Vinay Kumar, profile picture
Uploaded byVinay Kumar
160 views

Extend soa with api management Doag18

Vinay Kumar is an Oracle ACE, enterprise architect, and co-author who will be presenting on Oracle API platform introduction, evolution of API management, API management architecture, components, policies, developer experience, API security best practices, and a demo. The presentation will cover Oracle API platform domains and requirements, differences between SOA/ESB and APIs/apps, API management platform components including management console, developer interface, API gateway, and API design. It will also discuss API management platform concepts including governance, security, developer/partner management, administration console, and monetization capabilities.

Technology
Related topics:
API Management Trends

Embed presentation

Vinay Kumar, ORACLE ACE @vinaykuma201 DOAG18-NUREMBERG 1
2 • O RACL E ACE • Enterp ris e Arc h itec t • Co -Author of Book “Beginning Oracle Web Center p ortal 1 2 c” • O rac le c ertified p ro fes s io n al • B lo g ger-http ://w w w.tech artifact. com/b logs • So ftware Con s u ltant • https :/ / m ed ium .co m/ @ vin ayku ma2 01 • JAVA EE GUARDI AN
3 • Oracle API platform introduction • Evolution of API management • Extension of SOA with API management • API management Architecture. • API management components • Configure the APIs policies. • APIMATIC – developer experience • API Fortress • API Management best pratices & benefits • Demo
4 Oracle API platform
5
API economy requirements 6
API management platform Domain 7
Evolution of API management platform 8 Legacy Architecture Monolithic Architecture Modern Architecture
Evolution of API management platform 9 API GW / Platform ESB BPM/BPEL
Understand the differences in ESB & APIs 10 Features SOA/ESB APIs & Apps Core goal Enable Internal developers and systems to connect, while complying with IT department standards. Enable developers, either external or internal, to build nifty, compelling apps, and allow users to run them. Network Low-latency, trusted. High-latency, untrusted. (Mobile wireless network) Development Style Deliberate, structured, governed by process. Rapid, iterative, experimental. Connected Platform High-powered server Any connected device Data Contract Formal, strict. Flexible, dynamic Data Format XML, JMS, SOAP, EDI, possibly many others. JSON and XML. Authentication and Authorization Internal mechanisms, LDAP Internet standards including OAuth. Analytics Limited use, secondary importance. primary importance Data Format XML, JMS, SOAP, EDI, possibly many others JSON and XML
API management platform 11 • API Security - The process of publishing, promoting, and overseeing APIs in a secure, scalable environment. Securing API and setting up the permission around that. • Developer/Partner management - Ensuring that developers and partners are productive. Dashboard for developer and partners to explore APIs and consume it. • API administration console- Managing, securing, and mediating your API traffic. Dashboard for API manager to control , secure, adding policy and user management. • Scalable - Allowing an organization to grow their API program to meet increasing demands • Monetization capabilities - Enabling the monetization of APIs. API management is about the planning, design, implementation, testing, publication, operation, consumption, maintenance, versioning and retirement of APIs. It involves use of a developers' portal to target, market to and govern communities of developers who embed the APIs, as well as runtime management, estimation of API value and analytics.
API management platform 12 Governance - 1. Tracking the life-cycle of each API from inception to sun-setting . 2. tracking the API Consumers and subscriptions (relationships)to APIs utilized 3. the API Security Model employed and the details of managing it 4. defines the API interface standards used for creating APIs (an organization's standards for usage of something like Swagger) in the organization 5. gathering statistics of both the Developer Portal and API Gateway usage 6. utilization-based billing 7. API versioning 8. JSON (or XML) Schema versioning for input and output data structures
Understandng API/ API Management 13
Oracle API platform Introduction 14 • Oracle API management platform provides full life cycle management in a easiest way i.e. from API design , implementation, continuous integration , operation, decommissioning and promotions etc. • Platform itself built using REST principles. All components and features supports via REST APIs. • The platform is modular, hybrid, and highly customizable. • Supports to integrate with popular tools for REST API economy • Fits well with Existing or new greenfield technology stack. • Fully aligned with Microservices Architecture. • Gateway as a Service (GaaS).
Oracle API platform Architecture 15
Understanding Oracle API CS components Management Console: This is the place to manage APIs, gateway, user management, security and configuration and policies. This should be role-based application where roles and permissions can be managed. Developer Interface console: A web-based application where developers can search and subscribe to APIs. This is where all of the API documentation can found and where application keys are provided after a subscription to an API takes place. API Gateway: These are the heart of the platform. They enforce/apply the different API policies to the managed endpoints. These can deployed on premise and cloud infrastructure as well depending on the use case. For the initial start, it is recommend putting an API Gateway to close to the enterprise integration layer. The gateway needs to be resilient, performant and highly available as the APIs will be critical components of the consumer’s digital strategy. API Design: This provides API First design capabilities and enables document driven API design approach. This should support global standards of API documentation, i.e. Swagger, API Blueprint, Open API etc. Management Portal Developer Portal API Gateway APIARY
API First Design- APIARY: Powerful API design Stack As the importance of API’s increases, more responsbility lies on those who build and manage the APIs Apiary solves fundamental task of API design & development , by meeting all the increase expectations and also streamlining the business process of how work get done.
Apiary : API life cycle • Building great APIs is all about effective collaboration. • App developers, testers, architects, product managers, clients, and partners all bring unique perspectives to the design of your APIs. • To be successful, your team needs to make sure every stakeholder has a say
Apiary : Core components/toolset
API platform - Management Portal
