implementing enterprise api management in oracle cloud

Implementing Enterprise API ManagementIn the Oracle CloudOracle OpenWorldSan Francisco | September 18-22, 2016

Luis [email protected]

uk.linkedin.com/in/lweir @luisw19

soa4u.co.uk/

mailto:[email protected]

http://uk.linkedin.com/in/lweir

https://twitter.com/Luisw19

http://www.soa4u.co.uk/

2Copyright © Capgemini and Sogeti 2016. All Rights Reserved

Oracle OpenWorld | San Francisco | September 18-22, 2016

Table of Contents

Introduction

Context

A step back… redefining types of integrations

The missing pieces:

• An Enterprise API Taxonomy

• API Management Capability Model

• Mapping Oracle Cloud PaaS to APIM Capabilities

Use cases

Wrap-up

Introduction



Resume

I am very passionate about technology. I have be the lead authored of two books (Oracle SOA Governance 11g Implementation and Oracle API Management 12c Implementation), I am a regular blogger and speaker in major conferences and events. A well-known industry expert especially when it comes to Oracle middleware technologies I am also an OTN certified SOA black belt.

Luis Weir Oracle Ace Director – Cloud Principal at Capgemini UKI am an Oracle Ace Director, Cloud Principal and a Thought Leader specialised in Oracle Fusion Middleware & Oracle PaaS. With more than 15 years of experience implementing IT solutions across the globe, I have been exposed to a wide wide variety of business problems many of which I’ve helped solved by adopting SOA architectural styles such as traditional SOA, API management and now Microservices. My current focus is in assisting organisations define and implement solutions and strategies that can help them realise the benefits that such technologies have to offer.

2nd Place1st OTN Cloud

HackathonJune, 2016

CloudContribution Award

SOA CommunityMarch, 2016

Latest Media: Oracle Magazine May/June 2016 (http://

bit.ly/1RTCAU3) Systematic Approach for Migrating to Oracle

Cloud SaaS (http://bit.ly/1Xr6acs) Oracle Magazine Jan/Feb 2016 (http://ora.cl/Vhh) API Management Implementation (http://

ora.cl/Gcw) A Word About Microservices and SOA (http://

bit.ly/25Dk5go)

http://bit.ly/1RTCAU3

http://bit.ly/1RTCAU3

http://bit.ly/1Xr6acs

http://bit.ly/1Xr6acs

http://ora.cl/Vhh

http://ora.cl/Vhh

http://ora.cl/Vhh

http://ora.cl/Gcw

http://ora.cl/Gcw

http://ora.cl/Gcw

http://bit.ly/25Dk5go

http://bit.ly/25Dk5go

https://www.packtpub.com/application-development/oracle-api-management-12c-implementation

https://www.packtpub.com/application-development/oracle-soa-governance-11g-implementation

https://blogs.oracle.com/soacommunity/entry/fusion_middleware_partner_community_awards2

https://www.packtpub.com/application-development/oracle-soa-governance-11g-implementation

https://www.packtpub.com/application-development/oracle-api-management-12c-implementation

ContextA summary of key business challenges driving the need for API management



The “Digital” dilemma…



Systems of Differentiator

Systems of Record

Systems of Innovation

Bi-modal IT, is it really?

Traditional Mode(Reliable, delivered in waterfall, IT centric,

V-model, slow)

Non-linear Mode(Agile, DevOps,

automation, fast)

Promised in 8 weeks

Promised in 4 Months

What about access to core data and business

functionality?

+8 Weeks

Ready in 8 Months

Environment created, system changed, functionality added,

access granted,

Standard interface delivered

Waiting for changes

Waiting for access

Bi-modal?



A bi-modal analogy

The fast IT organisation can only be as fast as it is possible to deliver access to systems of records…

Thus bi-modal IT it’s contraint to the speed it takes to deliver such access.



Cloud

Rush to the Cloud

Firewall

Social Media

{json}

{json}

{json} {json}

{json}

{json}

<xml><xml>

<xml>

Oracle Cloud SaaS

FIN HUBs LEGACYSCM

Other SaaS

Mobility & IoT Solutions

= accidental cloud architecture (cloud spaghetti!)



