Haufe Microservices Architecture Day, Nov 22

Internet
1 of 27
API Management with wicked.haufe.io Microservices Architecture Day, November 22 Martin Danielsson (@donmartin76) dev.haufe.com github.com/Haufe-Lexware, github.com/DonMartin76 @HaufeDev -Lexware
1 Intro – API Management Why would you need and want API Management?
What does it do? Provide discoverability and self-service Access to APIs for developers easily and automatically Monitor traffic to provide Usage Insights for individual apps and APIs. Who is using what how much? Protect the API from misuse by providing Security e.g. by wrapping it in security procedures and policies. Protect the runtime with Traffic Control e.g., by throttling for mobile apps Use API Management to Decouple the inside from the outside, keeping interfaces (APIs) stable | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 3
API Management Key Components API Portal API Owners, Developers, Admin Developer Self-Service End User Service Endpoints http://www.apiacademy.co/resources/api-management-101-api-management-basics/ | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 4
Our (API) Approach @Haufe Don’t centralize Group APIs by functionality Let teams work independently, as long as they follow our API Styleguide Choose API Management by use case, not by dogma Automate (Build, Test, Deploy,…) | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 5
Use Cases SPA M2M Mobile Don’t search for the “One to rule them all” Instead, go for “Good enough” And not to forget “Evolutionary refinement” | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 6
2 wicked.haufe.io Open Source API Management - based on Mashape Kong
29.11.2016 API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin Danielsson8
wicked.haufe.io - Features 29.11.2016 API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin Danielsson9 “Normal Features” API Gateway (Kong) Rate-Limiting, CORS,… API Keys OAuth 2.0 Support Developer Portal, Self Signup Social Logins, ADFS Login Swagger UI/OpenAPI Collaboration Features Authorization Servers… “Unique Selling Points” Built to run in docker Deployable on any premise Configuration as Code Immutable Servers Built for CI/CD Multi-Environment Support Fully Open Source Flexible and Extensible Awesome logo (thanks, Olaf!)
Main Use Cases - Machine to Machine | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 10 Consumer APIGateway Backend Service X-ApiKey:abd82636d… X-Consumer-CustomId:consumer1 Also works with the OAuth 2.0 Client Credentials Flow
API Keys or OAuth 2.0 Client Credentials Machine to Machine - When to use? | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 11 Trusted Consumers Server Side Communication End User not relevant (or already authN/Z’d)
User-Agent (Browser) Use Case - Single Page Application (SPA) with Backend API | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 12 Backend API AJAX/CORS Call Is it really the SPA making those calls? User Identity? Consumer (SPA)
User-Agent (Browser) SPA - OAuth 2.0 Implicit Flow | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 13 Backend API APIGateway Authorization:Bearerabd83634... X-Authenticated-Userid:donmartin76 X-Consumer-Custom-Id:spa-consumer Consumer (SPA)
User-Agent (Browser) How do we get an Access Token? (OAuth 2.0 Implicit Flow) | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 14 Consumer (SPA) API Gateway AuthZ Server Consumer (SPA) Browser Redirect (302) Server Side Call Authorize Access Token https://yourcompany.com/spa/#access _token=abd83634... https://api.yourcompany.com/au th/api?client_id=23876d7828db. ..&response_type=token
Authorization Server - What does it do? | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 15 “WHO?” Authenticate: Establish Identity Can delegate to dedicated Identity Provider: Google, Twitter, Atlantic SSO,… “WHAT?” Authorize: What is the User Allowed to Access? Check Licenses, User Groups, Authorized Scopes... Sometimes: Authentication == Authorization ACCESS TOKEN
User-Agent (Browser) Actual Sequence - Atlantic as IdP 29.11.2016. API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 16 Consumer (SPA) AuthZ Server Atlantic Login AuthZ Server Consumer (SPA) License Server,... https://yourcompany.com/spa/#access _token=abd83634...
3 DEMO TIME! Open Source API Management - based on Mashape Kong
Deployment Architecture 29.11.2016. API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 18 HAPROXY PORTAL+ AUTH S. KONG API SSLTERM. SPA
Demo Prerequisites 2 Docker Hosts on Azure - API Management (DS_1) - API Backend (DS_1) Google+ Web App Credentials Client ID and Secret GitHub Web App Credentials Client ID and Secret SAML SP Registration with Atlantic (Integration Instance)  Thanks, Dan! APIm Configuration: - DNS entry - Let’s Encrypt Certs - GitHub Login 1-2 hours 29.11.2016 API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 19
29.11.2016. API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 20
Authorization Server functionality (for Implicit Grant) | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 22 Authorization Server Provide a normalized profile (via CORS or OpenID Connect*) Decouple Authentication from Application (“WHO?”) Refresh Access Tokens via heartbeat (via CORS, NON STANDARD) Decide on Authorization (if needed) (“WHAT”?)
OAuth 2.0 - The standard flows 29.11.2016. API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 23 Client Credentials Grant Machine to Machine Implicit Grant For Mobile and SPAs (public clients) Resource Owner Password Grant For Mobile, trusted Apps Authorization Code Grant Web Sites, Mobile, to let 3rd Parties access your data on your behalf
4 API Management Challenges Some of them, not all
Requirements and Architectural Decisions • What goes into APIm? • What goes into the backend? • Which are the Reqs for APIm? Project specific! Deployment and Automation • go.cd Pipeline design • Automation and Deployment scripts • Adapting APIm to our Architectural Principles Evangelizing • Why APIs? Why API Management? • Longer term benefits • Opening up, enabling, composing | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 25
Thanks
Appendix Additional slides
Links to wicked.haufe.io Microsite for “marketing”: http://wicked.haufe.io Main Github site: https://github.com/Haufe-Lexware/wicked.haufe.io Sample wicked portal: https://wicked-demo.haufe.io Sample Authorization Server implementations: https://github.com/Haufe-Lexware/wicked.auth-passport (Social Logins) https://github.com/Haufe-Lexware/wicked.auth-saml (SAML SSO) https://github.com/Haufe-Lexware/wicked.auth-adfs (ADFS federation) Sample SPA/API Application “markdown-notes”: https://github.com/DonMartin76/markdown-notes

