Weitere ähnliche Inhalte Ähnlich wie Getting Started with API Management – Why It's Needed On-prem and in the Cloud (20) Mehr von Revelation Technologies (20) Kürzlich hochgeladen (20) Getting Started with API Management – Why It's Needed On-prem and in the Cloud1. ODTUG Kscope22
June 22, 2022
9:00am CST
San Antonio 2
Getting Started with API Management
Why It’s Needed On-Prem and in the Cloud
3. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 3 of 54
@Revelation_Tech
About Me
Ahmed Aboulnaga
• Master’s degree in Computer Science from George Mason University
• Recent emphasis on cloud, DevOps, middleware, security in current projects
• Oracle ACE Pro, OCE, OCA
• Author, Blogger, Presenter
• @Ahmed_Aboulnaga
4. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 4 of 54
@Revelation_Tech
What This Presentation Will Cover
API Concepts API Management
Concepts
API Management
Products & Services
APIs
REST
cURL
API Management
API Gateway
WSO2 API Manager
Oracle API Gateway
1 2 3
1a
1b
1c
2a
2b
3a
3b
6. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 6 of 54
@Revelation_Tech
What is an API?
• Application Programming Interface
• Nowadays, when APIs are mentioned, it typically refers to web APIs
• REST and SOAP web services expose application data and functionality
over the internet
7. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 7 of 54
@Revelation_Tech
What is an API?
• All cloud vendors provide some type of API to their services
• This allows for programmatic access to cloud services
• A basic understanding of cURL, REST, and JSON is helpful
• Most cloud providers use the REST architectural style for their APIs
Client REST API Backend System
JSON / XML
GET / POST / PUT / DELETE
8. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 8 of 54
@Revelation_Tech
CLIENT TOOLS – EXAMPLES OF OPTIONS
9. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 9 of 54
@Revelation_Tech
Sample REST Call using SoapUI
• Popular web service client
• Support SOAP and REST
• Free version available
• www.soapui.org
https://api.agify.io?name=ahmed
10. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 10 of 54
@Revelation_Tech
Sample SOAP Call Using SoapUI
• Includes support of functional testing, service simulation, and load testing
http://webservices.oorsprong.org/websamples.countryinfo/CountryInfoService.wso?WSDL
11. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 11 of 54
@Revelation_Tech
Postman
• Popular API client
• Free version available
• www.postman.com
• Numerous features that include:
‒ Create API documentation
‒ Automated testing
‒ Design and mock APIs
‒ Monitor APIs
‒ Etc.
12. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 12 of 54
@Revelation_Tech
cURL
• Open-source command-line tool
• Supports more than 22 different protocols
(e.g., HTTP
, HTTPS, FTP
, etc.)
• For HTTP
, supports all methods (e.g., GET,
POST, PUT, DELETE, etc.)
• Very useful for testing RESTful web services
• Other advanced tools available include
Postman, SoapUI, Oracle SQL Developer,
etc.
Example service:
https://api.weather.gov/alerts/active?area=MI
14. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 14 of 54
@Revelation_Tech
What is REST?
• REpresentational State Transfer
• Architectural style for distributed hypermedia system
• Proposed in 2000 by Roy Fielding in his dissertation
• Web Service implemented with REST is called RESTful web service
• REST is not a protocol like SOAP
, but rather an architectural style
• REST services typically use HTTP/HTTPS, but can be implemented with other
protocols like FTP
15. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 15 of 54
@Revelation_Tech
REST Architectural Considerations
Uniform interface: Easy to understand and readable results and can
be consumed by any client or programming language over basic
protocols
URI-based access: Using the same approach to a human browsing a
website where all resource are linked together
Stateless communication: Extremely scalable since no client context is
stored on the server between requests
16. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 16 of 54
@Revelation_Tech
REST Methods
• The HTTP protocol provides multiple methods which you can utilize for RESTful
web services
• The table maps the HTTP method to the typical REST operation
• Some firewalls may limit some HTTP methods for security reasons
HTTP Method REST Operation
GET Read
POST Create
PUT Update
DELETE Delete
OPTIONS List of available methods
HEAD Get version
PATCH Update property/attribute
Most common
in web
applications
Most common in
REST to provide
CRUD
functionality
17. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 17 of 54
@Revelation_Tech
Resources
• Requests are sent to resources (i.e., URLs)
• Each resource represents an object which identified by a noun (e.g., employee, etc.)
