The WSO2 App Manager comprises of the following main components:
App Publisher Application
Provides an end-user, collaborative web interface for app providers to publish apps, share documentation, and gather feedback on the quality and usage of apps. The App Publisher is powered by Jaggery, WSO2 Governance Registry and WSO2 Identity Server products.
For more information on App Publisher and its functionality, see API Developer Guide.
App Store Application
Provides an end-user, collaborative web interface for consumers to self-register, discover apps, subscribe to apps, and evaluate them. The App Store is powered by Jaggery, WSO2 Governance Registry and WSO2 Identity Server products.
For more information on the App Store and its functionality, see Application Developer Guide.
We App Gateway
A runtime, back-end component developed using the WSO2 ESB, which is proven for its performance capability. We App Gateway secures, protects, manages, and scales App calls. The App Gateway is a simple App proxy that intercepts App requests and applies policies such as throttling and security checks. It is also instrumental in gathering App usage statistics. We use a set of handlers for security validation and throttling purposes in the App Gateway. Upon validation, it passes web service calls to the actual back-end. If the service call is a token request call, App Gateway passes it directly to the App Key Manager Server to handle it.
The App Gateway is accessible through the URL: https://localhost:9443/carbon once the App Manager server is up and running.
You can integrate a monitoring and statistics component to the App Manager without any additional configuration effort. This monitoring component integrates with the WSO2 Business Activity Monitor, which can be deployed separately to analyze events generated by the App manager. For more information, see Publishing App Runtime Statistics.
Although the App Gateway contains ESB features, it is recommended not to use it for ESB-specific tasks. Use it only for Gateway functionality related to App invocations. For example, if you want to call external services like SAP, use a separate ESB cluster.
When an App is published, a file with its synapse configuration is created on the Web App Gateway. The synapse configuration of each App has a set of handlers. Each of these handlers is executed on the Apps in the order in which, they appear in the configuration.
You can find a set of default handlers in any App Synapse definition as shown below.
The functionality of each handler will be as follows:
APIAuthenticationHandler: Validates the OAuth2 bearer token used to invoke the API. It also determines whether the token is of type
MessageContextvariables as appropriate. To extend the default authentication handler, see Writing Custom Authentication Handlers.
APIThrottleHandler: Throttles requests based on the throttling policy specified by the
policyKeyproperty. Throttling is applied both at the application level as well as subscription level.
APIMgtUsageHandler: Publishes events to BAM for collection and analysis of statistics. This handler only comes to effect if . See Publishing API Runtime Statistics for more information.
APIMgtGoogleAnalyticsTrackingHandler: Publishes events to Google Analytics. This handler only comes into effect if Google analytics tracking is enabled. See for more information.
APIManagerExtensionHandler: Extends the mediation flow of messages passing through the API Gateway. See s for more information.