Cloud Blog

Category Archives: API Cloud

Custom API Publisher Info for Your APIs

Your subscribers need to know who is behind the APIs that they consume. Depending on your scenario, you might want to set the API owner information to the individual who published the API, a particular team in your company, or just the company itself. WSO2 API Cloud lets you easily implement any of these approaches.

By default, API Store will display the internal name of the individual who published the API:

Annotated-publisher-as-individual

To change it to your team name or company name, simply provide the proper name at the last step of API editing wizard:

Provide API owner information

Once you publish the API with the owner information filled in, API Store starts reflecting the new owner information in the user interface:

Customized API business owner

This is just one of the ways you can control your branding and the way your subscribers see your company.

See also this post on changing API Store styles, logos, and URLs.

Get your free 2 week API Cloud trial today!

The Power of Mediators: API Call Transformation and Orchestration

Sometimes you are lucky and the backend web services match exactly your desired public API design. But what if they do not? What if you need to change formats on the fly? Or do XSLT transformation? Or orchestrate multiple backend services called and joined into a single API?

Fear not! WSO2 API Cloud comes with a powerful mediation engine that can transform and orchestrate API calls on the fly.

You can create your mediation sequences and apply them on the fly both on the way to the backend (In Flow) and back to the invoker (Out Flow):

API Cloud mediation sequences

API Cloud’s mediation engine is built on industry-fastest enterprise service bus (ESB) engine and supports amazing variety of mediators that you can use as building blocks for your sequences: https://docs.wso2.com/display/ESB490/Mediators

WSO2 Developer Studio can then be used to build your sequences:

Sample mediator sequence

And then you simply upload the sequences to the gateway and select which of them you want used in your APIs.

There are a couple tutorials that we published to illustrate the process:

Using Property Mediator to turn YQL-based Yahoo Weather API into nice REST format:

This is the step-by-step tutorial if you want to follow along: https://docs.wso2.com/display/APICloud/Change+the+Default+Mediation+Flow+of+API+Requests

And here is another one on turning a SOAP backend into a proper JSON REST frontend API.

Here’s the full list of mediators supported and links to detailed documentation:

Category

Name

Description

Core Call Invoke a service in non blocking synchronous manner

Sequence

Inserts a reference to a sequence

Drop

Drops a message

Enrich

Enriches a message

Property

Sets or remove properties associated with the message

Log

Logs a message

Filter

Filter

Filters a message using XPath, if-else kind of logic

Validate Validates XML messages against a specified schema.

Switch

Filters messages using XPath, switch logic

Conditional Router

Implements complex routing rules (Header based routing, content based routing and other rules)

Transform

XSLT

Performs XSLT transformations on the XML payload

FastXSLT Performs XSLT transformations on the message stream

URLRewrite

Modifies and rewrites URLs or URL fragments

XQuery Performs XQuery transformation

Header

Sets or removes SOAP headers

Fault (also called Makefault)

Create SOAP Faults

PayloadFactory Transforms or replaces message content in between the client and the backend server

Advanced

Cache

Evaluates messages based on whether the same message came to the ESB

ForEach Splits a message into a number of different messages by finding matching elements in an XPath expression of the original message.

Clone

Clones a message

Iterate

Splits a message

Aggregate

Combines a message

Callout

Blocks web services calls

Transaction

Executes a set of mediators transactionally

DBReport

Writes data to database

DBLookup

Retrieves information from database

Entitlement

Evaluates user actions against a XACML policy

Extension

Class

Creates and executes a custom mediator

Script

Executes a mediator written in Scripting language

Start your free API Cloud trial now!

Meet WSO2 Cloud Team at WSO2Con US

WSO2Con-US-2015

In less than 2 weeks, we are hosting our main event of the year in the US – the annual WSO2Con in San Francisco, November 2-4. Along with the sister conferences in Europe and Asia, this is the main opportunities for us to meet the community of WSO2 users and partners, share roadmaps, and exchange ideas.

A lot of the WSO2 Cloud team members will be there and there are a lot of great sessions in the agenda.

There is a great session from our cloud technical leads: Amila and Chamith – on how we do DevOps for both public and managed cloud customers:

Amila-Chamith

Myself and Imesh will talk about private cloud deployments, Kubernetes, Docker, and application PaaS technologies from WSO2:

Dmitry-Imesh

I will cover WSO2 Cloud roadmap:

Dmitry

Imesh demonstrate multi-cloud container deployments:

Imesh

Lakmal talk about the results of the recent big data in the cloud hackathon:

Lakmal

And finally Amila and Chamith provide details on cloud high availability and automation:

Amila-Chamith-2

Plus, there will be many sessions on IoT, API Management, Integration, Security, and other hot topics of IT today.

There are still tickets available, so buy yours today, and we will see you in San Francisco the first week of November!

Prototype API in JavaScript in 2 Minutes

Successful companies try things fast, get feedback and iterate – and successful API programs are no exception.

