APIs provide standard application programming interfaces for application components to talk to each other using protocols. Some way or other almost all application today use some type of an API for communicating with their internal components, business services, third-party systems, databases, etc. Writing a standard API requires security policies, usage policies, collecting and analysing statistics.
Developing API management platform with support for wide variety of transports, security features, analytics and usage monitoring, etc from scratch is a cumbersome task.
Initial version of API Management platformby WSO2 in 2012, now after eight year it is a widely adopted Enterprise Service Bus (ESB). The WSO2 API Manager 3.1.0 consists of 6 main components, the API Publisher, the API developer Portal, API Gateway (now comes as a API Microgateways well), Key Manager, Traffic Manager and the API Analytics. For data storage MySQL, Postgres, DB2, Oracle, or MS SQL can be used. The below image shows the flow between different components of API management platform:
It is a GUI designed for API creators to develop, document, scale and version APIs, also allows API management-related tasks such as publishing API and monetizating APIs. It supports three main types of APIs- REST, SOAP, and WebSocket and the visibility of the APIs can be controlled by either using user roles or tenants if multi-tenancy is used or can be made public.
API usage can be controlled accordingly by API developers who can define their own subscription tiers for restricting. Advanced throttling policies allow users to control incoming requests according to request counts, request message size, client IP addresses, HTTP headers or query parameters.
API developer portal
API developer portal allows API publishers to host and advertise their APIs while allowing API consumers to self register, discover, evaluate, subscribe to and consume APIs. Includs Swagger based API references, documentation, an interactive API console, sandbox APIs, client SDKs, and let their business units, partners, and other third-party users to subscribe to APIs for building business applications.
API Gateway secures, protects, manages, and scales API calls. It intercepts API requests, applies policies such as throttling and security using handlers, and manages API statistics.
When WSO2 API Manager is running, you can access the Gateway using the following URL: https://localhost:9443/carbon.
The Key Manager supports OAuth 2.0, JWT, Basic Auth, Mutual SSL as well as API-Key based authentication mechanisms.
To generate an access token, a Subscriber first creates an application on the Developer Portal and generates an access token for the application. Behind the scenes, the Developer Portal makes a token generation request to the API Gateway. The API Gateway then, requests for an access token from the Key Manager. Upon recieving the request, the Key Manager creates an OAuth client and generates an access token. This access token is sent back to the Developer Portal via the API Gateway.
It uses WSO2 Complex Event Processor (CEP) and WSO2 Message Broker (MB) for processing statistics of incoming API requests in real-time and providing throttling data to the gateway for taking throttling decisions. For more information, see Working with Throttling.
The API Manager integrates with API Manager Analytics to provide reports, statistics and graphs on the APIs deployed in WSO2 API Manager.
I hope this article helped you to understand how API Manager 3.1.0 can be used to configure, speed up the API development and analyse the APIs after development.