partner webcast – practical use cases of oracle api platform cloud service
TRANSCRIPT
TWITTER.COM/ORACLEIMC FACEBOOK.COM/ORACLEIMC PLUS.GOOGLE.COM/+ORACLEIMC YOUTUBE.COM/ORACLEIMCTEAM
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Practical examples of using Oracle API Platform Cloud Service@OracleIMC Partner Webcast
Remigiusz Wasilewski - Cloud Consultant Oracle Innovation and Modernization Center, Poland
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
4
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Agenda
5
Oracle API Platform Cloud Service Overview
Applying policies - Demo
API to API Platform Cloud Service – Demo
Q & A
1
2
3
4
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle API Platform Cloud Service Overview
6
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Security
– Protect services
• Discovery
– Promote functionality to developers and partners
• Monitoring– Understand how your services are used
• Management
Need for an API
Applications
{request}
{response}
Services
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
APIs are the Doors to Digital TransformationSecure, and Control Access to Services
Applications Services
{request}
{response}
{request}
{response}
Firewalls/Load-balancers
Gateways
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 9
API Delivery Lifecycle
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• For teams who build APIs and want to focus on delivering great products
– Only solution that supports the complete API Lifecycle
– Allows developers, architects and business to work together
– Superior to traditional API Managementtools that take too much effort to stitchtogether and maintain
API Platform Cloud Service
Building Great APIs
10
Complete Lifecycle
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
API Platform for Design-First
11
Cloud
Cloud
Cloud
Cloud or On-Premises
Apiary CS
API Platform CS
API Platform CS(Gateway)
Cloud or On-Premises
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 12
Important Definitions
API DesignThe process of engaging all stakeholders to define in human language the APIs to create a “contract” of what will be delivered before expensive development begins.
API-First DevelopmentAPI-first is a fundamental paradigm shift where APIs are designed, tested, and built before applications and mirror the goals and objectives of the company
The process of publishing, documenting and overseeing application programming interfaces (APIs) in a secure, scalable environment.
API Management
Copyright © 2017, Oracle and/or its affiliates. All rights reserved.
Ensure security of your APIs
Gain visibility & define the right
metrics
Approach design with the end
in mind
Why Does API Management Matter?
Improve agility & quickly meet user
demand
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle API Platform Cloud Service Applying policies - Demo
14
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Managed access to a service (API - demo project)Business Requirements
1. Access to each external API need to be managed by API Platform CS
2. External service http://services.groupkt.com/country/get/all need to be used
3. External service need to be visible as WebinarCountry
4. All APIs need to be grouped in API applications
5. All APIs need to be secured by its application key validation
6. Permitted users need to be specified for each API
7. Limit of 3 API requests per minute
8. Only list of Countries need to be returned
9. Based on request header definition alternative service http://services.groupkt.com/state/get/IND/all is used
10. Additional new header need to be added to response
11. At completion a message need to be stored in API log file
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Managed access to a service (API - demo project) Tasks to satisfy Business Requirements
1. Implementation of a simple API
2. Security policies - Key Validation & Basic Auth
3. Traffic Management – applying API Rate Limiting policy
4. Interface Management – applying Redaction policy
5. Routing – applying Header Based Routing policy
6. Other policies –Groovy Script and Logging
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Business Requirements
1. Access to each external API need to be managed by API Platform CS
2. External service http://services.groupkt.com/country/get/allneed to be used
3. External service need to be visible as WebinarCountry
• Steps
1. Log in to API Platform CS as API Manager user2. Create API3. Configure Endpoints4. Deploy5. Test
1. Implementation of a simple API
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
1. Implementation of a simple API
Design
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Business Requirements
1. All APIs need to be grouped in API applications2. All APIs need to be secured by its application key
validation3. Permitted users need to be specified for each API
• Steps
1. Create Application2. Register Application to API3. Add Key Validation Policy4. Add Basic Auth Policy5. Deploy6. Test
Security PoliciesPolicies that determine who can send requests to your services.• Key Validation
Enforces that a valid key is provided in the request. The key must be valid and the application must be in the "Registered" state for this API.• Basic Authentication
Enforces using the Basic Auth protocol, that access to this API is only available to request on behalf of one of the listed accounts.• Service Level Auth
Enforces using the Service Level Auth protocol, that access to this API is only available to request on behalf of one of the listed accounts.• IP Filter Validation
Validates the IP address of the requester. Based on the value of IP the address, determine whether to pass or reject value.• OAuth 2.0
Enforces using the OAuth 2.0 protocol, that access to this API is only available to request on behalf of one of the listed accounts.• CORS
Controls which domains are allowed to invoke this API.
