This documentation is for WSO2 API Manager 1.6.0 View documentation for the latest release.
Page Comparison - Architecture (v.9 vs v.23) - API Manager 1.6.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

The WSO2 API Manager comprises the following main components:

Table of Contents
maxLevel4
minLevel4
Also see Implementing an API facade with WSO2

API

...

Publisher

Provides an end-user, collaborative Web interface for API providers to publish APIs, share documentation, provision API keys, and gather feedback on API features, quality and usage. The API Publisher is powered by WSO2 Jaggery, WSO2 Governance Registry and WSO2 Identity Server products.

For more information on API Publisher and its functionality, refer to sections  API Developer Guide.

API Store

Provides an end-user, collaborative Web interface for consumers to self-register, discover API functionality, subscribe to APIs, evaluate them and interact with API publishers. The API Store is powered by WSO2 Jaggery, WSO2 Governance Registry and WSO2 Identity Server products.

For more information on the API Store and its functionality, refer to section  Application Developer Guide.  

API Gateway

A runtime, back-end component developed using the WSO2 ESB, which is proven for its performance capability. API Gateway secures, protects, manages, and scales API calls. The API gateway is a simple API proxy that intercepts API requests and applies policies such as throttling and security checks. It is also instrumental in gathering API usage statistics. We use a set for of handlers for security validation and throttling purposes in the API Gateway. Upon validation, it passes Web service calls to the actual back-end. If the service call is a token request call, API Gateway passes it directly to the API Key Manager Server to handle it.

...

You can integrate a monitoring and statistics component to the API Manager without any additional configuration effort. This monitoring component integrates with the WSO2 Business Activity Monitor, which can be deployed separately to analyze events generated by the API manager. For more information, refer to section Monitoring using WSO2 BAM.see Publishing API Runtime Statistics. 

Info

Although the API Gateway contains ESB features, it is recommended not to use it for ESB-specific tasks. Use it only for Gateway functionality related to API invocations. For example, if you want to call external services like SAP, use a separate ESB cluster.

Excerpt
hiddentrue

See in FAQ space: http://docs.wso2.org/display/FAQ/APIM+Common#APIMCommon-IsitrecommendedtouseGatewaynodesintheAPIManagersetupforcallingproxyingexternalserviceslikeSAPorshouldweuseaseparateESBcluster

API Handlers

When an API is published, a file with its synapse configuration is created on the API Gateway. The synapse configuration of each API has a set of handlers. Each of these handlers is executed on the APIs in the order they appear in the configuration.

...

  • APIAuthenticationHandler : Validates the OAuth2 bearer token used to invoke the API. It also determines whether the token is of type Production or Sandbox and sets MessageContext variables as appropriate. To extend the default authentication handler, see Writing a Custom Authentication Handler.
  • APIThrottleHandler : Throttles requests based on the throttling policy specified by the policyKey property. Throttling is applied both at the application level as well as subscription level.
  • APIMgtUsageHandler : Publishes events to BAM for collection and analysis of statistics. This handler only comes to effect if API usage tracking is enabled. See Monitoring using WSO2 BAM See Publishing API Runtime Statistics for more information.
  • APIMgtGoogleAnalyticsTrackingHandler : Publishes events to Google Analytics. This handler only comes into effect if Google analytics tracking is enabled. See Integrating with Google Analytics for more information.
  • APIManagerExtensionHandler : Extends the mediation flow of messages passing through the API Gateway. See Adding a Mediation Extension for more information.

API Key Manager
Anchor
keymgt
keymgt

The API Key Manager component handles all security and key-related operations. When API Gateway receives API calls, it contacts the API Key Manager service to verify the validity of tokens and do security checks. When API Gateway receives calls to loginlog in, it directly forwards the calls to Key Manager server. You must pass username, password, consumer key and consumer secret key with it to register their applications. All tokens used for validation are based on OAuth 2.0.0 protocol. Secure authorization of APIs is provided by the OAuth 2.0 standard for key management. The API Gateway supports API authentication with OAuth 2.0, and enables IT organizations to enforce rate limits and throttling policies.

When the API Gateway receives API invocation calls, it similarly contacts the API Key Manager service for verification. This verification call happens every time the Gateway receives an API invocation call if caching is not enabled at the Gateway level. For this verification, the Gateway passes access token, API, API version to the Key Manager.

...

  • Through a Web service call
  • Through a Thrift call

The That the default communication mode protocol of Key Manager is using Thrift but you can change the <KeyValidatorClientType> to WSClient in Thrift. If your setup has a cluster of multiple Key Manager nodes that are fronted by a WSO2 ELB instance for load balancing, change the key management protocol from Thrift to WSClient using the <KeyValidatorClientType> element in <APIM_HOME>/repository/conf/api-manager.xml file.

The following diagram depicts the collaboration of these main components with an easily-integrable monitoring and statistics component.

Image Removed

Implementing an API facade with WSO2 API Manager

WSO2 API Manager shares most of the components of WSO2 ESB. Both products are built on top of the same component-based WSO2 Carbon platform. Therefore, API Manager supports most of the ESB's functionality such as exposing SOAP services as REST-JSON.

Using both the API Manager and WSO2 ESB, you can implement an API facade architecture pattern. WSO2 recommends this architecture if you are performing heavy mediation in your setup. For implementation details of an API facade, see implementing an API facade with WSO2 API management platform. Since the API Manager does not have the ESB's GUI to perform mediation functions, you need to use the XML-based source view for configuration. Alternatively, you can create the necessary mediation sequences using the GUI of the ESB, and copy them from the ESB to the API Manager.

Also see the following usecases in WSO2 ESB documentation for more information on REST to SOAP conversion.

Thrift uses TCP load balancing and the ELB does not support it.

Excerpt
hiddentrue

See in FAQ space: http://docs.wso2.org/display/FAQ/APIM+Common#APIMCommon-IsitpossibletotoexposeSOAPwebserviceasaREST-jsonserviceviaAPImanager%C2%A0See in FAQ space: http://docs.wso2.org/display/FAQ/APIM+Common#APIMCommon-IsitrecommendedtouseGatewaynodesintheAPIManagersetupforcallingproxyingexternalserviceslikeSAPorshouldweuseaseparateESBclusterCanweusethriftaskeymanagementprotocolwhenkeymanagernodesarefrontedbyELB

The following diagram depicts the collaboration of these main components with an easily-integrable monitoring and statistics component.

Image Added