Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Â
Role of Rest vs. Web Services and EI
1. Role of REST Vs. Web Services &
Enterprise Integration
Hiranya Jayathilaka
Associate Technical Lead
PMC Member (Integration Technologies)
2. A Word About WSO2
⢠Founded in 2005 by acknowledged leaders in XML, Web Services
technologies & standards and open source. Primary contributors to
Apache Web Services projects started in 2001.
⢠Producing entire middleware platform 100% open source under the
Apache license.
⢠Business model is to sell comprehensive support & maintenance for
our products.
⢠Technology OEMâd by IBM, Progress, Software AG, Alcatel, EMC and
CA.
⢠Venture funded by Intel Capital and Quest Software
⢠Global corporation with offices in Palo Alto (USA), Portsmouth (UK)
and Colombo (Sri Lanka).
⢠150+ employees and growing.
3. What is REST?
⢠REpresentational State Transfer
⢠Lightweight, client-server architecture
⢠Interactions are based on the transfer of
resource state representations
⢠Systems exchange state representations and
perform application state transitions
⢠Mostly implemented using HTTP
4. Richardson Maturity Model
Level 3: Hypermedia Controls
⢠Hyper text as the engine of application state
Level 2: HTTP Verbs
⢠Many URIs, each supporting multiple HTTP methods
Level 1: Resources
⢠Many URIs, one HTTP method
Level 0: XML Over HTTP
⢠One URI, one HTTP method
5. An ExampleâŚ
⢠Learning Management System for a college
⢠A number of fundamental concepts
â Student
â Course
â Teacher
⢠In a RESTful design these concepts are likely to
become the âresourcesâ managed by the LMS
6. The âStudentâ Resource State
⢠Name
⢠Age
⢠Registration number
⢠GPA
⢠Date of birth
⢠Contact information
9. Representational State Transfer
⢠Clients and servers interact with each other by
exchanging
â Resource state representations
â Other control information
⢠Applications are state machines
â Exchange of resource state representations and
control information can result in application state
transitions
11. REST Today!
⢠Developers and architects realize the power of
REST and appreciate its lightweight nature
⢠Lots of tools, libraries and frameworks to
make RESTful development easier
⢠Well suited for modern IT trends
â Mobile apps
â Rich web applications
â Social media
12. Nothing But REST?
⢠Most organizations have already invested
heavily in IT and have adopted countless
technologies
â Legacy systems
â J2EE, .NET, LAMP
â CORBA, DCOM, RPC, SOAP
â ⌠and much more
⢠Replacing these existing systems is risky and
ridiculously expensive
13. REST in Peace, SOAP?
⢠Not in our wildest dreams
â New WS-* standards introduced frequently
â Many developer friendly tools and frameworks
â Comprehensive and highly interoperable platform
â Sponsorship of many large scale software vendors
⢠SOAP, WSDL, WS-*, BPEL â They are all here to
stay (at least for the foreseeable future)
â REST will continue to be dominant in the public
web API space
15. Moral of the StoryâŚ
⢠Replacing existing technologies is not easy
⢠Every technology has its own strengths and
weaknesses
â Despite its arcane terminology, the structured
description capabilities of the WSDL standard is
being praised even by hard-core fans of REST
â No technology can be designated âuniversally
superiorâ
16. Coexistence over Conquest
⢠RESTful applications should play nice with
other technologies
⢠Need powerful integration mechanisms
between REST and other technologies (most
notably SOAP)