API platform - Management Portal – API Catalog – Inventory of APIs that you offer – API Testing & Monitoring – Test API Interfaces and Functionality (Via API Fortress) – Deployment Management – Centrally manage availability of APIs across all Gateways – API Governance – Ensure consistency with style-guides and track changes with history service – Plan/Subscription Management – Manage who uses your APIs, and to what degree – Operational Analytics – Understand who is using your API, how, and if they are encountering issues – User Roles & Grants - Control access to your APIs with instance specific grants. – Publish APIs to Developer Portal. – Create application and assign plan to the application. • Gateway – Runtime Policies – Top security and traffic management runtime policies out of the box – Configuration gateway setting. – Managing the gateways. https://<LB_IP>/apiplatform
API platform - Developer Portal
API platform - Developer Portal – Developer Portal is a simple catalog that collects and provides information about published APIs – Registering and managing the applications. – Discovering and subscribing the APIs. – Customizable portal. – Discovering & entitling the plans. – Applications analytics. https://<LB_IP>/developers
API platform - Gateway • A Logical Gateway - is a JSON object that defines what its registered nodes should look like. It stored the metadata of the gateway. - It stores endpoints, policies, routing rules and traffic management. - Configuration can inherited to physical gateways. - One to one mapping of logical to physical gateway • Physical (runtime) Gateway - Physical gateway nodes that are used by consumers at runtime to access the API endpoints, no runtime traffic from API consumers needs to interact with the API Platform Cloud Service itself. - All required configuration is passed from the cloud service logical nodes to the physical nodes as a JSON object. - Polling between logical and physical gateway. Default 2 mins. - Can be run onpremise as well in the cloud.
API platform - Gateway
API platform – Logical Gateway properties files
API platform – Gateway setting
API platform - Policies Policies are kind of rules in request/response flow to secure, throttle, route, manipulate, or log requests . • Applying OAuth 2.0 Policies • Applying Key Validation Policies • Applying Basic Authentication Policies • Applying IP Filter Validation Policies • Applying CORS Policies Security: • Applying Header Field Filtering Policies • Applying Interface Filtering Policies • Applying Redaction Policies • Applying Header Validation Policies • Applying Request Payload Validation Policies • Applying Method Mapping Policies • Applying REST to SOAP Policies Interface Management • Applying Header-Based Routing Policies • Applying Gateway-Based Routing Policies • Applying Application-Based Routing Policies • Applying Resource-Based Routing Policies Traffic Management • Applying API Throttling–Delay Policies • Applying Application Rate Limiting Policies • Applying API Rate Limiting Policies Routing • Applying Service Callout 2.0 Policies • Applying Logging Policies • Applying Groovy Script Policies Others Custom policies
API platform - Policies • Applying OAuth 2.0 Policies • Applying Key Validation Policies • Applying Basic Authentication Policies • Applying IP Filter Validation Policies • Applying CORS Policies Security: • Applying Header Field Filtering Policies • Applying Interface Filtering Policies • Applying Redaction Policies • Applying Header Validation Policies • Applying Request Payload Validation Policies • Applying Method Mapping Policies • Applying REST to SOAP Policies Interface Management • Applying Header-Based Routing Policies • Applying Gateway-Based Routing Policies • Applying Application-Based Routing Policies • Applying Resource-Based Routing Policies Traffic Management • Applying API Throttling–Delay Policies • Applying Application Rate Limiting Policies • Applying API Rate Limiting Policies Routing • Applying Service Callout 2.0 Policies • Applying Logging Policies • Applying Groovy Script Policies Others Custom policies
API platform - Policies
Developer Experience - APIMATIC • Inbuilt in API platform cloud service • SDK generation • Reactive code samples • Test cases • Package publishing • OAuth login flow
APIMATIC extend APIARY’s experience
APIMATIC supports SDK Generation Generate Client Libraries in 10 Languages - Define your API and APIMATIC will generate SDKs in languages of your choice. Generate Language Specific Documentation - APIMatic will produce tailored tutorials and detailed usage instructions for each SDK you generate. SDK testing - Build test cases and APIMATIC will generate the test code in the same language as the SDK. Code samples for SDKs - APIMATIC will produce reactive code samples for the SDKs you generate. You can play with the code samples straight away on the Live API console. Integrate into your CI/CD pipeline - Use APIMATIC public APIs to generate SDKs and update developer portal as soon as your API description changes. Convert API Specifications - Bring your API Description file and convert it into 15 different formats. Deploy SDKs - Deploy your SDKs on Github or publish them as packages on your favourite package manager.
APIMATIC integration in APIP Coming SoonAPIMatic
API Fortress Integration • Out of box integrationto management portal for : – link projects – seetests – run tests – view results • OAuth login flow • TestDesignin APIFortress • TryDreddaswellforHTTPAPItesting.
Best Practices in API Management • Design First – Prototype with mock service – Collaborate with consumers – Prepare your API style guide • Test Driven Development – Establish a contract – Build to contract with CI/CD • Protocols – REST interface, JSON data – Open API (Swagger 2.0) docs – OAuth 2.0 Based Security • Backward Breaking Versioning – Evolve API version to contract – New “Version” with new contract • Micro Gateways & Micro Services – Size vs Quantity • Centralized Management – Across multi-cloud and on-premises • Developer Empowerment • System APIs & Presentation APIs – API per system or API per consumer?
Top benefits of using an API management platform • Service Abstraction - Standardized security model - Shape the APIs interface - Absract on top of backend service • Analytics & Audit - Rate Limit - Validations - Throttling • Service Protection - Consumption behaviour - Error source and distribution - Transaction details - Revenu on consumption data • Monitization - Plan based access control - Self service registration • Customer/partner onboarding & management
41 Demo
42
Neal Creative | click & Learn moreNeal Creative © THANK YOU Vinay Kumar @Vinaykuma201 mail2vinayku@gmail.com www.techartifact.com/blogs

