Vinay Kumar , ORACLE ACE

@vinaykuma201 DOAG18-NUREMBERG

1

2

• O R A C L E A C E

• E n t e r p r i s e A r c h i t e c t

• C o - A u t h o r o f B o o k “ B e g i n n i n g O r a c l e We b C e n t e r p o r t a l 1 2 c ”

• O r a c l e c e r t i f i e d p r o f e s s i o n a l

• B l o g g e r - h t t p : / / w w w. t e c h a r t i f a c t . c o m / b l o g s

• S o f t w a r e C o n s u l t a n t

• h t t p s : / / m e d i u m . c o m / @ v i n a y k u m a 2 0 1

3

• Oracle API p lat form introduct ion

• Evolut ion of API management

• Extens ion of SOA with API management

• API management Architecture .

• API management components

• Conf igure the APIs pol ic ies .

• APIMATIC – developer exper ience

• API For tress

• API Management best prat ices & benef i ts

• Demo

4

Oracle API platform

5

API management platform

6

• API Security - The process of publishing, promoting, and overseeing APIs in a secure, scalable environment. Securing API and setting up the permission around that.

• Developer/Partner management - Ensuring that developers and partners are productive. Dashboard for developer and partners to explore APIs and consume it.

• API administration console- Managing, securing, and mediating your API traffic. Dashboard for API manager to control , secure, adding policy and user management.

• Scalable - Allowing an organization to grow their API program to meet increasing demands

• Monetization capabilities - Enabling the monetization of APIs.

API management is about the planning, design, implementation, testing, publication, operation, consumption, maintenance, versioning and

retirement of APIs. It involves use of a developers' portal to target, market to and govern communities of developers who embed the APIs, as well as

runtime management, estimation of API value and analytics.

API management platform

7

Governance -

1. Tracking the life-cycle of each API from inception to sun-setting .

2. tracking the API Consumers and subscriptions (relationships)to APIs utilized

3. the API Security Model employed and the details of managing it

4. defines the API interface standards used for creating APIs (an organization's standards for usage of

something like Swagger) in the organization

5. gathering statistics of both the Developer Portal and API Gateway usage

6. utilization-based billing

7. API versioning

8. JSON (or XML) Schema versioning for input and output data structures

9. tracking of routing information

API economy requirements

8

API management platform Domain

9

Oracle API platform Introduction

10

• Oracle API management platform provides full life cycle management in a easiest way

i.e. from API design , implementation, continuous integration , operation,

decommissioning and promotions etc.

• Platform itself built using REST principles. All components and features supports via

REST APIs.

• The platform is modular, hybrid, and highly customizable.

• Supports to integrate with popular tools for REST API economy

• Fits well with Existing or new greenfield technology stack.

• Fully aligned with Microservices Architecture.

• Gateway as a Service (GaaS).

Evolution of API management platform

11

Legacy Architecture Monolithic Architecture Modern Architecture

Evolution of API management platform

12

API GW / Platform

ESB

BPM/BPEL

Understand the differences in ESB & APIs

13

Features SOA/ESB APIs & Apps

Core goal Enable Internal developers and systems to connect, while

complying with IT department standards.

Enable developers, either external or internal, to build nifty,

compelling apps, and allow users to run them.

Network Low-latency, trusted. High-latency, untrusted. (Mobile wireless network)

Development Style Deliberate, structured, governed by process. Rapid, iterative, experimental.

Connected

Platform

High-powered server Any connected device

Data Contract Formal, strict. Flexible, dynamic

Data Format XML, JMS, SOAP, EDI, possibly many others. JSON and XML.

Authentication and

Authorization

Internal mechanisms, LDAP Internet standards including OAuth.

Analytics Limited use, secondary importance. primary importance

Data Format XML, JMS, SOAP, EDI, possibly many others JSON and XML

Oracle API platform Architecture

14

Understanding Oracle API CS components

Management Console: This is the place to manage APIs, gateway, user management, security

and configuration and policies. This should be role-based application where roles and

permissions can be managed.

Developer Interface console: A web-based application where developers can search and

subscribe to APIs. This is where all of the API documentation can found and where application

keys are provided after a subscription to an API takes place.

API Gateway: These are the heart of the platform. They enforce/apply the different API policies

to the managed endpoints. These can deployed on premise and cloud infrastructure as well

depending on the use case. For the initial start, it is recommend putting an API Gateway to close

to the enterprise integration layer. The gateway needs to be resilient, performant and highly

available as the APIs will be critical components of the consumer’s digital strategy.

API Design: This provides API First design capabilities and enables document driven API design

approach. This should support global standards of API documentation, i.e. Swagger, API

Blueprint, Open API etc.

Management Portal

Developer Portal

API Gateway

APIARY

API First Design- APIARY: Powerful API design Stack

As the importance of API’s increases, more

responsbility lies on those who build and

manage the APIs

Apiary solves fundamental task of API

design & development , by meeting all the

increase expectations and also streamlining

the business process of how work get done.

Apiary : API life cycle

• Building great APIs is all about effective collaboration.

• App developers, testers, architects, product managers,

clients, and partners all bring unique perspectives to

the design of your APIs.

• To be successful, your team needs to make sure every

stakeholder has a say

Apiary : Core components/toolset

• Apairy Editor.

• Documentation

• API Inspector (API debugger)

• Apairy Tests.

