2. 2
• O RACL E ACE
• Enterp ris e Arch itect
• Co -Au th or of B ook “ B egin n in g Oracle
Web Center portal 12c”
• O racle certified p ro fes s io n al
• B lo g ger-http ://w w w.tech artifact. com/b logs
• So ftware Con s u ltant
• https://med ium.com/@ vinaykuma201
3. 3
• Oracle API platform introduction
• Evolution of API management
• Extension of SOA with API management
• API management Architecture.
• API management components
• Configure the APIs policies.
• APIMATIC – developer experience
• API Fortress
• API Management best pratices & benefits
• Demo
6. API management platform
6
• API Security - The process of publishing, promoting,
and overseeing APIs in a secure, scalable
environment. Securing API and setting up the
permission around that.
• Developer/Partner management - Ensuring that
developers and partners are productive. Dashboard
for developer and partners to explore APIs and
consume it.
• API administration console- Managing, securing, and
mediating your API traffic. Dashboard for API
manager to control , secure, adding policy and user
management.
• Scalable - Allowing an organization to grow their
API program to meet increasing demands
• Monetization capabilities - Enabling the
monetization of APIs.
API management is about the planning, design, implementation, testing, publication, operation, consumption, maintenance, versioning and
retirement of APIs. It involves use of a developers' portal to target, market to and govern communities of developers who embed the APIs, as well as
runtime management, estimation of API value and analytics.
7. API management platform
7
Governance -
1. Tracking the life-cycle of each API from inception to sun-setting .
2. tracking the API Consumers and subscriptions (relationships)to APIs utilized
3. the API Security Model employed and the details of managing it
4. defines the API interface standards used for creating APIs (an organization's standards for usage of
something like Swagger) in the organization
5. gathering statistics of both the Developer Portal and API Gateway usage
6. utilization-based billing
7. API versioning
8. JSON (or XML) Schema versioning for input and output data structures
9. tracking of routing information
10. Oracle API platform Introduction
10
• Oracle API management platform provides full life cycle management in a easiest way
i.e. from API design , implementation, continuous integration , operation,
decommissioning and promotions etc.
• Platform itself built using REST principles. All components and features supports via
REST APIs.
• The platform is modular, hybrid, and highly customizable.
• Supports to integrate with popular tools for REST API economy
• Fits well with Existing or new greenfield technology stack.
• Fully aligned with Microservices Architecture.
• Gateway as a Service (GaaS).
11. Evolution of API management platform
11
Legacy Architecture Monolithic Architecture Modern Architecture
12. Evolution of API management platform
12
API GW / Platform
ESB
BPM/BPEL
13. Understand the differences in ESB & APIs
13
Features SOA/ESB APIs & Apps
Core goal Enable Internal developers and systems to connect, while
complying with IT department standards.
Enable developers, either external or internal, to build nifty,
compelling apps, and allow users to run them.
Network Low-latency, trusted. High-latency, untrusted. (Mobile wireless network)
Development Style Deliberate, structured, governed by process. Rapid, iterative, experimental.
Connected
Platform
High-powered server Any connected device
Data Contract Formal, strict. Flexible, dynamic
Data Format XML, JMS, SOAP, EDI, possibly many others. JSON and XML.
Authentication and
Authorization
Internal mechanisms, LDAP Internet standards including OAuth.
Analytics Limited use, secondary importance. primary importance
Data Format XML, JMS, SOAP, EDI, possibly many others JSON and XML
15. Understanding Oracle API CS components
Management Console: This is the place to manage APIs, gateway, user management, security
and configuration and policies. This should be role-based application where roles and
permissions can be managed.
Developer Interface console: A web-based application where developers can search and
subscribe to APIs. This is where all of the API documentation can found and where application
keys are provided after a subscription to an API takes place.
API Gateway: These are the heart of the platform. They enforce/apply the different API policies
to the managed endpoints. These can deployed on premise and cloud infrastructure as well
depending on the use case. For the initial start, it is recommend putting an API Gateway to close
to the enterprise integration layer. The gateway needs to be resilient, performant and highly
available as the APIs will be critical components of the consumer’s digital strategy.
API Design: This provides API First design capabilities and enables document driven API design
approach. This should support global standards of API documentation, i.e. Swagger, API
Blueprint, Open API etc.
Management Portal
Developer Portal
API Gateway
APIARY
16. API First Design- APIARY: Powerful API design Stack
As the importance of API’s increases, more
responsbility lies on those who build and
manage the APIs
Apiary solves fundamental task of API
design & development , by meeting all the
increase expectations and also streamlining
the business process of how work get done.
17. Apiary : API life cycle
• Building great APIs is all about effective collaboration.