More Related Content

PPTX
Extend soa with api management spoug- Madrid
byVinay Kumar
 
PDF
Extend soa with api management Sangam18
byVinay Kumar
 
PDF
Api management best practices with wso2 api manager
byChanaka Fernando
 
PPTX
Lifecycle Manager and the Lifecycle API
byAkana
 
PDF
Wso2 api manager analytics and reporting
byChanaka Fernando
 
PDF
API Design Essentials - Akana Platform Overview
byAkana
 
PPTX
API Management Demystified
byManmohan Gupta
 
PPTX
Best Practices: The Role of API Management
byAkana
 
Extend soa with api management spoug- Madrid
byVinay Kumar
 
Extend soa with api management Sangam18
byVinay Kumar
 
Api management best practices with wso2 api manager
byChanaka Fernando
 
Lifecycle Manager and the Lifecycle API
byAkana
 
Wso2 api manager analytics and reporting
byChanaka Fernando
 
API Design Essentials - Akana Platform Overview
byAkana
 
API Management Demystified
byManmohan Gupta
 
Best Practices: The Role of API Management
byAkana
 

What's hot

PPT
Why APIs are Different Than Integration
byApigee | Google Cloud
 
PPTX
The Datacenter API
byAkana
 
PDF
API Management For Building Software Applications Powerpoint Presentation Slides
bySlideTeam
 
PDF
Oracle api gateway overview
byOracle Corporation
 
PDF
How to Build, Manage, and Promote APIs
byWSO2
 
PDF
Design Time and Run Time Governance
byWSO2
 
PDF
Getting Started with the WSO2 API Manager
byWSO2
 
PPTX
API Management Within a Microservices Architecture
byNadeesha Gamage
 
PDF
Highlights of WSO2 API Manager 4.0.0
byWSO2
 
PPTX
INTERFACE by apidays_What's your Type? Understanding API Types and Choosing t...
byapidays
 
