[Workshop] Managing the API lifecycle with Open Source Technologies

1. Managing the API lifecycle with Open Source Technologies Rohitha Liyanagama Director - Solutions Architecture, WSO2

2. Open Source Softwares https://opensource.org/

3. Open Source Softwares - Today ● Linux open source operating systems run on 65% of all servers in the world. ● Nearly 80% of companies run part or all of their operations in open source. ● 92% of applications contain open source libraries. ● 65% of companies leverage open source software to speed application development. ● 67% of companies encourage their developers to actively contribute to open source software. Sources - 2018 TIDELIFT PROFESSIONAL OPEN SOURCE SURVEY, Black duck survey,

4. Open Source Softwares - Contributions from Software giants. (Github 2018) Rank Company Employees Contributing 1 Microsoft 4,550 2 Google 2,267 3 Red Hat 2,027 4 IBM 1,813

5. Open Source Softwares - Contributions Microsoft's GitHub open source code contributions since 2014. (Source: Microsoft Open Source Virtual Conference keynote talk of Sept. 13, 2018)

6. Why we consider Open Source ? ● Freedom from vendor lock-in ● Freedom to examine the source code (and make changes if necessary?) ● Test or Experience products without a subscription/for free ● Velocity for innovation: Easily extend the product based on your requirement (Flexibility) ● Full feature availability: Try out as is ● Licensing costs are often less than closed source vendors (+ lower initial costs and ongoing support costs)

7. Why do you need API Management? Image source: blog.dailysteak.co

8. APIs are essential to address the problem of app explosion ● Demand for consumption is on the rise. (easier/convenient ways to consume information and services). ● Demand for consumption is driving digital transformation. ● Digital transformation creates opportunity for $$. ● APIs are the key to enabling digital transformation.

9. What do you need from an API Management System? 1. Creating and publishing APIs. 2. API security and rate limiting. 3. Platform for discovering, searching and consuming APIs. 4. API governance and lifecycle management. 5. API analytics, specialization and evolution.

10. Open Source API Management Solutions

11. Open Source API Management - Vendors ● API Umbrella ● WSO2 ● Gravitee ● Tyk ● Kong Community Version ● Swagger and Open API ● Fusio ● APIMan

12. Open Source API Management - Offerings ● Open source gateway while other components remain proprietary. ● Complete API lifecycle management including all components. ● Some solutions offer community version which is open source while they have different commercially support version.

13. Our Experience

14. #1 6th Open Source Integration Vendor Largest Apache Committer Largest Open Source Vendor 6th WSO2: Helping Digitally Driven Organizations Implement API Strategy

15. Integrated, Open Source Products Common architecture, common code base IDENTITY & ACCESS MANAGEMENT Secure and federated identity for integration Federates and manages identities across both cloud service and enterprise environments ● Identity management ● Identity federation ● Authentication ● Authorization 75M identities managed API MANAGEMENT API design, creation, reuse, governance, and analytics 200K APIs connecting 20K orgs Addresses full API lifecycle management operations. Open, extensible, customizable. ● API analytics ● API designer ● API gateway ● API microgateway ● API publisher ● API storefront/marketplace ● API repository/registry ANALYTICS & STREAMING Streaming data for real-time analysis 100K+ TPS Interprets data-in-motion enabling streaming events to be integrations and trigger events ● Siddhi ● Dashboard portal ● Business rules ● Stream processor runtime ● Development environment ENTERPRISE INTEGRATION Quick, iterative integration of any app, data, or system 6 trillion transactions / yr Hybrid integration platform for quick, iterative integration of any application, data, or system. ● Data integration ● ESB ● Integration designer ● Message broker ● Workﬂows

16. WSO2 API Manager Design, create, publish and manage APIs to unlock the true value of your digital assets

17. WSO2 API Manager ● Available as a single downloadable package ● Available as a cloud / SaaS solution ● Flexible deployment choices ● High performance gateway ● API governance, marketplace solution

18. Cloud First or Start On-Prem ● Multi-tenanted, shared everything ● WSO2 Hosted and managed ● Pay as you go ● Multi-region availability ● Hybrid API Management ● VPN tunnel to private DC ● Guaranteed uptime ● Limited options in customizing ● Privately hosted ● WSO2 managed ● Upgrades, patches installation ● Guaranteed uptime ● Full ﬂexibility in customization ● Better control ● Self hosted ● Self managed ● Full ﬂexibility ● Dev-ops learning curve ● Self managed upgrades http://wso2.com/api-management/cloud/ https://docs.wso2.com/display/ManagedCl oud/WSO2+Managed+Cloud+Documenta tion

19. Componentized

20. Creating an API Designing or Publicizing an API 20

21. ● Start with an existing endpoint/contract or design and prototype a new API ● Exposing SOAP services (convert to REST or as a passthrough) ● Exposing streaming APIs (Websocket endpoints) Creating APIs

22. ● API Design - Over the wizard & with swagger Creating APIs

23. ● Message manipulation, transformation and enrichment ● WSO2 developer studio based tooling ● Wizard based mediation policy application Message mediation

24. Publishing an API Enforcing Security and SLAs 24

25. ● Protecting for applications and users ● Controlling access and entitlement with scope ● Multi-Tier subscription model Protecting APIs

26. Protecting APIs

27. ● Tier based simple model ○ Application developer selects the tier at app registration ○ Each tier is tied to a policy that describe the quota ○ Tiers can be applied at the application, API or at the API resource level ● Advance rule based models ○ Policies containing IP conditions, message attribute based conditions, transport header based conditions ○ Complex real time pattern based conditions Trafﬁc Management

28. Trafﬁc Management

29. ● Manage stages of an API ● Manage associated states ● Create a new version from an existing ● Audit changes to lifecycle states ● Support for custom lifecycles API Lifecycle Management

30. Consuming an API The developer portal / marketplace 30

31. ● Searchable (with context) - by name, tag, description, author etc. ● Social features: tagging, commenting, rating ● Minimalistic forum ● Themeable: change color, logo, view ● Conﬁgure alerts for application developers ● Application based API analytics ● OAuth2 application management ● API Monetization The Developer Portal

32. Monitoring an API Analytics and Insight 32

33. ● Analytics dashboard on API stats ○ API Usage / Response times / Backend latency / Geo-location etc ● Stats on Applications for application owners (subscribers) ● Stats on subscriptions API Analytics: Batch

34. ● Leverages real-time analytics streaming engine ● Used for various alerting use-cases ○ Fraudulent access token usage ○ Keeping API developers alerted on backend performance issues ○ Alerting on SLA violations ○ Alerting on tier crossing for subscriptions ● Detect trends ● Detect API call sequences that needs to be blocked ● Detect non-usage scenarios API Analytics: Realtime

35. API Security • Trusted Sub-systems – Mutual TLS – Basic Authentication • Delegated Authentication – OAuth2.0 • Authorization – OAuth2.0 Scopes – OIDC – XACML • CORS

36. Demo

37. THANK YOU wso2.com

[Workshop] Managing the API lifecycle with Open Source Technologies

Du liest eine Vorschau.

Hier ansehen

[Workshop] Managing the API lifecycle with Open Source Technologies

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie [Workshop] Managing the API lifecycle with Open Source Technologies (20)

Weitere von WSO2 (20)

Aktuellste (20)