3Scale API Management

API-Centric Agile Integration

RED HAT CHINA

JAN, 2019
Agenda
PRODUCT HEADLINES & ROADMAP
AGILE INTEGRATION & PATTERNS
3SCALE API MANAGEMENT &
DEMONSTRATION
3SCALE API GATEWAY ADVANCED
FEATURE
PRODUCT HEADLINES &
ROADMAP
 STRATEGIES HIGHLIGHTS

Complete coverage across design, implementation,

End-to-end API Lifecycle deployment, and management stages of the API
lifecycle.

Support for standalone and cloud-native event

Events & Streaming streaming based on Kafka with AMQ Streams 1.0

AMQ Online 1.0 provides frictionless access to

Messaging as a Service messaging as an infrastructure service.

*
Single product Look & Convergence on PatternFly as the standard L&F
Feel across all Integration product components.

4
 End-to-end API Lifecycle

7. Secure 8. Manage 13. Monetize

6. Deploy 12. Monitor

5. Implement 11. Consume

1. Strategy

4. Test 3. Mock 2. Design 9. Discover 10. Develop

5
 End-to-end API Lifecycle & Stack

SECURE
M
AN IZ
ET
E AG MO
N M

Y
E ON

LO
IT
R

EP
O

CONSUME
IMPLEMEN

STRATEGY
API Model Canvas
T

TE G DI LO
SI SC VE
S
DE N
O DE P
T R VE
MOC
K

Microcks

6
 RED HAT AMQ ONLINE 1.0

Support for messaging as a service on self-managed OpenShift (OCP)

Red Hat-managed offering

Based on core AMQ technologies - Interconnect, Broker

Kafka-based addresses

Admin console provided for basic provisioning and monitoring

Operator pattern supported for provisioning all messaging infrastructure

Centralised monitoring of all messaging components (Prometheus, Grafana,

Alertmanager)

7
 AMQ STREAMS 1.0

Enterprise distribution of Apache Kafka

Broker, Zookeeper, Kafka Connect, MirrorMaker
Kafka Consumer, Producer and Admin clients
Kafka Streams

Supported standalone for RHEL

Optimized for OpenShift

Container images for running Apache Kafka and
Zookeeper
Operators for managing and configuring Apache Kafka
clusters, topics, Kafka Connect etc.

8
 AMQ INTERCONNECT 1.3

Edge Router Mode

Push Interconnect router functionality to the Cloud Edge

Scale to an unlimited number of edge routers around an interior network

core

Support router per host and router as a side-car

Prioritized Delivery
Prioritize message delivery based on message priority header

Designate priority per address

9
 FUSE 7.2

Standalone Apicurio entry in service catalog provides access to API design

toolchain to all developers

Fuse project generation from API definitions

API-based integrations in Fuse Online (Tech Preview)

New template step based on Mustache to format message content

Updated connectors : Google Calendar, Slack, FHIR, Kafka, Telegram, Timer,

Concur, IRC

Data Mapper preview mode enabled

Prometheus-based metrics moves to GA

10
 3SCALE 2.4

Unified UX/UI across 3scale, Fuse and OpenShift

API / Service Discovery

First official supported CLI: Toolbox

APIcast enhancements:
New policy: IP check
More Prometheus metrics
Delete operator in ‘Headers’ policy
Return ‘retry-after’ quota

Deployment
New HA and Eval templates (Tech Preview)

11
 CY 19 INTEGRATION ROADMAP

CY18 Q4 CY19 Q1 CY19 Q2 CY19 Q3

Integration Product API-Centric Integration Integration Mesh Data Integration

Cross-product Alignment Full API Lifecycle Knative/Serverless Data as APIs

12-Month Plan with Field APIs and Events Istio Migration target for existing
Cloud-Native JDV customers

12
AGILE INTEGRATION & PATTERNS
AGILE INTEGRATION: Forrester weighs in

➔ Forrester study (commissioned by

Red Hat)
https://www.redhat.com/en/resourc
es/agile-integration-critical-to-digit
al-transformation-forrester-analyst-
report
 AGILE INTEGRATION: Gartner
Publishes
Sept 21, 2018: Gartner published research article supporting our
Traditional platform ESB architectures hinder the operational
vision
and architectural agility of integration tasks. Technical
professionals should use a distributed integration platform to
enable containerized, agile integration, based on DevOps
principles.

