17 Jan, 2020 | 3 min read

Using WSO2 to Create an API Marketplace at University College London

  • Vichitra Godamunne
  • Associate Lead Marketing Officer - WSO2

Image credits: Emily Ranquist on Pexels

University College London (or UCL) is renowned for education and research the world over. With an impressive history of nearly 200 years, today UCL has over 42,000 students and 13,000 staff. All of whom need digital services for their day-to-day educational activities. WSO2 API Manager (an open source full lifecycle API management solution), WSO2 Enterprise Integrator (a product that enables developers to build, scale, and secure integration solutions and achieve digital agility), and WSO2 Identity Server (a highly extensible identity solution that enables strong authentication, API security, and identity management) all play an important role in the changes taking place at UCL.

History, Technical Debt, and Changes

The Information Service Division (ISD) is the name of the IT department at UCL. Trivia: UCL was one of the original participants of SATNET in the 1970s, a precursor to the modern internet! Given the fact that they’ve been a part of the internet for decades, support many institutions, and have been a part of several mergers mean there are a lot of technical debt and legacy systems. Change has come about in the past few years with UCL adopting agile - but the journey continues.

Given the scale of the IT systems at UCL, changes introduced have been numerous - in addition to agile, there’s DevOps and hybrid cloud. Implementing a new API-driven HR system was one of the first projects as a part of these changes. UCL has many backend relationship database management systems with a considerable amount of stored data, comprising Oracle, SQL servers, and MySQL along with applications such as JAVA and PHP. They wanted to standardize their code, introduce some level of version control, and automate deployment where possible. Furthermore, UCL wanted to create an all-important API layer to integrate the various components in this new architecture, develop an access point where consuming apps can call APIs, translate data, create a data model, convert terminology of backend systems to be more business-friendly, introduce database connectors, create an API marketplace, and implement better and more secure API authentication.

After overcoming challenges in the form of firewalls that inhibited connections, various versions of Puppet for different services, 1000s of servers, and 2 identity services - a new HR system was finally launched in one year. The newly introduced API marketplace consists of an all-in-one API manager (based on WSO2 API Manager) that includes an API gateway, basic OAuth, an API store, and an API publisher. It also consisted of WSO2 Enterprise Integrator to connect databases, transmit data, and transform data to usable APIs. After the initial basic introduction, UCL wanted to extend the existing system to improve performance and resilience. They moved from an all-in-one API gateway and marketplace to a separate gateway and marketplace. WSO2 Identity Server was introduced for improved access management and authentication and the existing WSO2 Enterprise Integrator was upgraded to a newer version.

Further Challenges and WSO2

However, when they tried to make further changes to the system, they encountered hidden complexities due to the legacy systems. At this point, UCL approached the team at WSO2, to gain a better understanding of the products used and implement changes. A team from WSO2 was based on-site and enabled UCL to perform more troubleshooting and make the necessary changes to the system, saving time in the process and preventing any communication gaps. “All credit to the people that came with us on this journey, they were able to help us with the API development, feed into some of our policies and processes around OAuth and implementation guidelines and standards. And they helped give us some of the early proof of concept work, that helped us solidify our understanding, ” says Alexis Nelson, a senior tech lead at UCL.

A new API store was delivered. When users now log in to the UCL website and access their online module catalog, all the data there is presented by a real-time API from an application that took years to deploy and there are no caches.

There were celebrations when the initial project was launched successfully. A new API decouplement project is underway at UCL. The team has already formulated a roadmap and strategy for API-first integration. Furthermore, they’re looking to deliver the most value and adapt/extend their principles and policies as needed. On the subject of policies, an architect at UCL once introduced a seven-step process for enterprise APIs, i.e., scope API, scope review, define API, review API, design API, implement API, and then publish the API. Although UCL no longer follows this seven-step process as it follows a waterfall approach when they’ve already adopted an agile approach, they believe that concepts of this process - how APIs fit into the wider ecosystem, integration patterns, where one API ends and another starts for example - can still be applied as they progress further in their journey.

To listen to Alexis’ presentation, watch this video.

You can read this white paper to learn more about how you can create an API strategy using an API marketplace.

Learn more about WSO2 API Manager, WSO2 Enterprise Integrator, and WSO2 Identity Server.