2. Security policies - Key Validation & Basic Auth
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
2. Security policies - Key Validation & Basic Auth
Design
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Business Requirements
1. Limit of 3 API requests per minute
• Steps
1. Add API Rate Limiting Policy2. Deploy3. Test
Traffic Management PoliciesPolicies that manage the volume of traffic sent to your services.• API Throttling–Delay Enforces a limit on the number of requests to this API before introducing additional latency. NOTE: this policy differs from the Application Rate Limiting or API Rate Limiting policies.• Application Rate LimitingEnforces a limit on the total number of requests to this API per application. Rejects any requests above the defined limit. NOTE: this is different than API rate limiting.• API Rate LimitingEnforces a limit on the total number of requests to this API. Rejects any requests above the defined limit. NOTE: this is different than the application-based rate limiting.
3. Traffic Management policy - API Rate Limiting
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
3. Traffic Management policy - API Rate Limiting
Design
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Business Requirements
1. Only list of Countries need to be returned
• Steps
1. Add Redaction Policy
2. Deploy
3. Test
Interface Management PoliciesPolicies that manage the service interfaces clients are permitted to access.• Interface FilteringEvaluates the application generating the API request.• RedactionManages the fields and headers in the request or response payload. You can either explicitly include, or exclude, the headers and fields sent to the backend service (from the request flow) or sent to the client (from the response flow).• Header ValidationValidates the presence and values of http headers. Can be used for security or to reduce the occurrence of failures/errors at the service layer.• Method MappingRoutes to backend service based on method.
4. Interface Management policy Redaction
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
4. Interface Management policy Redaction
Design
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Business Requirements
1. Based on request header definition alternative service
• http://services.groupkt.com/state/get/IND/all need to be requested
• Steps
1. Add Header Based Routing Policy
2. Deploy
3. Test
• Routing PoliciesPolicies that route requests to different service URLs depending on the requesting application, the resource requested, and other conditions.• Header-Based RoutingThe request will be routed based on the header. Can be used for security or to reduce the occurrence of failures/errors at the service layer.• Gateway-Based RoutingThe request will be routed based on the gateway.• Application-Based RoutingThe request will be routed based on the application.• Resource-Based RoutingThe request will be routed based on the resource path. Can be used for security or to reduce the occurrence of failures/errors at the service layer.
5. Routing policy - Header Based Routing
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
5. Routing policy - Header Based Routing
Design
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Business Requirements
1. Additional new header need to be added to response
2. At completion a message need to be stored in API log file
• Steps
1. Add Groovy Script Policy
2. Add Logging Policy
3. Deploy
4. Test
• Other PoliciesPolicies not belonging to already described categories.• Service Callout Invokes the configured external service with or without payload, with the provided headers and process the incoming request on the basis of response HTTP Status Code from the external service.• LoggingWrites a message to the log.• Groovy ScriptExecutes Groovy script.
6. Other policies – Groovy Script and Logging
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Design
6. Other policies – Groovy Script and Logging
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Managed access to a service (API - demo project)
• We have satisfied all business requirements
• We have built enterprise level API management application
• However It is rather configuration than implementation
• Our solution is well and up to date documented
• Documentation can be customized depending on audience needs
• Requirements Design Implementation Testing Final Document
29
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle API Platform Cloud Service - API
30
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
API Platform CS - API DocumentationAll Oracle Cloud Services expose their APIs – including API Platform CS
https://docs.oracle.com/en/cloud/paas/api-platform-cloud/
Management Service: https://docs.oracle.com/en/cloud/paas/api-platform-cloud/apfrm/index.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Get List of APIs
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
View API Details
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Summary
34
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Management Service
GatewaysGateways
Gateways
APIs
Sales Cloud
ABCS
ICS
ServicesDMZ (Optional)
Cloud or On-Premise
Management PortalDeveloper Portal
Applications
Custom
On-Premise
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 36
One design, many instances.
Centralized API Design, Distributed API Runtime
Oracle Cloud
Amazon, Azure, other
clouds
On Premises
Gateways
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Why should you use API management?
After you design and develop APIs, API management addresses:
• Processes: Publishing, securing, promoting, and monitoring how applications communicate externally through APIs in secure, scalable environments
• Support resources: Defining and documenting the APIs
Because maintaining an inventory of diverse APIs can become unruly, API management is a key component of your development team’s strategy. It helps if you have followed design and governance principles— keeping pace in a digital economy requires keen insight and clean tools.
37
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
API Platform CS -Quick Links
Home Pagehttps://cloud.oracle.com/en_US/api-platform
Documentationhttp://www.oracle.com/pls/topic/lookup?ctx=cloud&id=api-platform-cloud-getstarted
API Managementhttps://docs.oracle.com/en/cloud/paas/api-platform-cloud/apfrm/index.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 40