Recommended

API Management @ Haufe
API Management @ HaufeAPI Management @ Haufe
API Management @ Haufe
Haufe-Lexware GmbH & Co KG
 
Haufe API Strategy
Haufe API StrategyHaufe API Strategy
Haufe API Strategy
Haufe-Lexware GmbH & Co KG
 
StrongLoop DevOps Overview
StrongLoop DevOps OverviewStrongLoop DevOps Overview
StrongLoop DevOps Overview
jguerrero999
 
Adapt or Die: A Microservices Story at Google
Adapt or Die: A Microservices Story at GoogleAdapt or Die: A Microservices Story at Google
Adapt or Die: A Microservices Story at Google
Apigee | Google Cloud
 
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile PlatformI Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
Apigee | Google Cloud
 
Transforming Your Business Through APIs
Transforming Your Business Through APIsTransforming Your Business Through APIs
Transforming Your Business Through APIs
Apigee | Google Cloud
 
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at VerizonI Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
Apigee | Google Cloud
 
Getting Started with the WSO2 manager
Getting Started with the WSO2 managerGetting Started with the WSO2 manager
Getting Started with the WSO2 manager
WSO2
 

Recommended

API Management @ Haufe
API Management @ HaufeAPI Management @ Haufe
API Management @ Haufe
Haufe-Lexware GmbH & Co KG
 
Haufe API Strategy
Haufe API StrategyHaufe API Strategy
Haufe API Strategy
Haufe-Lexware GmbH & Co KG
 
StrongLoop DevOps Overview
StrongLoop DevOps OverviewStrongLoop DevOps Overview
StrongLoop DevOps Overview
jguerrero999
 
Adapt or Die: A Microservices Story at Google
Adapt or Die: A Microservices Story at GoogleAdapt or Die: A Microservices Story at Google
Adapt or Die: A Microservices Story at Google
Apigee | Google Cloud
 
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile PlatformI Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
Apigee | Google Cloud
 
Transforming Your Business Through APIs
Transforming Your Business Through APIsTransforming Your Business Through APIs
Transforming Your Business Through APIs
Apigee | Google Cloud
 
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at VerizonI Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
Apigee | Google Cloud
 
Getting Started with the WSO2 manager
Getting Started with the WSO2 managerGetting Started with the WSO2 manager
Getting Started with the WSO2 manager
WSO2
 
Adapt or Die: Serverless Microservices
Adapt or Die: Serverless MicroservicesAdapt or Die: Serverless Microservices
Adapt or Die: Serverless Microservices
Apigee | Google Cloud
 
