A runtime, back-end component developed using the WSO2 ESB, which is proven for its performance capability. API Gateway secures, protects, manages, and scales API calls. The API gateway is a simple API proxy which that intercepts API requests and applies policies such as throttling and security checks. It is also instrumental in gathering API usage statistics. We use a set for handlers for security validation and throttling purposes in the API Gateway. Upon validation, it passes web Web service calls to the actual back-end. If the service call is a token request call, API Gateway passes it directly to the API Key Manager Server to handle it.
The API Gateway is accessible through the URL: https://localhost:9443/carbon, once the API Manager server is up and running.
You can integrate a monitoring and statistics component to the API Manager without an any additional configuration effort. This monitoring component integrates with the WSO2 Business Activity Monitor, which can be deployed separately to analyze events generated by the API manager. For more information, refer to section Monitoring using WSO2 BAM.
Although the API Gateway contains ESB features, it is recommended not to use it for ESB-specific tasks. Use it only for Gateway functionality related to API invocations. For example, if you want to call external services like SAP, use a separate ESB cluster.
When an API is published, a file with its synapse configuration is created on the API Gateway. The synapse configuration of each API has a set of handlers. Each of these handlers is executed on the APIs in the order they appear in the configuration.
Also see the following usecases in WSO2 ESB documentation for more information on REST to SOAP conversion.