⢠Design applications in a manner so that the
weaknesses of one technology is
complemented by the strengths of another
â Best of both worlds scenario
17. Key to Success
⢠Organizations that have realized the value of
âcoexistence over conquestâ have reaped
fruitful results
â Amazon
â eBay
â Google
⢠Opens up the business for all types of
developers and clients
â Breaks down barriers for technology adoption
18. Good Times for Developers!
⢠Adding REST support to an existing enterprise
architecture creates many interesting problems
and lucrative opportunities for developers
â Developing RESTful applications
â Integrating REST applications with the ârestâ
â Exposing existing services over REST
â Security
â Provisioning
â Monitoring and usage tracking
⢠âDevelopers are the new king makersâ â James
Governor
19. Developing RESTful Applications
⢠Can be done with any web development
technology
â HTML, PHP, ASP, CGIâŚ
⢠Servlets and JSP are popular in the Java world
⢠JAX-RS catching up fast
â Apache Wink
â Apache CXF
â WSO2 Application Server
21. Exposing Existing Services Over REST
⢠Use the tried and tested
gateway pattern Consumers
⢠Lock down all the
implementation details
of the backend systems
behind an API gateway REST API
and expose a clean Gateway
REST API
⢠Pay attention to the
number and granularity Backend
of exposed operations Services
24. Basic Features of an API Gateway
⢠Transport switching
⢠Message transformation and content
negotiation
⢠Lightweight orchestration
⢠High performance (low latency mediation)
⢠Monitoring
25. Security
⢠More exposure = More vulnerabilities
⢠Access to critical business applications must
be secured at API gateway level
â Do all security checks as early as possible
⢠Use HTTP friendly security mechanisms
â Basic Auth
â OAuth
30. Managing System Load
⢠RESTful applications are usually lightweight and
fast â But your backend services may be not
⢠Track the usage of REST APIs at the gateway and
turn down requests if the load becomes too high
â If the APIs are restricted to a particular group of
clients, consider implementing some IP based
throttling mechanism
â Use time based throttling to prevent legitimate clients
from overwhelming a service
33. Caching
⢠Another very effective way of reducing the
overhead on backend services
â Cache as many responses as possible in the
gateway and try to minimize calling backend
services
⢠Added benefit: Improved performance (better
user experience)
⢠Need to have proper cache invalidation
mechanisms in place
35. API Provisioning
⢠REST integration is not a one-off activity. Once
adopted you will be doing it for the ârestâ of
your working life.
⢠Should be able to easily add new REST APIs to
the API gateway
â Ideally should be a single click operation
â Should not result in a downtime of existing APIs
⢠REST API governance
38. Monitoring & Usage Tracking
⢠Log and record all accesses to your exposed
RESTful interfaces at the API gateway
â Both valid and invalid accesses
â At very least have a HTTP access log
⢠If you already have a monitoring system in
place, integrate it with the API gateway
â Syslogs, JMX, BAM
⢠KPI monitoring and SLA monitoring
⢠Tracking API usage
39. What to Do with Collected Data?
⢠Periodic audits
⢠Dashboards and reports
â For both API providers and API consumers
⢠Capacity planning and traffic engineering
⢠Vulnerability detection
⢠Marketing and promotional activities
43. API Monetization
⢠Turning inbound API calls into cash
⢠Prevent third parties from making profits out of
your APIs - Prevent disenfranchisement
⢠Provide a monitored sandbox environment where
third parties can develop applications using your
APIs
â Close off or restrict access to the APIs from outside
the sandbox environment
â Have a robust model for reviewing, approving and
publishing third party applications
44. Your Business as a Service
App App App App
PaaS for Managed Third Party Apps
(WSO2 Stratos)
API (WSO2 API Manager)
Services, Processes, Applications, Data
(Business IT Assets)
45. Summary
⢠What is REST?
⢠REST vs. SOAP and other technologies
⢠Exposing existing systems over REST â API
gateway pattern
⢠Techniques for securing, provisioning and
managing REST APIs
⢠API monetization
46. Resources
⢠REST and API management with WSO2 ESB (Webinar):
http://www.youtube.com/watch?v=YNfa88-DWQU
⢠ESB Tipcs & Tricks: Introduction to REST APIs (Blog):
http://techfeast-hiranya.blogspot.com/2012/04/wso2-esb-tips-
tricks-09-introduction-to.html
⢠REST API samples (Documentation):
http://docs.wso2.org/display/ESB403/Sample+1+Introduction+to+R
EST+API
⢠Introduction to AppFactory (Blog):
http://blog.cobia.net/cobiacomm/2012/04/16/what-is-wso2-
appfactory/
⢠WSO2 API Manager beta program (Press Release):
http://wso2.com/about/news/wso2-begins-recruiting-beta-
customers-for-new-wso2-api-manager-product/
48. WSO2 Engagement Model
⢠QuickStart
⢠Development support
⢠Development services
⢠Production support
⢠Turnkey solutions
â WSO2 Mobile Gateway Solution
â WSO2 FIX Gateway Solution
â WSO2 SAP Gateway Solution
