Professional Documents
Culture Documents
Ch6 - Publishing_APIs
Ch6 - Publishing_APIs
0
Fundamentals
Publishing APIs
WSO2 Training
1
User Roles of API Publisher
Instructor Notes
Sign in to the API Publisher using the apicreator user that you created earlier
and show the UI
2
Sample API : Interactive Tutorial
When you sign in to the API Publisher for the first time, you get the option to deploy
a sample API to test out the API Manager functionality.
Sample API
When you sign in to the API Publisher for the first time, you get the option to deploy
a sample API to test out the API Manager functionality.
API Design
When creating an API you can begin with an existing API endpoint, use a SOAP
endpoint, design and prototype a new REST API, or Design a new Websocket API.
API Design
API creation is the process of linking an existing backend API implementation to the
API Publisher so that you can manage and monitor the API's lifecycle,
documentation, security, community, and subscriptions. Alternatively, you can provide
the API implementation in-line in the API Publisher itself.
Name: Name of the API as you want it to appear in the API Store
Context URI context path that is used by API consumers. (e.g., /phoneverify)
Visibility settings prevent certain user roles from viewing and modifying APIs created
by another user role. The visibility values mean the following:
● Public : The API is visible to all users (subscribers and anonymous users) of its
tenant store. Also, the API can be advertised in multiple stores - a central
store and/or non-WSO2 stores.
● Visible to my domain : The API is visible to all users who are registered in the
API's tenant domain.
● Restricted by Roles : The API is visible only to specific user roles in the tenant
store. When Restricted by Roles is selected, a new field called Visible to
Roles appears where you can specify the user roles that have access to the
API in a comma-separated list (no spaces).
Tags
● Any number of tags can be entered separated by commas.
● Tags allow you to group/categorize APIs that have similar attributes and
behaviors.
● When tagging, always use relevant keywords and common search terms.
● Once a tagged API gets published to the API store, its tags appear on the
dashboard as links to the API consumers who can click on them to quickly
jump to a category they are interested in.
HTTP Verb: The HTTP methods that specify the desired action to be performed on
the resource. These methods can be GET, POST, PUT, DELETE, or OPTIONS. Multiple
methods can be selected.
Deploy Prototype: The API will be deployed as a sample or a model API. The purpose
of a prototyped API is to give the API users an early implementation of the API so
that they can use it without subscribing, and comment on its effectiveness and
request improvements. You then change the API's implementation according to user
comments and publish it. A published API is available for subscription and
monetization.
Managing APIs
Default Version: All API contexts are suffixed with an API version. The default version
option allows you to mark one API, from a group of API versions, as the default one,
so that it can be invoked without specifying the version number in the URL.
Throttling tiers: Throttling allows you to limit the number of hits to an API during a
given period of time.
The API Manager comes with three default tiers as Gold, Silver and Bronze. Each tier
defines a maximum number of requests per minute.
Bronze - Allows 1 request for the API per minute
Silver - Allows 5 requests for the API per minute
Gold - Allows 20 requests for the API per minute
In addition, there is also a special tier called Unlimited, which allows unlimited access.
Expose in HTTP and/or HTTPS transport: The transport protocol on which the API is
exposed. Both HTTP and HTTPS transports are selected by default. If you want to
limit API availability to only one transport (e.g., HTTPS), un-check the other transport.
Enable Hard Throttling Limit: Hard throttling limits the total number of calls the API
Manager is allowed to make to the backend. While the other throttling levels define
the quota the API invoker gets, they do not ensure that the backend is protected from
overuse. Hard throttling limits the quota the backend can handle.
Custom sequences: Custom sequences that you want to invoke in the message flow.
Response caching: Used to enable caching of response messages per each API.
Caching protects the backend systems from being exhausted due to serving the
same response (for same request) multiple times. If you select the enable option,
specify the cache timeout value (in seconds) within which the system tries to retrieve
responses from the cache without going to the backend.
Scope:
Auth type: Different levels of authentication (none, application, application user or
both) can be specified to each HTTP method of the resource.
Scopes enable fine-grained access control to API resources based on user roles. You
can define scopes to an API's resources. When a user invokes the API, his/her OAuth
2 bearer token cannot grant access to any API resource beyond its associated scopes.
Publish API and Manage Lifecycle
Default API lifecycle
○ CREATED: Not visible to subscribers
yet
○ PROTOTYPE: Visible internally on
store to try out
○ PUBLISHED: Visible to subscribers in
API Store
○ DEPRECATED: Available to existing
users only
○ RETIRED: Unpublished and deleted
○ BLOCKED: Access is temporarily
blocked
Link - Publish the latest version and Deprecate the Older version
APIs have a number of statuses. APIs once created are not visible on the store and
must be published in order to make it appear on the store. A prototyped API is visible
internally on the store for testing purposes. Deprecated APIs are available to existing
users only, while retired ones are removed from the store. APIs can also be
temporarily blocked.
Publishing an API
o Makes it visible on the API Store
o Enables API consumers/app developers to subscribe and use it
With the integration of the registry life cycle to the API life cycle of WSO2 API
Manager, it is possible to extend the existing API life cycle and customize it according
to your preference.
APIs & Services
APIs and Services
Created Defined
Retired Developed
Retired Published
Published as
API Reviewed
Deprecated In Production
An API is the published interface, while the service is the implementation running in
the backend. APIs have their own lifecycles that are independent to the backend
services they rely on. This lifecycle is exposed in the API publisher Web interface and
is managed by the API publisher role.
API Documentation
The importance of documentation cannot be over emphasized. You can add different
types of documents to an API. Proper documentation helps API publishers to market
their APIs better and sustain competition. Documents can be added from the API
Publisher UI and Swagger. Swagger is a specification and a complete framework
implementation for describing, producing, consuming, and visualizing RESTful Web
services.
Support for Swagger 2.0 and 3.0
{version}/{context}
Example:
1.0.0/pizzashack
13
WSO2 API Manager allows you to define the version before the context (e.g.,
1.0.0/servicename) allowing the grouping of API based on the versions.
Tip: You can define the API's version as a parameter of its context by adding
the {version} into the context. For example, {version}/phoneverify. The API Manager
assigns the actual version of the API to the {version} parameter internally. For
example,link. Note that the version appears before the context, allowing you to group
your APIs according to versions.
13
User Tenants
A tenant is an isolated domain. The users within this domain can manage their own
data and perform their own transactions without being affected by actions carried
out in other domains.
A tenant is an isolated domain. The users within this domain can manage their own
data and perform their own transactions without being affected by actions carried
out in other domains.