Using the API Manager, you can configure custom workflows that get invoked at the event of a user signup, application creation, registration, subscription etc. You do these configurations in the api-manager.xml as described in the previous sections.
However, in a multi-tenant API Manager setup, not all tenants have access to the file system and not all tenants want to use the same workflow that the super admin has configured in the api-manager.xml file. For example, different departments in an enterprise can act as different tenants using the same API Manager instance and they can have different workflows. Also, an enterprise can combine WSO2 API Manager and WSO2 Business Process Server (BPS) to provide API Management As a Service to its clients. In this case, each client is a separate enterprise represented by a separate tenant. In both cases, the authority to approve business operations (workflows) resides within a tenant's space.
To allow different tenants to define their own custom workflows without editing configuration files, the API Manager provides configuration in tenant-specific locations in the registry, which you can access through the UI.
The topics below explain how to deploy a BPEL/human task using WSO2 BPS and how to point them to services deployed in the tenant spaces in the API Manager.
Deploying a BPEL and a HumanTask for a tenant
Only the users registered in the BPS can deploy BPELs and human tasks in it. Registration adds you to the user store in the BPS. In this guide, the API Manager and BPS use the same user store and all the users present in the BPS are visible to the API Manager as well. This is depicted by the diagram below:
Figure: API Manager and BPS share the same user and permission store
Follow the steps below to deploy a BPEL and a human task for a tenant in the API Manager:
Sharing the user/permission stores with the BPS and API Manager
Create a database for the shared user store as follows:
Tip: Copy the database driver (in this case, the MySql driver) to the
/repository/components/libfolder before starting each server.
<APIM_HOME>repository/conf/datasources/master-datasources.xmland create a datasource pointing to the newly created database. For example,
- Repeat step 2 for the BPS as well.
Point the datasource name in
<APIM_HOME>repository/conf/user-mgt.xmlto the new datasource. (note that the user store is configured using the
In the following example, the same JDBC user store (that is shared by both the API Manager and the BPS) is used as the permission store as well:
- Repeat step 4 for the BPS as well.
Sharing the data in the registry with the BPS and API Manager
To deploy BPELs in an API Manager tenant space, the tenant space should be accessible by both the BPS and API Manager and certain tenant specific data such as key stores needs to be shared with both products. Follow the steps below to create a registry mount to share the data stored in the registry:
Create a separate database for the registry:
Create a new datasource in
<APIM_HOME>repository/conf/datasources/master-datasources.xmlas done before:
Add the following entries to
Repeat the above three steps for the BPS as well.
Creating a BPEL
In this section, you create a BPEL that has service endpoints pointing to services hosted in the tenant's space. This example uses the Application Creation Workflow.
Set a port offset of 2 to the BPS using the
<BPS_HOME>/repository/conf/carbon.xmlfile. This prevents any port conflicts when you start more than one WSO2 products on the same server.
Log in to the API Manager's management console (
https://localhost:9443/carbon) and create a tenant using the Configure -> Multitenancy menu.
Create a copy of the BPEL located in
Extract the contents of the new BPEL archive.
ApplicationCallbackService.eprto the extracted folder and rename them as
ApplicationService-Tenant.eprand change the
deploy.xmlfile to the new .epr files provided in the BPEL archive. For example,
Zip the content and create a BPEL archive in the following format:
- Log into the BPS as the tenant admin and upload the BPEL.
Creating a human task
Similar to creating a BPEL, create a HumaTask that has service endpoints pointing to services hosted in the tenant's space.
- Create a copy of the HumanTask archive in
<APIM_HOME>/business-processes/application-creation/HumanTaskand extract its contents.
Edit the following section in
Create the HumanTask archive by zipping all the extracted files.
Log into the BPS as the tenant admin and upload the HumanTask.
Log into the API Manager's management console as the tenant admin and select Resources > Browse menu.
Go to the
/_system/governance/apimgt/applicationdata/workflow-extensions.xmlin the registry and change the service URL and the credentials of the
ApplicationCreationWSWorkflowExecutor. For example,
Be sure to disable the
SimpleWorkflowExecutorand enable the
Testing the workflow
You have now completed configuring the Application Creation workflow for a tenant. Whenever a tenant user logs in to the tenant store and create an application, the workflow will be invoked. You log in to the Workflow Admin Web application (
https://<Server Host>:9443/workflow-admin) as the tenant admin and browse Application Creation menu to see all approval tasks have been created for newly created applications. For example,