SlideShare a Scribd company logo

Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager

WSO2, profile picture
WSO2

This document discusses applying API governance to RESTful APIs using WSO2 Governance Registry and API Manager. It promotes these products for designing, implementing, and managing APIs at design time and runtime. Key points include establishing consumer/subscriber relationships, implementing versioning, and ensuring operational governance through monitoring, analytics, and quality of service controls.

Technology
1 of 32
Downloaded 162 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
lean . enterprise . middleware Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager Chris Haddad Technology evangelism, strategy, and roadmaps Follow me @cobiacomm on Twitter Read more about our API Story at blog.cobia.net/cobiacomm http://wso2.com/products/api-manager © WSO2 2011. Not for redistribution. Commercial in Confidence.
WSO2 Carbon Enterprise Middleware Platform *
Business APIs “APIs provide a way to make resources available for internal and external partners to access information and services.”
APIs All the Way…
API Architecture An API is a business capability delivered over the Internet to internal or external consumers • Network accessible function • Available using standard web protocols • With well-defined interfaces • Designed for access by third-parties A Managed API is: • Actively advertised and subscribe-able • Exhibits high Quality of Service (QoS) • Available with Service Level Agreements (SLAs) • Secured, authenticated, authorized and protected • Monitored and monetized with analytics
Resources • Addressable Resources: • Every “object” on your network should have a unique ID. • An important aspect is that each “object” or resource has its own specific URI where it can be addressed • A Uniform, Constrained Interface. • When applying REST over HTTP, stick to the methods provided by the protocol • GET, POST, PUT, and DELETE. • These should be used properly • GET should have no side effects or change on state • PUT should update the resource “in-place” • The content-type of the resource should be useful and meaningful
REST is full of subtleties • Method Safety • GET, HEAD, OPTIONS, TRACE will not modify anything • Idempotency • PUT, DELETE, GET, HEAD can be repeated and the side-effects remain the same • Caching • Correct use of Last-Modified and ETag headers • Content-negotiation
The benefits of a well-designed REST app • Bookmarkability • Each URI really points to a unique entity • Every entity can be referenced • Multiple representations are powerful • Allowing one view of a resource for users and one for systems makes application development simpler and more logical • Having well defined links • Does improve the semantic richness of an application • By comparison WSDL is very flat and doesn’t show the links between operations and services
Hypertext as the Engine of Application State Resources are identified by URIs ↓ Clients communicate with resources via requests using a standard set of methods ↓ Requests and responses contain resource representations in formats identified by media types ↓ Responses contain URIs that link to further resources
Heavy weight Governance
The REST Way
How to be successful?
Business Design of the APIs • Know the consumer • Who will use the APIs (both developers and final end-user)? • What type of applications will use the APIs? • What business assets will be delivered? • Maintain Operational Control • What Quality of Service is expected? • Who can access the assets? • Remember Usability and Monetization • How will the API expose business assets? • How will you demonstrate business value via direct revenue, chargeback, or showback?
API Challenges Often difficult to offer your business capabilities as an API • Potential consumers do not trust API stability, reliability, availability, or performance • Providers have scalability concerns and lack an ability to manage consumption • Security risks prevent publishing and offering open access • Difficult to manage requirements from multiple consumers and coordinate release schedule • Inability to configure API per consumer • Business return requires API metering usage rates, and billing
Use of Registries in RestFul Architecture • Registry/Repository Aspects: • Structured Organization of Data • Dependencies – Dependency Analysis • Versioning of Assets (WADL/WSDL, Schema, Policies) • Extensible meta-model (especially your custom configurations) • Custom Properties/Meta-information • Integration/Governance Aspects: • Impact, Notification, and Change Management • Broader Lifecycle Integration • API-access to resources • Endpoint discovery
Building an Approval Model: SCXML • State Chart XML: State Machine Notation for Control Abstraction • An OASIS Standard • Embedded Apache Commons SCXML library • GUI/Tooling • IBM Rational Software Architect • SCXMLgui • WSO2 Carbon Studio – Future
API Governance Roadmap • Design Time Governance • Run-time Operational Governance
API Design Time Governance Roadmap REST Design Contract Review • Stateless • Resource-oriented URL Convention • Xlinks • Security
API Design Time Governance Roadmap Consumer / Subscriber Relationships • API Manager • Promotes available APIs • Tracks subscriptions
API Design Time Governance Roadmap API Versioning • REST URL convention • API Payload versioning • Associating API to Service
Operational Governance 21
Operational Governance 22
Operational Governance 23
Operational Governance 24
Operational Governance 25
Operational Governance 26
Operational Governance 27
Operational Governance 28
Operational Governance 29
Operational Governance 30
Follow us: http://twitter.com/#!/wso2 Follow us: Contact us: http://twitter.com/#!/wso2 http://wso2.com/contact/
lean . enterprise . middleware

