APIs are one of the main elements of cloud services. All major cloud service providers expose REST APIs to allow you to programmatically access their services and capabilities. SOAP and REST are the two most common ways of exposing APIs, whether to external, partner, cloud, or internal developers.
The concept of API management is to publish these web APIs for consumption, and includes capabilities such as monitoring, security, and documentation.
This presentation introduces basic concepts of APIs, API management, cloud REST services, and a brief walkthrough of WSO2 API Manager and the Oracle API Gateway to see how you can centrally publish, expose, and secure APIs, essentially virtualizing your backend services.
Powerful Google developer tools for immediate impact! (2023-24 C)
Getting Started with API Management
1. MICHIGAN ORACLE USERS SUMMIT 2022
WEDNESDAY OCTOBER 26,2022
2:20PM @W210A
GETTING STARTED WITH API MANAGEMENT
PRESENTER NAME: AHMED ABOULNAGA
PRESENTERTITLE: TECHNICAL DIRECTOR
2. TABLE OF CONTENTS
Introduction 3
APIs – A Brief Overview 6
ClientTools – Examples of Options 9
Walkthrough of REST 14
What is API Management? 21
API Gateways – HowThey Fit in API Management 25
WSO2 API Manager 29
OracleAPI Gateway (cloud) 37
FinalThoughts 51
4. ABOUT ME
Ahmed Aboulnaga
Master’s degree in Computer Science from George Mason University
Recent emphasis on cloud,DevOps,middleware,security in current projects
OracleACE Pro, OCE, OCA
Author, Blogger,Presenter
@Ahmed_Aboulnaga
5. WHAT THIS PRESENTATION WILL COVER
API Concepts API Management
Concepts
API Management
Products & Services
APIs
REST
cURL
API Management
API Gateway
WSO2 API Manager
Oracle API Gateway
1 2 3
1a
1b
1c
2a
2b
3a
3b
7. WHAT IS AN API?
Application Programming Interface
Nowadays, when APIs are mentioned,it typically refers to web APIs
REST and SOAP web services expose application data and functionality over the
internet
8. WHAT IS AN API?
All cloud vendors provide some type of API to their services
This allows for programmatic access to cloud services
A basic understanding of cURL, REST, and JSON is helpful
Most cloud providers use the REST architectural style for their APIs
Client REST API Backend System
JSON / XML
GET / POST / PUT / DELETE
10. SAMPLE REST CALL USING SOAPUI
https://api.agify.io?name=ahmed
Popular web service client
Support SOAP and REST
www.soapui.org
Free version available
11. SAMPLE SOAP CALL USING SOAPUI
http://webservices.oorsprong.org/websamples.countryinfo/CountryInfoService.wso?WSDL
Includes support of functional testing, service simulation,and load testing
12. POSTMAN
PopularAPI client
Free version available
www.postman.com
Numerous features that include:
‒ Create API documentation
‒ Automated testing
‒ Design and mock APIs
‒ Monitor APIs
‒ Etc.
13. CURL
Open-source command-line tool
Supports more than 22 different protocols (e.g.,
HTTP,HTTPS,FTP,etc.)
For HTTP,supports all methods (e.g., GET, POST,
PUT,DELETE, etc.)
Very useful for testing RESTful web services
Other advanced tools available include Postman,
SoapUI,Oracle SQL Developer,etc.
Example service:
https://api.weather.gov/alerts/active?area=MI
15. WHAT IS REST?
REpresentational StateTransfer
Architectural style for distributed hypermedia system
Proposed in 2000 by Roy Fielding in his dissertation
Web Service implemented with REST is called RESTful web service
REST is not a protocol like SOAP. It is rather an architectural style
REST services typically use HTTP/HTTPS, but can be implemented with other
protocols like FTP
16. REST ARCHITECTURAL CONSIDERATIONS
Uniform interface: Easy to understand and readable results and can be
consumed by any client or programming language over basic protocols.
URI-based access: Using the same approach to a human browsing a
website where all resource are linked together.
Stateless communication: Extremely scalable since no client context is
stored on the server between requests.
17. REST METHODS
The HTTP protocol provides multiple methods which you can utilize for RESTful web services
The table maps the HTTP method to the typical REST operation
Some firewalls may limit some HTTP methods for security reasons
HTTP Method REST Operation
GET Read
POST Create
PUT Update
DELETE Delete
OPTIONS List of available methods
HEAD Get version
PATCH Update property/attribute
Most common in
web applications
Most common in
REST to provide
CRUD functionality
18. RESOURCES
Requests are sent to resources (i.e., URLs)
Each resource represents an object which identified by a noun (e.g., employee,etc.)