WSO2 API Cloud makes prototyping a new API and running it by your users to collect feedback extremely easy.

All you need to do is:

  1. Define your API: list REST resources and parameters (either in our New API wizard or by importing or editing Swagger definition),
  2. Provide API definition

  3. On the second step of the wizard, pick the Prototype option and Inline to get JavaScript editor displayed with stub implementation in it,
  4. 2-inline-Javascript-prototype

  5. Modify the stub for each HTTP method you need to implement with your custom JavaScript code.
  6. 3-JavaScript-implementation-with-xml-output

  7. Deploy the prototype to your API store: your developers will start seeing the API, be able to invoke it, provide feedback, and so on.

Prototypes can also have versions so you can iterate on your prototypes as your vision evolves, and then substitute the implementation with real backend.

Here’s a video of the whole process – it literally takes less than 2 minutes!

And here’s the detailed tutorial.

Sign up for your free trial of WSO2 API Cloud now, and happy API programs!

99.99% – WSO2 Managed Cloud SLA Goes to Four Nines

99.99 - Guaranteed Uptime for WSO2 Managed CloudWSO2 Managed Cloud – our dedicated hosting offering – just got an upgrade. From now on, all Managed Cloud customers get financially backed 99.99% guaranteed uptime.

This is, of course, in addition to formal SLA on support ticket responses and all other niceties of the service:

  • Available for any combination of WSO2 products,
  • Run in the region of your choice on dedicated virtual machines not shared with any other customers,
  • WSO2 engineers set up the environment including the virtual machines, WSO2 products, and networking,
  • Can be set up to have network connectivity with your on-premise datacenter,
  • Deployment can be customized for your specific needs,
  • Can be combined with professional services including consultancy, development, and QuickStart,
  • Includes full devops service including 24*7 monitoring, regular backups, and product updates,
  • Priced as a fixed monthly fee.

You can find full updated SLA for WSO2 Managed Cloud at: http://wso2.com/cloud/managed/sla.

Fill out the form at the right side of the SLA page to get more information and sign up!

[NEW] API Cloud Custom URL for API Store and Gateway

API programs are key to building the ecosystem around your technology. Your developer portal and APIs represent who you are to your partners and customers. This is why branding is very important part of API efforts.

Branding for API programs consist of:

  1. Your own custom URLs for developer portal and APIs,
  2. Your logos, style, look and feel of the developer portal.

With the addition of custom URL functionality, WSO2 API Cloud now supports both kinds of customization.

1. Custom URL

By default, API Store for your subscribers gets a URL that looks like https://api.cloud.wso2.com/store/?tenant=[your organization id], and the APIs themselves start with https://gateway.api.cloud.wso2.com:8243/t/[your organization id]/.

My guess, is that instead, you would like a fully branded experience with API Store being available at something like http://developers.mycompany.com and APIs at http://apis.mycompany.com.

Now all you need to do get there is:

  1. Come up with the nice URLs for both the API Store and the API gateway (and purchase the domain if you have not done so),
  2. Purchase SSL certificates for both domains (this is required because both portal and APIs themselves need to be accessed via HTTPS),
  3. In your domain registrar’s DNS panel, create CNAME records pointing to customdns.api.cloud.wso2.com for APIs themselves, and customdns.api.cloud.wso2.com for the developer portal,
  4. In WSO2 API Cloud, click the Custom URL menu and follow the configuration wizard.

Application overview page in WSO2 App Cloud

You can find detailed instructions in this tutorial: Customize the API Store and Gateway URLs.

2. Custom styles

Obviously, URL is just your first step. You also want the API store itself to be branded with your own corporate logos and styles.

This is as easy as taking our sample store theme, substituting the logos and any other graphics you want changed, and making proper changes to the CSS files.

Here’s a quick demo of the process:

And a link for step-by-step tutorial: Customize the API Store Theme.

Sign-up for a free trial of WSO2 API Cloud today!

[Video] Analyzing API Statistics and Blocking Rogue Subscribers

WSO2 API Cloud has all you need for successful API program. This means that besides just publishing your APIs and opening subscriber portal, you need to have detailed analytics reports to see the actual subscriber behavior and be able to block the subscriptions that do not comply with your policies.

We have published a couple of quick demos to show how this works.

Some of our out-of-box API analytics reports:

And here’s a quick video of how individual subscription can be easily located and suspended:

Start your free API Cloud trial today!

[VIDEO] New Publisher and Subscriber Experience in WSO2 API Cloud

With the latest updates to WSO2 API Cloud, we have made publishing and subscribing to APIs even easier!