Alfresco Day Vienna 2016: Bringing Content & Process together with the App De...
Alfresco Day Vienna 2016: Bringing Content & Process together with the App De...Alfresco Day Vienna 2016: Bringing Content & Process together with the App De...
Alfresco Day Vienna 2016: Bringing Content & Process together with the App De...
Alfresco Software
 
Introduction to Kitura - Swift Hong Kong Meetup 2016 July
Introduction to Kitura - Swift Hong Kong Meetup 2016 JulyIntroduction to Kitura - Swift Hong Kong Meetup 2016 July
Introduction to Kitura - Swift Hong Kong Meetup 2016 July
Patrick C.S. Fan
 
Journey to APIs and Microservices: Best Practices
Journey to APIs and Microservices: Best PracticesJourney to APIs and Microservices: Best Practices
Journey to APIs and Microservices: Best Practices
Deepak Nadig
 
WSO2Con US 2013 - Unleashing your Connected Business
WSO2Con US 2013 - Unleashing your Connected BusinessWSO2Con US 2013 - Unleashing your Connected Business
WSO2Con US 2013 - Unleashing your Connected Business
WSO2
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
Apigee | Google Cloud
 
WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...
WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...
WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...
WSO2
 
Design-first API Development using Swagger and Node
Design-first API Development using Swagger and NodeDesign-first API Development using Swagger and Node
Design-first API Development using Swagger and Node
Apigee | Google Cloud
 
Press, Publish, React - WCEU 2018
Press, Publish, React - WCEU 2018Press, Publish, React - WCEU 2018
Press, Publish, React - WCEU 2018
Mike Selander
 
API Management 101: The New API Experience with WSO2
API Management 101: The New API Experience with WSO2API Management 101: The New API Experience with WSO2
API Management 101: The New API Experience with WSO2
WSO2
 
WSO2Con USA 2015: WSO2 Cloud - What it is, How it Works, and Where it’s Going
WSO2Con USA 2015: WSO2 Cloud - What it is, How it Works, and Where it’s GoingWSO2Con USA 2015: WSO2 Cloud - What it is, How it Works, and Where it’s Going
WSO2Con USA 2015: WSO2 Cloud - What it is, How it Works, and Where it’s Going
WSO2
 
Digital Transformation: Connected API Ecosystems
Digital Transformation: Connected API EcosystemsDigital Transformation: Connected API Ecosystems
Digital Transformation: Connected API Ecosystems
HARMAN Services
 
Api management best practices with wso2 api manager
Api management best practices with wso2 api managerApi management best practices with wso2 api manager
Api management best practices with wso2 api manager
Chanaka Fernando
 
API Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation FrameworkAPI Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation Framework
WSO2
 
Adapt or Die Sydney - 5 Things Developers Should Know About Serverless
Adapt or Die Sydney - 5 Things Developers Should Know About ServerlessAdapt or Die Sydney - 5 Things Developers Should Know About Serverless
Adapt or Die Sydney - 5 Things Developers Should Know About Serverless
Apigee | Google Cloud
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
KhaqanAshraf
 
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
Introducing WSO2 API Manager for Mobile Applications and Rapid IntegrationIntroducing WSO2 API Manager for Mobile Applications and Rapid Integration
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
WSO2
 
Getting Started with the WSO2 API Manager
Getting Started with the WSO2 API ManagerGetting Started with the WSO2 API Manager
Getting Started with the WSO2 API Manager
WSO2
 
Building APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureBuilding APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft Azure
Apigee | Google Cloud
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
Apigee | Google Cloud
 
AWS migration: getting to Data Center heaven with AWS and Chef
AWS migration: getting to Data Center heaven with AWS and ChefAWS migration: getting to Data Center heaven with AWS and Chef
AWS migration: getting to Data Center heaven with AWS and Chef
Juan Vicente Herrera Ruiz de Alejo
 
Moving Toward a Modular Enterprise - All About the API Conference 2016
Moving Toward a Modular Enterprise - All About the API Conference 2016Moving Toward a Modular Enterprise - All About the API Conference 2016
Moving Toward a Modular Enterprise - All About the API Conference 2016
LaunchAny
 