• GitHub Sync

• Mock Server

API platform - Management Portal

API platform - Management Portal

– API Catalog – Inventory of APIs that you offer

– API Testing & Monitoring – Test API Interfaces and Functionality (Via API Fortress)

– Deployment Management – Centrally manage availability of APIs across all Gateways

– API Governance – Ensure consistency with style-guides and track changes with history service

– Plan/Subscription Management – Manage who uses your APIs, and to what degree

– Operational Analytics – Understand who is using your API, how, and if they are encountering issues

– User Roles & Grants - Control access to your APIs with instance specific grants.

– Publish APIs to Developer Portal.

– Create application and assign plan to the application.

• Gateway

– Runtime Policies – Top security and traffic management runtime policies out of the box

– Configuration gateway setting.

– Managing the gateways.

https://<LB_IP>/apiplatform

API platform - Developer Portal

API platform - Developer Portal

– Developer Portal is a simple catalog that collects and provides information about published APIs

– Registering and managing the applications.

– Discovering and subscribing the APIs.

– Customizable portal.

– Discovering & entitling the plans.

– Applications analytics.

https://<LB_IP>/developers

API platform - Gateway

• A Logical Gateway

- is a JSON object that defines what its registered nodes should look like. It stored the metadata of

the gateway.

- It stores endpoints, policies, routing rules and traffic management.

- Configuration can inherited to physical gateways.

- One to one mapping of logical to physical gateway

• Physical (runtime) Gateway

- Physical gateway nodes that are used by consumers at runtime to access the API endpoints,

no runtime traffic from API consumers needs to interact with the API Platform Cloud Service

itself.

- All required configuration is passed from the cloud service logical nodes to the physical nodes

as a JSON object.

- Polling between logical and physical gateway. Default 2 mins.

- Can be run onpremise as well in the cloud.

API platform - Gateway

API platform – Logical Gateway properties files

API platform – Gateway setting

API platform - PoliciesPolicies are kind of rules in request/response flow to secure, throttle, route, manipulate, or log

requests .

• Applying OAuth 2.0 Policies

• Applying Key Validation Policies

• Applying Basic Authentication Policies

• Applying IP Filter Validation Policies

• Applying CORS Policies

Security:

• Applying Header Field Filtering Policies

• Applying Interface Filtering Policies

• Applying Redaction Policies

• Applying Header Validation Policies

• Applying Request Payload Validation

Policies

• Applying Method Mapping Policies

• Applying REST to SOAP Policies

Interface Management

• Applying Header-Based Routing

Policies

• Applying Gateway-Based Routing

Policies

• Applying Application-Based Routing

Policies

• Applying Resource-Based Routing

Policies

Traffic Management

• Applying API Throttling–Delay Policies

• Applying Application Rate Limiting

Policies

• Applying API Rate Limiting Policies

Routing

• Applying Service Callout 2.0 Policies

• Applying Logging Policies

• Applying Groovy Script Policies

Others

Custom policies

API platform - Policies

Developer Experience - APIMATIC

• Inbuilt in API platform cloud service

• SDK generation

• Reactive code samples

• Test cases

• Package publishing

• OAuth login flow

APIMATIC extend APIARY’s experience

APIMATIC supports SDK Generation

Generate Client Libraries in 10 Languages - Define your API and APIMATIC will generate SDKs in languages of your

choice.

Generate Language Specific Documentation - APIMatic will produce tailored tutorials and detailed usage

instructions for each SDK you generate.

SDK testing - Build test cases and APIMATIC will generate the test code in the same language as the SDK.

Code samples for SDKs - APIMATIC will produce reactive code samples for the SDKs you generate. You can play with

the code samples straight away on the Live API console.

Integrate into your CI/CD pipeline - Use APIMATIC public APIs to generate SDKs and update developer portal as

soon as your API description changes.

Convert API Specifications - Bring your API Description file and convert it into 15 different formats.

Deploy SDKs - Deploy your SDKs on Github or publish them as packages on your favourite package manager.

APIMATIC integration in APIP

Coming SoonAPIMatic

API Fortress Integration

• Out of box integrationto management portal for :

– link projects

– seetests

– run tests

– view results

• OAuth login flow

• Test Design in APIFortress

• TryDredd as well forHTTP API testing.

Best Practices in API Management

• Design First

– Prototype with mock service

– Collaborate with consumers

• Test Driven Development

– Establish a contract

– Build to contract with CI/CD

• Protocols

– REST interface, JSON data

– Open API (Swagger 2.0) docs

– OAuth 2.0 Based Security

• Backward Breaking Versioning

– Evolve API version to contract

– New “Version” with new contract

• Micro Gateways & Micro Services

– Size vs Quantity

• Centralized Management

– Across multi-cloud and on-premises

• Developer Empowerment

• System APIs & Presentation APIs

– API per system or API per consumer?

Top benefits of using an API management platform

• Service Abstraction

- Standardized security model

- Shape the APIs interface

- Absract on top of backend service

• Analytics & Audit

- Rate Limit

- Validations

- Throttling

• Service Protection

- Consumption behaviour

- Error source and distribution

- Transaction details

- Revenu on consumption data

• Monitization

- Plan based access control

- Self service registration

• Customer/partner onboarding & management

36

Demo

37

Neal Creative | click & Learn moreNeal Creative ©

THANK YOU

Vinay Kumar

@Vinaykuma201

mail2vinayku@gmail.com

www.techartifact.com/blogs