2. Invention comes in many forms and at many
scales. The most radical and transformative
of inventions are often those that empower
others to unleash their creativity – to
pursue their dreams.
Jeff Bezos
4. The API billionaires
• More than 15 billion calls per day
• More than 1 billion calls per day
• More than 5 billion calls per day
•More than 260 billion objects stored in S3
•More than 1 billion transactions per day
(via WSO2 runtime for API gatewaying)
6. APIs
• An API is a business capability delivered over
the Internet to internal or external consumers
• Network accessible function
• Available using standard web protocols
• With well-defined interfaces
• Designed for access by third-parties
• A Managed API is:
• Actively advertised and subscribe-able
• Available with SLAs
• Secured, authenticated, authorized and protected
• Monitored and monetized with analytics
7. WSO2’s API Management Vision
• Create APIs
• WSO2 Application Server, Data Services Server and
ESB
• Find and subscribe/buy APIs
• API Store and Governance WSO2 API
Management
• Manage, secure and protect APIs
Platform
• API Management and Gateway
• Monitor and Monetize APIs
• API Monitoring and Analytics
• Develop, host and run API-based applications in a
Platform-as-a-Service
• WSO2 App Factory
• Domain Specific PaaS
8. APIs three ways
2. Managing access from inside
the enterprise to cloud APIs
3. Managing cross-department acces
internal APIs
1. Offering external APIs to
partners, mobile apps and
cloud apps
9. WSO2 API Manager 1.0.0
• Launched in August 2012
• Can be installed and deployed:
• as a single JVM for small usage or testing
• as a HA cluster for scalability and failover
• as an EC2 image for cloud deployment
• Runs on the WSO2 Carbon core
• OSGi, modular, robust, scalable, in large scale
production
• Already in production!
10. Not really a 1.0.0 product...
• API Manager leverages WSO2 proven components:
o WSO2 ESB
used as API Gateway by eBay, AAA, and others. eBay
handles > 1 billion API calls/day
o WSO2 Governance Registry
used by British Airways, Intermountain Healthcare, and
many others
o WSO2 Identity Server
used by Citigroup, Federal Home Loan Bank of SF, US
Navy and others
WSO2 Business Activity Monitor
In production at AAA, MA and others
12. Product Features
• API Storefront for subscribers
• Including link to OAuth2 provider for key
issuing
• API Producer back office
• Including publishing lifecycle, versioning, etc
• API Gateway
• OAuth2 token validation
• Throttling and SLA management
• API Monitor
• Monitoring, links to monetization engines
20. Further Details
• Full support for web protocols:
• JSON/HTTP(S), REST interactions
• SOAP/HTTP(S), XML/HTTP(S)
• Non-blocking high-performance HTTP transport handles
thousands of concurrent connections
• API Key Management based on OAuth2
• Get Key (with or without asynchronous approval process)
• Monitoring and analytics
• Latency, Response Time, Failures vs Success, Total
Transactions, Transactions by API Key
• By user specified time period as well as over the last 1m,
5m, 10m, 1hr, 4hr, 8hr, 24hr periods
• Throttling by API and API key
21. Using the API Manager for Mobile
• Supports issuing keys to mobile apps
• Supports JSON/HTTP for simple iPhone/Android apps
• A single key for each app makes life simple and allows
app usage monitoring
• Throttling of different applications protects backend
services from over-eager developers
• Managing side-by-side versions for different versions of
apps in the iPhone or Android AppStore
22. Roadmap Summary
1.0 next
• API Publishing: • Monetization
• Documentation/Samples/SDK/Links to • Improved API experience
external docs
• Embedded API Testing
• Tagging
• Enhanced Self-Registration process
• Track consumers by API
• View Statistics by API
• Additional Collaboration Features
• API LifeCycle Management • Improved administration
• API Subscribing • Custom API LifeCycle
• Search - Rate - Comments • Integration with 3rd party Key
• API Versioning
Management Systems
• Manage multiple APIs via the application
• Integration with 3rd party repositories
concept such as GITHub
• User self-registration • Role-based views for usage reports
• OAuth2 based Key Management • GoogleApps / OpenID based login
• Throttling/SLA Limits per API • Enhanced Throttling Scenarios
• Integration with BAM for API Statistics
• Skinnable UI