More Related Content

What's hot

Journey to APIs and Microservices: Best Practices
Journey to APIs and Microservices: Best PracticesJourney to APIs and Microservices: Best Practices
Journey to APIs and Microservices: Best Practices
Deepak Nadig
 
WSO2Con US 2013 - Unleashing your Connected Business
WSO2Con US 2013 - Unleashing your Connected BusinessWSO2Con US 2013 - Unleashing your Connected Business
WSO2Con US 2013 - Unleashing your Connected Business
WSO2
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
Apigee | Google Cloud
 
WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...
WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...
WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...
WSO2
 
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
Introducing WSO2 API Manager for Mobile Applications and Rapid IntegrationIntroducing WSO2 API Manager for Mobile Applications and Rapid Integration
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
WSO2
 
Getting Started with the WSO2 API Manager
Getting Started with the WSO2 API ManagerGetting Started with the WSO2 API Manager
Getting Started with the WSO2 API Manager
WSO2
 

What's hot (20)

Adapt or Die: Serverless Microservices
Adapt or Die: Serverless MicroservicesAdapt or Die: Serverless Microservices
Adapt or Die: Serverless Microservices
 
Alfresco Day Vienna 2016: Bringing Content & Process together with the App De...
Alfresco Day Vienna 2016: Bringing Content & Process together with the App De...Alfresco Day Vienna 2016: Bringing Content & Process together with the App De...
Alfresco Day Vienna 2016: Bringing Content & Process together with the App De...
 
Introduction to Kitura - Swift Hong Kong Meetup 2016 July
Introduction to Kitura - Swift Hong Kong Meetup 2016 JulyIntroduction to Kitura - Swift Hong Kong Meetup 2016 July
Introduction to Kitura - Swift Hong Kong Meetup 2016 July
 
Journey to APIs and Microservices: Best Practices
Journey to APIs and Microservices: Best PracticesJourney to APIs and Microservices: Best Practices
Journey to APIs and Microservices: Best Practices
 
WSO2Con US 2013 - Unleashing your Connected Business
WSO2Con US 2013 - Unleashing your Connected BusinessWSO2Con US 2013 - Unleashing your Connected Business
WSO2Con US 2013 - Unleashing your Connected Business
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
 
WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...
WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...
WSO2Con EU 2015: Case Study – Digital Transformation: To Monetise Business by...
 
Design-first API Development using Swagger and Node
Design-first API Development using Swagger and NodeDesign-first API Development using Swagger and Node
Design-first API Development using Swagger and Node
 
Press, Publish, React - WCEU 2018
Press, Publish, React - WCEU 2018Press, Publish, React - WCEU 2018
Press, Publish, React - WCEU 2018
 
API Management 101: The New API Experience with WSO2
API Management 101: The New API Experience with WSO2API Management 101: The New API Experience with WSO2
API Management 101: The New API Experience with WSO2
 
WSO2Con USA 2015: WSO2 Cloud - What it is, How it Works, and Where it’s Going
WSO2Con USA 2015: WSO2 Cloud - What it is, How it Works, and Where it’s GoingWSO2Con USA 2015: WSO2 Cloud - What it is, How it Works, and Where it’s Going
WSO2Con USA 2015: WSO2 Cloud - What it is, How it Works, and Where it’s Going
 
Digital Transformation: Connected API Ecosystems
Digital Transformation: Connected API EcosystemsDigital Transformation: Connected API Ecosystems
Digital Transformation: Connected API Ecosystems
 
Api management best practices with wso2 api manager
Api management best practices with wso2 api managerApi management best practices with wso2 api manager
Api management best practices with wso2 api manager
 
API Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation FrameworkAPI Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation Framework
 
Adapt or Die Sydney - 5 Things Developers Should Know About Serverless
Adapt or Die Sydney - 5 Things Developers Should Know About ServerlessAdapt or Die Sydney - 5 Things Developers Should Know About Serverless
Adapt or Die Sydney - 5 Things Developers Should Know About Serverless
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
 
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
Introducing WSO2 API Manager for Mobile Applications and Rapid IntegrationIntroducing WSO2 API Manager for Mobile Applications and Rapid Integration
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
 
Getting Started with the WSO2 API Manager
Getting Started with the WSO2 API ManagerGetting Started with the WSO2 API Manager
Getting Started with the WSO2 API Manager
 
Building APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureBuilding APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft Azure
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 