More Related Content

PPTX
API Branding Strategy
WSO2
 
PDF
API Management Building Blocks and Business value
WSO2
 
PDF
Understanding the WSO2 Platform and Technology
WSO2
 
PDF
Building Sustainable Ecosystems: The Economics of Collaboration
WSO2
 
PPTX
Why WSO2 for Digital Transformation
WSO2
 
PDF
Message based microservices architectures driven with docker
Docker, Inc.
 
PDF
Building a SaaS using WSO2 Stratos
WSO2
 
PDF
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
WSO2
 
API Branding Strategy
WSO2
 
API Management Building Blocks and Business value
WSO2
 
Understanding the WSO2 Platform and Technology
WSO2
 
Building Sustainable Ecosystems: The Economics of Collaboration
WSO2
 
Why WSO2 for Digital Transformation
WSO2
 
Message based microservices architectures driven with docker
Docker, Inc.
 
Building a SaaS using WSO2 Stratos
WSO2
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
WSO2
 

What's hot (20)

PDF
WSO2 & AAA Ohio Automobile Club
WSO2
 
PDF
API strategy with IBM API connect
Kellton Tech Solutions Ltd
 
PDF
Partner Webinar: Why Is Open Source the Smartest Choice for Hybrid Integration?
WSO2
 
PDF
Solving born mobile generation challenges with WSO2 Enterprise Mobile Platform
WSO2
 
PDF
Architecting the Digital Enterprise
WSO2
 
PDF
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
WSO2
 
PDF
Open Banking - Moving Banks Beyond the Norm
WSO2
 
PDF
Governance and Security Solution Patterns
WSO2
 
PDF
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2
 
PDF
How to Effectively Build Web APIs for Microservices
WSO2
 
PDF
Role of API Management in an API led Digital Economy
WSO2
 
PDF
WSO2 Cloud Platform: Vision and Roadmap
WSO2
 
PPTX
Open api in enterprise
Guru Lakshmeekar B
 
PDF
Which APIs? which business models - A real-world guide for African banks.
WSO2
 
PDF
[WSO2Con EU 2017] Cloud-Native API Management
WSO2
 
PPTX
Role of integration in Digital Transformation
WSO2
 
PPTX
API Management Demystified
Manmohan Gupta
 
PPTX
Confronting API Security in the Brave New Open Banking Era
Akana
 
PPTX
Building Business Platforms Using an API Driven Marketplace
WSO2
 
PDF
Best Practices for API Management
WSO2
 
WSO2 & AAA Ohio Automobile Club
WSO2
 
API strategy with IBM API connect
Kellton Tech Solutions Ltd
 
Partner Webinar: Why Is Open Source the Smartest Choice for Hybrid Integration?
WSO2
 
Solving born mobile generation challenges with WSO2 Enterprise Mobile Platform
WSO2
 
Architecting the Digital Enterprise
WSO2
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
WSO2
 
Open Banking - Moving Banks Beyond the Norm
WSO2
 
Governance and Security Solution Patterns
WSO2
 
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2
 
How to Effectively Build Web APIs for Microservices
WSO2
 
Role of API Management in an API led Digital Economy
WSO2
 
WSO2 Cloud Platform: Vision and Roadmap
WSO2
 
Open api in enterprise
Guru Lakshmeekar B
 
Which APIs? which business models - A real-world guide for African banks.
WSO2
 
[WSO2Con EU 2017] Cloud-Native API Management
WSO2
 
Role of integration in Digital Transformation
WSO2
 
API Management Demystified
Manmohan Gupta
 
Confronting API Security in the Brave New Open Banking Era
Akana
 
Building Business Platforms Using an API Driven Marketplace
WSO2
 
Best Practices for API Management
WSO2
 
Ad

Similar to Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager (20)