➔ Gartner article
https://www.gartner.com/document
/3890090

➔ Red Hat Blog (Oct 5, 2018)

This is the age of agile integration.
But what it is and why you need it?
 RED HAT APPLICATION INTEGRATION

RUNTIMES INTEGRATION AUTOMATION

DATA GRID

AMQ BROKER

COMPOSE AND INTEGRATE

AUTOMATE AND
COMPREHENSIVE TOOLS TO MICROSERVICES ACROSS AN
OPTIMIZE BUSINESS
BUILD & MIGRATE APPS ENTERPRISE SERVICE
PROCESSES
NETWORK
Develop, Deploy and Manage Across Cloud and On
Premise
Integration with RH Developer, CI/CD tools & Security Services
Optimized for OpenShift & Kubernetes Services
 THE ARCHITECTURE
External Applications

VMs
Container Orchestration (OpenShift)

Application Network Layer

Security Services (RH SSO)

API Management (3scale)

Data Services (Data Grid)

Policies Access Control Proxy Routing
Containers

Composite
Layer Enterprise Integration Service Interactions Anti
Patterns Corruption
Service Composition Events Mesh Layer

Core Layer

Cloud Native Cloud Native

Containerized App Traditional
App (Runtime App (Runtime
(Lift and Shift EAP) App
1) 2)

DevOps Automation / Continuous Integration / Continuous Delivery (Ansible)

17
 THREE LAYER PATTERNS

18
 GATEWAY LAYER

API Manager

Separation-of-Concerns !!
1. Access control
2. Transformation
19
 COMPOSITE LAYER

Composition of microservices to provide business functions

⇒ Aggregations, splits, content transformation, events, caching, pattern-based
integration, etc.
20
 BASE LAYER

The microservices themselves

Organised into application domains (based on bounded context)
21
3scale API Management &
Demonstration
 Architecture Overview

23
 API Consumption Process

API
API Manager
API Provider
Consumers System
(LOB/PM,
(App Developers) Developers, Writers,
Developer Portal Confi Admin Portal Ops)
g
● API Provider Backend ● Dashboard
Branded ● Developer /
● API Description Application / Key
● Signup Management
● ActiveDocs (OAS) Authorize & ● CMS
Report Traffic ● Analytics
● Billing

API Request Authorized API Request

Developer’s API API Backend

24 Apps Gateway
 SECURITY & ACCESS CONTROL

Easy the consumption of APIs without losing control

How do you manage who gets access to your API? Can you establish
different levels of access for different types of users? Can you control how
different applications interact with your API?
Access control features are essential to making sure you determine exactly
who uses your API, how it is used and how much they can use it. We make
it easy to centrally set up and manage policy and application plans for all
your APIs on one platform

It goes without saying that if you’re planning to open an

API, security needs to be carefully considered from the
start. Whether your API is public, private or internal, with
3scale you can choose the authentication type most
appropriate to your needs. We offer a range of
authentication patterns and credentials to choose from,
including unique API keys, and OAuth tokens.

25
 YOUR API SECURITY

Authenticate and restrict access to your APIs. Protect backend services.

Multiple authentication mechanisms

– API Key – App ID / App Key – OpenID

Connect

Authenticate traffic
Restrict by policy
Drop unwelcome calls
Protect backend services
Generate overage alerts
Impose rate limits

26
 API CONTRACTS, THROTTLING & LIMITS

Package your APIs. Crete access tiers. Set rate limits.

