You are on page 1of 93

WSO2 API Manager

Advanced
WSO2 Training
Objectives
At the end of this course, attendees will be able
to:
o Understand scalable deployment patterns

o Set up a distributed deployment of WSO2 API


Manager (WSO2 API-M)
o Extend the WSO2 API Manager
Course Outline
o Scalable Deployment Patterns
o Clustering WSO2 API-M
o Extending WSO2 API-M
o Patch Application Process
o Product Profiles
Overview of WSO2 API-M
Understanding the API-M Architecture

https://docs.wso2.com/display/AM210/Clustering+the+API+Manager#ClusteringtheAPIManager-Und
erstandingtheAPIManagerarchitecture
Data Storages

User API Message


Registry Statistics Manager Metrics
Manager Broker
Database Database Database Database
Database Database

https://docs.wso2.com/display/AM210/Clustering+the+API+Manager#ClusteringtheAPIManager-Underst
andingtheAPIManagerarchitecture
WSO2 API-M Deployment Patterns
Main Components of a Distributed Setup

https://docs.wso2.com/display/AM210/Deployment+Patterns#DeploymentPatterns-Maincomponents
ofadistributedsetup
WSO2 API-M Message Flow

https://docs.wso2.com/display/AM210/Deployment+Patterns#DeploymentPatterns-Maincomponentso
fadistributedsetup
Pattern #1 - Single Node Deployment
Pattern #2 - Single Node Deployment
with Analytics
Pattern #2 - Single Node Deployment
with Analytics
Pattern #3 - Gateway Worker/Manager
Separation
Pattern #3 - Gateway Worker/Manager
Separation
Pattern #4 - Gateway Worker/Manager
Separation

The Gateway is in a
Demilitarized Zone
Pattern #5 - Gateway Worker/Manager
Separation
Gateway Worker and Key Manager in the same node
Pattern #6 - Gateway Worker/Manager
Separation
Store in the same node as Publisher
Pattern #7 - WSO2 IS as Key Manager of
WSO2 API-M
Pattern #7 - WSO2 IS as Key Manager of
WSO2 API-M
Scaling
Scale Horizontally
Scale Vertically

*
Clustering WSO2 API-M
WSO2 API Manager Configurations
api-manager.xml

<API-M_HOME>/repository/conf
Datasource and Database Configurations

master-datasources.xml

<API-M_HOME>/repository/conf/datasources
User Management Configurations

user-mgt.xml
<API-M_HOME>/repository/conf
Registry Configurations

registry.xml
<API-M_HOME>/repository/conf
Creating the Distributed Deployment
Clustering the WSO2 API-M Gateway -
Deployment pattern

https://docs.wso2.com/display/CLUSTER44x/Clustering+the+Gateway#ClusteringtheGateway-Gatewayd
eploymentpattern
WSO2 API-M Cluster
LAB

Distributed Deployment
Clustering WSO2 API-M in Amazon Web Services
Deployment Architecture

https://docs.wso2.com/display/CLUSTER44x/Clustering+API+Manager+in+Amazon+Web+Services
Deploying on Amazon EC2
Using pre-built AMI

o Switch to the US East (N. Virginia) region Use AMI ID:


ami-db182fb2.
o An instance with 1.7 Gig of memory is enough for testing
purposes. Otherwise use at least a Medium size instance.
o Create a security group opening ports 22 (SSH), 9443,
9763 (tcp, API Mgr admin console), 8280 (tcp, API GW
ports).
o Start an instance and attach security group to it.
https://docs.wso2.com/display/CLUSTER44x/Clustering+API+Manager+in+Amazon+Web+Services
Deploying on Amazon EC2
Standard deployment with binary distribution

o M1-Medium instance to run one Carbon instance.


Note : based on the I/O performance of instance, it is recommended
to run multiple instances in a Large instance (m1.large or m1.xlarge).
o Deploy API manager on EC2 instances. If you have enough resources
you can run multiple API manager instances with port offset.
o If you need to create DMZ for gateway and store there are several
options for that. One method is create VPC to isolate deployment
also you can create security group and apply same security group to
all nodes in same zone(here DMZ).
https://docs.wso2.com/display/CLUSTER44x/Clustering+API+Manager+in+Amazon+Web+S
ervices
Tuning WSO2 API-M
Tune Up
● OS-level settings
● JVM-level settings
● WSO2 Carbon platform-level settings
● APIM-level settings
https://docs.wso2.com/display/AM210/Tuning+Performance#TuningPerformance-APIM-levelsettings
Configuring WSO2 IS as the Key Manager
Basic Functionality of the Key Manager

https://docs.wso2.com/display/AM210/Configuring+WSO2+Identity+Server+as+a+Key+Manager
Sharing Databases

https://docs.wso2.com/display/AM210/Configuring+WSO2+Identity+Server+as+a+Key+Manager
LAB
WSO2 Identity Server as the
Key Manager
Extending WSO2 API Manager
Extending WSO2 API Manager
Mediation Extensions
Mediation Extensions
Introducing Handlers

<API-M_HOME>/repository/deployment/server/synapse-configs/default/api

https://docs.wso2.com/display/AM210/Writing+Custom+Handlers
Engage the Custom Handler
All APIs
<API-M_HOME>/repository/resources/api_templates/velocity_template.
xml

