I have configured APIs via the WSO2 API Manager and connected the API Manager to the Business Activity Monitor. I now need to charge for API usage.
Does WSO2 Business Activity Monitor support any payment gateway out-of-the-box? Is there any reference manual or use case about connecting BAM to a payment gateway?
If BAM doesn't support processing payment via integration with 3rd party payment gateways, what should be the best practice to process payments? (e.g. like StratosLive does?)
I can't seem to find any guide about this topic.
Please refer to [1] for more details for billing and metering. In BAM there is no way to connecting to a payment gateway.
[1] http://docs.wso2.org/wiki/display/AM140/Monitoring%2C+Statistics+and++Billing
Related
Good day
I have created my ESB project using the enterprise integration studio provided by wso2 and have also downloaded the API manager separately. Meanwhile when I start WSO2 API manager, API Publisher and developer dashboard open.
I just want to create WSO2 API Gateway. How can I achieve this also I want gateway should be access based.
Please assist me how can I proceed for the gateway implementation.
I only want the WSO2 API gateway.
WSO2 APIM is consist of 5 profiles as Gateway, Traffic Manager, Publisher, Store(Devportal in APIM 3.x series) and KM profiles. You can start an APIM with the default profile (if you started as sh wso2server.sh) and you can work with each profile. But if you want to start APIM as Gateway profile, then you need to start the server with "-Dprofile" mode as follows.
sh wso2server.sh -Dprofile=gateway-worker
You can read this document https://docs.wso2.com/display/AM260/Product+Profiles to aware of the profile of wso2 APIM.
And WSO2 has Micro GW product too, you can find more details about that MGW here https://docs.wso2.com/display/AM260/Working+with+the+API+Microgateway. You can download the form here https://wso2.com/api-management/api-microgateway/ and test.
Many third-party services providers allow you to configure a "Webhook" (aka HTTP POST) to your system when an event occurs in their system. Service providers will use various methods of authentication (HMAC, OAuth, TLS, etc.).
For example, Company1 configures ServiceABC to send notification to http://company1.com/eventlistener when an event occurs in the service provider (eg transaction approved):
ServiceABC.com -> HTTP POST -> http://company1.com/eventlistener
http://company1.com/eventlistener is in the DMZ. It will authenticate the message and forward to back end service as appropriate.
[DMZ] http://company1.com/eventlistener -> | [Behind] http://backendUrl/service
In this example, assume the service provider does not support OAuth. Authentication is performed using a custom header scheme.
Can/Should the WSO2 API Manager be used in this scenario?
If not the API Manager, can the WSO2 ESB be used ?
API Manager is the right solution here. API Manager has 5 main components, gateway, publisher, store, keymanager and traffic manager. In the basic distributed setup these 5 components can run on 5 machines. API Publisher publishes APIs to gateway (real artifact of API are here) and store (virtual representation of API, to which can be subscribed, are here). Gateway exposes your APIs to outside. So it resides in DMZ. API Store also can be on DMZ depending on what you want. Keymanager handles authentication (eg. OAuth2) and should be in MZ. Traffic manager is used for request throttling.
Backend authentication can be done with a simple customization.
You can find clustering documentation here. APIM deployment patterns are here.
Hope this helps.
I actually try WSO2 API Manager in our IT and I can't found how to monitor backend WS.
Is there a way to have an alert (trace/mail/...) when :
the time response of a webservice is too high?
the Webservice is unavailable (or http code isn't 200) ?
This tool seems great but I need a monitoring part...
Perhaps I simply miss it...
Any helps ?
If you already use WSO2 APIM in production how do you manage this part?
Regards,
Mike
By Using APIM and CEP integration, you can achieve this requirement. APIM can be configured to publish thrift events into CEP and then CEP can process these events to provide necessary alerts and notifications as required.
Please refer below document for APIM and CEP integration.
WSO2 API Manager has following statistics monitoring
API Subscriptions: Number of subscriptions per API (across all
versions of an API)
API Usage: Number of API calls being made per API
(across all versions of an API)
API Response Times:
API Last Access Times: The subscribers who did the last 10 API invocations and the APIs/versions they invoked
API Usage by Resource Path: Usage of an API and from which resource path (per API version)
API Usage by Destination: To see destination-based usage tracking, you must first enable it. See API Usage by Destination.
API Usage by User: Number of times a user has accessed an API
Faulty Invocations: The number of API invocations that failed to reach the endpoint per API per user In a faulty API invocation, the message is mediated though the fault sequence. By default, the API Manager considers an API invocation to be faulty when the backend service is unavailable.
For more information, please see https://docs.wso2.com/display/AM1100/Viewing+API+Statistics
For our public hosted version of API Manager - WSO2 API Cloud - we simply set up Pingdom for both the gateway and the web UIs and exposed the public dashboard at the SLA & Support page. Pingdom also has email, sms, etc. alerts when response times get over 30 seconds.
Internally we also use various server monitoring tools like icinga.
I found a white paper the wso2 soa security gateway solution that builds a security gateway for SOA.
and in WSO2 API Manager Home page it says that:
It leverages proven, production-ready integration, security, and
governance components from the WSO2 Enterprise Service Bus, WSO2
Identity Server, and WSO2 Governance Registry. In addition, it
leverages the WSO2 Business Activity Monitor for Big Data analytics,
giving you instant insight into APIs behavior.
my question is: Does WSO2 API Manager do every thing mentioned in whitepaper document? if yes why the whitepaper is written? can we use WSO2 API Manager as an XML Gateway?
Given white paper has been published in 2011 and WSO2 API manger is resealed later 2012 and it is improving with the industry standards. All most all the aspects were covered in latest WSO2 API manger (v 1.7).
You can make use of WSO2 API manger or WSO2 ESB for XML Gateway.
I am evaluating the WSO2 API Manager. From a security perspective I have a couple of question on the API Manager capabilities, which I was not able to find through the documentation:
Does WSO2 API Server support security features by detecting/checking the content on incoming messages for attacks, redirection/traffic routing? If yes, how does it support?
Do the GUI portals offered by WSO2 (API Portal, API Publisher, etc) enable protection against cross-site scripting, SQL injection and XML content or structural threats and viruses?
Thanks in advance.
Regards,
Ritwik
Yes, WSO2 API Manager's API Gateway is essentially an ESB and can check the content of incoming requests and detect message attacks. It is also possible to route traffic. You can direct access the API definition from the admin console of the API Manager (or directly from the file system)
Yes both the API Store and Publisher is secured against cross site scripting, SQL injection and XML content threats