• App developers, testers, architects, product managers,
clients, and partners all bring unique perspectives to
the design of your APIs.
• To be successful, your team needs to make sure every
stakeholder has a say
20. API platform - Management Portal
– API Catalog – Inventory of APIs that you offer
– API Testing & Monitoring – Test API Interfaces and Functionality (Via API Fortress)
– Deployment Management – Centrally manage availability of APIs across all Gateways
– API Governance – Ensure consistency with style-guides and track changes with history service
– Plan/Subscription Management – Manage who uses your APIs, and to what degree
– Operational Analytics – Understand who is using your API, how, and if they are encountering issues
– User Roles & Grants - Control access to your APIs with instance specific grants.
– Publish APIs to Developer Portal.
– Create application and assign plan to the application.
• Gateway
– Runtime Policies – Top security and traffic management runtime policies out of the box
– Configuration gateway setting.
– Managing the gateways.
https://<LB_IP>/apiplatform
22. API platform - Developer Portal
– Developer Portal is a simple catalog that collects and provides information about published APIs
– Registering and managing the applications.
– Discovering and subscribing the APIs.
– Customizable portal.
– Discovering & entitling the plans.
– Applications analytics.
https://<LB_IP>/developers
23. API platform - Gateway
• A Logical Gateway
- is a JSON object that defines what its registered nodes should look like. It stored the metadata of
the gateway.
- It stores endpoints, policies, routing rules and traffic management.
- Configuration can inherited to physical gateways.
- One to one mapping of logical to physical gateway
• Physical (runtime) Gateway
- Physical gateway nodes that are used by consumers at runtime to access the API endpoints,
no runtime traffic from API consumers needs to interact with the API Platform Cloud Service
itself.
- All required configuration is passed from the cloud service logical nodes to the physical nodes
as a JSON object.
- Polling between logical and physical gateway. Default 2 mins.
- Can be run onpremise as well in the cloud.
31. APIMATIC supports SDK Generation
Generate Client Libraries in 10 Languages - Define your API and APIMATIC will generate SDKs in languages of your
choice.
Generate Language Specific Documentation - APIMatic will produce tailored tutorials and detailed usage
instructions for each SDK you generate.
SDK testing - Build test cases and APIMATIC will generate the test code in the same language as the SDK.
Code samples for SDKs - APIMATIC will produce reactive code samples for the SDKs you generate. You can play with
the code samples straight away on the Live API console.
Integrate into your CI/CD pipeline - Use APIMATIC public APIs to generate SDKs and update developer portal as
soon as your API description changes.
Convert API Specifications - Bring your API Description file and convert it into 15 different formats.
Deploy SDKs - Deploy your SDKs on Github or publish them as packages on your favourite package manager.
33. API Fortress Integration
• Out of box integrationto management portal for :
– link projects
– seetests
– run tests
– view results
• OAuth login flow
• TestDesignin APIFortress
• TryDreddaswellforHTTPAPItesting.
34. Best Practices in API Management
• Design First
– Prototype with mock service
– Collaborate with consumers
• Test Driven Development
– Establish a contract
– Build to contract with CI/CD
• Protocols
– REST interface, JSON data
– Open API (Swagger 2.0) docs
– OAuth 2.0 Based Security
• Backward Breaking Versioning
– Evolve API version to contract
– New “Version” with new contract
• Micro Gateways & Micro Services
– Size vs Quantity
• Centralized Management
– Across multi-cloud and on-premises
• Developer Empowerment
• System APIs & Presentation APIs
– API per system or API per consumer?
35. Top benefits of using an API management platform
• Service Abstraction
- Standardized security model
- Shape the APIs interface
- Absract on top of backend service
• Analytics & Audit
- Rate Limit
- Validations
- Throttling
• Service Protection
- Consumption behaviour
- Error source and distribution
- Transaction details
- Revenu on consumption data
• Monitization
- Plan based access control
- Self service registration
• Customer/partner onboarding & management
To use this title animation slide with a new image simply 1) move the top semi-transparent shape to the side, 2) delete placeholder image, 3) click on the picture icon to add a new picture, 4) Move semi-transparent shape back to original position, 5) Update text on slide.
