O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

[Workshop] Managing the API lifecycle with Open Source Technologies

234 visualizações

Publicada em

This deck explores managing the API lifecycle with open source technologies, and what you need from an API Management software.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

[Workshop] Managing the API lifecycle with Open Source Technologies

  1. 1. Managing the API lifecycle with Open Source Technologies Rohitha Liyanagama Director - Solutions Architecture, WSO2
  2. 2. Open Source Softwares https://opensource.org/
  3. 3. Open Source Softwares - Today ● Linux open source operating systems run on 65% of all servers in the world. ● Nearly 80% of companies run part or all of their operations in open source. ● 92% of applications contain open source libraries. ● 65% of companies leverage open source software to speed application development. ● 67% of companies encourage their developers to actively contribute to open source software. Sources - 2018 TIDELIFT PROFESSIONAL OPEN SOURCE SURVEY, Black duck survey,
  4. 4. Open Source Softwares - Contributions from Software giants. (Github 2018) Rank Company Employees Contributing 1 Microsoft 4,550 2 Google 2,267 3 Red Hat 2,027 4 IBM 1,813
  5. 5. Open Source Softwares - Contributions Microsoft's GitHub open source code contributions since 2014. (Source: Microsoft Open Source Virtual Conference keynote talk of Sept. 13, 2018)
  6. 6. Why we consider Open Source ? ● Freedom from vendor lock-in ● Freedom to examine the source code (and make changes if necessary?) ● Test or Experience products without a subscription/for free ● Velocity for innovation: Easily extend the product based on your requirement (Flexibility) ● Full feature availability: Try out as is ● Licensing costs are often less than closed source vendors (+ lower initial costs and ongoing support costs)
  7. 7. Why do you need API Management? Image source: blog.dailysteak.co
  8. 8. APIs are essential to address the problem of app explosion ● Demand for consumption is on the rise. (easier/convenient ways to consume information and services). ● Demand for consumption is driving digital transformation. ● Digital transformation creates opportunity for $$. ● APIs are the key to enabling digital transformation.
  9. 9. What do you need from an API Management System? 1. Creating and publishing APIs. 2. API security and rate limiting. 3. Platform for discovering, searching and consuming APIs. 4. API governance and lifecycle management. 5. API analytics, specialization and evolution.
  10. 10. Open Source API Management Solutions
  11. 11. Open Source API Management - Vendors ● API Umbrella ● WSO2 ● Gravitee ● Tyk ● Kong Community Version ● Swagger and Open API ● Fusio ● APIMan
  12. 12. Open Source API Management - Offerings ● Open source gateway while other components remain proprietary. ● Complete API lifecycle management including all components. ● Some solutions offer community version which is open source while they have different commercially support version.
  13. 13. Our Experience
  14. 14. #1 6th Open Source Integration Vendor Largest Apache Committer Largest Open Source Vendor 6th WSO2: Helping Digitally Driven Organizations Implement API Strategy
  15. 15. Integrated, Open Source Products Common architecture, common code base IDENTITY & ACCESS MANAGEMENT Secure and federated identity for integration Federates and manages identities across both cloud service and enterprise environments ● Identity management ● Identity federation ● Authentication ● Authorization 75M identities managed API MANAGEMENT API design, creation, reuse, governance, and analytics 200K APIs connecting 20K orgs Addresses full API lifecycle management operations. Open, extensible, customizable. ● API analytics ● API designer ● API gateway ● API microgateway ● API publisher ● API storefront/marketplace ● API repository/registry ANALYTICS & STREAMING Streaming data for real-time analysis 100K+ TPS Interprets data-in-motion enabling streaming events to be integrations and trigger events ● Siddhi ● Dashboard portal ● Business rules ● Stream processor runtime ● Development environment ENTERPRISE INTEGRATION Quick, iterative integration of any app, data, or system 6 trillion transactions / yr Hybrid integration platform for quick, iterative integration of any application, data, or system. ● Data integration ● ESB ● Integration designer ● Message broker ● Workflows
  16. 16. WSO2 API Manager Design, create, publish and manage APIs to unlock the true value of your digital assets
  17. 17. WSO2 API Manager ● Available as a single downloadable package ● Available as a cloud / SaaS solution ● Flexible deployment choices ● High performance gateway ● API governance, marketplace solution
  18. 18. Cloud First or Start On-Prem ● Multi-tenanted, shared everything ● WSO2 Hosted and managed ● Pay as you go ● Multi-region availability ● Hybrid API Management ● VPN tunnel to private DC ● Guaranteed uptime ● Limited options in customizing ● Privately hosted ● WSO2 managed ● Upgrades, patches installation ● Guaranteed uptime ● Full flexibility in customization ● Better control ● Self hosted ● Self managed ● Full flexibility ● Dev-ops learning curve ● Self managed upgrades http://wso2.com/api-management/cloud/ https://docs.wso2.com/display/ManagedCl oud/WSO2+Managed+Cloud+Documenta tion
  19. 19. Componentized
  20. 20. Creating an API Designing or Publicizing an API 20
  21. 21. ● Start with an existing endpoint/contract or design and prototype a new API ● Exposing SOAP services (convert to REST or as a passthrough) ● Exposing streaming APIs (Websocket endpoints) Creating APIs
  22. 22. ● API Design - Over the wizard & with swagger Creating APIs
  23. 23. ● Message manipulation, transformation and enrichment ● WSO2 developer studio based tooling ● Wizard based mediation policy application Message mediation
  24. 24. Publishing an API Enforcing Security and SLAs 24
  25. 25. ● Protecting for applications and users ● Controlling access and entitlement with scope ● Multi-Tier subscription model Protecting APIs
  26. 26. Protecting APIs
  27. 27. ● Tier based simple model ○ Application developer selects the tier at app registration ○ Each tier is tied to a policy that describe the quota ○ Tiers can be applied at the application, API or at the API resource level ● Advance rule based models ○ Policies containing IP conditions, message attribute based conditions, transport header based conditions ○ Complex real time pattern based conditions Traffic Management
  28. 28. Traffic Management
  29. 29. ● Manage stages of an API ● Manage associated states ● Create a new version from an existing ● Audit changes to lifecycle states ● Support for custom lifecycles API Lifecycle Management
  30. 30. Consuming an API The developer portal / marketplace 30
  31. 31. ● Searchable (with context) - by name, tag, description, author etc. ● Social features: tagging, commenting, rating ● Minimalistic forum ● Themeable: change color, logo, view ● Configure alerts for application developers ● Application based API analytics ● OAuth2 application management ● API Monetization The Developer Portal
  32. 32. Monitoring an API Analytics and Insight 32
  33. 33. ● Analytics dashboard on API stats ○ API Usage / Response times / Backend latency / Geo-location etc ● Stats on Applications for application owners (subscribers) ● Stats on subscriptions API Analytics: Batch
  34. 34. ● Leverages real-time analytics streaming engine ● Used for various alerting use-cases ○ Fraudulent access token usage ○ Keeping API developers alerted on backend performance issues ○ Alerting on SLA violations ○ Alerting on tier crossing for subscriptions ● Detect trends ● Detect API call sequences that needs to be blocked ● Detect non-usage scenarios API Analytics: Realtime
  35. 35. API Security • Trusted Sub-systems – Mutual TLS – Basic Authentication • Delegated Authentication – OAuth2.0 • Authorization – OAuth2.0 Scopes – OIDC – XACML • CORS
  36. 36. Demo
  37. 37. THANK YOU wso2.com