Selected APIs
Edit source view

https://docs.wso2.com/display/AM210/Writing+Custom+Handlers
Handler Processing Order

https://docs.wso2.com/display/AM210/Writing+Custom+Handlers
Error Handling

<API-M_HOME>/repository/deployment/server/synapse-configs/default/sequences

https://docs.wso2.com/display/AM210/Error+Handling
LAB

Custom Mediation Extension


LAB

Custom Handler
Workflow Extensions
Workflow Extensions

https://docs.wso2.com/display/AM210/Managing+Workflow+Extensions
Steps to Customize a Workflow Extension
o Inherited from the
org.wso2.carbon.apimgt.impl.workflow.WorkflowExecutor abstract
class.
o Need to override the following methods
o execute: contains the implementation of the workflow
execution
o complete: contains the implementation of the workflow
completion
o Compile the class and create the JAR file.
o Add the JAR to the APIM.
o Update the workflow configuration to use the new custom
workflow.
Configure Workflows for Tenant

https://docs.wso2.com/display/AM210/Configuring+Workflows+for+Tenants
Configuring Workflows in a Cluster

https://docs.wso2.com/display/AM210/Configuring+Workflows+in+a+Cluster
LAB

Custom Workflow Extension


Security Extensions
Custom OAuth Grant Types

ADD
EXTEND
https://docs.wso2.com/display/AM210/Writing+Custom+Grant+Types
Customizing the JWT Generation

https://docs.wso2.com/display/AM210/Passing+Enduser+Attributes+to+the+Backend+Using+JWT
Configuring a Key Manager

https://docs.wso2.com/display/AM210/Configuring+WSO2+Identity+Server+as+the+Key+Manager
https://docs.wso2.com/display/AM210/Configuring+a+Third-Party+Key+Manager
Extending Key Validation

https://docs.wso2.com/display/AM210/Extending+Key+Validation
Extending Scope Validation

<ScopeWhitelist>
<Scope>^device_.*</Scope>
<Scope>somerandomscope</Scope>
</ScopeWhitelist>

https://docs.wso2.com/display/AM210/Extending+Scope+Validation
Engaging Multiple Throttling Policies to a
Single API

https://docs.wso2.com/display/AM210/Engaging+Multiple+Throttling+Policies+to+a+Single+API
Add Throttling Policies

https://docs.wso2.com/display/AM210/Adding+New+Throttling+Policies
Sharing Applications and Subscriptions
LAB

Grant Types Extension


SAML2 Grant Type
Branding Extensions
API Store Themes

https://docs.wso2.com/display/AM210/Adding+a+new+API+Store+Theme
API Lifecycle Extensions
Extending the Lifecycle

https://docs.wso2.com/display/AM210/Extending+the+API+Life+Cycle
Adding a Reverse Proxy
Extending WSO2 API-M By Adding A
Reverse Proxy Server
LAB

REST API
Invoke REST API

Publisher API: https://docs.wso2.com/display/AM210/apidocs/publisher/


Store API: https://docs.wso2.com/display/AM210/apidocs/store/
LAB

Login Executor
Patch Application Process
WSO2 Update Manager (WUM)
WUM is a command line utility that helps you to get the latest updates of WSO2 products

http://wso2.com/update/wum/download
WSO2 Update Manager (WUM)
Product Profiles
Profiles
Profile Command Description

API Publisher -Dprofile=api-publisher Start server as API Publisher

API Store -Dprofile=api-store Start server as API Store

Gateway Manager -Dprofile=gateway-manager Start server as Gateway Manager

Gateway Worker -Dprofile=gateway-worker Start server as Gateway Store

Key Manager -Dprofile=api-key-manager Start server as Key Manager

Traffic Manager -Dprofile=traffic-manager Start server as Traffic Manager

./wso2server.sh -Dprofile=<preferred-profile>

https://docs.wso2.com/display/AM210/Product+Profiles
Advanced Security
Role Based Access Control using XACML

https://docs.wso2.com/display/AM210/Enabling+Role-Based+Access+Control+Using+XACML
LAB
Fine Grained Policy Decisions
Using XACML
Encrypt OAUTH Keys

Encrypt

<EncryptPersistedTokens>

<TokenPersistenceProcessor>

https://docs.wso2.com/display/AM210/Encrypting+OAuth+Keys
Code Debugging
WSO2 API-M Components
APIs
org.wso2.carbon.apimgt.api

Core Implementation
org.wso2.carbon.apimgt.impl

Host Objects
org.wso2.carbon.apimgt.hostobjects
WSO2 API-M Components
Gateway
org.wso2.carbon.apimgt.gateway

Key Validator Services


org.wso2.carbon.apimgt.keymgt

Key Validator Client


org.wso2.carbon.keymgt.client

API Usage Publisher


org.wso2.carbon.apimgt.usage.publisher

API Usage Client


org.wso2.carbon.apimgt.usage.client
WSO2 API-M Service Stubs
Security
org.wso2.carbon.apimgt.handlers.security.stub

Key Management
org.wso2.carbon.apimgt.keymgt.stub
WSO2 API-M Features
org.wso2.carbon.apimgt.core.feature

org.wso2.carbon.apimgt.gateway.feature

org.wso2.carbon.apimgt.publisher.feature

org.wso2.carbon.apimgt.store.feature

org.wso2.carbon.apimgt.feature
Forum Integration

org.wso2.carbon.forum
THANK YOU

wso2.com