AMPLIFY API MANAGEMENT

API Manager and Policy Studio

#axway
Welcome To Our Presentation
API Manager and Policy Studio

Our Goals • Understand the value of API Manager with Policy Studio,
and how/when to use them together
• Have in mind that API Manager is some configuration
included in Policy Studio
• Be able to configure policies with or within API Manager

2
Welcome To Our Presentation
API Manager and Policy Studio

Agenda API Manager and Policy Studio value

API Manager configuration in Policy Studio

API Manager and Policy Studio together

Business Service

Policy in API

Business Service vs Policy in API

Other Policies in API Manager

3
 API Manager and
Policy Studio value

4
 APIs & Policies
Combine simplicity with power!
If OOTB API features are not enough…

… use Policy Studio!

(I want authentication
with API Key and HTTP Basic on LDAP)

(Done with 2 filters!) 5

Policy vs API
• Everything done in API Manager
could be done with Policy, but…
• Policy does not have "API"
semantic
• No API Catalog
• No consumer management
• Every change means
deployment
• Better to use API Manager!
Let's take the best of Policy and API Manager!
• API Manager pros
• Web UI
• Immediate changes
• Full "API" semantic
• API Catalog
• Consumer management
• Consumer portal
• Policy pros
• More than 200 filters
• Lot of connectors
• Achieve everything you want!
6
API Manager configuration
in Policy Studio

7
 API Manager and API Gateway

• As developer is feature focused, we did not say it but…

API Manager is embedded in API Gateway!

• Configured under "File" menu item

• They are in fact 2 parts

• Processing is some hidden policies
• Configurable options with Policy Studio
• Repository (ie API Catalog, consumer registry, …) is in
Cassandra KPS

• This is detailed in Administrator and Architecture courses.

• Let's focus on configuration here.

8
API Manager: port configuration
• Traffic port (default 8065) • UI Port (default 8075)

Path cannot be edited

"API Portal" name is legacy. It is API Manager port.

9
API Manager: Server Settings
• Lot of API Manager options are in
Policy Studio Server Settings

• Deploy to apply the changes

10
API Manager and Policy
Studio together

11
API Manager and Policy Studio together
The 2 main ways
• Business Service • Policy in API

12
Business Service

13
Business Service: 2 flavors
• Business Service REST • Business Service SOAP

Declare all REST method Virtualize relying on a WSDL

with parameter, code, comment, …

Review main module if you need a reminder! 14

 Business Service and API Manager: import from Topology,
the main reason for using Business Service
• Pre-requisites: deploy policy configuration
including a Business Service
1

1. Go to "API">"Backend API", click on "New API"

2 3
and select "Import API from Topology"
2. Provide credentials to connect to Admin Node
Manager
• (same as API Gateway Manager)
3. Select where to retrieve Business Service
description
4. A "Backend API" is created 4
• Managed exactly like any other
• With any API Manager feature available
15
 Processing model for Business Service

Consumer UI 8075
2 API Manager Provider
Request 1 Traffic 8065
3 5 Request 5
HTTP 8080 Business Service
Response … 4 Response 5
5
…

1. The consumer calls an API virtualized by API Manager (8065)

2. Traffic listener triggers API Manager processing
3. As defined by Backend API, API Manager call Business Service (8080)
4. HTTP listener triggers Business Service processing
16
5. Business Service calls Provider, then HTTPS response sent and processed
Business Service: exposure
• Business Service are exposed to a
listener

• API Manager considers this

exposition like any Backend API
• As shown in Backend API
configuration

Consumer Provider

Traffic HTTP(S)
API Manager Business Service
17
Policy in API

18
Policy in API
• Policy can be directly used in
• 5 different locations in Frontend API
• 3 location in API Manager Settings for Global

• Policy must be assigned in Policy Studio Server

Settings
• Do not forget to deploy
• Displayed as a choice only if assigned and
deployed

• Click on "Advanced" to select it

• Available at API and method level
• Note: when clicked, "Advanced" label switch
to "Simple"

19
 Policy in API

API Manager diagram, policy hooks

Consumer Provider
Authentication Global Request
(Inbound Security / Routing
OAuth token Information) Request

Response

Global Response

20
 Authentication policy in API
Inbound Security OAuth token information

• In "Inbound", select "Invoke Policy" • In "Inbound", select "OAuth (Ext)"

• Select the policy • Used for integration with other
• Need to be assigned in Server Authorization Server, while a client
application is asked
• "Use client registry": a valid client application
has to be found (ex: API Key)
• Typically custom authentication 21
 Mediation policy in API
In "Outbound", with "Advanced" activated, either API or per method

Request Routing Response

• Before backend connection • Routing is typically a "Connect URL" using • After backend response
configuration
• Typically request • Typically response
transformation • API Proxy capabilities will be disabled transformation 22
API Manager filters
• Use following filters to read API Manager
configuration

• Provide object id and retrieve data in the

attribute named

23
Tip: use trace filter
• Use a Trace filter to display
attributes

• It can be used at any location

24
Business Service vs
Policy in API

25
 Business Service Policy in API
• Pros Pros
• Clear separation API vs Policy • Capability to extend/modify API
• Simpler dependency Manager features
management
• Simple way to migrate existing • Execution in API Manager
policies to API Manager • Easy to manage…

• Cons
• Additional HTTP call
• Filters for EA to be added
• Cons
• … if number is limited
• Configuration done in each API

Choose the right solution, for the right context!

26
Other Policies in API
Manager

27
Alerts/events
(Reminder of "API Manager - configuration")
• An alert/event can be set to warn administrators or
users of a status change on any API Manager objects:
Applications, API registration, catalog, users, organizations, quotas..

• Activate alerts in API Manager

• Customize alerts in Policy Studio
• See link to alerts in Environment Configuration > Server
Settings > API Manager > Alerts
• Configuration is available as sample policies, a starting
point for development. You can:
• Modify alert sample policies
• Create new policies

28
Identity Provider
(Reminder of "API Manager - configuration")
• Find and configure LDAP authentication policies defined Policy Studio, in Server
Settings > API Manager > Identity Provider > Use external identity provider

29
API Manager settings
(Reminder of "API Manager - configuration")

• API promotion via policy

• Ability to call a custom code (policy) in API Manager
• First intent is promotion between environments
• For example, promote a sandbox API group where applications are tested to
a production API group

30
Global Policies and fault handlers
• Located in "API Manager Settings"

• Activable for request, response and

error (fault handler)

• Typical use cases

• security policy mutualization
• error management policy

• They have to be enabled on the

policy studio, in server settings for
API Manager

31
Wrap-up

32
Wrap-up
• API Manager is easy to use, Policy Studio is very efficient for integration and
security. Let's take the best of both!
• Design and expose a policy with Business service, then manage it like a
backend with API Manager.
• Modify or extend API Manager processing with policies in an API.
• Policy Studio configuration and additional API Manager customization are also
relying on policies.

33
Thank you!

34