PDF
Getting Started with the WSO2 manager
byWSO2
 
PDF
Architecting an Enterprise API Management Strategy
byWSO2
 
PPTX
Overview of API Management Architectures
byNordic APIs
 
PPTX
API Management Platform Technical Evaluation Framework
byWSO2
 
PDF
Api manager
bychaitanya581
 
PDF
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
byWSO2
 
PPTX
Api design part 1
byIbrahim Elsawaf
 
PDF
API, Integration, and SOA Convergence
byKasun Indrasiri
 
PDF
Federated api management with wso2 api manager
byChanaka Fernando
 
PPTX
Powering Internal API Communities
byAkana
 
Why APIs are Different Than Integration
byApigee | Google Cloud
 
The Datacenter API
byAkana
 
API Management For Building Software Applications Powerpoint Presentation Slides
bySlideTeam
 
Oracle api gateway overview
byOracle Corporation
 
How to Build, Manage, and Promote APIs
byWSO2
 
Design Time and Run Time Governance
byWSO2
 
Getting Started with the WSO2 API Manager
byWSO2
 
API Management Within a Microservices Architecture
byNadeesha Gamage
 
Highlights of WSO2 API Manager 4.0.0
byWSO2
 
INTERFACE by apidays_What's your Type? Understanding API Types and Choosing t...
byapidays
 
Getting Started with the WSO2 manager
byWSO2
 
Architecting an Enterprise API Management Strategy
byWSO2
 
Overview of API Management Architectures
byNordic APIs
 
API Management Platform Technical Evaluation Framework
byWSO2
 
Api manager
bychaitanya581
 
Introducing WSO2 API Manager for Mobile Applications and Rapid Integration
byWSO2
 
Api design part 1
byIbrahim Elsawaf
 
API, Integration, and SOA Convergence
byKasun Indrasiri
 
Federated api management with wso2 api manager
byChanaka Fernando
 
Powering Internal API Communities
byAkana
 

Similar to Extend soa with api management Doag18

PPTX
Open api in enterprise
byGuru Lakshmeekar B
 
PDF
5 pillars of API Management
byJames Farley-Sutton
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
PPTX
API Best Practices
bySai Koppala
 
PPT
Six Steps to Build Successful APIs
byWSO2
 
PPT
Six Steps To Build A Successful API
byChris Haddad
 
PDF
Day 1 axway apim-training
byNextel Telecomunicações
 
PDF
Manage your ap is securely and easily ibm apim 4.0
bysflynn073
 
PDF
@avanttic_meetup Oracle Technology MAD_BCN: Oracle Cloud API Platform evoluc...
byavanttic Consultoría Tecnológica
 
PPTX
API Design – More than just a Payload Definition
byPhil Wilkins
 
PPTX
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
byapidays
 
PDF
Getting Started with API Management
byRevelation Technologies
 
PDF
5 Pillars of Building Enterprise0grade APIs
byWSO2
 
PDF
Core Dimensions of API Management
byFaisal Banaeamah
 
PDF
INTERFACE by apidays 2023 - No more coding API's, Prerna Sood, Syncloop
byapidays
 
PDF
B7 api management_enabling_digital_transformation
byDr. Wilfred Lin (Ph.D.)
 
PPTX
API Management and Integrated SOA Governance
bySumanth Chinthagunta
 
PDF
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
byKai Wähner
 
PDF
[Workshop] Managing the API lifecycle with Open Source Technologies
byWSO2
 
PDF
[WSO2Con EU 2018] WSO2 API Manager - Why, What, How, and What's Next
byWSO2
 
Open api in enterprise
byGuru Lakshmeekar B
 
5 pillars of API Management
byJames Farley-Sutton
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
API Best Practices
bySai Koppala
 
Six Steps to Build Successful APIs
byWSO2
 
Six Steps To Build A Successful API
byChris Haddad
 
Day 1 axway apim-training
byNextel Telecomunicações
 
Manage your ap is securely and easily ibm apim 4.0
bysflynn073
 
@avanttic_meetup Oracle Technology MAD_BCN: Oracle Cloud API Platform evoluc...
byavanttic Consultoría Tecnológica
 
API Design – More than just a Payload Definition
byPhil Wilkins
 
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
byapidays
 
Getting Started with API Management
byRevelation Technologies
 
5 Pillars of Building Enterprise0grade APIs
byWSO2
 
Core Dimensions of API Management
byFaisal Banaeamah
 
INTERFACE by apidays 2023 - No more coding API's, Prerna Sood, Syncloop
byapidays
 
B7 api management_enabling_digital_transformation
byDr. Wilfred Lin (Ph.D.)
 
