This document provides background information about the API Manager, its purpose and its use by BYU.

The API Manager is Powered by WSO2

BYU's API Manager is powered by WSO2, a technology company which is based in the United States and has offices in California, London, and Sri Lanka. WSO2 products have been used by big-name companies such as eBay, Boeing, Experian, and Apache. Some of its most successful products include the Enterprise Service Bus, the Governance Registry, the Complex Event Processor, and the API Manager. WSO2 is unique in the sense that all of its products are open-source. Open-source products are desirable because they are sensitive to the users' needs and they are constantly improving. Open-source products tend to be more adaptable, customizable, and inter-operable. For more information about WSO2, visit Wikipedia or the WSO2 website.

The API Manager: Publisher and Store

One of the API Manager's biggest strengths is its adaptability. On the product's website, we read that the API Manager is "highly customizable through styling, theming, and code extensions," and that it is also very pluggable–"to third-party analytics systems and billing systems," and also "to existing user repositories including Microsoft Active Directory, LDAP, databases, or Apache Cassandra."

The API Manager is separated into two parts: 1) Publisher and 2) Store. The Publisher portion of the API Manager assists the developer with the following four things: a) Design, 2) Publishing, c) Management, and 4) Monitoring. The Store portion of the APIa Manager assists the consumer with the following five processes: a) Discovering, b) Exploring, c) Testing, d) Subscribing, and e) Monitoring.

  1. Publisher
    1. Design:
      1. Offers pre-loaded prototype API samples
      2. Uses JavaScript to imitate API implementation
      3. Offers two options for creating an API
        1. Write API directly in the publishing interface
        2. Upload an existing Swagger 2.0 file
      4. Facilitates developers' giving feedback prior to publishing
    2. Publish: Enables developers to publish their APIs directly to the Store. Contains the following benefits:
      1. Option to publish externally, internally, or both
      2. Ability to manage multiple version of the API and to decide which version to publish
      3. Simple, one-click publishing process
      4. Option to publish in SOAP, REST, JSON, or XML
    3. Manage:
      1. Ability to manage visibility / restrict access to specific partners or customers
      2. Separate production and sandbox endpoints for each API
      3. Full API lifecycle management: create, publish, block, deprecate, and retire
      4. Power to block a subscription
      5. Ability to associate API to system-defined service tiers
      6. OAuth2 security standards
      7. Ability to apply additional security policies
    4. Monitor:
      1. Ability to view statistics about API consumers
      2. Continuous interaction via forums, comments and ratings
      3. API consumer analytics
        1. Information about requests, responses, faults, throttling, subscriptions, and self-sign-ups
        2. Ability to track per API, per API version, per tiers, and per consumer
      4. Real-time dashboard alerts
      5. Ability to monitor SLA compliance
  2. Store
    1. Discover/Explore:
      1. User-friendly Graphical Interface
      2. Multiple ways to browse/search 
      3. Same view of store given to all members of an organization\
      4. Different
    2. Test:
      1. Interactive console
      2. Gain surface-level experience of the API within the API Manager Store
    3. Subscribe:
      1. Self-registration
      2. Can subscribe same application to multiple APIs
      3. Selection of a "service tier," based on anticipated frequency of use
    4. Monitor:
      1. Throttling
      2. Throttling limit
      3. Subscriptions

One of the biggest benefits of the API Manager is that it simplifies filtering and enforces security protocols. All users who subscribe to an API are required to provide both authentication and authorization keys. Through multiple filtering processes, the publisher decides who does and who does not receive the requisite keys. Further divisions can be made in order to allow different users various levels of access. All in all, the API Manager helps to keep our APIs safe, while still being readily accessible to approved persons.