About API Manager

Owned by Ashish Pandit
Last updated: Sep 29, 2016
4 min read

Basics about WS02

WS02 is a technology company which is based in the United States and has offices in California, London, and Sri Lanka.  WS02 products have been used by big-name companies such as eBay, Boeing, Experian, and Apache. Some of its most successful products include the Enterprise Service Bus, the Governance Registry, the Complex Event Processor, and the API Manager. WS02 is unique in the sense that all of its products are open-source. Open-source products are desirable because they are sensitive to the users' needs and they are constantly improving. Open-source products tend to be more adaptable, customizable, and inter-operable. For more information about WS02, visit Wikipedia or the WSO2 website.

WS02 API Manager

As an organization implements SOA, it can benefit by exposing core processes, data and services as APIs to the public. External parties can mash up these APIs in innovative ways to build new solutions. A business can increase its growth potential and partnership advancements by facilitating developments that are powered by its APIs in a simple, decentralized manner.

However, leveraging APIs in a collaborative way introduces new challenges in exercising control, establishing trust, security and regulation. As a result, proper API management is crucial.

WSO2 API Manager overcomes these challenges with a set of features for API creation, publication, lifecycle management, versioning, monetization, governance, security etc. using proven WSO2 products such as WSO2 Enterprise Service Bus, WSO2 Identity Server, and WSO2 Governance Registry. In addition, as it is also powered by the WSO2 Business Activity Monitor and is immediately ready for massively scalable deployments.

WSO2 API Manager is fully open source and is released under Apache Software License Version 2.0, one of the most business-friendly licenses available today. It provides Web interfaces for development teams to deploy and monitor APIs, and for consumers to subscribe to, discover and consume APIs through a user-friendly storefront. The API Manager also provides complete API governance and shares the same metadata repository as WSO2 Governance Registry. If your setup requires to govern more than APIs, we recommend you to use WSO2 API manager for API governance and WSO2 Governance Registry for the other artefacts. That the default communication protocol of the Key Manager is Thrift.

 

One of the API Manager's biggest strengths is its adaptability. On the product's website, we read that the WS02 API Manager is "highly customizable through styling, theming, and code extensions," and that it is also very pluggable–"to third-party analytics systems and billing systems," and also "to existing user repositories including Microsoft Active Directory, LDAP, databases, or Apache Cassandra." 

The WS02 Manager is separated into two parts: 1) Publisher and 2) Store. The Publisher portion of the WS02 Manager assists the developer with the following four things: a) Design, 2) Publishing, c) Management, and 4) Monitoring. The Store portion of the WS02 Manager assists the consumer with the following five processes: a) Discovering, b) Exploring, c) Testing, d) Subscribing, and e) Monitoring.

  1.  Publisher 
    1. Design: 
      1. Offers pre-loaded prototype API samples
      2. Uses JavaScript to imitate API implementation
      3. Offers two options for creating an API
        1. Write API directly in the publishing interface
        2. Upload an existing Swagger 2.0 file
      4. Facilitates developers' giving feedback prior to publishing
    2. Publish: Enables developers to publish their APIs directly to the Store. Contains the following benefits: 
      1. Option to publish externally, internally, or both
      2. Ability to manage multiple version of the API and to decide which version to publish
      3. Simple, one-click publishing process
      4. Option to publish in SOAP, REST, JSON, or XML
    3. Manage: 
      1. Ability to manage visibility / restrict access to specific partners or customers
      2. Separate production and sandbox endpoints for each API
      3. Full API lifecycle management: create, publish, block, deprecate, and retire
      4. Power to block a subscription
      5. Ability to associate API to system-defined service tiers
      6. OAuth2 security standards
      7. Ability to apply additional security policies
    4. Monitor:
      1. Ability to view statistics about API consumers
      2. Continuous interaction via forums, comments and ratings
      3. API consumer analytics 
        1. Information about requests, responses, faults, throttling, subscriptions, and self-sign-ups
        2. Ability to track per API, per API version, per tiers, and per consumer
      4. Real-time dashboard alerts
      5. Ability to monitor SLA compliance
  2. Store
    1. Discover/Explore:
      1. User-friendly Graphical Interface
      2. Multiple ways to browse/search ("Searching for APIs")
      3. Same view of store given to all members of an organization\
      4. Different 
    2. Test:
      1. Interactive console
      2. Gain surface-level experience of the API within the API Manager Store
    3. Subscribe:
      1. Self-registration
      2. Can subscribe same application to multiple APIs
      3. Selection of a "service tier," based on anticipated frequency of use
    4. Monitor:
      1. Throttling
      2. Throttling limit
      3. Subscriptions
  3. Gateway - API Client sends requests to the Gateway which engages the appropriate security, throttle policies. 

    The API Gateway in effect is an Enterprise Service Bus with limited capabilities. In the WSO2 API Manager the following patterns are supported:

    • Intermediate Routing
    • Policy Centralization
    • Uniform Interface
    • Data Model / Format Transformation
    • Version Identification
    • Termination Notification
  4. Key Manager - Key Manager is engaged to validate security token that was provided and either allows or prevents API / SOAP Service access.
  5. API / Web Service - request is forwarded if previous checks were successful.

One of the biggest benefits of the WS02 API Manager is that it simplifies filtering and enforces security protocols. All users who subscribe to an API are required to provide both authentication and authorization keys. Through multiple filtering processes, the publisher decides who does and who does not receive the requisite keys. Further divisions can be made in order to allow different users various levels of access. All in all, WS02 helps to keep our APIs safe, while still being readily accessible to approved persons.

 

Currently we are using API Manager 1.8 in production. The next version we will be migrating to is 2.0

Â