Full Life Cycle API Management with WSO2

The growth and constant evolution of the use of computer systems in all areas of human development, together with the need of companies to integrate with each other, besides offering services to their clients through the Internet, results in the multiplication of open systems, which provide services through communication interfaces. Many companies exist only because of this type of integration interface – the so called APIs (Application Program Interface).

Over the years, several network communication protocols have been created to provide standardized data exchange: RPC, CORBA, DCOM, RMI, WebSocket, SOAP (Web Services) and REST. These last three protocols are the most commonly used protocols since they are based on an open HTTP transport protocol, standardizing and popularizing the exchange of data and services, through public or private APIs. The amount of APIs made available by companies, both internally and externally, can grow exponentially in quantity.

Because of these movements there will be a growing need to document and monitor the creation and use of these APIs.

Some of the key features of an API management solution include:

• Performance and Reliability– must support high throughput with reduced overhead;
• Lifecycle and Governance– should provide workflows for API development and subscription, API versioning and management/monitoring capabilities;
• Throttling and Monetization– capable of controlling API traffic and charge for API usage;
• Engagement– easy to onboard new subscribers, providing a good and well documented test environment;
• Composition and Orchestration– able to implement specific functionality to an API (e.g. call 2 different APIs and return aggregated result).

WSO2 API Manager overcomes these challenges with a set of features for creating, publishing, lifecycle management, release, monetization, governance, security, etc.

From designing to building and using an API, there is a process that involves engineering, publishing and administration this process is called the API Lifecycle. The life cycle of an API is something crucial and strategic for an organization. Generally, the definition of the life cycle is defined in Planning and Designing the API, Developing the API, Testing the API, Deploying the API, Retiring the API. WSO2 API Manager has more detailed flows for each cycle, where you can create sub flows within each cycle, for example: In the Retiring the API, before doing the removal there is the blocking flow, where when an API is blocked it is possible to deprecate the API or return to the published state. In this way, each company can define its life cycle, and work internally according to its needs. One of the great differentials of WSO2 API Manager is that you have complete freedom to modify all internal flows and customize according to your needs.

By default the WSO2 API Manager defines this cycle between the components below:

• API Publisher:Is responsible for creating, monitoring, managing, and publishing the APIs. It is the web interface for API Creators and Publishers.
• API Portal (Developer Portal):Web interface intended for consumers of APIs, developers etc. In this interface it is possible to explore the existing APIs, test, subscribe and monitor all the APIs that were subscribed by the user.
• API Gateway:The Gateway is the main component of the API Manager, it receives all API calls and forwards to the backend, before forwarding it, it is necessary to pass this request on to Key Manager and Traffic Management to validate all the policies of security before proceeding.
• Key Manager: responsible for all authentication and security of the API, takes care of all Token Oauth lifecycle management.
• Traffic Manager: takes care of every part of Throttling’s policy, thus verifying if the calls belong to some user with limitation of request in that API and if the user has not exhausted his limit of requests.
• Analytics:Analytics is a real-time analytics engine, which in addition to exposing detailed graphs about the APIs, also takes care of the real-time monitoring part generating several types of alerts such as security incident, abnormal calls to a certain API, etc.

WSO2 API Manager is a very robust and complete API solution, having as a differential its entire graphical implementation interface, which differs a lot from the competitors that have a greater focus on the Gateway, to build a robust gateway and not giving much focus to the other components needed for the API lifecycle such as the Store and the Publisher. WSO2 came out ahead with this product because it was able to meet all aspects of full solution either with a very robust gateway as well as an intuitive interface facilitating deploy and the entire lifecycle. Due to this, in the Gartner quadrant, the WSO2 API Manager is considered as a “Visionary”.

Just to get an idea of the robustness of the product, with a minimum recommended configuration, each node can support up to 3000 TPS (Transactions Per Second).

If you’d like to know more about WSO2 API Manager and its features, go to WSO2 API Manager web site and explore all implementation possibilities.