Viewers also liked

Building a microservice ecosystem
Building a microservice ecosystemBuilding a microservice ecosystem
Building a microservice ecosystem
Haufe-Lexware GmbH & Co KG
 
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
Nordic APIs
 
Microservices: The Organizational and People Impact
Microservices: The Organizational and People ImpactMicroservices: The Organizational and People Impact
Microservices: The Organizational and People Impact
Ambassador Labs
 
Building a Modern Microservices Architecture at Gilt: The Essentials
Building a Modern Microservices Architecture at Gilt: The EssentialsBuilding a Modern Microservices Architecture at Gilt: The Essentials
Building a Modern Microservices Architecture at Gilt: The Essentials
C4Media
 
AWS Webcast - Introduction to Amazon Kinesis
AWS Webcast - Introduction to Amazon KinesisAWS Webcast - Introduction to Amazon Kinesis
AWS Webcast - Introduction to Amazon Kinesis
Amazon Web Services
 

Viewers also liked (20)

AWS migration: getting to Data Center heaven with AWS and Chef
AWS migration: getting to Data Center heaven with AWS and ChefAWS migration: getting to Data Center heaven with AWS and Chef
AWS migration: getting to Data Center heaven with AWS and Chef
 
Moving Toward a Modular Enterprise - All About the API Conference 2016
Moving Toward a Modular Enterprise - All About the API Conference 2016Moving Toward a Modular Enterprise - All About the API Conference 2016
Moving Toward a Modular Enterprise - All About the API Conference 2016
 
実践サーバレスアーキテクチャ
実践サーバレスアーキテクチャ実践サーバレスアーキテクチャ
実践サーバレスアーキテクチャ
 
A quick introduction to AWS Kinesis
A quick introduction to AWS KinesisA quick introduction to AWS Kinesis
A quick introduction to AWS Kinesis
 
Building a microservice ecosystem
Building a microservice ecosystemBuilding a microservice ecosystem
Building a microservice ecosystem
 
The seven more deadly sins of microservices final
The seven more deadly sins of microservices finalThe seven more deadly sins of microservices final
The seven more deadly sins of microservices final
 
Data stream processing and micro service architecture
Data stream processing and micro service architectureData stream processing and micro service architecture
Data stream processing and micro service architecture
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
 
Deployment Automation with Microservices
Deployment Automation with MicroservicesDeployment Automation with Microservices
Deployment Automation with Microservices
 
A Capability Blueprint for Microservices
A Capability Blueprint for MicroservicesA Capability Blueprint for Microservices
A Capability Blueprint for Microservices
 
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)
 
DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...
DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...
DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...
 
Microservices deployment patterns
Microservices deployment patternsMicroservices deployment patterns
Microservices deployment patterns
 
Pre-Con Ed: CA API Gateway: How to Deploy Your Gateway Across Multiple Enviro...
Pre-Con Ed: CA API Gateway: How to Deploy Your Gateway Across Multiple Enviro...Pre-Con Ed: CA API Gateway: How to Deploy Your Gateway Across Multiple Enviro...
Pre-Con Ed: CA API Gateway: How to Deploy Your Gateway Across Multiple Enviro...
 
Whitebase : Assault Carrier for Micro-Services
Whitebase : Assault Carrier for Micro-ServicesWhitebase : Assault Carrier for Micro-Services
Whitebase : Assault Carrier for Micro-Services
 
Microservices: The Organizational and People Impact
Microservices: The Organizational and People ImpactMicroservices: The Organizational and People Impact
Microservices: The Organizational and People Impact
 
Building a Modern Microservices Architecture at Gilt: The Essentials
Building a Modern Microservices Architecture at Gilt: The EssentialsBuilding a Modern Microservices Architecture at Gilt: The Essentials
Building a Modern Microservices Architecture at Gilt: The Essentials
 
AWS Webcast - Introduction to Amazon Kinesis
AWS Webcast - Introduction to Amazon KinesisAWS Webcast - Introduction to Amazon Kinesis
AWS Webcast - Introduction to Amazon Kinesis
 
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...
From a Monolithic to a Distributed API Architecture
 at Eventbrite - Presente...
 
