2. 2
• O RACL E ACE
• Enterp ris e Arc h itec t
• Au th or of Book “Beginning Oracle
Web Center p ortal 1 2 c”
• O rac le c ertified p ro fes s io n al
• B lo g ger-http ://w w w.tech artifact. com/b logs
• So ftware Con s u ltant
• JAVA EE GUARDI AN
3.
4. SOA – Service Oriented Architecture
4
• SOA is an architectural approach that is about organizing the company into reusable units
of work.
• Loose Coupling -Accessible layer of your source in managed way.
• Promotes interactions via interoperability.
• Allows scalability.
• Service Composability.
• Standardized Service Contract
• Reduced costs.
• …………………………………………………………..
“Build once, reuse everywhere, minimize changes”
8. SOA Challenges for API Economy
8
• Less and slow to Change.
• Good for internal systems.
• Lifecycle is there to stay for long time.
• Drives Agility
• Documentation depends on SOA maturity model.
• Business perception is an IT concern...
• Global standards of security
• Service Lifecycle Management
13. Understand the differences in ESB & APIs
13
Features SOA/ESB APIs & Apps
Core goal Enable Internal developers and systems to connect, while
complying with IT department standards.
Enable developers, either external or internal, to build nifty,
compelling apps, and allow users to run them.
Network Low-latency, trusted. High-latency, untrusted. (Mobile wireless network)
Development Style Deliberate, structured, governed by process. Rapid, iterative, experimental.
Connected
Platform
High-powered server Any connected device
Data Contract Formal, strict. Flexible, dynamic
Data Format XML, JMS, SOAP, EDI, possibly many others. JSON and XML.
Authentication and
Authorization
Internal mechanisms, LDAP Internet standards including OAuth.
Analytics Limited use, secondary importance. primary importance
Data Format XML, JMS, SOAP, EDI, possibly many others JSON and XML
14. Evolution of API management platform
14
API GW / Platform
ESB
BPM/BPEL
15. 15
Digital Ecosystem
15
Integration Vision
Data
Enterprise Service Bus
API Platform (GW)
QOS EnforcementTransformation
Filtering & Routing
Audit & MonitoringSOA Governance
Administration
Security
Monitoring
Governance
Transformation API Lifecycle
Internal
Application
s/
Employees
SPAs
Partners/
Externals
Cloud Apps B2BIOT BlockchainMobile Bots
API Economy
16. Why API Management platform
16
1. Establish a single API “front door”
2. Build an API Facade for existing backend service
3. Add new features to the APIs , such as response caching.
4. Secure and protect published APIs from misuse and abuse
5. Package and publish APIs to developers and partners
6. On Board developers via self service portal
7. Enhance developer experience with beautiful documents, samples, APIs consoles and SDKs.
8. Gain insight into API usage and healths from analytics reports.
9. ………
17. API management platform
17
• API Security - The process of publishing, promoting,
and overseeing APIs in a secure, scalable
environment. Securing API and setting up the
permission around that.
• Developer/Partner management - Ensuring that
developers and partners are productive. Dashboard
for developer and partners to explore APIs and
consume it.
• API administration console- Managing, securing, and
mediating your API traffic. Dashboard for API
manager to control , secure, adding policy and user
management.
• Scalable - Allowing an organization to grow their
API program to meet increasing demands
• Monetization capabilities - Enabling the
monetization of APIs.
API management is about the planning, design, implementation, testing, publication, operation, consumption, maintenance, versioning and
retirement of APIs. It involves use of a developers' portal to target, market to and govern communities of developers who embed the APIs, as well as
runtime management, estimation of API value and analytics.
18. API management platform
18
Governance -
1. Tracking the life-cycle of each API from inception to sun-setting .
2. tracking the API Consumers and subscriptions (relationships)to APIs utilized
3. the API Security Model employed and the details of managing it
4. defines the API interface standards used for creating APIs (an organization's standards for usage of
something like Swagger) in the organization
5. gathering statistics of both the Developer Portal and API Gateway usage
6. utilization-based billing
7. API versioning
8. JSON (or XML) Schema versioning for input and output data structures
21. Oracle API platform Introduction
21
• Oracle API management platform provides full life cycle management in a easiest way
i.e. from API design , implementation, continuous integration , operation,
decommissioning and promotions etc.
• Platform itself built using REST principles. All components and features supports via
REST APIs.
• The platform is modular, hybrid, and highly customizable.
• Supports to integrate with popular tools for REST API economy
• Fits well with Existing or new greenfield technology stack.
• Fully aligned with Microservices Architecture.
• Gateway as a Service (GaaS).
23. Understanding Oracle API CS components
Management Console: This is the place to manage APIs, gateway, user management, security
and configuration and policies. This should be role-based application where roles and
permissions can be managed.
Developer Interface console: A web-based application where developers can search and
subscribe to APIs. This is where all of the API documentation can found and where application
keys are provided after a subscription to an API takes place.
API Gateway: These are the heart of the platform. They enforce/apply the different API policies
to the managed endpoints. These can deployed on premise and cloud infrastructure as well
depending on the use case. For the initial start, it is recommend putting an API Gateway to close
to the enterprise integration layer. The gateway needs to be resilient, performant and highly
available as the APIs will be critical components of the consumer’s digital strategy.
