WSO2 API Manager 1.4 Adds Multi-Tenancy, Federated Access To Deliver an Open Source-Based API Lifecycle
WSO2 is shipping an upgrade to its API Manager to deliver a full API lifecycle
solution that combines simplified and managed API access with full API governance
and analysis. API Manager 1.4 also sports an API store where devs can easily access,
consume and subscribe to APIs. IDN speaks with WSO2’s Chris Haddad.
“Our goal is to couple API publishing with a complete API lifecycle management and governance solution.”
WSO2 is shipping an upgrade to its API Manager to deliver a full API lifecycle solution that combines simplified and managed API access with full API governance and analysis. API Manager 1.4 also sports an API store, to let IT easily set up an appstore, where devs can easily access, consume and subscribe to APIs.
“Our goal is to couple API publishing with a complete API lifecycle management and governance solution,” Chris Haddad, WSO2 VP of Technology Evangelism, told IDN. It allows IT to more quickly and seamlessly create, test, publish, update and manage APIs, as well as monitor them for popularity and ensure that they meet expected SLAs, he added.
WSO2 API Manager 1.4 brings elastic scaling, self-service, metering, billing and other cloud-enabled features to API management, according to Haddad, who worked at Gartner prior to coming to WSO2. To support its API lifecycle approach WSO2 API Manager 1.4 combines an API Publisher, API Store, and API Gateway.
Bringing API publishing together with API governance, management and an API registry will assure a clean handoff between creating, publishing and using an API,” Haddad said. To monitor effectiveness and usage, WSO2’s latest release also provides analytics and metrics to support decision making and enforce service-level agreement (SLA) policies, he added.
WSO2’s Focus on Multi-Tenancy, Security
Are Keys to Delivering an API Lifecycle
One major upgrade in WSO2 API Manager 1.4 is multi-tenancy.
At customer requests, WSO2 API Manager 1.4 provides a single, shared infrastructure that can discreetly share and manage API resources with multiple and diverse communities, Haddad said. This aids in lifecycle management because it will avoid the need for IT to install multiple instances.
“Our very deep multi-tenant support enables you to take your entire API portfolio and segment out only the APIs that are applicable for your needs and create a custom list in the developer portal and make only those on that list available to use,” Haddad told IDN. “Also, because it’s multi-tenant, you don’t need to redeploy API gateways or API management back-end infrastructure or [sign-up for] multiple licenses.”
Multi-tenancy also feeds into stronger API management in another way, Haddad added. It lets IT and business units manage multiple and discreet API stores or portals, such as for multiple departments.
To bolster this multi-tenancy use case, WSO2 also adds support for federated access management. Secure authorization of APIs is provided using the OAuth 2.0 standard for key management. This provides “federated” access to APIs across multiple entities, which means APIs are available (free or via subscription) both through a central API store and through all tenant API stores linked to it, Haddad added.
“This model is gaining strong interest across a range of commercial businesses, governments and universities,” he said. For example, an enterprise may use WSO2 API Manager to offer a central API store or different stores, he added.
WSO2 API Manager 1.4 Also Promotes ‘Automated’ Documentation
Beyond multi-tenancy, WSO2’s API lifecycle approach also sports some neat technology to speed the time from the design to the use of an API.
One notable set of features help “automate” documentation.
The lack of complete documentation to APIs can hinder their use, so WSO2 API Manager 1.4 includes some smart technologies to help auto-generate documentation, Haddad said. “It’s not magic. There are definitely limits in what one can do. But you can automate and speed up [the creation of] documentation by constraining the scenarios,” Haddad said.
One way to limit these variables is to specify a single security mechanism so an automation script knows how to authorize and authenticate to the API or service, Haddad said, Other automation-enabling approaches include using only simple formats (such as JSON or XML schema) or restricting the verbs used in a RESTful architectures to limit the complexities for design and interfaces.
WSO2 also added other best practices to its API Manager 1.4. Among them: associate a service level tier with an API (and not just publish it to a store). “This means you automatically know how many transactions you can send and the [API] gateway will enforce the limit and bring it down,” Haddad said.
Another is to state what the usage parameters are directly within the API interface. “When you do this, all a [developer] needs to do is fill in the parameter values – and avoid a lot of coding,” he added. Haddad also suggested giving these parameterized URLs self-descriptive names, such as order number, to avoid confusion and make it absolutely clear what parameter governs what behavior or attribute.
Another boon to the API lifecycle is WSO2 1.4 API Manager’s new framework for testing and documenting what an API does based on the Swagger specification. WSO2’s support for Swagger library lets IT auto-generate a template which is usable. WSO2 API Manager can generate documentation automatically, or publishers can create their own.
To make APIs accessible to consumers, the WSO2 API Manager 1.4 API Store provides a browseable storefront with searchable tags, ratings and comments to help devs better interact with the publishers of the APIs.
WSO2 Says API Management Can Also ‘Unlock’ SOA Reuse
WSO2’s latest API offering also looks to deliver on an elusive on-premise benefit – to unlock the long-sought-after benefits of SOA reuse, Haddad added. “Reuse is a big focus for our audience. SOA never gained a significant traction in delivering on the nirvana [of reuse] in many ways because of a lack of useable tooling and support for best practices. We see an opportunity to deliver an API management solution that will promote reuse by properly supporting an API lifecycle,” Haddad said.
“When API management supports the full lifecycles properly, it can promote internal services and increase sharing and adoption,” he said. “When we talk about these [benefits] we see the light bulbs go on.”
Fully integrated lifecycle management is the next wave of API technologies, Haddad said. “The API space will trend away from unmanaged web APIs toward managed APIs. A managed API is just much more valuable to the business and for IT, it can be more easily created, offered promoted and subscribed to, and usage can be tracked, Haddad said.
WSO2’s API Manager 1.4 can run on-premise or in a full or hybrid cloud environment. It runs directly on server hardware or in a virtualized environment, such as an Amazon or VMware cloud. It can also plug into the WSO2 Stratos cloud platform. WSO2 API Manager 1.4 also supports SOAP, REST, JSON and XML-style APIs, and it enables one-click deployment to the API gateway for immediate publishing.
WSO2 API Manager is built on the same modular, OSGi-compliant code base used in the WSO2 Carbon enterprise middleware platform. The componentized architecture allows IT to customize WSO2 API Manager with WSO2 Carbon components.