Breaking the chains



API-led connectivity

Firewall

ERP HCM LEGACYCRM

Mobility & IoT SolutionsOracle Cloud SaaS Social MediaOther SaaS

Cloud

On-Premise APIs

Cloud APIs HybridAPI

Platform



API growth is exponential

API growth in the enterprise exponential API accelerated growth will continue:

• Partner integration APIs• B2C APIs• Enterprise mobility APIs• IoT APIs

Growth In Web APIs Since 2005 Programmable Web

Jun-05

Mar-06

Oct-06

May-07

Dec-07

Jul-08

Feb-09

Sep-09

Apr-10

Nov-10

Jun-11

Jan-12

Aug-12

Mar-13

Oct-13

0

1500

3000

4500

6000

7500

9000

10500

12000

1 186 299 438 593 8651263 1546

20262418

3422

5018

7182

9011

10302

Month

API

Cou

nt Fastest Growing Web APICategories (6 months)

Programmable Web

Financial; 70

Enterprise; 66

Backend; 52

Messaging; 43

Advertising; 43

Government; 38

Mapping; 35

Science; 31Social; 28



What is an [Web] API?

Application Programming Interfaces (APIs) are not new. But they have taken on a new shape. REST (or Web) APIs are doors that giveaccess to information and functionality in real time.And just like doors: They have locks. Only key holders can open them There are different types for different needs (size, color, locks,

purpose, etc.) They can be outside facing (anyone can see them i.e. internet) or

internal facing (i.e. only accessible within an area/zone) They are available only in specific locations – API endpoints They can be as secured and closely monitored as required (typically

depending on their purpose and information being accessed) The have an impact on people (customers and employees)

experience. Based on their performance experience can be good or bad. If bad people will remember!



API Management

Planning

Design

Implementation

Publication

Operation

Consumption

Maintenance

Retirement

API



Drivers for API Management

Enable a digital strategy by unlocking access to electronic

business assets

Richer user experience by delivering

tailored-fit APIs

Quicker, standard and secure access to information and

functionality

Discovery and reuseof APIs

3rd generation API platform with global

deployment capabilities (cloud or on-prem)

Robust operations, analytics and

insights

API as a new source of revenue. Information

is a valuable asset

A step back… redifining types of integrationAn overview of vertical and horizontal integrations



SYSTEMS OF ENGAGEMENT

Mobile Apps Response web Applications Devices Customer

ServiceBusiness Partners

Vertical vs. Horizontal Integration

Horizontal Integration

Asynchronous in nature. Near-real time or batch. Typical integration styles: as pub/sub, data replications, file transfers

SYSTEMS OF RECORDS

Financials EPM HCM Order Management CRM Data Hubs Legacy

Sync

hron

ous/

Rea

l tim

e

Vert

ical

Inte

grat

ion

Main scope for API Management

Created with Niklas Olsson /



Vertical vs. Horizontal Integration – Characteristics

Vertical

Human behind the trigger Information requested on-demand (real-time) Synchronous in nature. A request expects a response Objective is to deliver functionality and/or information in

support of a user journey Directly impacts the user experience (regardless of the channel) Best realised with API management

Horizontal

System behind the trigger Initiated by a system scheduled or a system event Asynchronous in nature. No immediate response expected Objective is to deliver data or messages from a source

system to a target(s) system No immediate impact to the user (unless a malfunction occurs) Can be realized in a number of ways

Validate,Enrich,

Transform

.... .. .

.. .. . .

....... .

.... .. .

.. .. . .

....... .

.... .. .

.. .. . .

....... .

.... .. .

.. .. . .

....... .

Route,Operate,

Load

Extract,Capture

Exp

erie

nce

Del

iver

y

Systems of EngagementCoworkers Customers

Rapid access, Transform

Enforce, Aggregate, Route

Tailor, Deliver

UX



SOA

What about SOA?

Inspiration from Martin Fowler’s Microservices presentation at GOTO conference, Berlin November 2014 (minute 14)

Typically adopted to deliver horizontal

integrations

TraditionalSOA

(i.e. AIA)

Best for vertical integrations

Not for integration.

Best for building modern systems

APIManagement

MicroservicesArchitecture

The missing piece:Enterprise API Taxonomy, API Management Capability Model and Oracle PaaS Cloud Services mapped to the APIM capabilities