• Each resource has a unique URL
• When performing a POST (create) or PUT (update), you must pass additional values
Resource HTTP Method REST Output
https://hostname/hr/employee GET Retrieve a list of all employees
https://hostname/hr/employee/12 GET Retrieve details for employee #12
https://hostname/hr/employee POST Create a new employee
https://hostname/hr/employee/12 PUT Update employee #12
https://hostname/hr/employee/12 DELETE Delete employee #12
https://hostname/hr/employee/12/address GET Retrieve address for employee #12
18. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 18 of 54
@Revelation_Tech
HTTP Response Codes
• HTTP response codes determine the overall response of the REST invocation
HTTP Code Status Description
2XX (200, 201, 204) OK Data was received and operation was performed
3XX (301, 302) Redirect Request redirected to another URL
4XX (403, 404) Client Error Resource not available to client
5XX (500) Server Error Server error
19. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 19 of 54
@Revelation_Tech
What is JSON?
• JavaScript Object Notation
• Pronounced “Jason”
• An object surrounded by { }
• An array or ordered list
• REST can support both JSON and XML
• Less verbose than XML, but lacks metadata support
//JSON Object
{
"employee": {
"id": 12,
"name": "Kobe",
"location": "USA"
}
}
//JSON Array
{
"employees": [
{
"id": 12,
"name": "Kobe",
"location": "USA"
},
{
"id": 13,
"name": "Jordan",
"location": "Canada"
},
{
"id": 14,
"name": "Barkley",
"location": "USA"
}
]
}
20. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 20 of 54
@Revelation_Tech
WHAT IS API MANAGEMENT?
21. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 21 of 54
@Revelation_Tech
Industry Definition of “API Management”
“Organizations are implementing strategies to manage APIs so
they can respond to rapid changes in customer demands”
“Gives enterprises greater flexibility when reusing the
functionality of API integrations and helps save time and money
without trading off security”
“Modernize legacy applications, move to the cloud, create new
products, integrate with Salesforce and SAP, and much more”
“Accelerate innovation in today’s rapidly changing marketplace”
22. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 22 of 54
@Revelation_Tech
What is API Management?
• Unified API Management Solution
• For public and private APIs
• Centralizing control (e.g., access
control)
• Rate limiting and usage policies
• Analytics
• Monetization
https://www.altexsoft.com/blog/api-management/
23. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 23 of 54
@Revelation_Tech
API Management Tools – A Gartner Definition
• What does a comprehensive API Management tool consist of?
‒ Supports all stages of the API lifecycle, namely: planning and design, implementation and
testing, deployment and exploitation, and versioning and retirement
‒ Some vendors of API Management solutions specialize only in subsets of the API lifecycle,
such as API gateways and testing, while others focus on the entire lifecycle
• Comprehensive API management tools typically include support in the following:
https://medium.com/transparent-data-eng/best-api-management-tools-2021-c03344dbd63b
Functional Area Description
Developer Portal
Self-service, fully unified catalog of APIs in which you can enable and manage the ecosystems of
developers who create and use APIs
API Gateway Management of the runtime environment, monitoring of security and API usage
Policy Management & Analytics Security configuration, mediation, and analysis of actual use of APIs
API Design & Development Toolkit for designing and creating APIs and integrating APIs on existing systems
API Testing From basic mock tests to advanced functional, performance, and security tests
24. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 24 of 54
@Revelation_Tech
API GATEWAYS – THEIR ROLE IN API MANAGEMENT
25. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 25 of 54
@Revelation_Tech
What is an API Gateway?
• Sits between a client and a collection of backend services
• Acts as a reverse proxy to accept all API calls, aggregate the various services required to
fulfill them, and return the appropriate result
• Handles common tasks such as user authentication, rate limiting, and statistics
• When should you use an API Gateway?
‒ To provide a single, unified API entry point across
‒ To protect your APIs from overuse and abuse (using authentication and rate limiting)
‒ To understand how people use your APIs (using analytics and monitoring)
‒ To monetize APIs
‒ In a microservices architecture (a single request could require calls to dozens of distinct applications)
26. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 26 of 54
@Revelation_Tech
Challenges
• Web services are the primary mechanism for applications and systems
to interoperate, communicate, and exchange data messaging
• Web services are the foundation for system-to-system communication
• Many organizations have unmanaged, insecure, and direct access by
developers to backend web services
?
Number of web services
(i.e., APIs)
?
Type of web service
security deployed
?