API services
Package #1 Internal
- Endpoint A Teams
Allow/restrict access - Endpoint t
B
to your API Strategic
Rate limits Package #2
Partners
endpoints along
- X Calls /
with rate limits Minute
Package #3 Developers
- Y Calls / Day
Monetization
- Free
- $X per Month
- $Y per Call
27
 REPORTS & ANALYTICS

Track and monitor usage. Get reports by API, app, method and metric.

Gain and share API program insights.

Monitor and set alerts on traffic flow. Provide partners and

developers with reports on their traffic with a user
dashboard designed for them. Analyze your API traffic
through detailed traffic analytics by account, application or
service and share performance insights across the
organization with crisp clear reporting.

High-level data at your fingertips

The Dashboard part of the Admin Portal gives

you quick, centrally located visibility into any
traffic and customer engagement opportunities
or issues with your APIs. It is available now on all
3scale API Management plans from free through
enterprise.
28
 DEVELOPER & PARTNER PORTAL
Your brand. Your developer experience. Your user interface

29
 MONETIZATION

Billing and payments management. Setup pricing rules. Invoice every month

Many of our customers

choose to monetize access to
their APIs, and 3scale makes
that very simple.
We offer key payment
solution integrations with
Stripe, Braintree, or Adyen
which all allow easy end to
end billing between the API
consumer and API provider.

30
 API GATEWAY

Gateway Layer Policy Enforcer

The API Gateway is responsible for

enforcing the API policies that are
defined in the API Manager Admin
Portal.

The API Gateway consults with the

API Manager on incoming calls, and
enforces the policies, either returning
an error or proxying the API call to
the customer’s API backend.

31
 微服务管理示例

协议 流控 文档

安全 使用分析 支付

策略 开发门户 计费

/api/booking /api/inventory /api/fruits /api/cooking

/api/booking?name=$V /api/inventory?name=$V /api/fruits/{$V} /api/cooking?name=$V

Booking Inventory Fruits Cooking

github.com/.../nodejs github.com/.../vert.x github.com/.../spring github.com/.../thorntail

http://ksoong.org/agile-integration/content/3scale/backend-services.html
32
 Fruits Service Documentation

33
 Dashboard - Display Key Metrics about Your APIs

The current/past 30 days number of Displays API consumers that are over the
signups to an API. quota related to a certain tier.

The statistics about hits against the API Shows the top performing applications,
over the last 30 days. applications that cause a particularly high
number of API hits.

34
 NEW API

discovery.3scale.net: "true"

discovery.3scale.net/description-path: /path/openapi.json
discovery.3scale.net/path: /
discovery.3scale.net/port: "8080"
discovery.3scale.net/scheme: http

35
 Audience - Bridge API Consumer and Your APIs

Applications: An industry term used to identify credentials

Developer Portal: Content Management System (CMS) to develop the web interface that API consumers
interact with your APIs

Messages: Provides a way to get in touch with developers individually and collectively.

36
 Developer Portals

37
 Developer Portals - Signup Plan

1 2

38
 Developer Portals - Signup Plan

3 4

39
 Developer Portals - Login/Create App/Statistics/Docs

40
 Account Data Model

41
 API - Integrate Your Backend APIs

Analytics : This is where you’ll find graphs that depict the utilization of your APIs that you’ve made
available to your API consumers.

ActiveDocs: This is where you specify your interactive API documentation.

Integration: This is where you configure the details of the API that is to manage your backend API service.
❏ Configuration: allows for configuring the API gateway and security types that will be used to
manage your backend API.
❏ Methods and Metrics: allows you to define several methods and metrics related to this API
Service.
❏ Settings: allows you to configure some basics related to the API Service such as developer signup
processes.
42
 Methods and Mapping Rules

Backend Service API API Gateway Mapping

43
 Methods and Mapping Rules

❏ A method is a key management

API Management Methods entity in API Management.

❏ Method calls trigger the built-in

Hits-metric for Analytics.

