partner webcast – practical use cases of oracle api platform cloud service

TWITTER.COM/ORACLEIMC FACEBOOK.COM/ORACLEIMC PLUS.GOOGLE.COM/+ORACLEIMC YOUTUBE.COM/ORACLEIMCTEAM

http://twitter.com/oracleimc

https://www.facebook.com/oracleimc

https://plus.google.com/108612216492389783792

https://www.youtube.com/OracleIMCTeam

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

Practical examples of using Oracle API Platform Cloud Service@OracleIMC Partner Webcast

Remigiusz Wasilewski - Cloud Consultant Oracle Innovation and Modernization Center, Poland


Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

4


Agenda

5

Oracle API Platform Cloud Service Overview

Applying policies - Demo

API to API Platform Cloud Service – Demo

Q & A

1

2

3

4


Oracle API Platform Cloud Service Overview

6


• Security

– Protect services

• Discovery

– Promote functionality to developers and partners

• Monitoring– Understand how your services are used

• Management

Need for an API

Applications

{request}

{response}

Services


APIs are the Doors to Digital TransformationSecure, and Control Access to Services

Applications Services

{request}

{response}

{request}

{response}

Firewalls/Load-balancers

Gateways

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 9

API Delivery Lifecycle


• For teams who build APIs and want to focus on delivering great products

– Only solution that supports the complete API Lifecycle

– Allows developers, architects and business to work together

– Superior to traditional API Managementtools that take too much effort to stitchtogether and maintain

API Platform Cloud Service

Building Great APIs

10

Complete Lifecycle


API Platform for Design-First

11

Cloud

Cloud

Cloud

Cloud or On-Premises

Apiary CS

API Platform CS

API Platform CS(Gateway)

Cloud or On-Premises

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 12

Important Definitions

API DesignThe process of engaging all stakeholders to define in human language the APIs to create a “contract” of what will be delivered before expensive development begins.

API-First DevelopmentAPI-first is a fundamental paradigm shift where APIs are designed, tested, and built before applications and mirror the goals and objectives of the company

The process of publishing, documenting and overseeing application programming interfaces (APIs) in a secure, scalable environment.

API Management

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Ensure security of your APIs

Gain visibility & define the right

metrics

Approach design with the end

in mind

Why Does API Management Matter?

Improve agility & quickly meet user

demand


Oracle API Platform Cloud Service Applying policies - Demo

14


Managed access to a service (API - demo project)Business Requirements

1. Access to each external API need to be managed by API Platform CS

2. External service http://services.groupkt.com/country/get/all need to be used

3. External service need to be visible as WebinarCountry

4. All APIs need to be grouped in API applications

5. All APIs need to be secured by its application key validation

6. Permitted users need to be specified for each API

7. Limit of 3 API requests per minute

8. Only list of Countries need to be returned

9. Based on request header definition alternative service http://services.groupkt.com/state/get/IND/all is used

10. Additional new header need to be added to response

11. At completion a message need to be stored in API log file


Managed access to a service (API - demo project) Tasks to satisfy Business Requirements

1. Implementation of a simple API

2. Security policies - Key Validation & Basic Auth

3. Traffic Management – applying API Rate Limiting policy

4. Interface Management – applying Redaction policy

5. Routing – applying Header Based Routing policy

6. Other policies –Groovy Script and Logging


• Business Requirements

1. Access to each external API need to be managed by API Platform CS

2. External service http://services.groupkt.com/country/get/allneed to be used

3. External service need to be visible as WebinarCountry

• Steps

1. Log in to API Platform CS as API Manager user2. Create API3. Configure Endpoints4. Deploy5. Test




Design



1. All APIs need to be grouped in API applications2. All APIs need to be secured by its application key

validation3. Permitted users need to be specified for each API

• Steps

1. Create Application2. Register Application to API3. Add Key Validation Policy4. Add Basic Auth Policy5. Deploy6. Test

Security PoliciesPolicies that determine who can send requests to your services.• Key Validation

Enforces that a valid key is provided in the request. The key must be valid and the application must be in the "Registered" state for this API.• Basic Authentication

Enforces using the Basic Auth protocol, that access to this API is only available to request on behalf of one of the listed accounts.• Service Level Auth

Enforces using the Service Level Auth protocol, that access to this API is only available to request on behalf of one of the listed accounts.• IP Filter Validation

Validates the IP address of the requester. Based on the value of IP the address, determine whether to pass or reject value.• OAuth 2.0

Enforces using the OAuth 2.0 protocol, that access to this API is only available to request on behalf of one of the listed accounts.• CORS

Controls which domains are allowed to invoke this API.




