A Dive Into WSO2 API Manager
What is WSO2 API Manager?
“WSO2 API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and for securing and routing API traffic in a scalable way”
— https://docs.wso2.com/display/AM200/Quick+Start+Guide
In other words, WSO2 API Manager is a product which is used to expose the internal services of an enterprise to the outside as a secure, well-managed API.
Why Do You Want to Use WSO2 API Manager?
If we consider any backend application, the first question which comes to your mind will be “why do you need a separate product to manage your API when you can do it yourself?”. This is a valid question for a simple application like a School Management System or an HR System we do as an educational project, but when you consider an enterprise system, the situation is much different. If you think about an application like Facebook or Amazon, there are millions of users and you need to secure your API so that malicious users cannot get any sensitive information from misusing your endpoints. Also, the services of your app will be used by different third-party developers to develop custom apps integrated with the services of your application. (eg:- logging into a mobile app using facebook credentials ) . So you need to define what kind of third-party developers can use your API, how many times they can invoke your API, which third-party developers are blocked from using your API etc. Handling these kinds of issues is a must for an enterprise application and that is where WSO2 API Manager comes into play.
WSO2 API Manager allows you to easily define security policies, throttling policies, etc. to manage how your API is exposed to outside and WSO2 API Manager handles most of the hard work so that the owner of the API can set these options with the ease of a few clicks without having to write any code.
Users of WSO2 API Manager
Before starting to work with the API Manager we should identify different sets of users associated with this product. They are Internal developers of the company which uses the WSO2 API Manager to expose their endpoints to the outside in a secure,well-managed way and third-party developers who consume the API exposed using WSO2 API Manager in their applications. Large enterprise applications are the customers of WSO2 API Manager and each application/company needs to configure their own API Manager to manage their endpoints.
A Look Into The Components
Once you run the server, there are 4 dashboards you will come across when using the API Manager
- Management Console-
Can be accessed via : https://{domain-of-your-apiM:port}/carbon
You can define different user levels and grant them only the required permissions using this portal. You can also create different users and assign them the defined roles. The roles act as user groups so that you don’t have to set permissions each time a user is joined to the API Manager. This console handles the management part of the API manager and allows the owner of the API to do major configurations of your system like setting the admins, defining user permissions, configuring logging, setting up a key manager, etc.
2. API Publisher
Can be accessed via : https://{domain-of-your-apiM:port}/publisher
API publisher is where you create and publish APIs. This is where the internal developers of the company will mostly work. They will implement the design decisions about exposing the API to the outside here. Some of the features you can define when exposing the company servers via API Manager are:-
- Endpoints exposed
- Permitted HTTP calls for each endpoint
- URL patterns for the endpoints
- Throttling policies
- Subscription policies
- Lifecycle stage of the API
- Security policies
3. API Store(Also known as developer portal)
Can be accessed via : https://{domain-of-your-apiM:port}/store
This is where the general public can browse and subscribe to the APIs. Third-party developers who are willing to consume your services(in the form of an API ) will be using this portal. When a third party logs in to your store, all the APIs created by your internal development team will be listed in the store. The client can browse through the store and choose the APIs which matches his needs. Once they choose the APIs they can create an application to identify the app they are gonna use the APIs in. Then they can decide suitable subscription plans for the required APIs and subscribe to them using the create application and start consuming the API on the go. The context, production URL, docs, subscription plans of the API will be listed under each API in the store for the convenience of the client.
4. Admin Portal
Can be accessed via https://{domain-of-your-apiM:port}/admin
API Manager Admin Portal is used by the administrators of the internal development team for enforcing advanced policies on the APIs created. You can define throttling policies on subscriptions, applications, etc from here and you can blacklist any malicious user or an application from this portal.
Optionally you can collect analytics on your API by using WSO2 API Manager Analytics which has to be can be run as a separate server on your host.
Follow the below link to download WSO2 API Manager if you want to give it a try.