API management is about the planning, design, implementation, testing, publication, operation, consumption, maintenance, versioning and
retirement of APIs. It involves use of a developers' portal to target, market to and govern communities of developers who embed the APIs, as well as runtime management, estimation of API value and analytics.
onnect and Collaborate • Building great APIs is all about effective collaboration. • App developers, testers, architects, product managers, clients, and partners all bring unique perspectives to the design of your APIs. • To be successful, your team needs to make sure every stakeholder has a say
Mock Server Use Apiary Mock server to quickly preview your API and share it with others. In the design phase of an API, it is helpful to experiment with how you feel your API should work and iterate on this process quickly. In the past, this involved writing code as a prototype and setting up a server to run it. This takes time and directly effects the creativity behind the design process. The Mock Server allows you to try out your API as you design it, giving immediate feedback along the way in how it may be used.
nteractive Documentation Apiary interactive documentation is an interactive representation of your API Description for you to not only read and write, but to be a place where you can interact with your API—even before you’ve built it.
API Inspector Each request and response from the Mock Server is logged in the API Inspector, which can be found by clicking “Inspector” in the Apiary header. There you will see each request received, each response given, and any validation errors that were found.
GitHub Sync Keep your API Description in sync with your implementation and make it available to anyone with access to the repository. Automated Implementation Testing An important part of the API life cycle is to make sure that what the contract says is what is actually implemented, and that’s the place for Automated Testing. Testing works by taking your API Description, creating expectations based on the requests and responses in the blueprint, making requests to your API, and seeing if the responses match. The goal is to have the documentation and implementation of the API in sync—no more outdated API documentation.
In Oracle API Platform there is a concept of a logical gateway and a physical (runtime) gateway. The logical gateway is where the endpoints, policies, routing rules and traffic management are stored. These will have been designed for each API in the Oracle API Platform Cloud Service management portal. This logical gateway configuration can then be promoted to several physical gateway nodes. Each gateway node can only be registered to one logical gateway.
In Oracle API Platform there is a concept of a logical gateway and a physical (runtime) gateway. The logical gateway is where the endpoints, policies, routing rules and traffic management are stored. These will have been designed for each API in the Oracle API Platform Cloud Service management portal. This logical gateway configuration can then be promoted to several physical gateway nodes. Each gateway node can only be registered to one logical gateway.
In Oracle API Platform there is a concept of a logical gateway and a physical (runtime) gateway. The logical gateway is where the endpoints, policies, routing rules and traffic management are stored. These will have been designed for each API in the Oracle API Platform Cloud Service management portal. This logical gateway configuration can then be promoted to several physical gateway nodes. Each gateway node can only be registered to one logical gateway.
In Oracle API Platform there is a concept of a logical gateway and a physical (runtime) gateway. The logical gateway is where the endpoints, policies, routing rules and traffic management are stored. These will have been designed for each API in the Oracle API Platform Cloud Service management portal. This logical gateway configuration can then be promoted to several physical gateway nodes. Each gateway node can only be registered to one logical gateway.
In Oracle API Platform there is a concept of a logical gateway and a physical (runtime) gateway. The logical gateway is where the endpoints, policies, routing rules and traffic management are stored. These will have been designed for each API in the Oracle API Platform Cloud Service management portal. This logical gateway configuration can then be promoted to several physical gateway nodes. Each gateway node can only be registered to one logical gateway.
In Oracle API Platform there is a concept of a logical gateway and a physical (runtime) gateway. The logical gateway is where the endpoints, policies, routing rules and traffic management are stored. These will have been designed for each API in the Oracle API Platform Cloud Service management portal. This logical gateway configuration can then be promoted to several physical gateway nodes. Each gateway node can only be registered to one logical gateway.
API owners prefer providing SDKs but
● It requires tremendous amount of time & resources
● The problem multiplies as the requirement is always in multiple languages
● Community generated SDKs lack customised support
Building an SDK library and even an API portal is one thing, but their maintenance
as per ever-changing demands of the business, is another nightmare
“We provide many SDKs, however every time we improve our API,
change our specs, or add new functionality, we must touch every
one.The ideathat we could automatically regenerate our portals with
SDKs for all the languages we support, is very attractive.”
Developers can focus on creative tasks and leave redundant programming
efforts like SDK generation to APIMatic
- Later iterations of SDKs are automatically generated with ease saving both
time & money
- All SDKs remain updated on real time avoiding customer support nightmares
API owners prefer providing SDKs but
● It requires tremendous amount of time & resources
● The problem multiplies as the requirement is always in multiple languages
● Community generated SDKs lack customised support
API owners prefer providing SDKs but
● It requires tremendous amount of time & resources
● The problem multiplies as the requirement is always in multiple languages
● Community generated SDKs lack customised support
API owners prefer providing SDKs but
● It requires tremendous amount of time & resources
● The problem multiplies as the requirement is always in multiple languages
● Community generated SDKs lack customised support
API owners prefer providing SDKs but
● It requires tremendous amount of time & resources
● The problem multiplies as the requirement is always in multiple languages
● Community generated SDKs lack customised support