Oracle API Gateway Installation
Oracle API Gateway InstallationOracle API Gateway Installation
Oracle API Gateway Installation
 

Similar to API Management with wicked.haufe.io

The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
WSO2
 
Api management update for optus
Api management update for optusApi management update for optus
Api management update for optus
sflynn073
 
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays
 
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
HostedbyConfluent
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
WSO2
 

Similar to API Management with wicked.haufe.io (20)

WSO2 Workshop Sydney 2016 - APIs
WSO2 Workshop Sydney 2016 - APIsWSO2 Workshop Sydney 2016 - APIs
WSO2 Workshop Sydney 2016 - APIs
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
 
2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management
 
WSO2 User Group Bangalore Meetup
WSO2 User Group Bangalore MeetupWSO2 User Group Bangalore Meetup
WSO2 User Group Bangalore Meetup
 
API Management within a Microservice Architecture
API Management within a Microservice ArchitectureAPI Management within a Microservice Architecture
API Management within a Microservice Architecture
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
 
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBMapidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
 
Api management update for optus
Api management update for optusApi management update for optus
Api management update for optus
 
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
 
apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...
apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...
apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...
 
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
Apicurio Registry: Event-driven APIs & Schema governance for Apache Kafka | F...
 
Azure app service to create web and mobile apps
Azure app service to create web and mobile appsAzure app service to create web and mobile apps
Azure app service to create web and mobile apps
 
2014 q3-platform-update-v1.06.johnmathon
2014 q3-platform-update-v1.06.johnmathon2014 q3-platform-update-v1.06.johnmathon
2014 q3-platform-update-v1.06.johnmathon
 
apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...
apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...
apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
APIdays Paris 2019 - Delivering the Modern API: Know What it Takes by Nuwan D...
APIdays Paris 2019 - Delivering the Modern API: Know What it Takes by Nuwan D...APIdays Paris 2019 - Delivering the Modern API: Know What it Takes by Nuwan D...
APIdays Paris 2019 - Delivering the Modern API: Know What it Takes by Nuwan D...
 
WSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2- OSC Korea - Accelerating Digital Businesses with APIsWSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2- OSC Korea - Accelerating Digital Businesses with APIs
 
API Best Practices
API Best PracticesAPI Best Practices
API Best Practices
 
APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...
APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...
APIdays Barcelona 2019 - How a Cloud native Architecture helps to drive Busin...
 
Delivering the Modern API: Know what it takes
Delivering the Modern API: Know what it takesDelivering the Modern API: Know what it takes
Delivering the Modern API: Know what it takes
 

More from Haufe-Lexware GmbH & Co KG

More from Haufe-Lexware GmbH & Co KG (20)

Tech stackhaufegroup
Tech stackhaufegroupTech stackhaufegroup
Tech stackhaufegroup
 
X-celerate 2019: Iterating fast with the MERN Stack
X-celerate 2019: Iterating fast with the MERN StackX-celerate 2019: Iterating fast with the MERN Stack
X-celerate 2019: Iterating fast with the MERN Stack
 
Nils Rhode - Does it always have to be k8s - TeC Day 2019
Nils Rhode - Does it always have to be k8s - TeC Day 2019Nils Rhode - Does it always have to be k8s - TeC Day 2019
Nils Rhode - Does it always have to be k8s - TeC Day 2019
 
Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019
Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019
Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019
 
Cloud Journey: Lifting a Major Product to Kubernetes
Cloud Journey: Lifting a Major Product to KubernetesCloud Journey: Lifting a Major Product to Kubernetes
Cloud Journey: Lifting a Major Product to Kubernetes
 
ONA ( organizational network analysis ) to enable individuals to impact their...
ONA ( organizational network analysis ) to enable individuals to impact their...ONA ( organizational network analysis ) to enable individuals to impact their...
ONA ( organizational network analysis ) to enable individuals to impact their...
 
ONA ( organizational network analysis ) enabling individuals to impact their ...
ONA ( organizational network analysis ) enabling individuals to impact their ...ONA ( organizational network analysis ) enabling individuals to impact their ...
ONA ( organizational network analysis ) enabling individuals to impact their ...
 
