Cloud Blog

[NEW] API Cloud Custom URL for API Store and Gateway

API programs are key to building the ecosystem around your technology. Your developer portal and APIs represent who you are to your partners and customers. This is why branding is very important part of API efforts.

Branding for API programs consist of:

  1. Your own custom URLs for developer portal and APIs,
  2. Your logos, style, look and feel of the developer portal.

With the addition of custom URL functionality, WSO2 API Cloud now supports both kinds of customization.

1. Custom URL

By default, API Store for your subscribers gets a URL that looks like https://api.cloud.wso2.com/store/?tenant=[your organization id], and the APIs themselves start with https://gateway.api.cloud.wso2.com:8243/t/[your organization id]/.

My guess, is that instead, you would like a fully branded experience with API Store being available at something like http://developers.mycompany.com and APIs at http://apis.mycompany.com.

Now all you need to do get there is:

  1. Come up with the nice URLs for both the API Store and the API gateway (and purchase the domain if you have not done so),
  2. Purchase SSL certificates for both domains (this is required because both portal and APIs themselves need to be accessed via HTTPS),
  3. In your domain registrar’s DNS panel, create CNAME records pointing to customdns.api.cloud.wso2.com for APIs themselves, and customdns.api.cloud.wso2.com for the developer portal,
  4. In WSO2 API Cloud, click the Custom URL menu and follow the configuration wizard.

Application overview page in WSO2 App Cloud

You can find detailed instructions in this tutorial: Customize the API Store and Gateway URLs.

2. Custom styles

Obviously, URL is just your first step. You also want the API store itself to be branded with your own corporate logos and styles.

This is as easy as taking our sample store theme, substituting the logos and any other graphics you want changed, and making proper changes to the CSS files.

Here’s a quick demo of the process:

And a link for step-by-step tutorial: Customize the API Store Theme.

Sign-up for a free trial of WSO2 API Cloud today!

[Video] Analyzing API Statistics and Blocking Rogue Subscribers

WSO2 API Cloud has all you need for successful API program. This means that besides just publishing your APIs and opening subscriber portal, you need to have detailed analytics reports to see the actual subscriber behavior and be able to block the subscriptions that do not comply with your policies.

We have published a couple of quick demos to show how this works.

Some of our out-of-box API analytics reports:

And here’s a quick video of how individual subscription can be easily located and suspended:

Start your free API Cloud trial today!

[VIDEO] New Publisher and Subscriber Experience in WSO2 API Cloud

With the latest updates to WSO2 API Cloud, we have made publishing and subscribing to APIs even easier!

Published APIs now just work out of box including interactive API Console (you no longer have to enable OPTIONS method for your APIs or edit Swagger file) – so the number of clicks to get your API published went down dramatically and the process became extremely straight-forward:

In subscriber portal (API Store) things got simpler as well. Interactive API Console no longer requires you to provide OAuth key manually and just grabs it from your configuration automatically. It also shows you various invocation and response details including the sample Curl command for your API call:

With these (and many smaller) changes and improvements, your API programs are now even more attractive and easier to implement.

Sign up for your free trial at http://wso2.com/cloud/api-cloud

Your own JAX-RS as an OAuth Web API in Minutes!

UPDATE: This is an outdated post. WSO2 App Cloud has been since then replaced with WSO2 Integration Cloud and App Server in it with Tomcat. General principals still apply and JAX-RS is a supported backend implementation in the Integration Cloud. Click Support inside the Integration Cloud UI if you need help.

We’ll be using WSO2 Application server in Cloud to host a secured JaxRS service. A future post will explain how to do it with Tomcat, but this post is written for WSO2 App Server.

After writing the JAX-RS service we are going to protect it using OAuth with several clicks. Then you’ll be able to,

  1. Access to the back-end JAX-RS service will be OAuth protected
  2. Advertise the API in an API store for the world to see
  3. Access to the back-end JAX-RS service will be throttled
  4. Allow people to subscribe to these APIs

This is the high-level diagram,

Step 1 – Adding security to the JAX-RS service in App Cloud

Step 2 – Expose it as an OAuth protected API

Step 1 – Adding security to the JAX-RS service in App Cloud

Here I am going to add security to my JAX-RS service by introducing the following lines to the web.xml. As you can see this is plain Tomcat based security. And you have not defined a Realm here. I will explain what happens to the realm below.

<security-constraint>
 <web-resource-collection>
 <web-resource-name>ElephantTracker</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>admin</role-name>
 </auth-constraint>
</security-constraint>

<login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>ElephantTracker</realm-name>
</login-config>
 

Now only the people in admin role can call this service. If you are familiar with Tomcat security, the question is: where is the realm and is the role coming from? It is coming from the Cloud user store.

 

We have simplified a lot of security related details in WSO2 Application Server. Now let’s try to invoke it using a REST Client.

 curl -v -H   
 "Authorization: Basic Base64_encoded_String_of_your_Username:Password  
 "https://appserver.dev.cloud.wso2.com/t/perftest/webapps/securedjrs-default-SNAPSHOT/services/customers/customerservice/customerservice/customers/123  

The trickiest part is figuring out the username. The “@” sign in the email address must be replaced with a “.”  and the tenant domain must be appended with the “@” sign.

 
dimuthu.leelarathne@gmail.com == becomes ==&gt; 
dimuthu.leelarathne.gmail.com@perftest  

Here “perftest” is my tenant domain name.

Next, remember to turn off “http” from transports.

Step 2 – Expose it as an OAuth protected API from API Cloud

Now go into API Cloud and publish the JAX-RS as a service.

Add the proper resource URL patterns and end points. In my case I am going to add “customerservice/customers/{id}” as the url pattern and endpoint of the service as the endpoint. In my case, it is something as follows,

http://identity.cloud.wso2.com/t/perftest/webapps/securedjrs-default-SNAPSHOT/services/customers/customerservice

Give the username/password to access it.

Screen Shot 2015-08-24 at 1.49.35 PM

Woala you are done! Now you have an API in the store, that is accessible the whole wide world!

Meet the New WSO2 App Cloud

UPDATE: Since that time, App Cloud has been rebranded to WSO2 Integration Cloud and added even more exciting functionality.

We have completely revamped user experience for our PaaS to improve usability and bring it more modern look and feel.

Application overview page now has a dashboard from all the most important pieces of information about the application. You can even start editing the code right from it!

Application overview page in WSO2 App Cloud

By default, left-hand menu is closed to save screen space – but you can easily open it by clicking the “hamburger” button (that we all grew to like in various mobile apps these days):

Application menu slides out and lets you pick the page you need

The application wall, reporting who did what and when is still there on the right hand side:

Application wall slides in on the right side and gives a complete picture of what is going on in the project

And finally, there is a much improved Issue Tracker with sorting, filtering, commenting, and other long-requested functionality:

Issue and task tracking in WSO2 App Cloud

Sign up (or sign in – if you have an account) for WSO2 App Cloud and give it a try. It is still in free beta so there is no credit card required!

Categories

Recent Posts

Most Popular Posts