Each resource has a unique URL
When performing a POST (create) or PUT (update),you must pass additional values
Resource HTTP Method REST Output
https://hostname/hr/employee GET Retrieve a list of all employees
https://hostname/hr/employee/12 GET Retrieve details for employee #12
https://hostname/hr/employee POST Create a new employee
https://hostname/hr/employee/12 PUT Update employee #12
https://hostname/hr/employee/12 DELETE Delete employee #12
https://hostname/hr/employee/12/address GET Retrieve address for employee #12
19. HTTP RESPONSE CODES
HTTP response codes determine the overall response of the REST invocation
HTTP Code Status Description
2XX (200,201,204) OK Data was received and operation was performed
3XX (301,302) Redirect Request redirected to another URL
4XX (403,404) Client Error Resource not available to client
5XX (500) Server Error Server error
20. JSON
JavaScript Object Notation
Pronounced“Jason”
An object surrounded by { }
An array or ordered list
REST can support both JSON and XML
Less verbose than XML, but lacks metadata support
//JSON Object
{
"employee": {
"id": 12,
"name": "Kobe",
"location": "USA"
}
}
//JSON Array
{
"employees": [
{
"id": 12,
"name": "Kobe",
"location": "USA"
},
{
"id": 13,
"name": "Jordan",
"location": "Canada"
},
{
"id": 14,
"name": "Barkley",
"location": "USA"
}
]
}
22. INDUSTRY DEFINITION OF “API MANAGEMENT”
“Organizations are implementing strategies to manage APIs so they
can respond to rapid changes in customer demands”
“Gives enterprises greater flexibility when reusing the functionality of
API integrations and helps save time and money without trading off
security”
“Modernize legacy applications,move to the cloud, create new
products,integrate with Salesforce and SAP, and much more”
“Accelerate innovation in today’s rapidly changing marketplace”
23. WHAT IS API MANAGEMENT?
Unified API Management Solution
For public and privateAPIs
Centralizing control (e.g., access control)
Rate limiting and usage policies
Analytics
Monetization
https://www.altexsoft.com/blog/api-management/
24. API MANAGEMENT TOOLS – A GARTNER DEFINITION
What does a comprehensiveAPI Management tool consist of?
‒ Supports all stages of the API lifecycle,namely: planning and design, implementation and testing, deployment
and exploitation, and versioning and retirement
‒ Some vendors of API Management solutions specialize only in subsets of the API lifecycle, such as API gateways
and testing, while others focus on the entire lifecycle
ComprehensiveAPI management tools typically include support in the following:
https://medium.com/transparent-data-eng/best-api-management-tools-2021-c03344dbd63b
FunctionalArea Description
Developer Portal
Self-service,fully unified catalog of APIs in which you can enable and manage the ecosystems of
developers who create and use APIs
API Gateway Management of the runtime environment,monitoring of security and API usage
Policy Management & Analytics Security configuration,mediation,and analysis of actual use of APIs
API Design & Development Toolkit for designing and creatingAPIs and integratingAPIs on existing systems
APITesting From basic mock tests to advanced functional,performance,and security tests
26. WHAT IS AN API GATEWAY?
Sits between a client and a collection of backend services
Acts as a reverse proxy to accept all API calls, aggregate the various services required to fulfill them,
and return the appropriate result
Handles common tasks such as user authentication,rate limiting, and statistics
When should you use an API Gateway?
‒ To provide a single,unifiedAPI entry point across
‒ To protect your APIs from overuse and abuse (using authentication and rate limiting)
‒ To understand how people use your APIs (using analytics and monitoring)
‒ To monetizeAPIs
‒ In a microservices architecture (a single request could require calls to dozens of distinct applications)
27. CHALLENGES
Web services are the primary mechanism for applications and systems
to interoperate,communicate,and exchange data messaging
Web services are the foundation for system-to-system communication
Many organizations have unmanaged,insecure,and direct access by
developers to backend web services
?
Number of web services
(i.e., APIs)
?
Type of web service
security deployed
?
Usage, SLA, and
reuse metrics
PROBLEMS
Web App Java
Web Service Fusion Apps
Web Service Salesforce Web Service PayPal
Web App Java Web App Java
28. BENEFITS OF AN API GATEWAY
Introduce a gateway to virtualize and abstract all backend web services
Provides a consistent mechanism to secure and track web services
Benefits
▪ Increase security through modern
and standardized implementation
of API security for all LANL web
services
▪ Avoid open/direct access to
backend services
▪ Centralized catalog of published
APIs
▪ Maximum investment through
service reuse
▪ Threat/bot/DDOS detection
Web App Java
Web Service Fusion Apps
Web Service Salesforce Web Service PayPal
Gateway
38. ORACLE API GATEWAY
Not to be confused with the legacy, on-prem Oracle API Gateway product
Cloud-based service to publish APIs with private endpoints that are accessible internally
Integrated with Oracle Cloud Infrastructure Identity and Access Management (IAM)
Expose APIs with public IP addresses to accept internet traffic
Support transformation, CORS, authentication/authorization, and request limiting
Highly availability
Single consolidated API endpoint https://docs.oracle.com/en-us/iaas/Content/APIGateway/Concepts/apigatewayoverview.htm
https://docs.oracle.com/en-us/iaas/Content/APIGateway/home.htm
54. GETTING STARTED WITH ORACLE API GATEWAY
https://docs.oracle.com/en-us/iaas/Content/APIGateway/home.htm
55. RECAP
Concepts
API
REST
JSON
ClientTools
SoapUI
Postman
cURL
Solutions
API Management
API Gateway
Products & Services
WSO2 API Manager
OracleAPI Gateway
56. www.mous.us
THANKYOU
SAVE THE DATE
• ASCEND CONFERENCE 2023
June 11-14,2023
Caribe Royale Resort
Orlando,Florida
https://ascendusersconference.com
• MOUS 2023
October 25, 2023
Schoolcraft College -VisTaTech Center,
18600 Haggerty Rd, Livonia,MI
https://www.mous.us