Development Tips & Tricks : August 2024

WSO2 is a middleware vendor that sells open source API management software, has the ability to access all types of data, real-time streams and events, allows users to efficiently design, deploy and maintain APIs.

Main WSO2 products

1) WSO2 Enterprise Integrator (WSO2 EI): It contains message brokering, visual tools, integration runtimes, business process modeling and analytics tools. has graphical interface and drag-and-drop interface.

2) WSO2 Enterprise Service Bus (WSO2 ESB): ESB addresses integration standards and provides support for all integration patterns, enables interoperability between various business applications and heterogenous systems.

3) WSO2 Identity Server (WSO2 IS): access management; manage the identity, security and privacy of a digital business.

4) WSO2 API Manager: it is like google apigee and IBM app-connect, it is a full lifecycle API management solution, incorporating a Kubernetes operator that makes it easy to convert raw microservices into managed APIs. can run anywhere (on-premise, private cloud, hybrid cloud)

5) WSO2 IoT Server: provides a complete solution that allows the connection and control of various devices, creation of apps, securing of devices and data, visualization of sensor data and event management.

6) WSO2 Data Analytics Server (WSO2 DAS): allows users to benefit from business operations information in real time. Geolocation capabilities, provide analysis of past and present processes.

APIGEE

Rafie Tarabay

Technical Consultant

eng_rafie@mans.edu.com

What is APIGee?

•Platform to manage APIs

•Create a proxy layer between backend services and Consumer

•Consumer has to call proxy service to get backend response

• Client can’t access backend directly for security reasons

•Provide monitor, analysis for APIs usage

APIGee versions

Apigee has different flavors:

1) Apigee Edge: Old name before Google acquisitions. it has two versions

1.1) Apigee Edge for Public Cloud: Cloud Version

1.2) Apigee Edge for Private Cloud: on-premises Version

2) Google Apigee X: Current google version, it has two versions

2.1) Apigee: run as a SAAS on google cloud

2.2) Apigee Hybrid: run on-premises or in another cloud provider, has a management plane

that runs in Apigee's cloud.

Apigee lifecycle:

APIGEE

1. Design: define all swagger endpoints using OPEN-API Specification (OAS)

2. Develop: API Proxy

3. Secure: Apply on API proxy to make:

•Traffic management (Quota, Spike Arrest)

•Security using (API Key, JWT, Oauth 2.0,…)

4. Publish: deploy API proxy to allow accept requests

5. Scale

6. Monitor: view/download usage data includes (API health,operation, response time, country)

7. Analysis

How to configure google

•Create Google Project

•Create Apigee Organization with the following components:

•Environment

•Environment Group

•API Product

•API Proxy

•Developer

•APP

6PRESENTATION TITLE

Apigee.google.com/setup

Google Cloud

Google Cloud can contain many projects.

each GCP project can map to 1 Apigee X Organization only.

PRESENTATION TITLE 7

APIGee Limitations

•Max 50 API Proxy per Environment.

•Max 85 Environments per APIGee Organization.

•Only 1Google Cloud Project can map to 1Apigee X Organization.

•Max 4250 API proxy deployment units per APIGee Organization

•Max 100 API products per app

•Max 5000 API products per organization

https://cloud.google.com/apigee/docs/api-platform/reference/limits

APIGee components

•API Proxies move to running state once it is deployed to Environment

•Environment are grouped together in Environment Groups

•Environment Groups can contain One or More Hostnames

•API Product is a collection of API proxies with Quota Settings

•Developer should create App to subscribe to One or More API Product

•Developer can register to Developer Portal to create App

Relation Between APIGee Components

•Developer can create One or more Apps

•APIGee Organization can have One or More Developer

•APIGee Organization can have One or More Environment Groups

•APIGee Organization can have One or More API Products

•API Product can have One or More API Proxy

•Environment can be part of One or More Environment Groups

API PROXY

For Apigee

PRESENTATION TITLE 13

Reverse Proxy by default pass all parameters from call to backend.