❏ Usage limits and pricing rules for

individual methods are defined
from within each Application Plan.

❏ A method needs to be mapped to

one or more URL patterns in API
Gateway Mapping Rules.

❏ URL patterns in Gateway Mapped

with Backend Service API virtually .

44
 What's Application Plans
Oxford Dictionaries API - https://developer.oxforddictionaries.com

One particular API can have many different behavior.

45
 Application Plans and Applications

Application Plans establish the rules (aka: policies: onboarding procedures, limits,
pricing/monetization models, features) for using your API. There can be many
application plans defined for a particular API.

Application Plans are created by the API provider via the Admin Portal and are viewable
to API consumers via the Developer Portal.

Application is an industry term used to identify credentials. In 3scale, it is the

association between an API consumer’s account and an Application Plan.

Application is required to invoke a backend service managed by a 3scale API. Every API
consumer’s application accessing your API will be accessing it within the constraints of
an Application Plan.

46
 API Admin Data Model

47
 Algorithm-based Rate Limiting

● Allows global and per service

caching defined in seconds
● Offers different caching
algorithms

48
 Caching under Processing Sequence

1. API gateway refreshes itself with the latest API

configurations from the backend every 5 minutes
(or as configured).

2. API gateway implements a local in-memory cache

for authorization keys and metrics.

3. With every inbound request to a backend service,

API gateway uses an asynch transport to make an
authrep request to the backend listener API in
3scale.

4. An authrep response from the 3scale backend

updates the local API gateway cache.

5. API gateway rejects all subsequent inbound

requests if the backend determines that the rate
limit has been exceeded.
49
 Policy Chain

Custom behaviour at the gateway level

● Policy chain lets you add

individual policies .
● Each individual policy can add a
custom behaviour to the
gateway.
● OOTB policies configurable from
UI
● The order in which policies are
applied matters and is
configurable.
● Anyone can develop a policy
that suits their exact business
needs.
50
 API Usage Analytics Sample

Potential Analytics Options:

❏ Daily Averages
❏ Hourly Averages
❏ Top Applications
❏ Response Codes
❏ Request Logs
❏ Alerts

51
 Design beautiful, functional APIs with Apicurio

https://www.apicur.io/

52
 Microcks

53
Thanks
plus.google.com/+RedHat facebook.com/redhatinc

linkedin.com/company/red-hat twitter.com/RedHatNews

youtube.com/user/
RedHatVideos

54
 Overview

55
 API/Admin Data Model

56
 Account Data Model

57
 P 解决方案

58
 P 解决方案

59
 P 解决方案

60
RED HAT APPLICATION SERVICES
DISTRIBUTED
CONTAINERS APIs
INTEGRATION

LIGHTWEIGHT CLOUD-NATIVE SOLUTIONS WELL-DEFINED,

REUSABLE, & WELL-
PATTERN BASED LEAN ARTIFACTS,
MANAGED
INDIVIDUALLY DEPLOYABLE
EVENT-ORIENTED ENDPOINTS
CONTAINER-BASED
COMMUNITY-SOURCED ECOSYSTEM LEVERAGE
SCALING & HIGH
AVAILABILITY

MICROSERVICES
 API-CENTRIC
CONTRACT
FIRST

External Gateway

Bounded Context
Brown
Bounded Context CODE
Field
FIRST
 FULL API LIFECYCLE MANAGEMENT

7. Secure 8. Manage 13. Monetize

6. Deploy 12. Monitor

5. Implement 11. Consume

1. Strategy

4. Test 3. Mock 2. Design 9. Discover 10. Develop

6
 API LIFECYCLE AND STACK

SECURE
M
AN IZ
ET
E AG MO
N M

Y
E ON

LO
IT
R

EP
O

CONSUME
IMPLEMEN

STRATEGY
API Model Canvas
T

TE G DI LO
SI SC VE
S
DE N
O DE P
T R VE
MOC
K

Microcks

6
 API LIFECYCLE AND STACK