Design



1. Limit of 3 API requests per minute

• Steps

1. Add API Rate Limiting Policy2. Deploy3. Test

Traffic Management PoliciesPolicies that manage the volume of traffic sent to your services.• API Throttling–Delay Enforces a limit on the number of requests to this API before introducing additional latency. NOTE: this policy differs from the Application Rate Limiting or API Rate Limiting policies.• Application Rate LimitingEnforces a limit on the total number of requests to this API per application. Rejects any requests above the defined limit. NOTE: this is different than API rate limiting.• API Rate LimitingEnforces a limit on the total number of requests to this API. Rejects any requests above the defined limit. NOTE: this is different than the application-based rate limiting.

3. Traffic Management policy - API Rate Limiting


3. Traffic Management policy - API Rate Limiting

Design



1. Only list of Countries need to be returned

• Steps

1. Add Redaction Policy

2. Deploy

3. Test

Interface Management PoliciesPolicies that manage the service interfaces clients are permitted to access.• Interface FilteringEvaluates the application generating the API request.• RedactionManages the fields and headers in the request or response payload. You can either explicitly include, or exclude, the headers and fields sent to the backend service (from the request flow) or sent to the client (from the response flow).• Header ValidationValidates the presence and values of http headers. Can be used for security or to reduce the occurrence of failures/errors at the service layer.• Method MappingRoutes to backend service based on method.

4. Interface Management policy Redaction


4. Interface Management policy Redaction

Design



1. Based on request header definition alternative service

• http://services.groupkt.com/state/get/IND/all need to be requested

• Steps

1. Add Header Based Routing Policy

2. Deploy

3. Test

• Routing PoliciesPolicies that route requests to different service URLs depending on the requesting application, the resource requested, and other conditions.• Header-Based RoutingThe request will be routed based on the header. Can be used for security or to reduce the occurrence of failures/errors at the service layer.• Gateway-Based RoutingThe request will be routed based on the gateway.• Application-Based RoutingThe request will be routed based on the application.• Resource-Based RoutingThe request will be routed based on the resource path. Can be used for security or to reduce the occurrence of failures/errors at the service layer.

5. Routing policy - Header Based Routing


5. Routing policy - Header Based Routing

Design



1. Additional new header need to be added to response

2. At completion a message need to be stored in API log file

• Steps

1. Add Groovy Script Policy

2. Add Logging Policy

3. Deploy

4. Test

• Other PoliciesPolicies not belonging to already described categories.• Service Callout Invokes the configured external service with or without payload, with the provided headers and process the incoming request on the basis of response HTTP Status Code from the external service.• LoggingWrites a message to the log.• Groovy ScriptExecutes Groovy script.

6. Other policies – Groovy Script and Logging


• Design

6. Other policies – Groovy Script and Logging


Managed access to a service (API - demo project)

• We have satisfied all business requirements

• We have built enterprise level API management application

• However It is rather configuration than implementation

• Our solution is well and up to date documented

• Documentation can be customized depending on audience needs

• Requirements Design Implementation Testing Final Document

29


Oracle API Platform Cloud Service - API

30


API Platform CS - API DocumentationAll Oracle Cloud Services expose their APIs – including API Platform CS

https://docs.oracle.com/en/cloud/paas/api-platform-cloud/

Management Service: https://docs.oracle.com/en/cloud/paas/api-platform-cloud/apfrm/index.html

https://docs.oracle.com/en/cloud/paas/api-platform-cloud/


Get List of APIs


View API Details


Summary

34


Management Service

GatewaysGateways

Gateways

APIs

Sales Cloud

ABCS

ICS

ServicesDMZ (Optional)

Cloud or On-Premise

Management PortalDeveloper Portal

Applications

Custom

On-Premise


One design, many instances.

Centralized API Design, Distributed API Runtime

Oracle Cloud

Amazon, Azure, other

clouds

On Premises

Gateways


Why should you use API management?

After you design and develop APIs, API management addresses:

• Processes: Publishing, securing, promoting, and monitoring how applications communicate externally through APIs in secure, scalable environments

• Support resources: Defining and documenting the APIs

Because maintaining an inventory of diverse APIs can become unruly, API management is a key component of your development team’s strategy. It helps if you have followed design and governance principles— keeping pace in a digital economy requires keen insight and clean tools.

37


API Platform CS -Quick Links

Home Pagehttps://cloud.oracle.com/en_US/api-platform

Documentationhttp://www.oracle.com/pls/topic/lookup?ctx=cloud&id=api-platform-cloud-getstarted

API Managementhttps://docs.oracle.com/en/cloud/paas/api-platform-cloud/apfrm/index.html

https://cloud.oracle.com/en_US/api-platform

http://www.oracle.com/pls/topic/lookup?ctx=cloud&id=api-platform-cloud-getstarted

https://docs.oracle.com/en/cloud/paas/api-platform-cloud/apfrm/index.html

partner webcast – practical use cases of oracle api platform cloud service

Technology