Published APIs now just work out of box including interactive API Console (you no longer have to enable OPTIONS method for your APIs or edit Swagger file) – so the number of clicks to get your API published went down dramatically and the process became extremely straight-forward:

In subscriber portal (API Store) things got simpler as well. Interactive API Console no longer requires you to provide OAuth key manually and just grabs it from your configuration automatically. It also shows you various invocation and response details including the sample Curl command for your API call:

With these (and many smaller) changes and improvements, your API programs are now even more attractive and easier to implement.

Sign up for your free trial at http://wso2.com/cloud/api-cloud

Your own JAX-RS as an OAuth Web API in Minutes!

UPDATE: This is an outdated post. WSO2 App Cloud has been since then replaced with WSO2 Integration Cloud and App Server in it with Tomcat. General principals still apply and JAX-RS is a supported backend implementation in the Integration Cloud. Click Support inside the Integration Cloud UI if you need help.

We’ll be using WSO2 Application server in Cloud to host a secured JaxRS service. A future post will explain how to do it with Tomcat, but this post is written for WSO2 App Server.

After writing the JAX-RS service we are going to protect it using OAuth with several clicks. Then you’ll be able to,

  1. Access to the back-end JAX-RS service will be OAuth protected
  2. Advertise the API in an API store for the world to see
  3. Access to the back-end JAX-RS service will be throttled
  4. Allow people to subscribe to these APIs

This is the high-level diagram,

Step 1 – Adding security to the JAX-RS service in App Cloud

Step 2 – Expose it as an OAuth protected API

Step 1 – Adding security to the JAX-RS service in App Cloud

Here I am going to add security to my JAX-RS service by introducing the following lines to the web.xml. As you can see this is plain Tomcat based security. And you have not defined a Realm here. I will explain what happens to the realm below.

<security-constraint>
 <web-resource-collection>
 <web-resource-name>ElephantTracker</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>admin</role-name>
 </auth-constraint>
</security-constraint>

<login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>ElephantTracker</realm-name>
</login-config>
 

Now only the people in admin role can call this service. If you are familiar with Tomcat security, the question is: where is the realm and is the role coming from? It is coming from the Cloud user store.

 

We have simplified a lot of security related details in WSO2 Application Server. Now let’s try to invoke it using a REST Client.

 curl -v -H   
 "Authorization: Basic Base64_encoded_String_of_your_Username:Password  
 "https://appserver.dev.cloud.wso2.com/t/perftest/webapps/securedjrs-default-SNAPSHOT/services/customers/customerservice/customerservice/customers/123  

The trickiest part is figuring out the username. The “@” sign in the email address must be replaced with a “.”  and the tenant domain must be appended with the “@” sign.

 
dimuthu.leelarathne@gmail.com == becomes ==&gt; 
dimuthu.leelarathne.gmail.com@perftest  

Here “perftest” is my tenant domain name.

Next, remember to turn off “http” from transports.

Step 2 – Expose it as an OAuth protected API from API Cloud

Now go into API Cloud and publish the JAX-RS as a service.

Add the proper resource URL patterns and end points. In my case I am going to add “customerservice/customers/{id}” as the url pattern and endpoint of the service as the endpoint. In my case, it is something as follows,

http://identity.cloud.wso2.com/t/perftest/webapps/securedjrs-default-SNAPSHOT/services/customers/customerservice

Give the username/password to access it.

Screen Shot 2015-08-24 at 1.49.35 PM

Woala you are done! Now you have an API in the store, that is accessible the whole wide world!

Disabling OAuth in API Cloud

OAuth2 has become the industry standard for secure API access, and is the default security mechanism that you get for your API subscribers in WSO2 API Cloud. API Cloud fully automates OAuth key generation and management.

However, there are circumstances when you might want to temporarily have your APIs available with no security required. For example, this might be the way you decide to launch them initially while you are still on the prototype phase.

WSO2 API Cloud gives you two ways of achieving this:

  • By publishing your API as Prototype, or
  • By setting required resource authentication level to None.

Publishing as Prototype

Prototypes are different from common published APIs because they are meant to run your ideas across your community to quickly collect feedback.

They can be implemented with a proper backend webservice (just like other managed APIs) or JavaScript.

Either way, they require no subscription. Your users will be able to give them a try without having to subscribe to them.

To publish an API as prototype:

  1. Pick Prototype on the second step of API creation (Implement),
  2. Provide JavaScript or backend URL,
  3. Click Deploy as Prototype.

Deploying an API as prototype (JavaScript or backend) on Step 2 of API implementation

The API will appear on the Prototypes tab of API Store and will not require authentication for access.

API prototype in WSO2 API Store

Authentication Type: None

You can also remove authentication requirements for regular managed APIs. This is useful when you want to still have the API listed on the API Store home screen and/or when you want to disable authentication requirement for individual resources of an API.

For that, go all the way till the last (Manage) step of API creation, and then change Authentication Type to None in the drop down next to each API resource at the bottom of the screen:

Setting REST resource Authentication Type from OAuth2 to None

Happy API management!

Categories

Recent Posts

Most Popular Posts