PRESENTATION TITLE 14

PRESENTATION TITLE 15

PRESENTATION TITLE 16

PRESENTATION TITLE 17

PRESENTATION TITLE 18

PRESENTATION TITLE 19

PRESENTATION TITLE 20

PRESENTATION TITLE 21

APIGee Traffic Management

•Spike Arrest: Control number of calls from All customers to API per Sec/or Min.

•Per second maximum: 1000

•Per minute maximum: 60000

•Use effective Count: true, [Smooth the traffic]

means: (if we allow 10 requests per min, this option will allow only 1 request every 6 seconds)

•Quota: Control number of allowed calls from customer per week/or month.

•Max Quota Interval 1 year

•Min Quota Interval 1 minute

The best location for traffic management control is ProxyEndpoint Request PreFlow

FLOWS

Controlling how a proxy executes

•In a proxy endpoint, a PreFlow is a great place for security and quota policies.

•PostFlow: A good place to log data, send a notification, sets headers of the response.

•PostClientFlow (proxy flow only): A flow for logging messages after a response is returned to the client.

•Conditional flow: You cannot have separate conditions for request and response. Only one conditional flow is

executed--the first flow whose condition evaluates to true. ex: if request from Mobile convert XML to JSON.

•<PreFlow> it have <Request> and <Response> as a child elements

•<Request> holds the policies to execute during request

•<Response> holds the policies to execute during response

•<Flows> contains zero or more <Flow> element, but only one Flow will

execute, you can define default flow if none of flows evaluates to true. Default

flow will not have conditions.

Proxy Configuration

•You can download your proxy configurations so that you can

edit them on a local machine. When you're done, you then

upload the results to Edge.

POLICIES

Enhance flow behaviour by build in functionlities

Policies

•Enhance flow behaviour by using build in functionality like

security, rate limit, message transformation.

•We can configure these policies using

API Product

To Force Policies

•API Product will force the Quota

•Apps will force the API Key and Expire date (Security)

•API Product is a collection of API proxies with

Quota Settings

•Apps contains a collection of API Products with

API Key and Expire date

PRESENTATION TITLE 30

PRESENTATION TITLE 31

RafieApiProduct

PORTAL

Developer portal solutions

Apigee supports several developer portal solutions to inform

developers about available APIs and how to use them.

Choose your developer portal solution

Build a Drupal-based portal

•Using the Drupal portal development tools to build a fully

customizable developer portal with all CMS capabilities of

Drupal with additional Apigee-developed Drupal modules.

•Apigee and hybrid support Drupal 10, which provides a reliable

open-source, enterprise-level content management system

(CMS).

https://cloud.google.com/apigee/docs/api-platform/publish/drupal/open-source-drupal

HOW TO BUILD API

MARKETPLACE?

APIGee Limitations

Google Project

APIGee Org

Environment

API Product

API Proxy

Quota/month

Apps

API Key Expire Date

Apps

API Key Expire Date

Apps

API Key Expire Date

API Provider API Consumers

External API Spike Arrest

•Max 50 API Proxy per Environment.

•Max 85 Environments per APIGee

Organization.

•Only 1Google Project to 1Apigee

Organization.

•Max 4250 API proxy per APIGee

Organization

•Max 100 API products per app

•Max 5000 API products per organization

Steps of Creating New API-Provider

1. Create new Google Project with each API-Provider.

2. Create new APIGee Organization for each API-Provider.

3. Create new API Reverse Proxy for each external API.

4. Create new API product with monthly quota for each monthly

price plan.

5. Protect External API by limit the total traffic that can hit it per

Second/Minute using Spike Arrest.

How many APIs Proxy needed if these APIs have the same price rate?

One API Proxy can be enough and just make reverse proxy to

https://dummy.restapiexample.com/api/v1/

Create New API Consumer

•Define new APPs with API-Key and 1 month expire Date target

the API product with the correct monthly quota.

THANK YOU

APIGEE

Development Tips & Tricks

Topics

Friday, August 23, 2024

WSO2 for Integration

WSO2 API management software