Post on 20-May-2015
Role of REST Vs. Web Services & Enterprise Integration
Hiranya Jayathilaka Associate Technical Lead
PMC Member (Integration Technologies)
A Word About WSO2
• Founded in 2005 by acknowledged leaders in XML, Web Services technologies & standards and open source. Primary contributors to Apache Web Services projects started in 2001.
• Producing entire middleware platform 100% open source under the Apache license.
• Business model is to sell comprehensive support & maintenance for our products.
• Technology OEM’d by IBM, Progress, Software AG, Alcatel, EMC and CA.
• Venture funded by Intel Capital and Quest Software • Global corporation with offices in Palo Alto (USA), Portsmouth (UK)
and Colombo (Sri Lanka). • 150+ employees and growing.
What is REST?
• REpresentational State Transfer
• Lightweight, client-server architecture
• Interactions are based on the transfer of resource state representations
• Systems exchange state representations and perform application state transitions
• Mostly implemented using HTTP
Richardson Maturity Model
• Hyper text as the engine of application state
Level 3: Hypermedia Controls
• Many URIs, each supporting multiple HTTP methods
Level 2: HTTP Verbs
• Many URIs, one HTTP method
Level 1: Resources
• One URI, one HTTP method
Level 0: XML Over HTTP
An Example…
• Learning Management System for a college
• A number of fundamental concepts
– Student
– Course
– Teacher
• In a RESTful design these concepts are likely to become the ‘resources’ managed by the LMS
The “Student” Resource State
• Name
• Age
• Registration number
• GPA
• Date of birth
• Contact information
State Representation - XML
State Representation - JSON
Representational State Transfer
• Clients and servers interact with each other by exchanging
– Resource state representations
– Other control information
• Applications are state machines
– Exchange of resource state representations and control information can result in application state transitions
HTTP Based RESTful Interactions
REST Today!
• Developers and architects realize the power of REST and appreciate its lightweight nature
• Lots of tools, libraries and frameworks to make RESTful development easier
• Well suited for modern IT trends
– Mobile apps
– Rich web applications
– Social media
Nothing But REST?
• Most organizations have already invested heavily in IT and have adopted countless technologies – Legacy systems
– J2EE, .NET, LAMP
– CORBA, DCOM, RPC, SOAP
– … and much more
• Replacing these existing systems is risky and ridiculously expensive
REST in Peace, SOAP?
• Not in our wildest dreams – New WS-* standards introduced frequently
– Many developer friendly tools and frameworks
– Comprehensive and highly interoperable platform
– Sponsorship of many large scale software vendors
• SOAP, WSDL, WS-*, BPEL – They are all here to stay (at least for the foreseeable future) – REST will continue to be dominant in the public
web API space
“Hang in There SOAP”
Moral of the Story…
• Replacing existing technologies is not easy
• Every technology has its own strengths and weaknesses
– Despite its arcane terminology, the structured description capabilities of the WSDL standard is being praised even by hard-core fans of REST
– No technology can be designated “universally superior”
Coexistence over Conquest
• RESTful applications should play nice with other technologies
• Need powerful integration mechanisms between REST and other technologies (most notably SOAP)
• Design applications in a manner so that the weaknesses of one technology is complemented by the strengths of another – Best of both worlds scenario
Key to Success
• Organizations that have realized the value of “coexistence over conquest” have reaped fruitful results – Amazon
– eBay
• Opens up the business for all types of developers and clients – Breaks down barriers for technology adoption
Good Times for Developers!
