API Connect: End-to-end solution example
The minimum requirements for an on-premises API Connect solution consist of one Management server to manage APIs, one Gateway server to direct API traffic, one Analytics server to analyze the APIs, and a server to host the Developer Portal. As a Cloud Owner or Cloud Administrator, you gather a collection of Management, Analytics, Gateway, and Developer Portal servers to create clusters to load balance and isolate traffic. A cluster has a single network address through which you can access its capabilities.
With the infrastructure in place, Organization Managers and Organization Owners can manage organizations of users who create APIs, provider applications, and associated Products. Users belong to one or more provider organizations and individually or collectively work on the APIs or applications that belong to the organization. Project teams, departments, and company divisions are all examples of groups of users that might be members of the same provider organization in API Connect.
Action: 3 4 5
Once defined as a user in a provider organization and assigned access permissions, API Developers (who might be assigned more than one role) can design, develop, and test APIs, and associate them with Plans and Products. As an API Developer, you specify policy settings to limit the usage of the APIs exposed by the Plan. You can define a single quota policy that applies to all the API resources accessed through the Plan, or you can define separate quota policies for specific API resources. You can also define policies on API resources to configure capabilities such as security, logging, routing of requests to target services, and transformation of data from one format to another. Such policies control aspects of processing in the Gateway during the handling of an API invocation, and are the building blocks of assembly flows. While developing and maintaining APIs, you can also create separate deployment targets called Catalogs for testing and production. Each Catalog is associated with a specific Developer Portal and endpoints. If you have administrative privileges, you can restrict deployment access to a Catalog and require actions, such as approving deployment of new API versions.
To control access to APIs that are ready for publication and ready to be included in applications, a Product Manager defines and manages organizations of users who own developer applications and call published APIs from these applications. A consumer organization is assigned an owner, and might represent a business partner, or a group of internal or external developers. Consumer organizations can also be grouped into communities to which one or more APIs (in their containing Plans and Products) can be collectively published. As a Product Manager, you manage access to APIs, manage the relationship between the provider organization and consumer organizations, provide support to application developers when needed, and analyze API usage.
Action: 7 8
After APIs are created and successfully tested, an API Administrator publishes one or more Products to expose the APIs on the Developer Portal for discovery and use. APIs are included in a Plan, which is contained in a Product, before being published, and can be published to one or more consumer organizations, thereby restricting visibility of the API. Only application developers in the specified organizations can see the API on the Developer Portal and obtain application keys to access it. The API Administrator is also responsible for managing the lifecycle of Products and their associated APIs, and uses analytics to track API usage and determine whether an API is fulfilling its intended purpose.
After a consumer organization is created, its designated Consumer Organization Owner can invite other users to join the consumer organization so that they can access the Developer Portal and use the APIs that have been made available to the consumer organization. The Consumer Organization Owner, or another user with relevant access, can also configure the Developer Portal site; for example, customize its appearance, create and control forums, post blog entries, and configure blogs.
Action: 10 11 12
After a Product is published, authorized App Developers gain access to its APIs by registering applications to access the Plans in that Product. An application developer uses the Developer Portal to browse for a required API, subscribe to its associated Plan, and then includes the API in an application that can subsequently be deployed to a device.
- The device user opens the application, which then issues the API request.
- The request is handled by the Gateway (which performs load balancing and security validation
for all API requests) and the API runtime:
- The Gateway validates access policies with the API Manager and invokes the API.
- The API runtime executes the API and obtains the data payload from the back-end system.
- The API response is sent back to the Gateway.
- The Gateway forwards the response to the calling application.
- The Gateway reports usage metrics to the API Manager.
- The Gateway reports analytics data to the Analytics server.
All members of the consumer organization can optionally view API analytics information relating to individual applications or the entire organization.