API Management and Integrated SOA Governance
bySumanth Chinthagunta
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
byKai Wähner
 
[Workshop] Managing the API lifecycle with Open Source Technologies
byWSO2
 
[WSO2Con EU 2018] WSO2 API Manager - Why, What, How, and What's Next
byWSO2
 

More from Vinay Kumar

PDF
Modernizing the monolithic architecture to container based architecture apaco...
byVinay Kumar
 
PPTX
Kafka and event driven architecture -apacoug20
byVinay Kumar
 
PPTX
Kafka and event driven architecture -og yatra20
byVinay Kumar
 
PDF
Roaring with elastic search sangam2018
byVinay Kumar
 
PPTX
Expose your data as an api is with oracle rest data services -spoug Madrid
byVinay Kumar
 
PPTX
Modern application development with oracle cloud sangam17
byVinay Kumar
 
PDF
award-3b07c32b-b116-3a75-8974-d814d37026ca
byVinay Kumar
 
PDF
award-3b07c32b-b116-3a75-8974-d814d37026ca
byVinay Kumar
 
PPTX
Adf spotlight-webcenter task flow-customzation
byVinay Kumar
 
PDF
Personalization in webcenter portal
byVinay Kumar
 
PPTX
Custom audit rules in Jdeveloper extension
byVinay Kumar
 
PDF
File upload in oracle adf mobile
byVinay Kumar
 
PDF
Webcenter application performance tuning guide
byVinay Kumar
 
PDF
Tuning and optimizing webcenter spaces application white paper
byVinay Kumar
 
PDF
Oracle adf performance tips
byVinay Kumar
 
PPTX
JSR 168 Portal - Overview
byVinay Kumar
 
PPTX
Spring framework in depth
byVinay Kumar
 
PPTX
Oracle Fusion Architecture
byVinay Kumar
 
PPTX
Incentive compensation in fusion CRM
byVinay Kumar
 
PDF
Idoc script beginner guide
byVinay Kumar
 
Modernizing the monolithic architecture to container based architecture apaco...
byVinay Kumar
 
Kafka and event driven architecture -apacoug20
byVinay Kumar
 
Kafka and event driven architecture -og yatra20
byVinay Kumar
 
Roaring with elastic search sangam2018
byVinay Kumar
 
Expose your data as an api is with oracle rest data services -spoug Madrid
byVinay Kumar
 
Modern application development with oracle cloud sangam17
byVinay Kumar
 
award-3b07c32b-b116-3a75-8974-d814d37026ca
byVinay Kumar
 
award-3b07c32b-b116-3a75-8974-d814d37026ca
byVinay Kumar
 
Adf spotlight-webcenter task flow-customzation
byVinay Kumar
 
Personalization in webcenter portal
byVinay Kumar
 
Custom audit rules in Jdeveloper extension
byVinay Kumar
 
File upload in oracle adf mobile
byVinay Kumar
 
Webcenter application performance tuning guide
byVinay Kumar
 
Tuning and optimizing webcenter spaces application white paper
byVinay Kumar
 
Oracle adf performance tips
byVinay Kumar
 
JSR 168 Portal - Overview
byVinay Kumar
 
Spring framework in depth
byVinay Kumar
 
Oracle Fusion Architecture
byVinay Kumar
 
Incentive compensation in fusion CRM
byVinay Kumar
 
Idoc script beginner guide
byVinay Kumar
 

Recently uploaded

PDF
UnityNet AI Induced Harm & Youth Protection Position Statement 2025-11-15
byLHelferty
 
PDF
OutSystsems User Group Brabant November 2025
bymail496323
 
PPTX
Conserving precious peatland habitats using mobile apps - Esri UK Welsh Confe...
byEsri UK
 
PPTX
Building powerful web apps to improve productivity and engagement - Esri UK W...
byEsri UK
 
PPTX
Discover - Assemble - and Gain Insights into your Content with SharePoint Con...
byDrew Madelung
 
