role of rest vs. web services and ei
TRANSCRIPT
![Page 1: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/1.jpg)
Role of REST Vs. Web Services & Enterprise Integration
Hiranya Jayathilaka Associate Technical Lead
PMC Member (Integration Technologies)
![Page 2: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/2.jpg)
A Word About WSO2
• Founded in 2005 by acknowledged leaders in XML, Web Services technologies & standards and open source. Primary contributors to Apache Web Services projects started in 2001.
• Producing entire middleware platform 100% open source under the Apache license.
• Business model is to sell comprehensive support & maintenance for our products.
• Technology OEM’d by IBM, Progress, Software AG, Alcatel, EMC and CA.
• Venture funded by Intel Capital and Quest Software • Global corporation with offices in Palo Alto (USA), Portsmouth (UK)
and Colombo (Sri Lanka). • 150+ employees and growing.
![Page 3: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/3.jpg)
What is REST?
• REpresentational State Transfer
• Lightweight, client-server architecture
• Interactions are based on the transfer of resource state representations
• Systems exchange state representations and perform application state transitions
• Mostly implemented using HTTP
![Page 4: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/4.jpg)
Richardson Maturity Model
• Hyper text as the engine of application state
Level 3: Hypermedia Controls
• Many URIs, each supporting multiple HTTP methods
Level 2: HTTP Verbs
• Many URIs, one HTTP method
Level 1: Resources
• One URI, one HTTP method
Level 0: XML Over HTTP
![Page 5: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/5.jpg)
An Example…
• Learning Management System for a college
• A number of fundamental concepts
– Student
– Course
– Teacher
• In a RESTful design these concepts are likely to become the ‘resources’ managed by the LMS
![Page 6: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/6.jpg)
The “Student” Resource State
• Name
• Age
• Registration number
• GPA
• Date of birth
• Contact information
![Page 7: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/7.jpg)
State Representation - XML
![Page 8: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/8.jpg)
State Representation - JSON
![Page 9: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/9.jpg)
Representational State Transfer
• Clients and servers interact with each other by exchanging
– Resource state representations
– Other control information
• Applications are state machines
– Exchange of resource state representations and control information can result in application state transitions
![Page 10: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/10.jpg)
HTTP Based RESTful Interactions
![Page 11: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/11.jpg)
REST Today!
• Developers and architects realize the power of REST and appreciate its lightweight nature
• Lots of tools, libraries and frameworks to make RESTful development easier
• Well suited for modern IT trends
– Mobile apps
– Rich web applications
– Social media
![Page 12: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/12.jpg)
Nothing But REST?
• Most organizations have already invested heavily in IT and have adopted countless technologies – Legacy systems
– J2EE, .NET, LAMP
– CORBA, DCOM, RPC, SOAP
– … and much more
• Replacing these existing systems is risky and ridiculously expensive
![Page 13: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/13.jpg)
REST in Peace, SOAP?
• Not in our wildest dreams – New WS-* standards introduced frequently
– Many developer friendly tools and frameworks
– Comprehensive and highly interoperable platform
– Sponsorship of many large scale software vendors
• SOAP, WSDL, WS-*, BPEL – They are all here to stay (at least for the foreseeable future) – REST will continue to be dominant in the public
web API space
![Page 14: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/14.jpg)
“Hang in There SOAP”
![Page 15: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/15.jpg)
Moral of the Story…
• Replacing existing technologies is not easy
• Every technology has its own strengths and weaknesses
– Despite its arcane terminology, the structured description capabilities of the WSDL standard is being praised even by hard-core fans of REST
– No technology can be designated “universally superior”
![Page 16: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/16.jpg)
Coexistence over Conquest
• RESTful applications should play nice with other technologies
• Need powerful integration mechanisms between REST and other technologies (most notably SOAP)
• Design applications in a manner so that the weaknesses of one technology is complemented by the strengths of another – Best of both worlds scenario
![Page 17: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/17.jpg)
Key to Success
• Organizations that have realized the value of “coexistence over conquest” have reaped fruitful results – Amazon
– eBay
• Opens up the business for all types of developers and clients – Breaks down barriers for technology adoption
![Page 18: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/18.jpg)
Good Times for Developers!