PDF
Role of Rest vs. Web Services and EI
WSO2
 
PDF
REST API Recommendations
Jeelani Shaik
 
PDF
Designing Usable APIs featuring Forrester Research, Inc.
CA API Management
 
PDF
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
Jitendra Bafna
 
PDF
Rest api webinar(3)
WSO2
 
PDF
REST & API Management with the WSO2 ESB
WSO2
 
PDF
Be My API How to Implement an API Strategy Everyone will Love
CA API Management
 
PPT
Six Steps To Build A Successful API
Chris Haddad
 
PPT
Six Steps to Build Successful APIs
WSO2
 
PDF
Modern REST API design principles and rules.pdf
Aparna Sharma
 
PDF
APIs and Beyond
WSO2
 
PDF
GlueCon 2018: Are REST APIs Still Relevant Today?
LaunchAny
 
PPTX
Cloud Side: REST APIs - Best practices
Nicolas FOATA
 
PDF
Getting Started with API Management
Revelation Technologies
 
PDF
Api design best practice
Red Hat
 
PDF
REST APIs
Arthur De Magalhaes
 
PDF
What is REST?
Saeid Zebardast
 
PDF
Practical guide to building public APIs
Reda Hmeid MBCS
 
PDF
What are restful web services?
Aparna Sharma
 
PDF
Exploring REST Purity and Pragmatism
WSO2
 
Role of Rest vs. Web Services and EI
WSO2
 
REST API Recommendations
Jeelani Shaik
 
Designing Usable APIs featuring Forrester Research, Inc.
CA API Management
 
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
Jitendra Bafna
 
Rest api webinar(3)
WSO2
 
REST & API Management with the WSO2 ESB
WSO2
 
Be My API How to Implement an API Strategy Everyone will Love
CA API Management
 
Six Steps To Build A Successful API
Chris Haddad
 
Six Steps to Build Successful APIs
WSO2
 
Modern REST API design principles and rules.pdf
Aparna Sharma
 
APIs and Beyond
WSO2
 
GlueCon 2018: Are REST APIs Still Relevant Today?
LaunchAny
 
Cloud Side: REST APIs - Best practices
Nicolas FOATA
 
Getting Started with API Management
Revelation Technologies
 
Api design best practice
Red Hat
 
REST APIs
Arthur De Magalhaes
 
What is REST?
Saeid Zebardast
 
Practical guide to building public APIs
Reda Hmeid MBCS
 
What are restful web services?
Aparna Sharma
 
Exploring REST Purity and Pragmatism
WSO2
 
Ad

More from WSO2 (20)

PDF
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
WSO2
 
PDF
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
WSO2
 
PDF
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
WSO2
 
PDF
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
WSO2
 
PDF
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
WSO2
 
PDF
Platformless Modernization with Choreo.pdf
WSO2
 
PDF
Application Modernization with Choreo for the BFSI Sector
WSO2
 
PDF
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
WSO2
 
PDF
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
WSO2
 
PPTX
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2
 
PPTX
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2
 
PPTX
WSO2Con 2025 - Building Secure Customer Experience Apps
WSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
PPTX
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
WSO2
 
PPTX
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
WSO2
 
PPTX
WSO2Con 2025 - Architecting Cloud-Native Applications
WSO2
 
PDF
Mastering Intelligent Digital Experiences with Platformless Modernization
WSO2
 
PDF
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
PDF
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
WSO2
 
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
WSO2
 
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
WSO2
 
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
WSO2
 
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
WSO2
 
Platformless Modernization with Choreo.pdf
WSO2
 
Application Modernization with Choreo for the BFSI Sector
WSO2
 
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
WSO2
 
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
WSO2
 
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2
 
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2
 
WSO2Con 2025 - Building Secure Customer Experience Apps
WSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
WSO2
 
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
WSO2
 
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
WSO2
 
WSO2Con 2025 - Architecting Cloud-Native Applications
WSO2
 
Mastering Intelligent Digital Experiences with Platformless Modernization
WSO2
 
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 

Recently uploaded (20)

PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Software Development Methodologies in 2025
KodekX
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PPTX
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Software Development Methodologies in 2025
KodekX
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 

Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager

  • 1. lean . enterprise . middleware Apply API Governance to RESTful Service APIs using WSO2 Governance Registry and WSO2 API Manager Chris Haddad Technology evangelism, strategy, and roadmaps Follow me @cobiacomm on Twitter Read more about our API Story at blog.cobia.net/cobiacomm http://wso2.com/products/api-manager © WSO2 2011. Not for redistribution. Commercial in Confidence.
  • 2. WSO2 Carbon Enterprise Middleware Platform *
  • 3. Business APIs “APIs provide a way to make resources available for internal and external partners to access information and services.”
  • 4. APIs All the Way…
  • 5. API Architecture An API is a business capability delivered over the Internet to internal or external consumers • Network accessible function • Available using standard web protocols • With well-defined interfaces • Designed for access by third-parties A Managed API is: • Actively advertised and subscribe-able • Exhibits high Quality of Service (QoS) • Available with Service Level Agreements (SLAs) • Secured, authenticated, authorized and protected • Monitored and monetized with analytics
  • 6. Resources • Addressable Resources: • Every “object” on your network should have a unique ID. • An important aspect is that each “object” or resource has its own specific URI where it can be addressed • A Uniform, Constrained Interface. • When applying REST over HTTP, stick to the methods provided by the protocol • GET, POST, PUT, and DELETE. • These should be used properly • GET should have no side effects or change on state • PUT should update the resource “in-place” • The content-type of the resource should be useful and meaningful
  • 7. REST is full of subtleties • Method Safety • GET, HEAD, OPTIONS, TRACE will not modify anything • Idempotency • PUT, DELETE, GET, HEAD can be repeated and the side-effects remain the same • Caching • Correct use of Last-Modified and ETag headers • Content-negotiation
  • 8. The benefits of a well-designed REST app • Bookmarkability • Each URI really points to a unique entity • Every entity can be referenced • Multiple representations are powerful • Allowing one view of a resource for users and one for systems makes application development simpler and more logical • Having well defined links • Does improve the semantic richness of an application • By comparison WSDL is very flat and doesn’t show the links between operations and services
  • 9. Hypertext as the Engine of Application State Resources are identified by URIs ↓ Clients communicate with resources via requests using a standard set of methods ↓ Requests and responses contain resource representations in formats identified by media types ↓ Responses contain URIs that link to further resources
  • 12. How to be successful?
  • 13. Business Design of the APIs • Know the consumer • Who will use the APIs (both developers and final end-user)? • What type of applications will use the APIs? • What business assets will be delivered? • Maintain Operational Control • What Quality of Service is expected? • Who can access the assets? • Remember Usability and Monetization • How will the API expose business assets? • How will you demonstrate business value via direct revenue, chargeback, or showback?
  • 14. API Challenges Often difficult to offer your business capabilities as an API • Potential consumers do not trust API stability, reliability, availability, or performance • Providers have scalability concerns and lack an ability to manage consumption • Security risks prevent publishing and offering open access • Difficult to manage requirements from multiple consumers and coordinate release schedule • Inability to configure API per consumer • Business return requires API metering usage rates, and billing
  • 15. Use of Registries in RestFul Architecture • Registry/Repository Aspects: • Structured Organization of Data • Dependencies – Dependency Analysis • Versioning of Assets (WADL/WSDL, Schema, Policies) • Extensible meta-model (especially your custom configurations) • Custom Properties/Meta-information • Integration/Governance Aspects: • Impact, Notification, and Change Management • Broader Lifecycle Integration • API-access to resources • Endpoint discovery
  • 16. Building an Approval Model: SCXML • State Chart XML: State Machine Notation for Control Abstraction • An OASIS Standard • Embedded Apache Commons SCXML library • GUI/Tooling • IBM Rational Software Architect • SCXMLgui • WSO2 Carbon Studio – Future
  • 17. API Governance Roadmap • Design Time Governance • Run-time Operational Governance
  • 18. API Design Time Governance Roadmap REST Design Contract Review • Stateless • Resource-oriented URL Convention • Xlinks • Security
  • 19. API Design Time Governance Roadmap Consumer / Subscriber Relationships • API Manager • Promotes available APIs • Tracks subscriptions
  • 20. API Design Time Governance Roadmap API Versioning • REST URL convention • API Payload versioning • Associating API to Service
  • 31. Follow us: http://twitter.com/#!/wso2 Follow us: Contact us: http://twitter.com/#!/wso2 http://wso2.com/contact/
  • 32. lean . enterprise . middleware