PDF
Introduction to Shell Scripting - RHCSA+.pdf
byLinuxCert Guru
 
PDF
Supercharging Android Apps with On-Device AI: Gemini Nano
bydinoykraj
 
PPTX
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
PDF
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
PDF
IDSECCONF2025 - Faisal Ilham - Semi Automating Vulnerability Scanner and Expl...
byidsecconf
 
PDF
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 
PDF
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
PDF
Infuse Intelligence Into your App with Foundry Local
byNilesh Gule
 
PDF
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
PDF
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
PDF
Webinar: Introduction to LF Energy SEAPATH
byDanBrown980551
 
PDF
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
PPTX
Explaining ourselves – people, computers and AI
byAlan Dix
 
PDF
November Patch Tuesday
byIvanti
 
PDF
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
UnityNet AI Induced Harm & Youth Protection Position Statement 2025-11-15
byLHelferty
 
OutSystsems User Group Brabant November 2025
bymail496323
 
Conserving precious peatland habitats using mobile apps - Esri UK Welsh Confe...
byEsri UK
 
Building powerful web apps to improve productivity and engagement - Esri UK W...
byEsri UK
 
Discover - Assemble - and Gain Insights into your Content with SharePoint Con...
byDrew Madelung
 
Introduction to Shell Scripting - RHCSA+.pdf
byLinuxCert Guru
 
Supercharging Android Apps with On-Device AI: Gemini Nano
bydinoykraj
 
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
IDSECCONF2025 - Faisal Ilham - Semi Automating Vulnerability Scanner and Expl...
byidsecconf
 
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
Infuse Intelligence Into your App with Foundry Local
byNilesh Gule
 
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
Webinar: Introduction to LF Energy SEAPATH
byDanBrown980551
 
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
Explaining ourselves – people, computers and AI
byAlan Dix
 
