APIs are hot. Public APIs are an enterprise’s programmatic interface to B2B partners, governments and other stakeholders including app and web builders. Internally, APIs are the touch points for encapsulated functionality and data and the entry points into microservices – to name that other hot term. APIs are usurping the role services have or were supposed to have and it would be hard to very clearly define the distinction between service and API. APIs are perhaps a fairly light weight type of service that live almost exclusively in the world of REST/JSON and use OAuth2 and OpenID Connect for authentication and authorization. Note: see this presentation by Luis Weir (ACE Director, CapGemini) from OOW2016 for a thorough introduction in the what and why of APIs and API Management. From this presentation comes Luis’ definition of an API – that also gives an idea of what is important to take care of with APIs:
Enterprises that want to work with APIs will require facilities to design, test, publish, govern, secure, manage, monetize and monitor those APIs. The API Management space is hotly contended with many vendors offering their products in this area. Oracle is very close (winter 2016/17) to releasing the brand new API Platform Cloud Service to facilitate API management in any which way. As such, API Management is key element in the Integration story of the Oracle PaaS portfolio.
The API Platform broadly speaking consists of two parts that together cover the API Delivery Life Cycle:
– the design time and management portal where the design and meta-data for APIs is recorded and published, where access to APIs is managed, where policies are attached to APIs to have run time requests authenticated and authorized, validated, logged, transformed and routed and where analytics about API usages are collected and reported and the health of APIs is monitored
– the runtime API Gateway where requests for APIs are received, policies are enforced and routing is performed; multiple gateways can be deployed and managed from a single API Platform instance and these gateways can run on the Oracle Cloud, a 3rd party cloud or on premises.
API Platform has an integration with Apiary.io – a 3rd party platform where design details, a mock implementation, test sets, sample API calling code and documentation for APIs are recorded and published.
The numbers in the previous figure indicate:
- The Design Time of API Platform Cloud Service where APIs are registered, defined, configured with relevant policies (for security, validation, data redaction, routing etc) and finally deployed to gateways
- Apiary.io platform where the meta-data and design of the API is composed and published (“Apiary: Work together to quickly design, prototype, document and test APIs”)
- The Run Time API Gateway that actually processes the incoming requests to the APIs that were defined on the management portal and that applies each of the policies attached to the API and that may decide to reject the request or route it – after doing whatever the policies require on the request [headers]; note: custom policies to validate and manipulate the API request can be written in Groovy – to a business service to fulfill the request and produce a response.
- Other API Gateway instances – note that from one instance of API Platform CS, many API Gateway instances can be deployed, monitored and managed
- Examples of the applications that will consume the APIs at run time; note that internal applications can also invoke APIs and these APIs can route to services living on a cloud.
The API Platform is provided with pre-loaded API definitions for all the Oracle SaaS applications a customer is subscribed to.
For user management and authentication, the API Platform CS integrates with ID CS, the new cloud service for identity management – to be released in the Fall of 2016.
The next figure was taken from Luis Weir’s presentation at OOW 2016 on Implementing Enterprise API Management; it shows the Oracle PaaS Services that potentially play a role in an end-to-end enterprise API story and suggests the part they can play:
How easy API [auto-]discovery is from the API Platform for example for ICS integrations or mobile APIs published on MCS is not yet entirely clear- although of course that should be very straightforward. Some form of integration between MCS and API Platform CS is close to a necessity.
Oracle’s current API Manager offering under SOA CS – as well as the on premise API Manager (based on Service Bus) and API Catalog (based on Enterprise repository) – should soon be considered legacy options, with the API Platform CS taking over their role in a far superior way.
Download the AMIS OOW16 Highlights for an overview of announcements at OOW16.