API Design: This provides API First design capabilities and enables document driven API design
approach. This should support global standards of API documentation, i.e. Swagger, API
Blueprint, Open API etc.
Management Portal
Developer Portal
API Gateway
APIARY
24. API First Design- APIARY: Powerful API design Stack
As the importance of API’s increases, more
responsbility lies on those who build and
manage the APIs
Apiary solves fundamental task of API
design & development , by meeting all the
increase expectations and also streamlining
the business process of how work get done.
25.
26. Apiary : API life cycle
• Building great APIs is all about effective collaboration.
• App developers, testers, architects, product managers,
clients, and partners all bring unique perspectives to
the design of your APIs.
• To be successful, your team needs to make sure every
stakeholder has a say
28. Apiary : Style Guide
API style guide helps everyone to adhere to basic API design patterns and conventions.
• Enables you to check multiple API description documents for consistency.
29. Apiary : Design Assertion Language
Design Assertion, two parts are needed: Functions Definition and Rules Definition
• Function Definition – Set of Javascript function for validation
• Rules Definition- Connection functions with minim targets
33. API platform - Management Portal
– API Catalog – Inventory of APIs that you offer
– API Testing & Monitoring – Test API Interfaces and Functionality (Via API Fortress)
– Deployment Management – Centrally manage availability of APIs across all Gateways
– API Governance – Ensure consistency with style-guides and track changes with history service
– Plan/Subscription Management – Manage who uses your APIs, and to what degree
– Operational Analytics – Understand who is using your API, how, and if they are encountering issues
– User Roles & Grants - Control access to your APIs with instance specific grants.
– Publish APIs to Developer Portal.
– Create application and assign plan to the application.
• Gateway
– Runtime Policies – Top security and traffic management runtime policies out of the box
– Configuration gateway setting.
– Managing the gateways.
https://<LB_IP>/apiplatform
35. API platform - Developer Portal
– Developer Portal is a simple catalog that collects and provides information about published APIs
– Registering and managing the applications.
– Discovering and subscribing the APIs.
– Customizable portal.
– Discovering & entitling the plans.
– Applications analytics.
https://<LB_IP>/developers
36. API platform - Gateway
• A Logical Gateway
- is a JSON object that defines what its registered nodes should look like. It stored the metadata of
the gateway.
- It stores endpoints, policies, routing rules and traffic management.
- Configuration can inherited to physical gateways.
- One to one mapping of logical to physical gateway
• Physical (runtime) Gateway
- Physical gateway nodes that are used by consumers at runtime to access the API endpoints, no
runtime traffic from API consumers needs to interact with the API Platform Cloud Service itself.
- All required configuration is passed from the cloud service logical nodes to the physical nodes
as a JSON object.
- Polling between logical and physical gateway. Default 2 mins.
- Can be run onpremise as well in the cloud.
45. APIMATIC supports SDK Generation
Generate Client Libraries in 10 Languages - Define your API and APIMATIC will generate SDKs in languages of your
choice.
Generate Language Specific Documentation - APIMatic will produce tailored tutorials and detailed usage
instructions for each SDK you generate.
SDK testing - Build test cases and APIMATIC will generate the test code in the same language as the SDK.
Code samples for SDKs - APIMATIC will produce reactive code samples for the SDKs you generate. You can play with
the code samples straight away on the Live API console.
Integrate into your CI/CD pipeline - Use APIMATIC public APIs to generate SDKs and update developer portal as
soon as your API description changes.
Convert API Specifications - Bring your API Description file and convert it into 15 different formats.
Deploy SDKs - Deploy your SDKs on Github or publish them as packages on your favourite package manager.
47. API Fortress Integration
• Out of box integration to management portal for :
– link projects
– see tests
– run tests
– view results
• OAuth login flow
• Test Design in API Fortress
• Try Dredd as well for API testing.
48. Best Practices in API Management
• Design First
– Prototype with mock service
– Collaborate with consumers
– Prepare your API style guide
• Test Driven Development
– Establish a contract
– Build to contract with CI/CD
• Protocols
– REST interface, JSON data
– Open API (Swagger 2.0) docs
– OAuth 2.0 Based Security
•
– Build customs alerts.
– Use analytics to reinvent your APIs
strategy
• Backward Breaking Versioning
– Evolve API version to contract
– New “Version” with new contract
• Micro Gateways & Micro Services
– Size vs Quantity
• Centralized Management
– Across multi-cloud and on-premises
• Developer empowerment
– Enhance developer/customer onboarding
experience.
• System APIs & Presentation APIs
– API per system or API per consumer?
49. Top benefits of using an API management platform
• Service Abstraction
- Standardized security model
- Shape the APIs interface
- Absract on top of backend service
• Analytics & Audit
- Rate Limit
- Validations
- Throttling
• Service Protection
- Consumption behaviour
- Error source and distribution
- Transaction details
- Revenu on consumption data
• Monitization
- Plan based access control
- Self service registration
• Customer/partner onboarding & management