November Patch Tuesday
byIvanti
 
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 

Extend soa with api management Doag18

  • 1.
    Vinay Kumar, ORACLEACE @vinaykuma201 DOAG18-NUREMBERG 1
  • 2.
    2 • O RACLE ACE • Enterp ris e Arc h itec t • Co -Author of Book “Beginning Oracle Web Center p ortal 1 2 c” • O rac le c ertified p ro fes s io n al • B lo g ger-http ://w w w.tech artifact. com/b logs • So ftware Con s u ltant • https :/ / m ed ium .co m/ @ vin ayku ma2 01 • JAVA EE GUARDI AN
  • 3.
    3 • Oracle APIplatform introduction • Evolution of API management • Extension of SOA with API management • API management Architecture. • API management components • Configure the APIs policies. • APIMATIC – developer experience • API Fortress • API Management best pratices & benefits • Demo
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
    Evolution of APImanagement platform 8 Legacy Architecture Monolithic Architecture Modern Architecture
  • 9.
    Evolution of APImanagement platform 9 API GW / Platform ESB BPM/BPEL
  • 10.
    Understand the differencesin ESB & APIs 10 Features SOA/ESB APIs & Apps Core goal Enable Internal developers and systems to connect, while complying with IT department standards. Enable developers, either external or internal, to build nifty, compelling apps, and allow users to run them. Network Low-latency, trusted. High-latency, untrusted. (Mobile wireless network) Development Style Deliberate, structured, governed by process. Rapid, iterative, experimental. Connected Platform High-powered server Any connected device Data Contract Formal, strict. Flexible, dynamic Data Format XML, JMS, SOAP, EDI, possibly many others. JSON and XML. Authentication and Authorization Internal mechanisms, LDAP Internet standards including OAuth. Analytics Limited use, secondary importance. primary importance Data Format XML, JMS, SOAP, EDI, possibly many others JSON and XML
  • 11.
    API management platform 11 •API Security - The process of publishing, promoting, and overseeing APIs in a secure, scalable environment. Securing API and setting up the permission around that. • Developer/Partner management - Ensuring that developers and partners are productive. Dashboard for developer and partners to explore APIs and consume it. • API administration console- Managing, securing, and mediating your API traffic. Dashboard for API manager to control , secure, adding policy and user management. • Scalable - Allowing an organization to grow their API program to meet increasing demands • Monetization capabilities - Enabling the monetization of APIs. API management is about the planning, design, implementation, testing, publication, operation, consumption, maintenance, versioning and retirement of APIs. It involves use of a developers' portal to target, market to and govern communities of developers who embed the APIs, as well as runtime management, estimation of API value and analytics.
  • 12.
    API management platform 12 Governance- 1. Tracking the life-cycle of each API from inception to sun-setting . 2. tracking the API Consumers and subscriptions (relationships)to APIs utilized 3. the API Security Model employed and the details of managing it 4. defines the API interface standards used for creating APIs (an organization's standards for usage of something like Swagger) in the organization 5. gathering statistics of both the Developer Portal and API Gateway usage 6. utilization-based billing 7. API versioning 8. JSON (or XML) Schema versioning for input and output data structures
  • 13.
    Understandng API/ APIManagement 13
  • 14.
    Oracle API platformIntroduction 14 • Oracle API management platform provides full life cycle management in a easiest way i.e. from API design , implementation, continuous integration , operation, decommissioning and promotions etc. • Platform itself built using REST principles. All components and features supports via REST APIs. • The platform is modular, hybrid, and highly customizable. • Supports to integrate with popular tools for REST API economy • Fits well with Existing or new greenfield technology stack. • Fully aligned with Microservices Architecture. • Gateway as a Service (GaaS).
  • 15.
    Oracle API platformArchitecture 15
  • 16.
    Understanding Oracle APICS components Management Console: This is the place to manage APIs, gateway, user management, security and configuration and policies. This should be role-based application where roles and permissions can be managed. Developer Interface console: A web-based application where developers can search and subscribe to APIs. This is where all of the API documentation can found and where application keys are provided after a subscription to an API takes place. API Gateway: These are the heart of the platform. They enforce/apply the different API policies to the managed endpoints. These can deployed on premise and cloud infrastructure as well depending on the use case. For the initial start, it is recommend putting an API Gateway to close to the enterprise integration layer. The gateway needs to be resilient, performant and highly available as the APIs will be critical components of the consumer’s digital strategy. API Design: This provides API First design capabilities and enables document driven API design approach. This should support global standards of API documentation, i.e. Swagger, API Blueprint, Open API etc. Management Portal Developer Portal API Gateway APIARY
  • 17.
    API First Design-APIARY: Powerful API design Stack As the importance of API’s increases, more responsbility lies on those who build and manage the APIs Apiary solves fundamental task of API design & development , by meeting all the increase expectations and also streamlining the business process of how work get done.
  • 19.
    Apiary : APIlife cycle • Building great APIs is all about effective collaboration. • App developers, testers, architects, product managers, clients, and partners all bring unique perspectives to the design of your APIs. • To be successful, your team needs to make sure every stakeholder has a say
  • 20.
    Apiary : Corecomponents/toolset
  • 23.
    API platform -Management Portal
  • 24.
