I am trying to setup Global level throttling in API manager. Can somebody help me with steps.
I did read about it and it is supported in WSO2 ESB. I am not sure, how it can be set in API manager directly without any external ESB component.
Throttling is available in AM. If you want to add custom throttling layer, you need to edit throttling policy.
Related
I actually try WSO2 API Manager in our IT and I can't found how to monitor backend WS.
Is there a way to have an alert (trace/mail/...) when :
the time response of a webservice is too high?
the Webservice is unavailable (or http code isn't 200) ?
This tool seems great but I need a monitoring part...
Perhaps I simply miss it...
Any helps ?
If you already use WSO2 APIM in production how do you manage this part?
Regards,
Mike
By Using APIM and CEP integration, you can achieve this requirement. APIM can be configured to publish thrift events into CEP and then CEP can process these events to provide necessary alerts and notifications as required.
Please refer below document for APIM and CEP integration.
WSO2 API Manager has following statistics monitoring
API Subscriptions: Number of subscriptions per API (across all
versions of an API)
API Usage: Number of API calls being made per API
(across all versions of an API)
API Response Times:
API Last Access Times: The subscribers who did the last 10 API invocations and the APIs/versions they invoked
API Usage by Resource Path: Usage of an API and from which resource path (per API version)
API Usage by Destination: To see destination-based usage tracking, you must first enable it. See API Usage by Destination.
API Usage by User: Number of times a user has accessed an API
Faulty Invocations: The number of API invocations that failed to reach the endpoint per API per user In a faulty API invocation, the message is mediated though the fault sequence. By default, the API Manager considers an API invocation to be faulty when the backend service is unavailable.
For more information, please see https://docs.wso2.com/display/AM1100/Viewing+API+Statistics
For our public hosted version of API Manager - WSO2 API Cloud - we simply set up Pingdom for both the gateway and the web UIs and exposed the public dashboard at the SLA & Support page. Pingdom also has email, sms, etc. alerts when response times get over 30 seconds.
Internally we also use various server monitoring tools like icinga.
I was thinking of using my own custom api gateway running on a separate box using nginx.
Is there any way in which the WSO2 API Manager can integrate to my api gateway?
In case there isn't, wanted to know if there's the possibility to run WSO2 API Manager without (or disabling) the API Gateway and if you could tell me which WSO2 API Manager's features would be unavailable.
Currently there's no way of replacing the gateway since we do the authentication, throttling, etc using synapse handlers. Here I am not sure about your use case of using nginx but what you can do is you can use nginx endpoint when you create the API or on the other way around you can route nginx traffic to API Gateway (you need to fix the API endpoints appearing in the API manager store view to point to nginx). Basically API layer need to be on top of service layer.
I 'm looking for a tool to host and publish APIs documentation so
that users of the api can browse it and test it right from the
documentation web page
If i got it correctly, you need a API store only to host your APIs.You can try enterprise store The documentation can be found here
How can we implement Message mediation level prioritization in WSO2 API manager. Since WSO2 ESB is embedded in API manager, Can i enable this capability in API manager itself. I understand that it is available in seperate WSO2 ESB. I do not want to have seperate EB layer for it.
Even though it is recommended to seperate out API Management and Mediation layer, you can still run ESB (mediation)activities within the API Manager. If you are familiar with sequences in ESB the same sequences and API's are used to define the API's that are exposed in the API Manager. You can directly access the source of the API's that are created from the management console of the API Manager (http://{IP}:{PORT}/carbon). Here you will find a Service Bus section on the left hand navigation section under which there is a 'sourceview'. From there you can access the API definitions and add the priority mediator[1].
[1] https://docs.wso2.com/display/ESB481/Prioritizing+Messages
We are already using mule ESB in our infrastructure. Can API manager of WSO2 use mule ESB as API gateway instead of WSO2 ESB. If YEs, Can somebody please help me with Steps.
I have doubt how to achieve throttling and Rate limiting features of API manager in mule ESB if replaced and how seamless integration is?
This is possible due to the pluggable architecture of WSO2 API Manager, but this is not straight forward. The Gateway component of the API Manager handles Token Validation, Throttling, Caching and Mediation. Of these features Token Validation is configurable out of the box with any external Token Validating component since it uses Web service calls since it has a Web Service interface. The other 3 features will require customization at code level in order to function with Mule ESB. Therefore this is not the most recommended approach.
WSO2 API Manager can be used without an external ESB instance out of the box. So that would be the best way to use it.
I am evaluating the WSO2 API Manager. From a security perspective I have a couple of question on the API Manager capabilities, which I was not able to find through the documentation:
Does WSO2 API Server support security features by detecting/checking the content on incoming messages for attacks, redirection/traffic routing? If yes, how does it support?
Do the GUI portals offered by WSO2 (API Portal, API Publisher, etc) enable protection against cross-site scripting, SQL injection and XML content or structural threats and viruses?
Thanks in advance.
Regards,
Ritwik
Yes, WSO2 API Manager's API Gateway is essentially an ESB and can check the content of incoming requests and detect message attacks. It is also possible to route traffic. You can direct access the API definition from the admin console of the API Manager (or directly from the file system)
Yes both the API Store and Publisher is secured against cross site scripting, SQL injection and XML content threats