Enterprise API Taxonomy

SaaS

API Applications

Finance SCM Legacy, etc CX HCM

[Managed] Business APIs

Single Purpose APIs Utility APIs

Identity

Logging

ErrorHanding

Notifications

Management & Collaboration

Design & Development

Portals

Policy Definition

Lifecycle Management

RuntimeAnalytics

User Management

SYSTEMS OF ENGAGEMENT

Special Purpose APIs Presentation APIs Partner [B2B] APIsPublic [Consumer] APIs

Microservices

SYSTEMS OF RECORDS SYSTEMS OF INNOVATION

SYSTEMS O

F DIFFER

ENTIATIO

N

$

API

System APIs System APIs System APIs System APIs System APIs



API Management Capability Model

API Registry

Single Purpose APIs

Business APIs

API Applications

Utility APIsAPI Design & Development

Portal

API-First Design Console

ADL Programmatic Validation

API Approval Workflow

API Dynamic Documentation

API Applications & Keys Generation

Developer On-boarding

Community Collaboration

Resource Registration

Resource Discovery

K/V Storage

K/V Replication

Resource Health Status

Registry API

Identity Federation

Identity Mappings

Error Handling

Logging

Alerts & Nots

Management APIs

AuthN/AuthZ/API Key Validation

Policy Enforcement

HTTP Routing

Calls Aggregation

Light Transformation

Light Scripting

In-memory Cache

Rate Limiting/Throttling Streaming REST/SOAP

Conversions

System AuthN/AuthZ Connectivity Adapters Connection &

Session ManagementTransport

ConversionsProtocol

Conversions

Data Transformation

Complex Orchestrations

Custom Logic(Complex Scripting)

PolyglotProgramming

Decentralise Deployment

Federated AuthN/AuthZ

API Key Validation

Call Aggregation

Tailored Contracts

Thread Protection

Thread Protection

Client Backend Logic Scripting

Platform/Backend APIs

Push Nots/Websockets

Polyglot Consumer SDKs

API Management

Console

API Lifecycle Management

Policy Definition

Runtime Monitoring

Runtime Analytics

API Gateway Management

Policy Definition

User & Role Management

Keys Management

Delivery

Version Control Deployment Continuous

TestingRelease

ManagementContinuous Integration

Team Management

Team Collaboration

Issue Tracking

Spring Boards

RuntimeDev-Ops

API Discovery & Subscriptions



Oracle PaaS for API Management

RuntimeDev-OpsSuggestionsAPIPCS OOTB InteroperabilityOracle PaaS Cloud Services

API Registry

Single Purpose APIs

Business APIs

API Applications

Utility APIsAPIPortal

API Management

Console

Delivery

Developer Cloud

Eureka

Management

Cloud

Identity Cloud

Java CloudSOA Cloud App Container CloudIntegration Cloud

API Platform Cloud

API Platform Cloud

API Platform Cloud

Java CloudMobile Cloud App Container CloudAPI Platform Cloud

Public SaaSAPI Catalog

Patterns & Use CasesSample enterprise API management use cases delivered in the Oracle Cloud PaaS



APIM Designer Portal

API {First} Design

8) Feedback

13) Evaluates14) No changes

7) Evaluates

5) Creates API definition

12) Submits final definition(Github pull request)

9) Updates definition

4) Opens API editor

1) Enters APIM Dev Portal

2) Searches API catalogue

3) No match

11) Thumbs up!10) Evaluates

Assertions checks

Assertions checks

15) Set-up continuous test

6) Creates mockup & shares URL

> Dreed, Circle CI

16) Implements API

17) Requests deploy 18) Gets request19) Approves

API Gateway

API GatewayDMZ

API Gateway

ManagementConsole

API Platform Cloud

API Designer

API Developer

API ConsumerDeveloper

Architects

API Developers

API Gateway Admin

DeveloperPortal

API Platform Cloud



Mobile Application accessing System of Records in Oracle SaaS and SFDC

Cloud PaaS

API Gateway

API Platform

Mobile BackendMobile API

Connections

Mobile Cloud

JSON Object TailoringAuth

Business API

Oracle MAF

Validate API-Key

Limits & throttle

User Authn Route Respond

Cloud SaaS

ERP Cloud

Integration Flows

Integration Cloud

Enterprise WSDL

OrchestrateConnect

TransformConnectR

ES

T

Auth Service

2

36

5

7

8

9

4

1) Update personal info submitted from app. Call to mobile backend API takes place. Authentication would’ve already happened in this example. Mobile API Key is validated

2) Backend API code (node.js) transforms object (into enterprise format), injects and calls business API via the REST connector (in theory connector should inject API key and authentication credentials)

3) Business API receives the calls and enforces policies as specified, ie. key validation, user authN/authZ, rate limits, possibly custom script and finally routes the request to the backend (system) API (implemented in ICS)

4) An integration flow receives the request (in enterprise format). An orchestration is initiated to: 1) update personal info in SFDC, 2) update personal info in ERP cloud. It happens as following:

5) The received object is transformed into target system format and included into a request call to SFDC (via enterprise WSDL). ICS takes care of REST/SOAP conversion and also handles authentication and sessions with SFDC