Using word vectors to enable better search in our legal products
Using word vectors to enable better search in our legal productsUsing word vectors to enable better search in our legal products
Using word vectors to enable better search in our legal products
 
Identifying customer potentials through unsupervised learning
Identifying customer potentials through unsupervised learningIdentifying customer potentials through unsupervised learning
Identifying customer potentials through unsupervised learning
 
Field report: Rapid application development
Field report: Rapid application developmentField report: Rapid application development
Field report: Rapid application development
 
Behavior-Driven Development with JGiven
Behavior-Driven Development with JGivenBehavior-Driven Development with JGiven
Behavior-Driven Development with JGiven
 
Externalized Spring Boot App Configuration
Externalized Spring Boot App ConfigurationExternalized Spring Boot App Configuration
Externalized Spring Boot App Configuration
 
Managing short lived Kubernetes (Production) deployments
Managing short lived Kubernetes (Production) deploymentsManaging short lived Kubernetes (Production) deployments
Managing short lived Kubernetes (Production) deployments
 
Docker in Production at the Aurora Team
Docker in Production at the Aurora TeamDocker in Production at the Aurora Team
Docker in Production at the Aurora Team
 
DevOps Journey of Foundational Services at Haufe
DevOps Journey of Foundational Services at HaufeDevOps Journey of Foundational Services at Haufe
DevOps Journey of Foundational Services at Haufe
 
New Serverless World - Cloud Native Apps
New Serverless World - Cloud Native AppsNew Serverless World - Cloud Native Apps
New Serverless World - Cloud Native Apps
 
Microservice Transformation of the Haufe Publishing System
Microservice Transformation of the Haufe Publishing SystemMicroservice Transformation of the Haufe Publishing System
Microservice Transformation of the Haufe Publishing System
 
Haufe's Tech Strategy In Practice
Haufe's Tech Strategy In PracticeHaufe's Tech Strategy In Practice
Haufe's Tech Strategy In Practice
 
Kubernetes Intro @HaufeDev
Kubernetes Intro @HaufeDev Kubernetes Intro @HaufeDev
Kubernetes Intro @HaufeDev
 
Reactive microservices
Reactive microservicesReactive microservices
Reactive microservices
 

Recently uploaded

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 

Recently uploaded (20)

