3. INTEGRATION SUMMIT 2019
- High traffic
- Self contained access tokens to secure the API
- Dynamic routing for product discovery
- Custom response caching requirements
- API Shaping to minimize mobile bandwidth usage
- Additional API gateway for internal users
Product API
GATEWAY
4. INTEGRATION SUMMIT 2019
- Medium traffic
- Mutual TLS and OAuth 2.0 to secure the APIs
- Custom response caching requirements
- Different API mediations
Order API Payment API
GATEWAY
5. INTEGRATION SUMMIT 2019
- Low traffic
- Basic Auth to secure the API
- Private API
- Different API mediations
Inventory API
GATEWAY
7. INTEGRATION SUMMIT 2019
TRAFFIC MANAGER
API PUBLISHER
DEVELOPER PORTAL KEY MANAGER
GATEWAY
API PROVIDERS
API CONSUMERS
API CONSUMERS
Publish
API
Push to
Store
Publish
throttling
policies
Update gateway
Access token
generation request
Key
Validation
API
Invocation
SERVICE IMPL
Subscribe
to API
9. INTEGRATION SUMMIT 2019
Some key concerns...
- Different resource usages
- Different Security enforcements
- Dynamic routing
- API mediation and transformation
- API Shaping
- Response Caching
- Private vs Public APIs
- API Gateway per department/unit
12. INTEGRATION SUMMIT 2019
Some Key Requirements for Decentralizing APIs
- API Security
- Rate limiting
- API Discovery
- Analytics & Traffic Monitoring
- API Monetization
- API Mediation
14. INTEGRATION SUMMIT 2019
API Security
● Authentication
○ Security latency should be minimum
○ Security in locked down environments
○ Use of Self contained access tokens
● Authorization
○ Scope validation
○ API subscription validation
○ Other fine grained access controls
15. INTEGRATION SUMMIT 2019
Rate Limiting
● Throttling happens at
○ API level
○ Application level
○ Resource level
● Use of Traffic Manager
17. INTEGRATION SUMMIT 2019
Developer first approach
● Skip API Publisher
● Skip Developer Portal
● Use of JWT to secure the API
API MICROGATEWAY
Swagger
18. INTEGRATION SUMMIT 2019
API Discovery
● API visibility in Developer Portal
○ Public
○ Restrict by role
● Publish API to developer portal from API
Microgateway
19. INTEGRATION SUMMIT 2019
Analytics and Traffic Monitoring
● File based analytics
data recording
● Upload data zip files
to Analytics servers
● Summarize analytics
data in Analytics
servers
29. INTEGRATION SUMMIT 2019
Challenges with Microservices
- Secure communication between services
- Analytics, tracing and monitoring
- Disaggregation of architecture increases the number of
endpoints
- Communication among these endpoints will be a key
challenge
- Service discovery
- Network resiliency
- End to end authentication
31. INTEGRATION SUMMIT 2019
Service Mesh
A service mesh is a dedicated infrastructure layer that
controls service-to-service communication over a network.
It provides a method in which separate parts of an
application can communicate with each other.
source:techtarget.com
34. INTEGRATION SUMMIT 2019
When is API Management required in a Service
Mesh
- When users need to expose microservices to outside in
a secured and a controlled manner
- When fine grained security should be enforced on APIs
exposed
- When stats need to be collected on API usage for
monetization and billing
- When it is required to offer a marketplace for APIs for
easy discovery and adoption
35. INTEGRATION SUMMIT 2019
WSO2 API Management for Istio, Service Mesh
Source: https://wso2.com/api-management/microservices/istio/