6) The received object is transformed into target system format and included into a request call to ERP Cloud (via enterprise WSDL). ICS takes care of REST/SOAP conversion and also handles authentication and sessions with ERP Cloud

7) ICS transforms back the object into the enterprise object format and sends back JSON response to the API gateway

8) API gateway sends back the response to the mobile backend

9) The mobile backend API code transforms object to format expected by the mobile app

{json}

{json}

{json} {json} <soap>

<soap>

<soap>

<soap>

1

{json}

{json}{json}



Service Cloud searches on-premises customer master through existing SOAP web service

API Gateway

Oracle SOA Suite

ACS

Mediator DB Adapter

Cloud SaaS

Service Cloud

AP

I Pla

tform

Presentation API

Validate API-Key

Limits & throttle

User AuthN

SOAP-REST Respond

Management Console

API Platform

Cloud PaaS

Sends stats Pulls

deployments

Customer Data Hub

PLSQL

EBS

{json} {json}

<soap><soap>

0) Customer Service Agent conducts a search in Service Cloud to service for a specific customer (ie. Based on first and last name)

1

2

4

71) Service Cloud triggers a call to an API exposed in a DMZ(i.e. https://myorg.com/customers?name=luis&lastname=weir)

2) The API gateway receives the request, validates the API key and user credentials (ie. OAuth 2.0), enforces limit/throttling policies and then converts the payload into SOAP to invoke the business service exposed by SOA Suite internally

Mediator BPEL WS Adapter

6

3

5

sqlnet

DMZ

3) Typically an enterprise business service (EBS) in SOA Suite will just route the request to the relevant application connector service service also in SOA Suite

4) The ACS will transform the request from a canonical model into the application format and via the adapter (ie. Database) will connect to the system of record and conduct the search in any given protocol (ie. SQLNET)

5) The request is converted back into a canonical model and send back to the invoker service

6) A SOAP response in canonical model is send back to the API Gateway

7) A policy converts back the SOAP payload into JSON (most likely removing fields that are not required by the consumer system) and sends back the JSON payload

https

https://myorg.com/customers?name=luis&lastname=weir




Wrap-up



Oracle Cloud PaaS – Capability Comparison

Capability API Platform Mobile Cloud SOA Cloud** Integration Cloud Java Cloud** App. Cont. Cloud**

E2E API lifecycle (design, mock, build, test, publish, manage, monitor)

Hybrid deployment (cloud/on-prem) –native (installed via cloud)

Rich API focused ops and analytics

REST/JSON end to end

API policies definition & enforcement

Authentication & Authorization

Identity federation support (ie. OAuth 2.0)

API keys management and enforcement

Backend (platform) APIs (ie. Push nots, storage, data sync, etc)

WebSockets

HTTP Routing (declarative)

Data transformation (declarative)

Protocol conversion (declarative)

Call aggregation (declarative)

Orchestrations (declarative)

Custom scripting

Connectivity to several sources (excluding pure REST/SOAP)

Polyglot programming

Light footprint

Full Mostly Some or Custom (libs &| imperative) No supportPartly

** Only when combined with Developer Cloud

The information contained in this presentation is proprietary.Copyright © 2016 Capgemini and Sogeti. All rights reserved.

Rightshore® is a trademark belonging to Capgemini.

www.capgemini.comwww.sogeti.com

About Capgemini and Sogeti

With more than 180,000 people in over 40 countries, Capgemini is a global leader in consulting, technology and outsourcing services. The Group reported 2015 global revenues of EUR 11.9 billion. Together with its clients, Capgemini creates and delivers business, technology and digital solutions that fit their needs, enabling them to achieve innovation and competitiveness. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience™, and draws on Rightshore®, its worldwide delivery model.

Learn more about us at www.capgemini.com.

Sogeti is a leading provider of technology and software testing, specializing in Application, Infrastructure and Engineering Services. Sogeti offers cutting-edge solutions around Testing, Business Intelligence & Analytics, Mobile, Cloud and Cyber Security. Sogeti brings together more than 23,000 professionals in 15 countries and has a strong local presence in over 100 locations in Europe, USA and India. Sogeti is a wholly-owned subsidiary of Cap Gemini S.A., listed on the Paris Stock Exchange.

http://www.capgemini.com/

http://www.sogeti.com/

http://www.capgemini.com/about/how-we-work/the-collaborative-business-experiencetm

http://www.capgemini.com/about/how-we-work/rightshorer

http://www.capgemini.com/

implementing enterprise api management in oracle cloud

Technology