Usage, SLA, and
reuse metrics
PROBLEMS
Web App Java
Web Service Fusion Apps
Web Service Salesforce Web Service PayPal
Web App Java Web App Java
27. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 27 of 54
@Revelation_Tech
Benefits of an API Gateway
• Introduce a gateway to virtualize and abstract all backend web
services
• Provides a consistent mechanism to secure and track web
services
Benefits
▪ Increase security through
modern and standardized
implementation of API security
for all LANL web services
▪ Avoid open/direct access to
backend services
▪ Centralized catalog of published
APIs
▪ Maximum investment through
service reuse
▪ Threat/bot/DDOS detection
Web App Java
Web Service Fusion Apps
Web Service Salesforce Web Service PayPal
Gateway
29. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 29 of 54
@Revelation_Tech
WSO2 API Manager
• WSO2 API Manager Version 4.1.0
• Open-source, enterprise-grade API management for on-premises, cloud, and
hybrid architectures
• Provides gateway capabilities
• wso2.com/api-management
30. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 30 of 54
@Revelation_Tech
WSO2 API Manager – Creating an API
31. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 31 of 54
@Revelation_Tech
WSO2 API Manager – Configuring an API
32. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 32 of 54
@Revelation_Tech
WSO2 API Manager – API Catalog
33. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 33 of 54
@Revelation_Tech
WSO2 API Manager – Overview of API
34. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 34 of 54
@Revelation_Tech
WSO2 API Manager – Testing the API with cURL
34
35. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 35 of 54
@Revelation_Tech
WSO2 API Manager – Testing the API with SoapUI
36. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 36 of 54
@Revelation_Tech
ORACLE API GATEWAY (CLOUD)
37. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 37 of 54
@Revelation_Tech
Oracle API Gateway
• Not to be confused with the legacy, on-prem Oracle API Gateway product
• Cloud-based service to publish APIs with private endpoints that are accessible internally
• Integrated with Oracle Cloud Infrastructure Identity and Access Management (IAM)
• Expose APIs with public IP addresses to accept internet traffic
• Support transformation, CORS, authentication/authorization, and request limiting
• Highly availability
• Single consolidated API endpoint
https://docs.oracle.com/en-us/iaas/Content/APIGateway/Concepts/apigatewayoverview.htm
https://docs.oracle.com/en-us/iaas/Content/APIGateway/home.htm
38. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 38 of 54
@Revelation_Tech
Oracle API Gateway – Cost
39. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 39 of 54
@Revelation_Tech
Oracle API Gateway – Tutorial
https://www.oracle.com/webfolder/technetwork/tutorials/infographics/oci_apigw_gs_quickview/apigw_quickview_top/apigw_quickview/index.html
40. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 40 of 54
@Revelation_Tech
Oracle API Gateway – Location in Console
41. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 41 of 54
@Revelation_Tech
Oracle API Gateway – Create a Gateway
42. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 42 of 54
@Revelation_Tech
Oracle API Gateway – Create a Deployment
43. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 43 of 54
@Revelation_Tech
Oracle API Gateway – Create a Deployment
44. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 44 of 54
@Revelation_Tech
Oracle API Gateway – Gateway Service Details
45. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 45 of 54
@Revelation_Tech
Oracle API Gateway – First Attempt at Calling API
46. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 46 of 54
@Revelation_Tech
Oracle API Gateway – Enable Access & Execution Logging
47. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 47 of 54
@Revelation_Tech
Oracle API Gateway – Add 443 Inbound to Firewall
48. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 48 of 54
@Revelation_Tech
Oracle API Gateway – Using the Correct URL Context
49. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 49 of 54
@Revelation_Tech
Oracle API Gateway – Calling the Original Service
51. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 51 of 54
@Revelation_Tech
Gartner Magic Quadrant: Full Lifecycle API Management
Leaders:
• Google Apigee
• Mulesoft
• IBM
• Axway
• Software AG
• Kong
• Microsoft
52. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 52 of 54
@Revelation_Tech
Where API Gateways Fit in the Overall Architecture
53. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 53 of 54
@Revelation_Tech
Getting Started with Oracle API Gateway
https://docs.oracle.com/en-us/iaas/Content/APIGateway/home.htm
54. © Revelation Technologies Group, Inc. 2022 | All rights reserved. Slide 54 of 54
@Revelation_Tech
Recap
Client Tools
• SoapUI
• Postman
• cURL
Solutions
• API Management
• API Gateway
Products & Services
• WSO2 API Manager
• Oracle API Gateway
Concepts
• API
• REST
• JSON