best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 

API Management with wicked.haufe.io

  • 1. API Management with wicked.haufe.io Microservices Architecture Day, November 22 Martin Danielsson (@donmartin76) dev.haufe.com github.com/Haufe-Lexware, github.com/DonMartin76 @HaufeDev -Lexware
  • 2. 1 Intro – API Management Why would you need and want API Management?
  • 3. What does it do? Provide discoverability and self-service Access to APIs for developers easily and automatically Monitor traffic to provide Usage Insights for individual apps and APIs. Who is using what how much? Protect the API from misuse by providing Security e.g. by wrapping it in security procedures and policies. Protect the runtime with Traffic Control e.g., by throttling for mobile apps Use API Management to Decouple the inside from the outside, keeping interfaces (APIs) stable | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 3
  • 4. API Management Key Components API Portal API Owners, Developers, Admin Developer Self-Service End User Service Endpoints http://www.apiacademy.co/resources/api-management-101-api-management-basics/ | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 4
  • 5. Our (API) Approach @Haufe Don’t centralize Group APIs by functionality Let teams work independently, as long as they follow our API Styleguide Choose API Management by use case, not by dogma Automate (Build, Test, Deploy,…) | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 5
  • 6. Use Cases SPA M2M Mobile Don’t search for the “One to rule them all” Instead, go for “Good enough” And not to forget “Evolutionary refinement” | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 6
  • 7. 2 wicked.haufe.io Open Source API Management - based on Mashape Kong
  • 8. 29.11.2016 API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin Danielsson8
  • 9. wicked.haufe.io - Features 29.11.2016 API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin Danielsson9 “Normal Features” API Gateway (Kong) Rate-Limiting, CORS,… API Keys OAuth 2.0 Support Developer Portal, Self Signup Social Logins, ADFS Login Swagger UI/OpenAPI Collaboration Features Authorization Servers… “Unique Selling Points” Built to run in docker Deployable on any premise Configuration as Code Immutable Servers Built for CI/CD Multi-Environment Support Fully Open Source Flexible and Extensible Awesome logo (thanks, Olaf!)
  • 10. Main Use Cases - Machine to Machine | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 10 Consumer APIGateway Backend Service X-ApiKey:abd82636d… X-Consumer-CustomId:consumer1 Also works with the OAuth 2.0 Client Credentials Flow
  • 11. API Keys or OAuth 2.0 Client Credentials Machine to Machine - When to use? | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 11 Trusted Consumers Server Side Communication End User not relevant (or already authN/Z’d)
  • 12. User-Agent (Browser) Use Case - Single Page Application (SPA) with Backend API | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 12 Backend API AJAX/CORS Call Is it really the SPA making those calls? User Identity? Consumer (SPA)
  • 13. User-Agent (Browser) SPA - OAuth 2.0 Implicit Flow | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 13 Backend API APIGateway Authorization:Bearerabd83634... X-Authenticated-Userid:donmartin76 X-Consumer-Custom-Id:spa-consumer Consumer (SPA)
  • 14. User-Agent (Browser) How do we get an Access Token? (OAuth 2.0 Implicit Flow) | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 14 Consumer (SPA) API Gateway AuthZ Server Consumer (SPA) Browser Redirect (302) Server Side Call Authorize Access Token https://yourcompany.com/spa/#access _token=abd83634... https://api.yourcompany.com/au th/api?client_id=23876d7828db. ..&response_type=token
  • 15. Authorization Server - What does it do? | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 15 “WHO?” Authenticate: Establish Identity Can delegate to dedicated Identity Provider: Google, Twitter, Atlantic SSO,… “WHAT?” Authorize: What is the User Allowed to Access? Check Licenses, User Groups, Authorized Scopes... Sometimes: Authentication == Authorization ACCESS TOKEN
  • 16. User-Agent (Browser) Actual Sequence - Atlantic as IdP 29.11.2016. API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 16 Consumer (SPA) AuthZ Server Atlantic Login AuthZ Server Consumer (SPA) License Server,... https://yourcompany.com/spa/#access _token=abd83634...
  • 17. 3 DEMO TIME! Open Source API Management - based on Mashape Kong
  • 18. Deployment Architecture 29.11.2016. API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 18 HAPROXY PORTAL+ AUTH S. KONG API SSLTERM. SPA
  • 19. Demo Prerequisites 2 Docker Hosts on Azure - API Management (DS_1) - API Backend (DS_1) Google+ Web App Credentials Client ID and Secret GitHub Web App Credentials Client ID and Secret SAML SP Registration with Atlantic (Integration Instance)  Thanks, Dan! APIm Configuration: - DNS entry - Let’s Encrypt Certs - GitHub Login 1-2 hours 29.11.2016 API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 19
  • 20. 29.11.2016. API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 20
  • 21. Authorization Server functionality (for Implicit Grant) | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 22 Authorization Server Provide a normalized profile (via CORS or OpenID Connect*) Decouple Authentication from Application (“WHO?”) Refresh Access Tokens via heartbeat (via CORS, NON STANDARD) Decide on Authorization (if needed) (“WHAT”?)
  • 22. OAuth 2.0 - The standard flows 29.11.2016. API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 23 Client Credentials Grant Machine to Machine Implicit Grant For Mobile and SPAs (public clients) Resource Owner Password Grant For Mobile, trusted Apps Authorization Code Grant Web Sites, Mobile, to let 3rd Parties access your data on your behalf
  • 23. 4 API Management Challenges Some of them, not all
  • 24. Requirements and Architectural Decisions • What goes into APIm? • What goes into the backend? • Which are the Reqs for APIm? Project specific! Deployment and Automation • go.cd Pipeline design • Automation and Deployment scripts • Adapting APIm to our Architectural Principles Evangelizing • Why APIs? Why API Management? • Longer term benefits • Opening up, enabling, composing | 29.11.2016 | API Management -- wicked.haufe.io -- Microservices Architecture Day -- Martin DanielssonSeite 25
  • 27. Links to wicked.haufe.io Microsite for “marketing”: http://wicked.haufe.io Main Github site: https://github.com/Haufe-Lexware/wicked.haufe.io Sample wicked portal: https://wicked-demo.haufe.io Sample Authorization Server implementations: https://github.com/Haufe-Lexware/wicked.auth-passport (Social Logins) https://github.com/Haufe-Lexware/wicked.auth-saml (SAML SSO) https://github.com/Haufe-Lexware/wicked.auth-adfs (ADFS federation) Sample SPA/API Application “markdown-notes”: https://github.com/DonMartin76/markdown-notes

Editor's Notes

  1. Just some aspects of it. There are more, depending on your use cases. Monetizing your assets is not something we focus on right now. Decoupling is, because it gives you freedom to act.
  2. Basically, it‘s a gateway and a portal (and sometimes not even that).