• Adding REST support to an existing enterprise architecture creates many interesting problems and lucrative opportunities for developers – Developing RESTful applications – Integrating REST applications with the ‘rest’ – Exposing existing services over REST – Security – Provisioning – Monitoring and usage tracking
• “Developers are the new king makers” – James Governor
Developing RESTful Applications
• Can be done with any web development technology
– HTML, PHP, ASP, CGI…
• Servlets and JSP are popular in the Java world
• JAX-RS catching up fast
– Apache Wink
– Apache CXF
– WSO2 Application Server
Integrating RESTful Applications
Exposing Existing Services Over REST
• Use the tried and tested gateway pattern
• Lock down all the implementation details of the backend systems behind an API gateway and expose a clean REST API
• Pay attention to the number and granularity of exposed operations
Consumers
REST API Gateway
Backend Services
WSO2 ESB as an API Gateway
REST APIs in WSO2 ESB
Basic Features of an API Gateway
• Transport switching
• Message transformation and content negotiation
• Lightweight orchestration
• High performance (low latency mediation)
• Monitoring
Security
• More exposure = More vulnerabilities
• Access to critical business applications must be secured at API gateway level
– Do all security checks as early as possible
• Use HTTP friendly security mechanisms
– Basic Auth
– OAuth
API Security Enforcement in WSO2 ESB
A Simple Security Architecture
A More Comprehensive Approach with API Keys
API Store Front
Managing System Load
• RESTful applications are usually lightweight and fast – But your backend services may be not
• Track the usage of REST APIs at the gateway and turn down requests if the load becomes too high
– If the APIs are restricted to a particular group of clients, consider implementing some IP based throttling mechanism
– Use time based throttling to prevent legitimate clients from overwhelming a service
Throttling Support in WSO2 ESB
Throttle by SLA
Caching
• Another very effective way of reducing the overhead on backend services – Cache as many responses as possible in the
gateway and try to minimize calling backend services
• Added benefit: Improved performance (better user experience)
• Need to have proper cache invalidation mechanisms in place
Caching Support in WSO2 ESB
API Provisioning
• REST integration is not a one-off activity. Once adopted you will be doing it for the ‘rest’ of your working life.
• Should be able to easily add new REST APIs to the API gateway
– Ideally should be a single click operation
– Should not result in a downtime of existing APIs
• REST API governance
API Provisioning in WSO2 ESB
API Provisioning in WSO2 API Manager
Monitoring & Usage Tracking
• Log and record all accesses to your exposed RESTful interfaces at the API gateway – Both valid and invalid accesses
– At very least have a HTTP access log
• If you already have a monitoring system in place, integrate it with the API gateway – Syslogs, JMX, BAM
• KPI monitoring and SLA monitoring
• Tracking API usage
What to Do with Collected Data?
• Periodic audits
• Dashboards and reports
– For both API providers and API consumers
• Capacity planning and traffic engineering
• Vulnerability detection
• Marketing and promotional activities
Monitoring WSO2 ESB
WSO2 API Manager with BAM
WSO2 API Manager with BAM
API Monetization
• Turning inbound API calls into cash
• Prevent third parties from making profits out of your APIs - Prevent disenfranchisement
• Provide a monitored sandbox environment where third parties can develop applications using your APIs – Close off or restrict access to the APIs from outside
the sandbox environment
– Have a robust model for reviewing, approving and publishing third party applications
Your Business as a Service
Services, Processes, Applications, Data (Business IT Assets)
API (WSO2 API Manager)
PaaS for Managed Third Party Apps (WSO2 Stratos)
App App App App
Summary
• What is REST?
• REST vs. SOAP and other technologies
• Exposing existing systems over REST – API gateway pattern
• Techniques for securing, provisioning and managing REST APIs
• API monetization
Resources
• REST and API management with WSO2 ESB (Webinar): http://www.youtube.com/watch?v=YNfa88-DWQU
• ESB Tipcs & Tricks: Introduction to REST APIs (Blog): http://techfeast-hiranya.blogspot.com/2012/04/wso2-esb-tips-tricks-09-introduction-to.html
• REST API samples (Documentation): http://docs.wso2.org/display/ESB403/Sample+1+Introduction+to+REST+API
• Introduction to AppFactory (Blog): http://blog.cobia.net/cobiacomm/2012/04/16/what-is-wso2-appfactory/
• WSO2 API Manager beta program (Press Release): http://wso2.com/about/news/wso2-begins-recruiting-beta-customers-for-new-wso2-api-manager-product/
Selected Customers
WSO2 Engagement Model
• QuickStart
• Development support
• Development services
• Production support
• Turnkey solutions
– WSO2 Mobile Gateway Solution
– WSO2 FIX Gateway Solution
– WSO2 SAP Gateway Solution
Thank You