Skip to main content

WSO2 API Manager features integration with Governance Center of WSO2 Governance Registry 5.0.0


For past five months I was involved with the team effort of integrating APIM capabilities to the governance center which is released as WSO2 Governance Registry (GReg) product 5.0.0.Let's get into more details on the topic.

WSO2 Governance Registry 5.0.0

WSO2 GReg product is a fully open source SOA integrated repository for storing and managing metadata related to service artifacts.In other words,it's a repository to store metadata like policies, wsdls, wadls,swagger definitions related to SOAP/REST services and store SOAP/REST services themselves. Each of these metadata models can be called as an asset type.Such that GReg can be introduced as a repository to keep different asset types as wsdl,wadl,policy,soap service,rest service.Additionally a user can configure and extend GReg to add their customized metadata models via adding "configurable governance artifacts" option(rxt) which is described in here.

In previous GReg releases [before 5.0.0 version],to govern the above mentioned metadata models[asset types],only option was to use the management console UI shipped with GReg.But it was lacking of rich UI interface and value added UI features like showing associations/dependencies among assets,add user reviews and many other UI features.Thus having a rich user friendly governance center integrated with GReg was raised by many users.And now WSO2 GReg 5.0.0 has released  to public with providing this feature.

Governance Center

Conceptually a governance center means a common place for a user to govern multiple assets [metadata models] with managing its life-cycle,associations with other assets,providing a social view and many more features as explained in here.With the aid of WSO2 in-premise asset management product WSO2 Enterprise Store[ES],the governance center has been implemented with keeping two web apps as publisher and store.The publisher (Back-office) will act as the central UI place where a user navigate and manage assets throughout their life-cycles with versioning support. The store [store-front] will act the central portal available for users to discover different asset types with facilitating social interactions.

APIM features integration with Governance Center of GReg 5.0.0

WSO2 API Manager is fully focused on API asset type by covering all its aspects as governing its lifecycle from API creation point and managing its run time usage via applications.Such that since API is also an asset type and there's already an use-case of GReg as ability to promote GReg stored services as APIs,isn't it a good use-case to integrate API asset-governance part also into the GReg in-built governance center?This is the exact requirement came from few GReg users and its what we have achieved with APIM features integrated with governance center of GReg 5.0.0. Now a user can integrate API asset to GReg governance center by installing APIM features and use the publisher and store apps of gc [governance center] to govern API life-cycle and manage its subscriptions with app developer audience as well.This integration comes in -handy when a user start with storing a SOAP/REST web service in GReg and promote it to an API via its lifecycle. Then to manage the promoted API,he can use same governance center UI without pointing to external API Manager instance.

Architecture -APIM features integration with Governance Center of GReg 5.0.0

Following diagram shows the designed deployment with the APIM features integration on GReg 5.0.0. From a general APIM distributed setup,what differentiate on below deployment is instead of keeping separate APIM instances as publisher and store,we have used GReg instances.In this way,there will be a common publisher and store for all the assets including API,wsdl,wadl,soap/rest service,policy,etc. Still APIM instances will be use as the gateway and keymanager nodes.

We have completed revamping existing APIM publisher/store UIs built on older jaggery version to be new UIs built on-top of enterprise store with using latest technologies as caramal framework [in-built javascript MVC framework in wso2], javascript, jquery and handlebar templating support. We have written this APIM publisher/store UI parts as Enterprise store extensions.To integrate with GReg,we have shipped this newly written es extensions to API publisher and store as separate carbon features.Thus if a user need these,he can install the required APIM publisher,store extension features on top of GReg 5.0.0. 


 The steps on how to configure the above deployment can be find from https://svn.wso2.org/repos/wso2/scratch/apim/release-2.0.0/final/APIM-2.0.0FeaturesInstallationGuideonGReg5.0.0.pdf 

 Sample Screenshots for APIM publisher/store new UIs done on top of WSO2 ES and installed into GReg 5.0.0.
                              
API design wizard


API implementation wizard

API Manage wizard

API Overview

API Lifecycle View

Store Listing View

Store API Browse View

Swagger Console

Store-Subscriptions View

Comments

Post a Comment

Popular posts from this blog

Convert an InputStream to XML

For that we can use DocumentBuilder class in java. By using the method parse(InputStream) ; A new DOM Document object will return. InputStream input; DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilder parser = factory.newDocumentBuilder(); Document dc= parser.parse(input); In the above code segment,by using the created Document object,the corresponding XML file for the inputStream can be accessed. References: http://www.w3schools.com/dom/dom_intro.asp http:// download.oracle.com/javase/1.4.2/docs/api/javax/xml/parsers/DocumentBuilder.html
2 comments
Read more

CORS support from WSO2 API Manager 2.0.0

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources  on a web page to be requested from another domain outside the domain from which the first restricted resource was served. For example, an HTML page of a web application served from http://domain-a.com makes an <img src >  request for a different domain as 'domain-b.com' to get an image via an API request.  For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts as in above example and only allows to make HTTP requests to its own domain. To avoid this limitation modern browsers have been used CORS standard to allow cross domain requests. Modern browsers use CORS in an API container - such as  XMLHttpRequest  or Fetch - to mitigate risks of cross-origin HTTP requests.Thing to  note is it's not only sufficient that the browsers handle client side of cross-origin sharing,but also the servers from which these resources getting need to handl
Post a Comment
Read more

Passing end-user details from client to real backend endpoint via JWT token

In real-world business system,WSO2 API Manager useful on exposing company APIs, in a secured and controlled manner with the features provided by APIManager as; OAuth support [To secure API invocations] Throttling support [To control API invocations] Monitoring support [To track API usage] More technically what happening is when a user sends a particular API request,it will goes to WSO2 APIManager node and from there,the request will route to the real implemented back-end endpoint of the particular API and get back the response and returned it to the API invoked user. There can be a use-case,that this back-end endpoint may expect the details of API invoked user as to pass those details to some internal company usage  as; Additional authentication/authorization Track usage data from an internal system. So how to support above requirement from WSO2 AM. There comes the use of JSON Web Token[JWT] implementation done inside WSO2 AM. JWT is a means of representing claims to be
7 comments
Read more