The API subscriber can subscribe to ‘Abnormal request counts’, ‘Abnormal resource access pattern’, ‘Unseen source IP access’,’ Abnormal renewal of access tokens’ and ‘Frequent tier limit hitting’ alerts. This can be configured in the Statistics > Manage Alerts Type section in the Store jaggery application.
Setting up analytics
The WSO2 API Manager Analytics pack comes with default port offset 1.
- To configure an email account to use for alert sending, open
<APIMAnalytics_HOME>/repository/conf/output-event-adapters.xml and modify
<adapterConfig type="email"> section with the credentials.
- To enable analytics open
<AM_HOME>/repository/conf/api-manager.xml and set
<Enabled>true</Enabled> in the
First start WSO2 API Manager Analytics server and then start WSO2 API Manager.
Frequent tier limit hitting (tier crossing)
The following sample demonstrates the frequent tier hitting alert scenario. Once the application is throttled out it will wait for additional throttle out requests for a specific time period and generate alerts for the application creator. Use the following steps to generate the alerts. They are done in WSO2 API Manager.
- Log in to the Publisher and deploy the sample API.
- Log in to the store and create an application with a limited tier (say 10/min quota) and generate tokens.
- Subscribe the API to that application.
- To enable email alerts for subscribed user, log in to the Store and go to Statistics -> Manage Alert Types and complete the section. For this scenario, select 'Frequent tier limit hitting' and add an email address to receive emails.
- Send requests till it gets throttled out and do extra requests to generate the alert. For example, do 10 requests/min to throttle out and do an additional 10 or more requests to pass the tier crossing limit.
To view alerts, log in to admin portal application in https://localhost:9443/admin and select Alerts at the top right corner of the page. You can see all the alerts and each type of alert.
The subscriber should get an email notification as well.
How it works
Figure 6 shows the overall flow of this implementation.
These event stream definitions, execution plan, etc. can be viewed by logging into the APIMAnalytics server carbon console. All the execution plans are defined in Home > Manage > Streaming Analytics > Execution Plans and persisted data related to event stream can be viewed at Home > Manage > Interactive Analytics > Data Explorer.
Email notification sending happens similar to the above implementation. Figure 7 shows an overall flow for that.
When an email is registered through WSO2 API Manager, it generates an event and sends it to the
alertStakeHolderInfo event stream. The APIMAnalytics server stores that event and
APIMAnalytics-EmailNotification execution plan uses that stored data to identify subscribed users.
A similar kind of execution plan is written for all the alert types. Some of the stream data is persisted. Users can view them using the analytics server carbon console.
Configure alerts from WSO2 API Manager Analytics server
API Manager Analytics server comes with a predefined set of configurations for each alert type. For example, for the frequent tier limit hitting alert type, alerts are generated once the throttled requests exceed 10 requests. These values can be changed by
- Logging into API Manager Analytics server management console (https://localhost:9444/carbon/) and selecting Template Manager under the Dashboard section. This will open the Template Manager web application.
- Selecting ‘APIMAnalytics’ in the Domains section. This will list down the configurations for all the scenarios.
- Selecting Edit to modify the parameters.
WSO2 API Manager uses WSO2 API Manager Analytics for all API-related analytics needs. This article explored the various alert types and how three different types of users can make use of them to generate alerts and send notifications based on abnormal behavior.