    API platform -Management Portal – API Catalog – Inventory of APIs that you offer – API Testing & Monitoring – Test API Interfaces and Functionality (Via API Fortress) – Deployment Management – Centrally manage availability of APIs across all Gateways – API Governance – Ensure consistency with style-guides and track changes with history service – Plan/Subscription Management – Manage who uses your APIs, and to what degree – Operational Analytics – Understand who is using your API, how, and if they are encountering issues – User Roles & Grants - Control access to your APIs with instance specific grants. – Publish APIs to Developer Portal. – Create application and assign plan to the application. • Gateway – Runtime Policies – Top security and traffic management runtime policies out of the box – Configuration gateway setting. – Managing the gateways. https://<LB_IP>/apiplatform
  • 25.
    API platform -Developer Portal
  • 26.
    API platform -Developer Portal – Developer Portal is a simple catalog that collects and provides information about published APIs – Registering and managing the applications. – Discovering and subscribing the APIs. – Customizable portal. – Discovering & entitling the plans. – Applications analytics. https://<LB_IP>/developers
  • 27.
    API platform -Gateway • A Logical Gateway - is a JSON object that defines what its registered nodes should look like. It stored the metadata of the gateway. - It stores endpoints, policies, routing rules and traffic management. - Configuration can inherited to physical gateways. - One to one mapping of logical to physical gateway • Physical (runtime) Gateway - Physical gateway nodes that are used by consumers at runtime to access the API endpoints, no runtime traffic from API consumers needs to interact with the API Platform Cloud Service itself. - All required configuration is passed from the cloud service logical nodes to the physical nodes as a JSON object. - Polling between logical and physical gateway. Default 2 mins. - Can be run onpremise as well in the cloud.
  • 28.
  • 29.
    API platform –Logical Gateway properties files
  • 30.
    API platform –Gateway setting
  • 31.
    API platform -Policies Policies are kind of rules in request/response flow to secure, throttle, route, manipulate, or log requests . • Applying OAuth 2.0 Policies • Applying Key Validation Policies • Applying Basic Authentication Policies • Applying IP Filter Validation Policies • Applying CORS Policies Security: • Applying Header Field Filtering Policies • Applying Interface Filtering Policies • Applying Redaction Policies • Applying Header Validation Policies • Applying Request Payload Validation Policies • Applying Method Mapping Policies • Applying REST to SOAP Policies Interface Management • Applying Header-Based Routing Policies • Applying Gateway-Based Routing Policies • Applying Application-Based Routing Policies • Applying Resource-Based Routing Policies Traffic Management • Applying API Throttling–Delay Policies • Applying Application Rate Limiting Policies • Applying API Rate Limiting Policies Routing • Applying Service Callout 2.0 Policies • Applying Logging Policies • Applying Groovy Script Policies Others Custom policies
  • 32.
    API platform -Policies • Applying OAuth 2.0 Policies • Applying Key Validation Policies • Applying Basic Authentication Policies • Applying IP Filter Validation Policies • Applying CORS Policies Security: • Applying Header Field Filtering Policies • Applying Interface Filtering Policies • Applying Redaction Policies • Applying Header Validation Policies • Applying Request Payload Validation Policies • Applying Method Mapping Policies • Applying REST to SOAP Policies Interface Management • Applying Header-Based Routing Policies • Applying Gateway-Based Routing Policies • Applying Application-Based Routing Policies • Applying Resource-Based Routing Policies Traffic Management • Applying API Throttling–Delay Policies • Applying Application Rate Limiting Policies • Applying API Rate Limiting Policies Routing • Applying Service Callout 2.0 Policies • Applying Logging Policies • Applying Groovy Script Policies Others Custom policies
  • 33.
  • 34.
    Developer Experience -APIMATIC • Inbuilt in API platform cloud service • SDK generation • Reactive code samples • Test cases • Package publishing • OAuth login flow
  • 35.
  • 36.
    APIMATIC supports SDKGeneration Generate Client Libraries in 10 Languages - Define your API and APIMATIC will generate SDKs in languages of your choice. Generate Language Specific Documentation - APIMatic will produce tailored tutorials and detailed usage instructions for each SDK you generate. SDK testing - Build test cases and APIMATIC will generate the test code in the same language as the SDK. Code samples for SDKs - APIMATIC will produce reactive code samples for the SDKs you generate. You can play with the code samples straight away on the Live API console. Integrate into your CI/CD pipeline - Use APIMATIC public APIs to generate SDKs and update developer portal as soon as your API description changes. Convert API Specifications - Bring your API Description file and convert it into 15 different formats. Deploy SDKs - Deploy your SDKs on Github or publish them as packages on your favourite package manager.
  • 37.
    APIMATIC integration inAPIP Coming SoonAPIMatic
  • 38.
    API Fortress Integration •Out of box integrationto management portal for : – link projects – seetests – run tests – view results • OAuth login flow • TestDesignin APIFortress • TryDreddaswellforHTTPAPItesting.
  • 39.
    Best Practices inAPI Management • Design First – Prototype with mock service – Collaborate with consumers – Prepare your API style guide • Test Driven Development – Establish a contract – Build to contract with CI/CD • Protocols – REST interface, JSON data – Open API (Swagger 2.0) docs – OAuth 2.0 Based Security • Backward Breaking Versioning – Evolve API version to contract – New “Version” with new contract • Micro Gateways & Micro Services – Size vs Quantity • Centralized Management – Across multi-cloud and on-premises • Developer Empowerment • System APIs & Presentation APIs – API per system or API per consumer?
  • 40.
    Top benefits ofusing an API management platform • Service Abstraction - Standardized security model - Shape the APIs interface - Absract on top of backend service • Analytics & Audit - Rate Limit - Validations - Throttling • Service Protection - Consumption behaviour - Error source and distribution - Transaction details - Revenu on consumption data • Monitization - Plan based access control - Self service registration • Customer/partner onboarding & management
  • 41.
  • 42.
  • 43.
    Neal Creative |click & Learn moreNeal Creative © THANK YOU Vinay Kumar @Vinaykuma201 [email protected] www.techartifact.com/blogs