[Article] Leveraging API Management in Your Enterprise - Use Cases
By WSO2 Team
- 22 May, 2017
From API design and development to API security and analytics, WSO2 API Manager provides enterprises the capability to unlock the true value of their digital assets by designing, creating, publishing and managing APIs.
API design and development
APIs are at the heart of any digital ecosystem. Getting your API design right is crucial, however, it’s something that’s difficult to do in one try. The following use cases will help you follow an iterative approach when designing your API to reduce the time spent on trying to make a perfect API from the get-go.
Design and document your APIs using inbuilt tooling and the Swagger API editor in the WSO2 API Publisher. The API designer in the API publisher assists you in developing an API proxy that suits your needs.
Define the stages of your API lifecycle from its conception to its deprecation so that you can iterate through the development, testing and deployment cycles and create the best API possible.
You won’t know your APIs’ hidden bugs til you actually expose them and put them to use. Don’t affect the current users of your API when enhancing it, instead publish a new version and onboard them.
API visibility and consumability
For an API program to be successful, your APIs need to be highly visible and consumable. Having an application developer portal that lists APIs and allows developers to search for and find them, is a crucial requirement in any API management solution.
You will have APIs that need to be shared with various user groups both internally and externally. With the WSO2 Application Developer Portal, you can filter out the APIs that are relevant to each group.
The developer portal allows internal and external developers to self sign up using their social or corporate IDs. You can also govern the actions they perform by enforcing reviews and approvals.
Allows developers to share management responsibilities with their peers. Seeking guidance through integrated tools such as forums and other social channels also contribute to the success of your API program.
Leveraging functionality of legacy systems
RESTful APIs are meant to be simple and easy to understand. Your legacy, monolithic systems probably weren’t been built with that principle in mind. When exposing certain services of your legacy systems as REST APIs you will most likely come across many challenges.
The collaboration of an integration engine and a great identity and access management component in the product lets you translate outdated security protocols in your existing services to standard, modern and user-friendly security protocols in the front-end.
Message formats and protocols
Your back-end systems were probably designed to output large, complex data structures that aren’t ideal for clients of your APIs. The WSO2 API Gateway optimizes your APIs by translating this output into simpler message formats and protocols.
By introducing an integration layer between the WSO2 API Gateway and your back-end you can orchestrate and combine your back-end services to expose a single functionality as an API. The API gateway produces all the information needed for the integration layer to operate.
If your services become overloaded, your servers will fail to process any requests at all. The WSO2 API Gateway can enforce a limit to the no. of requests that flow from the gateway to the back-end. This throttling will only reject a few requests instead of creating a complete outage.
When exposing your services to new consumers security and access management should be one of your biggest priorities. While there are many security protocols in use, WSO2 API Manager uses OAuth 2.0, which has been recognized as the de-facto standard for REST API security.
Your APIs can be consumed by trusted internal application or applications built by external developers. The OAuth 2.0 specification defines a set of grant types that control the levels of access each application type has.
Federating user authentication
Allowing your API users to log in through the social IDs creates an additional need for security. The API security layer federates user authentication between different identity providers to make sure all IDs are fully verified.
When a user logs into one part of your system, they should be logged into other relevant parts of your system to remove the need to constantly enter credentials to log in hence increasing productivity.
Understanding how your APIs are being used helps you understand your customers. It lets you adapt your system for the future. API analytics comes in handy not only when gaining insights but also for operational needs and fraud detection.
Gaining insights on your API consumers such as usage patterns, device types, and geographical locations helps you make informed business decisions on the direction of your company. WSO2 API Analytics gives you this information in order to improve the customer experience you offer.
Anomaly and fraud detection
Securing API transaction should be as critical as securing credit card transaction. By detecting anomalies you can protect your customers against threats and frauds. In WSO2 API Manager, this is done in real-time, ensuring quick action against any risks.
APIs are increasingly becoming revenue generators for organizations. You need to choose an API monetization model that best suits your business model. Once you do, the WSO2 API Manager will feed the necessary information to an engine capable of billing and invoicing the consumers.
The application developer can choose a request quota when subscribing the API. You can grant the quota over a defined time period which will then be shared among all users of the application. Once the quota is exceeded you can either block them or charge them at a higher rate. The API Gateway acts as the data feeding agent.
This flat-rate billing model charges the application developers as and when they subscribe to your API. This subscription model could be in monthly or yearly usage plan where subscription is temporarily blocked when the payment is not settled. Here the application developer portal acts as the data feeding agent.
Billing for API usage can be a complex task when you take into account credit cards, discounts, seasonal offers and promotions among other things. The API layer almost always acts as the data feeding agent to the billing system and should be decoupled from these complexities for simplicity and better performance.