currently we are developing a solution with some parts of wso2 middleware stack like api manager and esb.
my problem is,,
in our solution we are maintain a DMZ layer.where you guys suppose to put api manager??is it ok if we put api manager in DMZ are or outside all layers including DMZ or a put it in inner layer.????
actually this question is realated to the best-wso2-esb-solution-for-banking-application question i asked before.
Regards,
Akila
API Manager has 4 components. The API Gateway, Key Manager, API Store and Publisher. Each of these components can be deployed in any part of the network. So to answer your question we can deploy the API Gateway component of the API manager in the DMZ and rest of the components along with any other WSO2 Products in the DMZ. The below link would provide you with a better understanding on the different deployment patterns available with the WSO2 API Manager.
https://docs.wso2.com/display/CLUSTER420/API+Manager+Clustering+Deployment+Patterns
Related
Let me briefly describe the context. Near future will bring changes which means in short introducing API Management solution for the company (large). A lot of different systems around, SOAP, REST, some other protocols.
The goal is to have one marketplace when user/customer could easily search through those mess. The case is that most of the avaliable APIS/Services are behind departments gateways, there are many of services behind such GW coupled by deparment context mostly. The main goal of GW's is to protect backend services in a way that those gateways verifies token with Identity & Authorization Provider (one common for company).
How can i publish those services which are behind those gateways? There are no swagger definition available for most of them. I have some concept idea but would be more than happy to know production solution for that case.
By using wso2 API Manager You can publish REST, SOAP, Websocket API's and you can provide different types of authentication like OAuth2, JWT, etc.
You can provide Scope(Authorization) for each API's
If you are a beginner wso2 API Manager is shipped with Pizza Shack API for learning purpose. Start the wso2 API management server and visit https://localhost:9443/publisher with authentication admin:admin. Once you visit the publisher portal it'll guide you to publish API.
Here is the link for documentation regarding the publishing of API's https://docs.wso2.com/display/AM210/API+Publishing
How can i publish those services which are behind those gateways?
There are no swagger definition available for most of them. I have
some concept idea but would be more than happy to know production
solution for that case.
The swagger definition is another way of publishing API in API manager if you have already swagger definition you can just import. But whatever API's you'll publish in API manager inside it stores as a Swagger definition.
If you are using Wso2 API manager for Production use please refer the following:https://docs.wso2.com/display/AM260/Product+Administration which will describe the necessary changes and fine-tuning to be done for production.
Further if you can have multitenant setup, in which each tenant will have a separate store which is a great feature https://wso2.com/library/articles/2016/08/article-multi-tenant-api-management-with-wso2-api-manager/
WSO2 Documentation is not clear on how does the publishing of new API works.
Is is the publisher that pushes new API to the gateways ?
or
Is is the gateways that pulls or call new API configurations from the Manager ?
or
It is done through the database ?
And which protocol and ports does is uses ? An API Call, thrift, binairy ?
Thanks
There are 2 things happening when you publish an API.
1) Persist API metadata in the database. Both the API Publisher and the API store pull these data from the database to display APIs.
2) Runtime artifact (i.e. Synapse file) is deployed in the gateway. This is done via a SOAP web service call. The API Publisher calls a SOAP web service exposed in the gateway for this.
Hope I answered your question.
Many third-party services providers allow you to configure a "Webhook" (aka HTTP POST) to your system when an event occurs in their system. Service providers will use various methods of authentication (HMAC, OAuth, TLS, etc.).
For example, Company1 configures ServiceABC to send notification to http://company1.com/eventlistener when an event occurs in the service provider (eg transaction approved):
ServiceABC.com -> HTTP POST -> http://company1.com/eventlistener
http://company1.com/eventlistener is in the DMZ. It will authenticate the message and forward to back end service as appropriate.
[DMZ] http://company1.com/eventlistener -> | [Behind] http://backendUrl/service
In this example, assume the service provider does not support OAuth. Authentication is performed using a custom header scheme.
Can/Should the WSO2 API Manager be used in this scenario?
If not the API Manager, can the WSO2 ESB be used ?
API Manager is the right solution here. API Manager has 5 main components, gateway, publisher, store, keymanager and traffic manager. In the basic distributed setup these 5 components can run on 5 machines. API Publisher publishes APIs to gateway (real artifact of API are here) and store (virtual representation of API, to which can be subscribed, are here). Gateway exposes your APIs to outside. So it resides in DMZ. API Store also can be on DMZ depending on what you want. Keymanager handles authentication (eg. OAuth2) and should be in MZ. Traffic manager is used for request throttling.
Backend authentication can be done with a simple customization.
You can find clustering documentation here. APIM deployment patterns are here.
Hope this helps.
We are developing a merchant application in that we have various modules like Schedule, Booking, Invoice e.t.c, each of this module are runs in different server, those are exposed through as RESTful granular services. UI layer will communicate with these granular service accordingly. To identify the request and redirect to specific micro service runs in service layer of various sever we have created a service gateway. Some of the service required data manipulation on the go which is presently accomplished through Mule ESB and some routing activities are also managed through it.
Actual purpose of the Service gateway is to match the request with service dictionary available and redirect to the respective micro service, at present its been developed in j2ee framework and runs in wildfly server. So to achieve the same process in light weight manner we come across a micro service manager like"getKong" and Customising "nginx" server to manage microservices, Mule ESB.
Along with Service Bus management is it advisable to use the Mule ESB as MicroService maanager as like getKong or any other valuable suggestion ?
In my personal opinion, you have three options:
If you don't need to perform authentication/authorization or/and
Throttling and your routing can be quite complex/complicated than is
completely fine to do it in Mule ESB.
If you do just URL rewrite nginx is probally the best choice for
minimum overhead and maximum performances.
If you really need an API manager with all the rich features than is
fine getKong or, if you want to stay in the MuleSoft
world and your are willing to pay, you can have a look at API
Gateway.
Hope this helps
I was thinking of using my own custom api gateway running on a separate box using nginx.
Is there any way in which the WSO2 API Manager can integrate to my api gateway?
In case there isn't, wanted to know if there's the possibility to run WSO2 API Manager without (or disabling) the API Gateway and if you could tell me which WSO2 API Manager's features would be unavailable.
Currently there's no way of replacing the gateway since we do the authentication, throttling, etc using synapse handlers. Here I am not sure about your use case of using nginx but what you can do is you can use nginx endpoint when you create the API or on the other way around you can route nginx traffic to API Gateway (you need to fix the API endpoints appearing in the API manager store view to point to nginx). Basically API layer need to be on top of service layer.
I 'm looking for a tool to host and publish APIs documentation so
that users of the api can browse it and test it right from the
documentation web page
If i got it correctly, you need a API store only to host your APIs.You can try enterprise store The documentation can be found here