• Adding REST support to an existing enterprise architecture creates many interesting problems and lucrative opportunities for developers – Developing RESTful applications – Integrating REST applications with the ‘rest’ – Exposing existing services over REST – Security – Provisioning – Monitoring and usage tracking
• “Developers are the new king makers” – James Governor
![Page 19: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/19.jpg)
Developing RESTful Applications
• Can be done with any web development technology
– HTML, PHP, ASP, CGI…
• Servlets and JSP are popular in the Java world
• JAX-RS catching up fast
– Apache Wink
– Apache CXF
– WSO2 Application Server
![Page 20: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/20.jpg)
Integrating RESTful Applications
![Page 21: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/21.jpg)
Exposing Existing Services Over REST
• Use the tried and tested gateway pattern
• Lock down all the implementation details of the backend systems behind an API gateway and expose a clean REST API
• Pay attention to the number and granularity of exposed operations
Consumers
REST API Gateway
Backend Services
![Page 22: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/22.jpg)
WSO2 ESB as an API Gateway
![Page 23: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/23.jpg)
REST APIs in WSO2 ESB
![Page 24: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/24.jpg)
Basic Features of an API Gateway
• Transport switching
• Message transformation and content negotiation
• Lightweight orchestration
• High performance (low latency mediation)
• Monitoring
![Page 25: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/25.jpg)
Security
• More exposure = More vulnerabilities
• Access to critical business applications must be secured at API gateway level
– Do all security checks as early as possible
• Use HTTP friendly security mechanisms
– Basic Auth
– OAuth
![Page 26: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/26.jpg)
API Security Enforcement in WSO2 ESB
![Page 27: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/27.jpg)
A Simple Security Architecture
![Page 28: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/28.jpg)
A More Comprehensive Approach with API Keys
![Page 29: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/29.jpg)
API Store Front
![Page 30: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/30.jpg)
Managing System Load
• RESTful applications are usually lightweight and fast – But your backend services may be not
• Track the usage of REST APIs at the gateway and turn down requests if the load becomes too high
– If the APIs are restricted to a particular group of clients, consider implementing some IP based throttling mechanism
– Use time based throttling to prevent legitimate clients from overwhelming a service
![Page 31: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/31.jpg)
Throttling Support in WSO2 ESB
![Page 32: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/32.jpg)
Throttle by SLA
![Page 33: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/33.jpg)
Caching
• Another very effective way of reducing the overhead on backend services – Cache as many responses as possible in the
gateway and try to minimize calling backend services
• Added benefit: Improved performance (better user experience)
• Need to have proper cache invalidation mechanisms in place
![Page 34: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/34.jpg)
Caching Support in WSO2 ESB
![Page 35: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/35.jpg)
API Provisioning
• REST integration is not a one-off activity. Once adopted you will be doing it for the ‘rest’ of your working life.
• Should be able to easily add new REST APIs to the API gateway
– Ideally should be a single click operation
– Should not result in a downtime of existing APIs
• REST API governance
![Page 36: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/36.jpg)
API Provisioning in WSO2 ESB
![Page 37: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/37.jpg)
API Provisioning in WSO2 API Manager
![Page 38: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/38.jpg)
Monitoring & Usage Tracking
• Log and record all accesses to your exposed RESTful interfaces at the API gateway – Both valid and invalid accesses
– At very least have a HTTP access log
• If you already have a monitoring system in place, integrate it with the API gateway – Syslogs, JMX, BAM
• KPI monitoring and SLA monitoring
• Tracking API usage
![Page 39: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/39.jpg)
What to Do with Collected Data?
• Periodic audits
• Dashboards and reports
– For both API providers and API consumers
• Capacity planning and traffic engineering
• Vulnerability detection
• Marketing and promotional activities
![Page 40: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/40.jpg)
Monitoring WSO2 ESB
![Page 41: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/41.jpg)
WSO2 API Manager with BAM
![Page 42: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/42.jpg)
WSO2 API Manager with BAM
![Page 43: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/43.jpg)
API Monetization
• Turning inbound API calls into cash
• Prevent third parties from making profits out of your APIs - Prevent disenfranchisement
• Provide a monitored sandbox environment where third parties can develop applications using your APIs – Close off or restrict access to the APIs from outside
the sandbox environment
– Have a robust model for reviewing, approving and publishing third party applications
![Page 44: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/44.jpg)
Your Business as a Service
Services, Processes, Applications, Data (Business IT Assets)
API (WSO2 API Manager)
PaaS for Managed Third Party Apps (WSO2 Stratos)
App App App App
![Page 45: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/45.jpg)
Summary
• What is REST?
• REST vs. SOAP and other technologies
• Exposing existing systems over REST – API gateway pattern
• Techniques for securing, provisioning and managing REST APIs
• API monetization
![Page 46: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/46.jpg)
Resources
• REST and API management with WSO2 ESB (Webinar): http://www.youtube.com/watch?v=YNfa88-DWQU
• ESB Tipcs & Tricks: Introduction to REST APIs (Blog): http://techfeast-hiranya.blogspot.com/2012/04/wso2-esb-tips-tricks-09-introduction-to.html
• REST API samples (Documentation): http://docs.wso2.org/display/ESB403/Sample+1+Introduction+to+REST+API
• Introduction to AppFactory (Blog): http://blog.cobia.net/cobiacomm/2012/04/16/what-is-wso2-appfactory/
• WSO2 API Manager beta program (Press Release): http://wso2.com/about/news/wso2-begins-recruiting-beta-customers-for-new-wso2-api-manager-product/
![Page 47: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/47.jpg)
Selected Customers
![Page 48: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/48.jpg)
WSO2 Engagement Model
• QuickStart
• Development support
• Development services
• Production support
• Turnkey solutions
– WSO2 Mobile Gateway Solution
– WSO2 FIX Gateway Solution
– WSO2 SAP Gateway Solution
![Page 49: Role of Rest vs. Web Services and EI](https://reader034.vdocuments.us/reader034/viewer/2022052315/555c3b5bd8b42a2c068b49bc/html5/thumbnails/49.jpg)
Thank You